IDA.

role Cybersecurity Intern
period Mar 2025 - Jun 2025
focus Virtualization, infrastructure security
org Institute for Defense Analyses
cybersecurity virtualization infrastructure hardening automation compliance

securing critical infrastructure

the challenge

IDA operates in a unique environment where infrastructure security isn't just about preventing data breaches—it's about supporting critical research, enabling collaboration with government and defense organizations, and maintaining the highest security standards for sensitive work. The infrastructure must be secure, auditable, and compliant with government standards.

The challenge: secure virtualization environments, harden infrastructure, ensure compliance with government regulations, and enable the organization to operate confidently while supporting sensitive research and analysis.

the approach

virtualization security

Virtualization platforms are powerful but create security challenges if not configured properly. Secure hypervisor configurations, isolated networks, controlled resource allocation, and proper access controls ensure that virtualized environments maintain security boundaries.

workstation hardening

Endpoints are the most targeted attack surface. Systematic hardening of workstations—disabling unnecessary services, enforcing security policies, managing software updates, and implementing endpoint detection—reduces the attack surface significantly.

infrastructure compliance

Government work requires compliance with NIST standards, FISMA requirements, and other federal security frameworks. Infrastructure must be designed not just to be secure, but to be auditable and demonstrably compliant with these frameworks.

supporting the cyber team

Infrastructure security supports the broader cybersecurity mission. Providing secure environments for analysts, incident responders, and security engineers to do their work. When infrastructure is a bottleneck, security operations suffer.

what i learned

Working at IDA reinforced that infrastructure security is foundational. In an organization supporting critical research, every security decision has downstream impact. A misconfigured virtual machine or unpatched system can compromise research integrity or create compliance violations. Infrastructure must be rock-solid.

I learned the importance of understanding the regulatory environment. NIST, FISMA, and other compliance frameworks aren't just checkbox exercises—they represent decades of security best practices. Aligning infrastructure with these frameworks isn't restrictive; it's enabling because it ensures you're building on proven security principles.

This experience deepened my conviction that virtualization and infrastructure security are core skills for modern security engineering. Most attacks succeed not because of sophisticated zero-days, but because of misconfigured infrastructure. Getting the fundamentals right—hardening, segmentation, access control, monitoring—prevents the vast majority of attacks.

back to work →
◆ building & scaling view work  ⇒ 📍 based in Virginia
zarhum3@gmail.com © 2025