mInternship: A summer in the Nordic’s leading IT and information security environment

Are you interested in doing an internship in mnemonic? Below some of our previous interns share their experiences

Name: Jonathan Komada Eriksen

Field and place of study: Communication Technology, NTNU Trondheim

Year: 3rd

DepartmentTechnical Risk Services (TRS)

 

What did you do during the internship?

For my internship, I worked on one extensive project during the whole summer. For this project, I and other TRS interns worked with several of the Norwegian political parties. Our task was to conduct security tests on their websites and member platforms to identify weaknesses.

In other words, large parts of my summer was spent trying to "hack" the political parties to the best of my ability. All the TRS interns were allowed to try just about every angle we could think of in order to reach this goal.

After we completed the testing we produced a report summarising our findings, and we got to present the findings ourselves to almost all of the parties.

You can read more about the project in this digi.no article (NORWEGIAN ONLY).

What did you learn?

I learned a lot in-depth about the security testing that we did during out project, both techniques and tools in web app testing. Before the summer, I had little practical experience, so even though I knew some of the theory from the study, I was pretty blank when I started in mid-June.

But it did not take long before I started to get the hang of it, but I also realised how much more it is to actually learn. Although it may be a cliché, working is very different from studying. During my studies, I’ve learn an incredible amount of theory spread over large topics, while during this summer I’ve learned hands on which tools are actually used, and how web pages are hacked in reality.

Apart from the technical things we did, I also learned a lot about being a consultant, and customer communication. During and after the presentations we gave to the parties, there was a good dialogue about the systems we had tested, which gave new input and thoughts about how they are used, and what impact it actually had for the customer. That showed me the importance of viewing projects like this from several angles.

What did you like the most about the internship?

The best part of the internship was getting to work every day, and specifically being allowed to do something really exciting!

When we were deep into the test phase, there were several Friday afternoons where I really looked forward to getting back to work on Monday again to continue "hacking". In addition, we got a lot of autonomy on the project, and everyone in mnemonic were very helpful if we asked.

This gave me a feeling ownership to the project and the security flaws we found. This made me really proud of the work we did over the summer. I also have to mention the cafeteria – it was awesome!

Who should apply to an internship in TRS?

Anyone with an interest in "hacking" and information security in general! As mentioned, I had minimal practical experience, but as long as you are curious and want to learn new things at work every day, that's exactly what you get to do in the TRS internship.

 

Name: Lina Hexeberg Hovden

Field and place of study: Communication Technology, NTNU Trondheim

Year: 4th

Department: Governance, Risk and Compliance (GRC)

 

What did you do during the internship?

This summer, I have worked on two different customer projects together with two other summer interns. For the first project, we worked with incident response, i.e. what happens in a company when a security incident occurs. Among other things, we made a communication plan for who to alert when, including an overview of which roles that were to be involved and at what point during an incident. To be able to do this, we worked closely with the customer, and had several in-depth interviews with people involved in incident response.

The second project involved the privacy regulation GDPR. We did an assessment of privacy consequences, so-called Data Protection Impact Assessments (DPIA). For this we used legislations and guidelines from both Norway and Europe to create templates, and used these templates to evaluate the consequences of privacy breaches in three of the clients’ systems. To understand these systems we interviewed people from different departments and at mnemonic.

What did you learn?

The summer has given us a crash course in how to be a consultant working with information security. So we’ve learned quite a lot. On top of the list I would rank learning how to communicate with people in different situations, and how to behave to reach a set goal. We needed to learn this in order to get answers to the questions we were looking for. I have also learned to challenge myself to ask questions, and to be open to jump into unfamiliar situations.

In addition, I have learned a lot about information security in practice, which will be very useful further on in my studies.

What did you like the most about the internship?

The projects we have completed this summer have been real challenges for real customers, and our solutions will hopefully be used by them in the future. That is pretty cool. We have also been able to work quite autonomously, which has been a great challenge.

Last but not least, we have gotten the feeling of what it is like to work as a consultant in information security field, and what it is like to work in mnemonic.

Who should apply to an internship in GRC?

You should apply for an internship in GRC if you love to be around people, want to learn about both technology and business, and are ready for a real challenge!

 

 

Name: Sondre Fingann

Field and place of study: IT Security, University of Oslo

Year: 5th

Department: mnemonic Security Services (MSS)

 

What did you do during the internship?

I got to implement a GraphQL endpoint for a service. GraphQL was already implemented in the front-end, but not in the back-end. My task was to create an endpoint that would work with the website's existing implementation of GraphQL.

What did you learn?

First of all, I got to do my work and see my contribution as part of a larger team’s effort. I had to consider both back-end and front-end as part of my work on the project, and I got to experience the entire development process from planning to production.

I also learned a lot about tools like Jira for planning, Bamboo for testing and GitHub. In addition, also learned a lot about GraphQL, including what advantages and disadvantages there are, as well as what it is like to implement.

What did you like the most about the internship?

The people I worked with. They are very welcoming and have a lot of knowledge that they happily share. Through the internship, I have learned an incredible amount about development and technologies, which has definitely made me a more holistic developer.

Who should apply to an internship in MSS?

People who are interested in security, and who want to experience how it is to work as part of a larger team.

You have to be able to make your own choices and be able to work independently, but if you are stuck there is always someone there to lend a helping hand. If you want to work with a unique security platform, mnemonic is definitely the place you should apply to.

 

 

Name: Audun Gullikstad Hem

Field and place of study: Cybernetics and Robotics, NTNU Trondheim

Year: 5th

Department: mnemonic System Integration (MSI)

 

What did you do during the internship?

I worked on integrating a new anti-phishing product called Mailrisk with mnemonic’s own resources in the area, in the hope of being able to automate the functionality Mailrisk offers to a greater extent.

In practice, this has involved a lot of programming, as the functionality has largely been realised through communication with API endpoints. It has also required a deep dive into applications, both at mnemonic and the various products we have used to achieve the desired functionality. In addition, I’ve been working with Mailrisk, both to reach the desired new functionality on their part and to gain a good understanding of their product.

We’ve also conducted a pilot project with Mailrisk at a few customers, and I have contributed with error correction and answered questions from them. You can read more about the project in this digi.no article.

What did you learn?

First of all, I’ve learned a lot about what it is like to use the knowledge I have learned through studies in a real work situation, with all the advantages and disadvantages it entails. Especially being a piece in a larger machine where all the parts are interdependent, is a lesson that is difficult to get through regular studies.

I have also learned a lot about information security, as this is not something that is much focused on in my studies. Working in an office landscape where everyone has a lot of relevant expertise has been very useful.

What did you like the most about the internship?

I really enjoyed the freedom I got to work on the project in my own way, while a pleasant and open work environment made it easy to get help from those around me when I was stuck. Contributing to creating something completely new was also very rewarding, and it was satisfying to work with something that can hopefully be used by others in the future.

Who should apply to an internship in MSI?

Anyone who has an interest in what is going on in a computer beyond what you see on the screen. I had only had one internet course in my studies up until this point, but with a good basic programming background and an interest in information security, you have what is required!