Internship
In the summer of 2015 I interned with PwC as part of their Information Technology & Project Assurance Team. PwC is the world’s second largest professional services firm and has main focuses in Audit & Assurance, Tax, and Consulting. PwC currently employees over 180,000 people throughout the world and has a physical presence in 157 countries. PwC provides services to 417 out of 500 companies in the Fortune 500 of Global companies and had a revenue of $34 billion in 2014.
As for my internship, specifically I was a member of IT Risk & Security, Cybersecurity sub-team for the duration of my summer. This team is a relatively new addition to the Risk Assurance practice and has a national team around 200 members who are focused on data breaches, data privacy, and regulatory compliance (PCI, ISF, FedRAMP).The purpose of the team is to protect people, information, systems, processes, culture and physical surroundings while evaluating the technical risk for the customer’s information including security and privacy. Main duties of this team is to advise customers on their risk, regulatory concerns, and guidelines while aligning data protection strategies with broader business plans.
As part of the internship I was involved with two client projects and one internal PwC internal project. The first project I was engaged on was an IT risk & security assessment for a nonprofit organization. We worked with the Information Security Forum (ISF) framework to evaluate client operations over 18 different domains of security. To answer the questionnaire I attended and participated in meetings with subject matter experts for the domains we were evaluating and compared the results against their industry peers.
My second client was a cloud server company looking to become accredited with the Federal Risk and Authorization Management Program (FedRAMP). My team evaluated current state information security controls based on FedRAMP and NIST 800-53 guidance and helped the client better understand the regulatory environment and frameworks around FedRAMP. Lastly we evaluated current and developed new risk reduction strategies for cloud computing operations. As a side initiative during my time I helped begin and develop content for Attack & Penetration wiki page for internal use.
I believe my time with PwC this summer will be crucial to my development as a future professional. I learned a lot about the Cyber Security and IT Risk fields and really had a chance to confirm my interest in the fields. I had a chance to network with so many IT professionals and develop good professional connections with the nationwide PwC Cybersecurity team. The best part of this summer experience was working with teams in Los Angeles, New York, North Carolina, and many other cities around the country. I met so many people that I have gained helpful knowledge and experience from, that helped me with the little things along the way, and that’s something that I will not forget.