Summer is one of our favorite times of the year — and not just because of the beach days. Every year, we host (and learn from) interns from colleges and universities worldwide.
In this episode of the podcast, former intern — and current Paranoid — Alden Schmidt and GRC Security analyst Chris Faulkner, who leads the internship program, talk about:
Hosts: Shawn Thomas (FIRE Chief) and Steven Asifo (Technical Security Manager, Governance, Risk, and Compliance)
Guests: Alden Schmidt (Forensics and Incident Response Engineer) and Chris Faulkner (Sr. Technical Security Engineer & Paranoids Internship Coordinator)
Summer is one of our favorite times of the year — and not just because of the beach days. Every year, we host (and learn from) interns from colleges and universities worldwide.
In this episode of the podcast, former intern — and current Paranoid — Alden Schmidt and GRC Security analyst Chris Faulkner, who leads the internship program, talk about:
Hosts: Shawn Thomas (FIRE Chief) and Steven Asifo (Technical Security Manager, Governance, Risk, and Compliance)
Guests: Alden Schmidt (Forensics and Incident Response Engineer) and Chris Faulkner (Sr. Technical Security Engineer & Paranoids Internship Coordinator)
Welcome everyone to another addition of the Paranoid podcast. My name is Steven Asif, o on the Paranoid Cybersecurity Team, and today we have a special topic where we're gonna be talking about how we introduce and cultivate new talent to the paranoid via our internship program. I first wanna introduce my co-host, who I was not able to have on last time. Sean Thomas, what's going on? Sean?
Speaker 2:Hey, thanks Asif o I appreciate it and it's great to be back. I'm glad that the time is there. Um, as, as my friend here has mentioned, my name is Sean Thomas. I'm the director of the forensics in Incident Response engineering team here at Yahoo. And subsequently also one of the folks who has spearheaded the internship program after the last, over the last four years. So I'm super excited to talk about this today.
Speaker 1:All right, as am I, but first we also have to introduce our special guest, Chris Faulkner and Alden Schmidt. Chris, introduce yourself, my friend.
Speaker 3:Hi everyone. My name is Chris Faulkner and I'm a senior technical security engineer here at Yahoo. I'm the pleasure of working with, uh, Mr. Seif on our executive risk evaluation team. I also helped manage the Paranoids internship program. I just wanna say for the record, I'm really excited to be on this podcast. I feel like I just want a green jacket after winning the Masters. So really happy to be here.
Speaker 1:We are happy to have you here. Go g r c and Alden, you wanna introduce yourself, my friend?
Speaker 4:Yeah, thank you Steven. And, uh, and Sean? Uh, so my name's Alden. Uh, I'm on the fire team, which is, uh, headed up by Mr. Sean Thomas. Um, I'm a technical security engineer. Um, I'm only here part-time cause I was uh, I was intern last summer. Um, so I will be, uh, starting full-time here in a couple months.
Speaker 1:Okay. So we have, so you
Speaker 2:Bring on, I bring one, that's how this works. Like I can't let
Speaker 1:GRC
Speaker 2:Overrepresent.
Speaker 1:Okay. So the table has been set for this conversation. We have someone who did the internship. You know, we have Chris who helped design this past year and now we also have you Sean, who's been a large part of it the past few years. So not every company has the opportunity or the team to be able to offer an internship. So can you just give some background for people that are listening, uh, you know, is this new for the paranoids and how would you describe this, you know, internship program that we, we put on?
Speaker 2:Yeah, absolutely. So in internships are not new for the paranoids, nor are they new for Yahoo. Um, but what's really important to talk about is the Yahoo Internship program comes with its own bits and pieces, right? They have internal events and all kinds of different stuff that they do, but we, and the paranoid, like, we like to go big, so we like to do a little bit extra and we really look to get a couple things out of that internship program when we bring folks in. And that was really my goal when we start, when I started bringing in interns personally, is hey, how do I make their experience awesome? And then I just figured, well, you know, if I'm gonna make their experience awesome, how can I help make all the other internships, like all the other interns experience awesome too. So we try to really focus that in a couple areas. There's like the, the building and like growth within their team and not just their team, but the other interns and the bonds that those folks share. There's the visibility that they get as well as the exposure that they get to different parts of cybersecurity as a student perspective. Um, and then there is, and I'm totally blanking on where I was going with this thought right now, which is always fun. It's alright, it's alright. I'll come back to that in a minute and talk about the first two. Okay, nevermind. I got it. Real life work experience, which is something that's really important. There's no like, just go get coffee.
Speaker 1:Maybe the most important
Speaker 2:<laugh>. Yeah, right. There's no like, go get coffee here. Like, it's all about real life work experience. So we do that in a couple ways, right? We do intern events, we do meetings with every senior leader from the CISO down and different teams who can teach different areas of their expertise. And really how all the managers scope out their internship job becomes really important too, to make sure that they're getting that three months is enough for them to go, I know how to do a job.
Speaker 1:Okay. So before we get too deep into the rest of the parents, I just want to clarify for people that are listening is that the internship is a part of the overall company and part of that is being placed within the paranoid and we take a little extra tailoring to say, here's what a paranoid internship looks like within the larger company. Is that fair to say?
Speaker 2:That is, that is exactly fair. But
Speaker 3:Absolutely it
Speaker 2:Would be remiss as we talk about this topic if as I've gotten busier and busier and Chris has gotten more and more involved, I mean Chris is really the one who's responsible for the, for last year's internship program going into this year. So I really wanna turn it over to him. He's put a lot of care and structure in place for the program. He's basically taken it from me doing a couple things to make things really cool, to like a real meaningful program and I wanna let him talk about that.
Speaker 3:Thanks Sean. Yeah, it was a real, um, it was a real treat being able to work on this program. I think it just highlights one of the things we have in the paranoid where, you know, you can raise your hand and just run with, uh, initiative or an idea that you have. So, um, Sean, let me work on this with him and we had a real blast doing it. So just to highlight a couple of the things Sean said, we wanted to make sure that the internship program felt like, um, individuals were really a part of the team during their, uh, internship program. So over the course of eight to 10 weeks, we have interns focused on a specific security area, but we also give them the ability to explore different areas within the paranoids, which was huge. So you might work in an area such as technical security services or maybe working on developing security application functionality within the paranoid, but then you have the ability to explore areas such as forensics in incident response during the course of your internship. In addition, we also made sure that we had programming and events that interns could explore, um, get the chance to meet senior leaders like Sean mentioned, and learn a little bit more about how they got into their roles in their day-to-day work. Another highlight for our interns was the ability to go to Defcon, which was huge. I mean, how many interns really get the chance to say that they get to go to Vegas during their internship? So that was really cool. Interns got the ability to mingle with other paranoids while they were there and learn about the larger security industry.
Speaker 2:And not only outside of that, we do that, hold on. Not only did they get to do that, they got to have the anxiety inducing event of sharing their, uh, final intern projects or talking about their internship in front of every leader at the paranoid, which
Speaker 1:Oh there and they true. They did great.
Speaker 2:It, it was great. And I make the joke that it's an anxiety-inducing event, right? But if you think about it, how many college kids really get that opportunity to take the work that they've done, the ideas that they've had and get to go, hey, like I'm gonna talk to all of you about this and I get to share this in that, that visibility and that kind of scope and like to see that and build those connections with leaders across the whole business. Right?
Speaker 3:That's a great point. Yeah, not too many interns get the chance to do that, especially with the C-suite. So it was just really cool seeing all the hard work they put in. And then on my end, I'm not really nervous cuz I didn't have to present during the final presentations, but uh, I really got to watch them and see all the hard work that they put in, um, and present. And it just goes to show how much Yahoo and the paranoid specifically value the internship, you know, uh, in interns were doing actual work that impacts our organization as a security team. So that was really cool to see.
Speaker 1:So all I wanna go,
Speaker 2:You hold, hold on, let CFA real quick. I gotta ask Alden, how, how like just anxiety inducing was that final presentation, like we're telling you about it from our perspective? How was your perspective of it?
Speaker 4:Well, so the presentation itself like wasn't as nerve wracking as the fact that when I got to Vegas, I never changed my Google calendar settings to adjust for the time change. Uh, so it was like, I thought, you know, it was at 6:00 PM like nice and late so I can, you know, shower, whatever. So it was about two 30 ish and I was, you know, getting ready to take a shower, get freshened up for the presentation, and then I get a text from Sean that's like, Hey dude, where are you? Presentation's start in like 10 minutes. And so I had to do a quick uh, like mile and a half run down the strip to, uh, to get to boss to give my presentation. Cause uh, I I did forget that it was, uh, I didn't forget. I just, I missed mis calendarized it.
Speaker 2:I wondered if you were gonna tell that story.
Speaker 1:I get into your internship experience, Alan, but first I want to, you know, make sure we dress. So Sean and Chris, it's not necessarily your job, right, to say like, Hey, let's go and design an internship program. So can you describe like kind of where this passion comes from for you guys? Or just like, why is this so important for the paradise to have their own experience within that of the larger company?
Speaker 3:Yeah,
Speaker 2:John, Chris, you wanna, do you wanna take it first? I, I, yeah, I'll take it first. Go.
Speaker 3:I, I was gonna say, I think it just comes from my own experience. You know, I had really positive internship, internship experiences, um, and I just really like giving back to college students, you know, if they can avoid some of the mistakes I made or I have some wisdom I can share with them, I always want to give back in that way. Uh, but I think it really stems from just having, um, really cool internship experiences at the organizations I've worked at in the past.
Speaker 2:Yeah, yeah, I'm I'm actually not that dissimilar from that other than not really having cool internship experiences myself. Um, but like ever since it, my, my entire time, like even as a leader here or a leader before I came here, like in a lot of ways, like, I consider myself an educator. Like I love to educate, like I love to help people out. I love to help people kind of find their career and their passion. That's always been something for me. And I love seeing the next generation come up. And I always have, you know, I, I do a couple, I, I teach at a couple high schools every year. Like I go in and guest lecture and do that kind of stuff cuz I love it. So when we had the opportunity and like no one was really picking this up, I said, well how can we make this really special? Cuz like, let's make this an opportunity. Folks won't forget. Now let's also not forget, like as a manager, it's good for me to bring in cool people that like I might hire later, but we can talk about that later. But also like I want people to go out and be like, wow, I really liked working there and I really liked working with those people and that was a cool experience. So we get more cool interns next year and it just continues to build the legacy of like cool people doing cool things.
Speaker 1:All right. Uh, and speaking of talented interns, and you've kind of already touched a little bit on it, Alden, but let's back up a bit into how did you kind of come across hearing about the internship? What was the interview process like? Just for people that are listening may not be familiar.
Speaker 4:So honestly me finding out about the paranoid was kind of one of those, like the moons all lined up nicely cuz it was, uh, it was fall I guess of last year. And so as many college students do around that time I was looking for internships. Um, so I had a couple like really negative interviews, uh, you know, didn't go so well. Um, but then in one of the security discords that I'm a part of, uh, the Paranoids job posting it sort of got, I think floated around. Um, and so from there I applied and then, uh, and then yeah, it was onto onto interviews. Um, so there was sort of two, I think it was three calls. One was like with HR recruiting and then two with, um, some the fire managers and then one call with, with Sean. Um, so the first call was mostly like, uh, talking through technical subject areas. So it was going through like background knowledge of like Linux or security stuff, forensics, networking, all that kind of good stuff,<laugh>. Um, and then after that call, the second one was with Sean. Um, and that one was a little bit more intense. It was friendly, it was good<laugh>. Um, but that one was essentially talking through a, uh, a sort of investigation scenario. So I don't wanna give away Sean's interview, his favorite interview question here. But, uh, um, yeah, basically just walking through how you would resolve some sort of security situation, uh, which was really interesting cause cause it was a nice open-ended question and so it wasn't as like scary as just like sitting down to lead code for an hour, which can be very like, intimidating as a computer science student, that's generally the kind of interview you're, you're going in and expecting. Um, so yeah, that was sort of the, the interview process.
Speaker 2:So then you get the job right and you have the internship. So how many other interns started with you? Were you all working on the same stuff?
Speaker 4:Yeah, so I think there were six other like paranoid specific interns. Um, they, I think two of them started at the same time as I did. And then the other one sort of trickled in over the course of like, I think the next month. Um, but in terms of like the breakdown of the teams, I think four of them were on engineering. I think there was one on, uh, advanced Cyber Threats and then there was me and Fire. Um,
Speaker 1:And so you mentioned your final presentation that each interns did. Um, can you share maybe just at a high level some of the different projects that you guys each had or that you can remember?
Speaker 4:Yeah, absolutely. So, um, I think in terms of engineering projects, um, so there was one project on working on integrating, uh, E B P F for doing some like network detection stuff. Um, there was another project on detecting anomalous login behavior, um, for like breached accounts using some really fancy machine learning that probably way over my head. Um, there was another fantastic project, um, working on something called Context, which is a open source tool that the, the paranoid developed that's really fantastic. So there's a lot of cool like improvements to that. Um, and then there was also some, uh, some threat research that was being done, which was also really cool.
Speaker 1:And shout out to all those interns that did those presentations.
Speaker 2:Oh, absolutely. They did a fantastic job. Like we had a really good batch of interns. We always have really good batches of interns. It's always super fun. So yeah,
Speaker 4:It was an amazing crew,
Speaker 2:You know, and, and you know, coming from me like since I am your boss, like I'm the perfect person to ask this question. Um, but you know, looking back at the internship program as a whole, knowing the effort that that folks put into it, you know, as we talk about it now, like what were your really your highlights from the program? Like what really stood out to you? Because we do this stuff for y'all. So
Speaker 4:Yeah, so there, I mean there was like a lot of highlights. I think meeting with the senior leaders was really cool just because it was one of those opportunities that like, I don't think a whole lot of interns necessarily get, you know, talking to people who have been in this industry for, you know, super long time, incredibly talented, just getting like a solid like half an hour to like pick their brains was, was super valuable. Um, obviously like besides meeting with senior leaders and stuff, just participating in incidents and things was really exciting for me as an intern. Um, because I guess like the assumption as, you know, coming in is not that you're gonna be able to just like jump into like the incredibly critical work that like security folks are doing. And so the fact that like I got to, you know, actually observe and help during these sort of security incidents was, was very sort of, I dunno, exciting. Um, and then obviously Defcon was super duper exciting. Um, cuz as Chris said, like not many interns get to say that they went to Vegas, um,<laugh>, you know, with their, with their company. Um, I'm sure my mom definitely gave like a sci eye to that one at first until I<laugh> until I explained it. But, um, but yeah, that was amazing. I mean, it was awesome to hang out with all the paranoid, the paranoids through an amazing event at Defcon. Um, so like meeting all of the colleagues sort of in person was, was super exciting. Um, obviously giving the presentation was a little nerve wracking, but was again like an amazing experience. It's, it's fun to share sort of the hard work you've done, um, to all these senior leaders. So yeah, it was a lot of highlights, but yeah, those are the big ones.
Speaker 1:Well, and, and, and thank you, you know, for not holding back on all the highlights. And so I guess going back to you, uh, Sean and, and Chris first maybe, uh, how much kind of like hearing Alden's highlights was by design? Like, hey, when we first set out for this batch of interns this year, here's some of the things we wanted them to be like, all right, this is really gonna resonate with them.
Speaker 3:I think the majority of it was by design prior to the internship. You know, I met with, um, Sean and uh, a couple other paranoids and we tried to build out what we wanted the program to look like. Uh, we also talked about our love of Legos and retro video games, but that's probably for another podcast. Um, so that was really fun. Um, but we wanted to make sure that, you know, the interns felt like full security team members. We didn't want them to feel like, hey, you guys are kind of alone during the internship and just, you know, on an island is interns. Um, so we think we accomplished that by also giving them the ability to explore different areas within the paras. I think, um, one of the biggest things that we wanted to also do was be flexible. So we got a lot of good feedback from the interns during the program on, you know, different areas that they wanted to explore. So we pivoted actually during the internship and, you know, uh, geared some of our security deep dives to areas of interest for the different interns. So that was really cool. And you know, that, like I said, that that, um, advice is really invaluable going forward and building out the program.
Speaker 2:So that's, that's kind of one of the big things too, right? And that's one of the things that's really worth taking a minute. Like y what you learn in, in college for security is, is a baseline. Like you learn a baseline to come into an industry, but like this industry is huge. There are so many facets to it. There are so many different things that you can do. I mean if you look at the, the guests we've had on this podcast, if you look at the people who are here on this podcast right now, right? Like we all do wildly different things. So it, one, one thing that's always been by design for me is, is interns come in, even if they come into my program or they come into another program, let them experience some of the breadth that exists in the industry because that can really kind of help them figure out in the long term like, oh, like maybe I don't want to do incident response work. Maybe I want to do red teaming or maybe I wanna do grc, um, or maybe I want to go in some other direction. Like because, and now I've had the opportunity not only to understand that, but to talk to the folks who are leading these and like understand how they operate. And that in and of itself has a whole other value. That's by design by the way, because when you understand how all the people around you, like all of the different facets of security work, it will make you so much better at your own area. So we're really hoping to give like that leg up of like understanding security and getting to be a full part of the team, not only the technical side of what you do, but the breadth of security with the internship program so that you kind of are, are ready when you're done with college and you're good to go as you come out. You know,
Speaker 1:I'm glad you mentioned like the breadth cuz I think that's one of the things that paranoid, uh, does really well. But I also want to give a big shout out, uh, to Chris for, you know, pointing so many different people from across the, and also different pillars because it also allowed people that are already within the paranoid, uh, who are full-time to, you know, share their expert ex expertise, do a little bit of public speaking and talk to people. Cuz there is sometimes that imposter syndrome, like, oh, do I really know that much? But when you now have like interns, maybe people who are just on the academic side and you get to share that. So I know people really appreciated Chris tapping them and say, Hey, why don't you come talk to some of those interns? So, uh, I think that was an amazing part of the program as well. Um, so with that, I wanna now get back to, to you all and you know, you've, you've had all the experience this, this past summer, um, and we have you here, but can we ask what, what's next for you? What and would you recommend this internship to others? That last question's loaded, so please answer wisely
Speaker 4:<laugh>, no pressure. Right. Um, so yeah, as I said earlier, I have been working full-time, um, with the fire team after my internship. Um, so I'll be finishing up school very soon. Yeah. Um, yeah, I'm really, oh,
Speaker 2:Alden is actually my second successful intern hire, which I am super pleased about. Like, I have gotten phenomenal people from our internship program, I'm not gonna lie, and I couldn't be happier about it. And Alden is my second full-time hire from that.
Speaker 4:Hell yeah. Um, so yeah, I I'm just excited to get started in June and I absolutely would recommend the program to others. I mean, I think as like I, I don't have a super broad, you know, experience with internships, but I can't, that's, it gets much better than, than the paranoids.
Speaker 1:That's all right. But you know what you like. All right. That's all we needed
Speaker 4:To know. Absolutely. So
Speaker 2:Real quick, another one for you all then. What advice would you give to prospective interns who want to come intern here? Like what, what do you wish you would've known when you started that would be really useful?
Speaker 1:Interviewing
Speaker 2:And coming in?
Speaker 4:I mean, that's a tricky question. I think honestly in terms of just like being like well-rounded to sort of like do well in that type of interview, I think just sort of being involved with security, like playing CTFs, you know, reading blog posts, doing whatever kind of interests you is really important. Cuz I think just demonstrating that you're like able to learn and do stuff sort of, you know, sort of grow how you need to is, is really important. Um, especially in like this kind of environment where it's, you know, like one class is not really gonna give you enough sort of to I guess be super, super successful. So yeah, I definitely just sort of like keep involved with security<laugh>
Speaker 1:Keep involved. You heard it here and so thank you very much for sharing all that with us, Alden. So I guess to start wrapping up this conversation, I wanna turn it back over to you Chris first and maybe even to you Sean, if you have anything to add. Uh, what's next for the internship program? It sounds like every year there's something new we want to add. Um, so what's next for the internship program and how can people potentially be a part of, you know, the next intern class?
Speaker 3:Yeah, that's a great question. You know, we're already thinking about this summer's internship program. Um, and going forward as a leadership team, we do wanna lean on people like Alden who have gone through the program before, uh, incorporate things that worked and, and you know, maybe tweak some things that we think we could do better. But I think one of the pieces of feedback we got last year was, uh, well the virtual component of it was great. They like the opportunity for more in-person events. So that's one of the things we wanna do is get, you know, interns that want the ability to meet in person together over the course of the summer. So whether that's be small, um, team events or you know, for the larger paranoid organization, we wanna work on that. Uh, and then to answer your last question, the best way for people to become part of the, uh, internship program is to go to our website, the paranoid sports slash jobs. So all of our internship postings are gonna be on the website. Um, we've already received a number of applications for this current summer, but you know, it never hurts to apply. They're still open. Um, please go to the website and check those out and see if something's of interest to you. And usually the best time to look for those postings and apply is at the end of fall. So that's when we typically open those up. Uh, but yeah, definitely check out our website. We have a lot of other cool stuff on the website too, so make sure to check that out.
Speaker 2:I don't have a whole lot to add here because to be completely honest, like Chris is the internship program guy now, like I just get to take credit for like starting it, but like he does pretty much all the work so like credit where it is due on that. I appreciate that man. Um, but with that being said, folks like this has been super fun. I'm, I am always and will always continue to be excited about interns going forward. Hell we're fires bringing in too this year, which is super exciting to me. Um, hopefully we'll continue to do that going forward. Um, Chris Alden, I cannot thank you enough for the time coming and chatting with us Mr. Aif. Yes, yes. It's great to be back. As always. It is a pleasure to get a chance to co-host with you, my friend. Yeah,
Speaker 1:Let's not make it too long again, man.
Speaker 2:I know, right. And with that said, I guess the last thing that I really have to say is Alden, get back to work.
Speaker 1:<laugh> episode, everybody.