Lessons from my Internship: IT, Security Tools, and Growing in Tech

Jewels WolterJewels Wolter
8 min read

Diary Entry 003: My IT Intern Experience

Hello everyone, and welcome to The Analyst Diaries, a college student’s blog into all things cybersecurity! As I wrap up my summer internship with Builders, I’ve been reflecting on everything I’ve learned, the people I’ve met, and all the lessons in between! Hopefully I am able to shed some light on the intern experience and that this helps you navigate an early career in cybersecurity as well.

First, though, a little bit about the awesome company I interned for, Builders! Builders is a privately held insurance company headquartered in Atlanta, GA. They specialize in workers’ compensation, general liability, and construction-related insurance and are recognized as a Great Place To Work Certified organization! This is the second year of Builders’ internship program and truly was such a well-rounded experience that centered around the interns, giving us opportunities to connect with the company culture, build relationships, and gain meaningful insight in to the insurance industry.

Hands-On with NIST

Before starting my internship, I honestly had no idea what NIST or ISO were, nor did I realize the prevalence they have across every industry. My supervisor, recognizing my interest in cybersecurity practices, assigned me to work on Builders’ ISP (Information Security Program), which ended up being a main project during the internship.

The ISP Project

The first step of this project was reviewing Builders’ current ISP and brainstorming ideas to align it with industry-standard frameworks, particularly NIST. As part of Builders’ ongoing efforts to evolve their security posture, I focused on translating complex security concepts into clear, actionable language.

I then had the opportunity to meet with the Security and Governance Committee to discuss the roadmap for updating to the policy, what those updates would look like, and the timeline for review and implementation. Sitting in on the meeting was incredibly insightful, as the committee included voices from across the company, not just IT. It gave me a broader understanding of how governance and compliance intersect with departments like finance and HR, and how continuously improving these policies helps organizations reduce risk and grow with confidence.

Next, I reviewed the ERM (Enterprise Risk Management) document. Since the company’s security needs are constantly evolving, it is so important to have the security documents reflect and be in sync with the ERM documents. This experience helped me understand how closely security and risk management are connected at the organizational level, and how InfoSec plays a key role in broader business strategy.

Finally, one of the most impactful parts of the project was the drafting a few NIST-compliant policies and procedures, using the existing ISP as a foundation. This gave me hands-on experience translating high-level security frameworks into actionable internal documentation that both aligns with business needs and remains practical. It also demonstrated to me how structured frameworks like NIST are not just theoretical, but tools that bring clarity, consistency, and confidence to a company’s security posture.

Security Tools in Action

Another aspect of my internship was learning all of the new technologies utilized in the security sector. Whether it be M365, AWS, or insurance-specific platforms, this internship exposed me to many different security tools and ignited a new interest in infrastructure administration.

Microsoft 365 Security

I completed a Microsoft 365 Security, Compliance, and Identity Concepts Course which emphasized the importance of configuring effective security settings to protect data in the cloud. This course covered basic security concepts and methodologies like zero-trust and the shared responsibility model, as well as identity and access management solutions with EntraID, threat protection solutions with M365 Defender and Sentinel, compliance solutions with Purview, and privacy considerations with Priva.

What stood out to me was how these tools are designed to work together, not just as isolated features. It gave me a clearer understanding of what a Microsoft Security Administration role looks like in practice and how these tools can be configured to meet an organization’s specific needs.

I was also able to compile all of my findings and provide my supervisor with tailored guidance addressing some of his security wonderings within Microsoft 365. This included surfacing relevant documentation, offering potential configurations, and exploring common questions around AI privileges and data classification, which is an especially timely topic as more organizations begin adopting Microsoft Copilot and other intelligent features.

AWS & Cloud Security Exploration

To round out my understanding of cloud security, I was given some exposure to AWS and several of its core security services. I explored tools like AWS Security Hub, Config, and Trusted Advisor, getting some insight into how AWS helps organizations monitor compliance, enforce policies, and identify potential risks.

I also spent some time learning about S3 bucket policies and procedures, and created a high-level diagram to illustrate a file transfer process and storage management. While I was not working in a production environment, seeing the AWS console gave me a strong foundational understanding of how identity, visibility, and governance are approached in AWS and how it compares to Microsoft’s ecosystem.

Wins, Growth, & What Stuck with Me

Through this internship there were many technical and personal wins. I had the ability to participate in real projects and contribute to real systems while also improving my soft skills.

Real Impact Moments

As I was involved with the entire IT team during my internship, I got to learn from many people on the team. Each member had different roles and tasks they had to complete, and team member Gary dealt quite a bit in SQL Server! I have been exposed to SQL in the past through my Database Systems course at Auburn, but nothing like what Gary was tasked with. He guided me through writing a few queries and I even got the opportunity to independently write one which was actually used. Outside of the technical skills I gained through the experience, it was super rewarding to see my work being used and know I was adding value here at Builders. I learned to use SQL Server Management Studio and work with company databases.

I also learned a lot about Agile workflows. As I mentioned earlier, the IT team hosted daily scrums where we shared what we planned to accomplish that day. This ensured that everyone on the team was on the same page and offered up the opportunity for collaboration. The company also used Jira, so I spent time learning to navigate the environment and understand the verbiage (i.e. story, defect, BA, QA) so I was not completely lost in meetings.

Soft Skills & Self-Discovery

Technical skills were not the only ones that improved, but working within the IT team helped me improve communication, especially around complex or technical subjects. Interacting outside the team encouraged me to think more about how I can translate those topics into digestible conversation and this skill will help me greatly in expanding my circles and receiving help and guidance from outside sources.

Through all of this work, I realized that I really enjoy translating technical concepts for broader audiences, like how I did in the NIST/policy work. This exposed me to the field of Governance, Risk, and Compliance, which is a career path I am now exploring. Another path that piqued my interest is System/Infrastructure Administration. I could definitely see myself in one of these roles, combining interacting with people and constant learning of new platforms. I also found that I enjoyed the hybrid model of work, the mix of in-person interaction and remote days aided in my learning and seems like the ideal work format that I’ll attempt to pursue post-grad. Finally, I learned that I am energized by fast learning environments, being trusted with ‘real’ tasks and working cross-functionally were really exciting aspects of the internship.

Advice for Future Interns

The internship hunt was tough this year, but ended up being extremely fruitful. If you are currently going through it, don’t give up and you’ve got this! Any opportunity can turn into something valuable, and even if my title was “IT Developer Intern” I still got the chance to explore my interests and found some new ones along the way! My advice would be to not discount anything and ask a question every chance you get, you never know where it will lead you.

If you have secured an internship (first of all, congrats) here is my advice for making the most of it:

  1. Ask questions: I cannot even explain how important this is, be a sponge, most likely everyone you will be working with wants you to succeed and wants to pour into you, so do not be afraid to ask the stupid question (I sure have).

  2. Be ambitious: Do not be afraid to put yourself out there! If you see something you’d like to be involved in, ask about it, do your own research, and show that you are engaged in what is going on at the company.

  3. Don’t take anything too seriously: Finally, this one is key. At the beginning, I was so caught up in doing something wrong or being judged, but eventually I had to let that go and remind myself that I am young and doing life for the first time! It is OK to mess up and the people you are working with are people too, so its also OK to make jokes and be yourself.

Conclusion

To conclude this very long-winded explanation of my internship, I just want to express how grateful I am for the opportunity. This summer taught me much more than just frameworks and tools, but gave me clarity, confidence, and deeper excitement and hope for my life post-graduation. Also, I was voted “Most Likely to Join the CIA” so if any CIA recruiters are reading this out there, you know who to reach out to.

Thank you so much for reading! If you have any questions or are navigating your own early career path, please reach out, I’d love to chat!

I am super excited to continue to learn more about the world of cybersecurity and continue to share it on this blog: The Analyst Diaries.

Until next time,

Jewels from The Analyst Diaries :)

0
Subscribe to my newsletter

Read articles from Jewels Wolter directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Written by

Jewels Wolter
Jewels Wolter

Hi! I’m Jewels, a passionate cybersecurity enthusiast and aspiring SOC analyst. I’m currently building hands-on experience through a home cybersecurity lab where my goal is to simulate real-world attacks and monitor them using SIEM tools like Wazuh and Splunk. I’m also working toward industry certifications like the CompTIA Security+. This is my personal space to share what I’m learning, whether it’s setting up virtual environments, analyzing security alerts, or exploring defense strategies. My goal is to document my journey so that others new to cybersecurity can follow along and learn with me! If you’re interested in practical tips, lab walkthroughs, and foundational SOC skills, you’re in the right place. Feel free to reach out or follow along as I grow my skills and prepare for a career protecting digital systems.