Cybersecurity Internship Program

Program Overview

This is a structured cybersecurity internship built around a single principle: security is about trust boundaries. Every module starts from the question where does trust change hands? and works outward from there. The intern learns to think like both attacker and defender, using the same mental model from both perspectives.

The program runs on real infrastructure — a production Ubuntu VPS running Nginx, Node.js, PM2, and SQLite. Exercises are performed against live services, not pre-built vulnerable VMs or classroom simulations. The intern hardens systems that face the actual internet, reviews code that serves real users, and investigates logs from real traffic.

AI tools are integrated throughout, but the goal is AI judgment, not AI usage. Every candidate in 2026 uses AI. What distinguishes this program is documented critical evaluation — when AI helped, when it misled, and how to tell the difference. The intern produces an AI usage journal that demonstrates intellectual discipline, not just tool proficiency.

Curriculum Structure

25 modules across 6 tiers, sequenced so each tier builds on the mental models from the previous one. Integration checkpoints at the end of each tier connect concepts before moving forward. Total program: 330–360 hours of active learning.

Tier 1: Core Mental Models Weeks 1–3

MOD-001Trust Boundaries & Attack Surface Mapping15–18h
MOD-002Reconnaissance & Information Gathering10–12h
MOD-003Cryptography in Practice16–18h
MOD-004Privilege Escalation & Boundary Crossing16–18h
MOD-004.5Attack Chain Bridging Lab4–6h

Tier 2: Applied Infrastructure Security Weeks 3–5

MOD-005OS & SSH Hardening18–22h
MOD-006Web Server Security — Nginx & TLS16–20h
MOD-007Database Security — SQLite & Injection Prevention14–16h
MOD-008Process Management & Isolation12–14h
MOD-006.5Web Application Architecture Fundamentals6–8h

Tier 3: Application Security Weeks 6–8

MOD-009Input Validation & Output Encoding18–22h
MOD-010Authentication & Session Management16–18h
MOD-011Authorization & Access Control12–14h
MOD-012API Security & Rate Limiting14–16h
MOD-013Dependency & Supply Chain Security10–12h

Tier 4: Offensive Security Weeks 8–10

MOD-014Penetration Testing Fundamentals6–8h
MOD-014.5Attacker Mental Models6–8h
MOD-015Web Application Penetration Testing20–24h
MOD-016Infrastructure Penetration Testing12–16h

Tier 5: Defensive Operations Weeks 10–11

MOD-017Logging, Monitoring & Alerting16–20h
MOD-018Incident Response & Forensics12–16h

Tier 6: Governance & Capstone Weeks 11–12

MOD-019Security Policy & Compliance12–16h
MOD-020Secure Development Lifecycle12–14h
MOD-021Capstone — Full Security Audit20–30h

Cross-Cutting Threaded throughout

MOD-AIAI-Powered Security Operationsintegrated

What You'll Build

The portfolio is evidence of thinking, not a trophy case. A hiring manager should be able to see how you decompose systems, identify risk without being told what to look for, and make trade-offs between security and usability. Every artifact below answers at least one of those questions.

Security Posture Comparisons

Before-and-after hardening documentation with line-by-line rationale for every decision. Not "I configured SSH" but the specific risk addressed, the trade-off accepted, the verification performed, and the remaining exposure.

Attack Chain Narratives

End-to-end narratives tracing reconnaissance through trust boundary identification, exploitation, and privilege escalation. Drawn by the intern, not generated by a tool. Demonstrates attacker-mindset reasoning.

Penetration Test Reports

Professional-format reports from both web application and infrastructure testing. Includes proof-of-concept exploits, severity assessments, and prioritized remediation recommendations.

Code Audits

Security reviews of real applications with findings ranked by impact and exploitability. Injection flaws, authentication gaps, authorization bypasses, and dependency vulnerabilities documented with evidence.

Incident Response Playbooks

Operational runbooks covering detection, containment, eradication, and recovery. Built against realistic scenarios, tested against the intern's own infrastructure.

AI Usage Journal

Documented critical evaluation of AI-assisted security work. When Claude helped, when it produced incorrect output, what the error was, how it was caught, and what the intern learned. The rarest artifact in an entry-level portfolio.

Capstone: Full Security Audit

A comprehensive audit consolidating the entire program. Unified risk register, 12-month security roadmap, executive-level report, and presentation. Demonstrates holistic security thinking at a level most entry-level candidates never reach.

Certification Alignment

The curriculum is designed around competency, not exam prep. But the depth of coverage aligns substantially with industry certifications. Coverage is reported honestly as two numbers: hands-on depth (directly exercised in labs) and conceptual awareness (covered in readings and discussion).

CompTIA Security+ (SY0-701)

Hands-on

72%

Conceptual

85%

Strongest coverage in Security Operations (28% of exam, ~90% hands-on) and Threats/Vulnerabilities (22%, ~90%). Governance domain is conceptual-only.

CompTIA CySA+ (CS0-003)

Hands-on

55%

Conceptual

70%

Strong overlap in security operations, vulnerability management, and incident response. Enterprise SIEM and SOC-scale tooling are conceptual.

NICE Cybersecurity Workforce Framework

Aligns to Protect and Defend (PR), Analyze (AN), and Operate and Maintain (OM) work role categories. Module-level KSA mapping documented in curriculum framework.

NIST Cybersecurity Framework 2.0

Curriculum exercises map across all six CSF functions: Govern, Identify, Protect, Detect, Respond, and Recover. The capstone audit uses NIST CSF as a structural reference.

AI Integration

As of 2026, AI integration is a job requirement, not a credential. Over 64% of cybersecurity job listings explicitly require AI, machine learning, or automation skills. Entry-level SOC analyst postings now list AI-assisted log triage and basic prompt engineering as expected at hire.

Using AI to analyze logs does not distinguish a candidate. Every candidate in 2026 is doing something similar. What distinguishes this program is documented AI judgment.

AI is not a standalone module. It is threaded across the curriculum at natural integration points: configuration review, code auditing, dependency analysis, log triage, and incident reconstruction. The intern uses Claude Code as a working tool, then documents every interaction where AI output required correction, context the AI lacked, or assumptions that needed validation.

The deliverable is an AI usage journal full of failure documentation — not a portfolio full of AI-assisted deliverables. This requires more security knowledge to produce well than to produce poorly, which is what makes it a meaningful signal to hiring managers.

Infrastructure

Exercises run on real infrastructure, not simulations. The intern works with a production-adjacent environment that faces the actual internet — the same kind of system they would maintain in a junior security role.

— Ubuntu VPS
— Nginx reverse proxy
— Node.js applications
— PM2 process manager
— SQLite databases
— Claude Code (AI tooling)
— Cloudflare DNS/CDN
— UFW firewall
— fail2ban intrusion prevention
— auditd logging
— Burp Suite Community
— OWASP ZAP

Hardening exercises, penetration tests, and incident response scenarios are all performed against this stack. Sandbox environments with reset scripts are used for destructive testing, but the reference point is always production reality.

Program Details

Duration

10–12 weeks330–360 hours of active learning

Format

Async-first, virtual check-insSelf-directed with structured checkpoints

Time Commitment

~30 hours per weekFlexible scheduling within weekly milestones

Prerequisites

Basic Linux CLI, cybersecurity interestNo prior security experience required