This is an automated archive.
The original was posted on /r/cybersecurity by /u/Iwnllmao on 2023-08-28 12:14:33+00:00.
Hello everyone.
So I’m kinda in an awkward position. I am a newly appointed (2 weeks in) intern in a software company, which does not have a specific security department or full-time security employee. I have been hired on a 10 weeks internship to look at IT security on a broad scale within the company.
The internship is a part of my IT security education, which only lasts 1.5 years, where the last half year is the internship and final project. I would say I’m pretty unexperienced in the field, and “only” have the 1 year of education under my belt, which I think is a decent foundation to have, but I just feel like the “real world” is something else.
In these 2 weeks, I have been looking at their GDPR and running some vulnerability tests on both their internal and external IP’s. As far as their GDPR compliance, it looks good from my perspective, as they have good and relevant security measures in place, and processes data in a good matter.
And in my vulnerability scans, I have not found anything major – I used nmap and nessus. Which I guess is good for the company? But then again, I’m just doing basic scans and not anything complicated I would assume.
Present day, I have just finished bringing up awareness (by mail) about some employees not locking their screens/computers when leaving their desks. I wrote this in a “playful” manner, but also bringing up the importance of it and also mentioning the security/risk factor.
But now, I really don’t know what to do really. I have tried to research a lot of different things to look at but have not really found anything where I thought: I could give this a go.
Have any of you had some similar experience like this, or have any tips or things I could do? Would much appreciate it! :)