I would recommend you look at simple facets of cyber-security. While being well versed about http://nist.gov/ NIST and http://www.netip.com/links/nsa_guides.htm NSA and related guidance is helpful when speaking about cyber-security... you may want to consider more common security problems for your internship.
For example, many companies have identity management problems - particularly in industries with largescale mergers. Just documenting the variety of identities each employee has on different systems and blueprinting recommendations for consolidation can be a considerable task. Even on a small scale - lashing an identity scheme together for operators in a data center - this can be worthwhile and involved work that may get into topics like logging, auditing, provisioning, policy, identity consolidation, integration...
Likewise, most companies have security policy problems - either they implemented overly restrictive policies and have rapidly bypassed them (using local admin accounts or promoting people to domain admin levels of access), or they implemented piecemeal policies project by project resulting in no consistency and no centralized manner to audit and manage the policies in place.
You may also want to consider application integration security. E.g. web applications that authenticate locally but then redirect the internal user to an external site. The token handling and identity exposure of both the company and the user to the third party site (an outsourced customer service application for instance) is handled differently with each implementation - and consolidation would provide many benefits for businesses varying from retail to financial.
While doing core philosophical cyber-security work may be out of your reach due to the limit of your current credentials - documenting and/or implementing simpler aspects of cyber-security may be an avenue leading to greater opportunities.
...As for industries - well, I would strongly suggest banking, insurance, securities, and healthcare...
Slashdot Mirror
I would recommend you look at simple facets of cyber-security. While being well versed about http://nist.gov/ NIST and http://www.netip.com/links/nsa_guides.htm NSA and related guidance is helpful when speaking about cyber-security... you may want to consider more common security problems for your internship.
...As for industries - well, I would strongly suggest banking, insurance, securities, and healthcare...
For example, many companies have identity management problems - particularly in industries with largescale mergers. Just documenting the variety of identities each employee has on different systems and blueprinting recommendations for consolidation can be a considerable task. Even on a small scale - lashing an identity scheme together for operators in a data center - this can be worthwhile and involved work that may get into topics like logging, auditing, provisioning, policy, identity consolidation, integration...
Likewise, most companies have security policy problems - either they implemented overly restrictive policies and have rapidly bypassed them (using local admin accounts or promoting people to domain admin levels of access), or they implemented piecemeal policies project by project resulting in no consistency and no centralized manner to audit and manage the policies in place.
You may also want to consider application integration security. E.g. web applications that authenticate locally but then redirect the internal user to an external site. The token handling and identity exposure of both the company and the user to the third party site (an outsourced customer service application for instance) is handled differently with each implementation - and consolidation would provide many benefits for businesses varying from retail to financial.
While doing core philosophical cyber-security work may be out of your reach due to the limit of your current credentials - documenting and/or implementing simpler aspects of cyber-security may be an avenue leading to greater opportunities.