An internship can serve as a critical step toward a career in cybersecurity.
As you begin your job search in the field of cybersecurity, you might find that many job postings require previous experience, sometimes even for entry-level positions. One way to gain real-world security experience is to get a cybersecurity internship.
In this article, you’ll learn what cybersecurity interns do and what types of internships are available. You’ll also better understand the benefits of seeking an internship, as well as tips for making the most of your time as an intern.
Get started in cybersecurity with the IBM Cybersecurity Analyst Professional Certificate on Coursera. Gain hands-on experience with industry tools as you practice incident response and forensic techniques.
A cybersecurity internship is typically a temporary position at a company. As an intern, you’ll often gain experience with some of the basic, administrative tasks of a cybersecurity analyst, often under the supervision of an experienced professional. The exact nature of the internship will vary depending on the company. Here are some tasks and responsibilities pulled from real cybersecurity internship listings on LinkedIn:
Testing web application security
Monitoring inbound security data
Responding to minor security events
Escalating events as needed
Assessing network security for vulnerabilities
Disassembling and debugging malicious software
Assisting with penetration testing
Developing scripts and automation
Helping to design and implement security solutions
In some internships, you may work with a security team performing tasks as needed. In other internships, you may be assigned a specific security project to work on, either on your own or with other interns. Projects might include designing and building a security system for a specific purpose, auditing a system, planning and performing penetration testing, or conducting security awareness training.
Internships may also vary from company to company based on how they compensate you for your work. Let’s take a look at some common types of cybersecurity internships.
Working as an intern doesn’t mean going without a paycheck for a prolonged period of time. Many internships in cybersecurity offer payment at an hourly rate. The average pay for a cybersecurity intern in the US in July 2021 is $30 an hour, according to ZipRecruiter .
If you’re a student, check with your college or university to see if you can earn credits toward your degree program by completing an internship. Internships for academic credit might be paid or unpaid. Many internships meant for students take place during the summer months when classes are not in session.
An externship, or job shadow, gives you the opportunity to follow a cybersecurity professional for a set period of time. This could be anywhere from a couple of days to several months. Think of it as a short preview of what the job is like.
Unlike internships, job shadows are usually unpaid and the training tends to be less detailed. This is a good option if you want to experience for yourself whether a career in cybersecurity is the right fit for you.
The benefits of a cybersecurity internship can extend beyond pay and college credit. Here are some other benefits you could gain from your internship.
One of the most valuable benefits of an internship is the chance to gain experience for your resume. Many cybersecurity jobs require previous work experience. An internship is one way to gain that experience.
Experience can be the best teacher. Putting your cybersecurity knowledge to work in a real company setting can be an excellent way to accelerate your skill development. During an internship, you may get to work with a range of security software, including network security monitoring tools, packet sniffers, vulnerability scanners, firewalls, and antivirus software. Depending on the role, you may also get to hone your programming skills by writing scripts and automating tasks.
Working on a team—whether remotely or in person—presents an opportunity to develop critical soft skills as well. Take this time to work on being a better communicator, problem solver, and critical thinker.
As an intern, you’ll likely get to meet and work with cybersecurity practitioners with different roles and backgrounds. You may also work cross functionally with other teams at the company. These relationships can sometimes lead to new career opportunities in the future.
As an intern, you may also get paired with a manager or senior member of the cybersecurity team. This person can serve as your mentor, both during the internship and in some cases, throughout the rest of your career.
An internship gives you the chance to experience what working in cybersecurity is like before investing the time and effort into finding a job. Sometimes, an internship will grow your passion for the work. Sometimes, an internship shows you that cybersecurity isn’t what you expected, and that your skills and talents might be a better fit in another field.
While this is not always the case, some internships can end in an offer for full employment with the company. Even if your internship does not end in a job offer, you can still approach your job search with a letter of recommendation from your internship manager or mentor.
You may be wondering where you can find an internship, especially if you’re not currently a student with access to a career services office. In this section, we’ll take a closer look at sources of government and non-government internships to accelerate your search.
In information security, one of the best places to find an internship is through a government organization. Governments typically have robust cybersecurity programs, and many government internships run at regular intervals. Here are some government-sponsored internship programs in the US:
Department of Homeland Security (DHS): This internship program places current undergraduate and graduate students interested in cybersecurity alongside industry professionals within the DHS. Programs last 10 weeks, take place in Washington, DC, and include a salary.
Cybersecurity & Infrastructure Security Agency (CISA): CISA hires students enrolled in accredited programs from the high school to the graduate level for their paid internships. Interns have the chance to tour the labs, meet with senior management, and attend local conferences. CISA also has a program for recent graduates.
National Security Agency (NSA): The NSA offers internship programs for high school and college students, as well as Development Programs for those already in the workforce to gain the skills needed for a career switch. Internships are paid, and the length varies based on the individual program.
Central Intelligence Agency (CIA): The CIA hires both undergraduate and graduate students to its paid internship program. In addition to a salary, participants get full benefits during the course of the program.
Federal Bureau of Investigation (FBI): The cybersecurity intern program with the FBI allows undergraduate and graduate students to apply for 10-week paid internships at select field offices across the country.
Many companies and organizations also offer internships for aspiring cybersecurity professionals. You can typically find these opportunities by searching “cybersecurity internship” or “cybersecurity intern” on job boards like LinkedIn, Indeed, and ZipRecruiter.
These companies regularly hire cybersecurity interns:
An internship can be a good step toward a career in cybersecurity as they’re often designed for students or career switchers without prior job experience. Specific requirements will vary from company to company, but here are a few you might see:
Student status: Some internships require that you be a student in an accredited institution.
Citizenship: To get a security internship with a US government agency, you’ll likely need to be a US citizen.
Security clearance: Due to the sensitive nature of the work, you may be required to attain a certain level of security clearance.
Similar to a job, you can expect to apply for an internship by completing an application and submitting your resume and cover letter. You may also have to complete one or more interviews as part of the application process.
Since you may not have work experience directly related to cybersecurity, your resume should highlight any relevant coursework, information technology (IT) experience, and transferable skills (like programming, leadership, or technical writing).
You can also demonstrate your interest in cybersecurity by participating in cybersecurity contests or bug bounty programs. These events, hosted by various organizations and software developers, offer recognition and sometimes compensation to individuals who find and report bugs in code or vulnerabilities. Include these on your resume, even if you don’t win.
If you’re considering a cybersecurity internship, here are some tips for how to find one that fits your needs, as well as how to make the most of the opportunity.
Apply for more than one internship. Some programs can be competitive, so it’s a good idea to give yourself options.
Be eager to learn, but remember that you’re also there to do work. Ask lots of questions.
Build relationships with the people you meet. If someone at the company is working on a project that interests you, ask if you can have lunch together to talk about it.
Document your work. Keep track of the projects you work on and the security software you work with so you can include them in your resume. Find ways to measure your impact with metrics, if possible.
Remember to ask for a letter of recommendation when your internship ends. Your manager can write a stronger letter when your work is fresh in their memory, rather than a few weeks or months later when you’re applying for jobs.
Start building job-ready cybersecurity skills with the IBM Cybersecurity Analyst Professional Certificate. Learn from top experts at IBM, and earn a career credential for your resume in less than six months.
1. ZipRecruiter. "Cyber Security Intern Salary, https://www.ziprecruiter.com/Salaries/Cyber-Security-Intern-Salary." Accessed on July 13, 2021.
This content has been made available for informational purposes only. Learners are advised to conduct additional research to ensure that courses and other credentials pursued meet their personal, professional, and financial goals.