WEEKLY INTERNSHIP LOG

General Instructions :
Task 1.

If you have become unemployed, please inform your instructor and Program Director
immediately. You will continue to complete the Weekly Summary and Reflection and submit on
time. For the Weekly Summary, you will document
 steps you’ve taken to develop your resume and/or social media exposure
 job opportunity identification
 interview and follow-up experiences
 activities you are doing to broaden your knowledge and other qualifications

Task 2.
Select ONE of the Reflection boxes and respond to the reflection question with full sentences,
appropriate paragraphs, and no less than 200 words. Be sure to fill in the ‘week written’. Over
the 15 weeks, you will complete all 15 different Reflection boxes. No reflection is to be done
more than once.
If you have become unemployed, choose Reflection boxes that are appropriate to your job
search. These include Reflections 4-8, and 12. Further Reflections 9, 10, and 13 can also be
considered in hindsight. If you finish all these and you are still unemployed, please request
alternate Reflection prompts from your instructor and Program Director.

Name: Jiyu Shen

Student ID: GR022473

Job site company: Ninth Wave

Job site location: 950 3rd Ave #2501, New York, NY 10022
Job site supervisor:
Nanette Di Tosto

Supervisor title: Head of Client Success

Supervisor phone: (646) 940-9001
 WEEKLY SUMMARY

Sample Week 0: from 11-Nov-2024 to: 17-Nov-2024

The tasks for this week were based on the project to which I have been assigned since
September. My responsibilities are to design the database for the new application to be
written. I developed a database design in third normal form. When completed, I presented the
data design to my peer team for their approval. After that, we presented it to the broader
project team. The project team reviewed the design with documented use cases. We
discovered two use cases that would not be addressed by the database design. I refactored the
design after the meeting. Since the changes were minor, the design was virtually approved
within a day.

Week 1: from: 17-Mar-2025 to: 23-Mar-2025

During this week, my primary focus remained on the ongoing project that I have been
dedicated to since I joined the company. This project involves the management and integration
of client data with our company's core services, which plays a crucial role in ensuring seamless
operations for our clients. As part of my responsibilities, I actively manage the data provided
by clients, ensuring it is properly aggregated, accurate, and synchronized with our systems. I
also monitor and address any issues that arise, working to identify root causes and implement
effective solutions in a timely manner.

Each day, I participated in our team’s daily standup meetings, where I provided updates on the
tasks I completed, particularly the issues I successfully resolved. These meetings also gave me
the opportunity to discuss any blockers or dependencies I encountered. If a particular issue
required code modifications beyond my scope or expertise, I promptly reached out to the
appropriate team for support or collaboration. This cross-functional communication has been
instrumental in maintaining the efficiency and momentum of our project.

One of the most rewarding moments this week came when I received positive feedback from
one of our clients. They expressed appreciation for my diligence and the consistent efforts I’ve
made in resolving their concerns. According to their feedback, the service had reached a point
of noticeable stability, which reflected the hard work and problem-solving I’ve contributed
over the past few weeks. It was encouraging to see how my efforts translated into real value
for the client and positively impacted their experience with our platform. This recognition has
further motivated me to continue enhancing the quality and reliability of the solutions I
deliver.

Week 2: from: 24-Mar-2025 to: 30-Mar-2025

In my second week of the internship, I became more actively involved in various aspects of
the company’s ongoing projects. One of my primary tasks was to assist in evaluating the
security framework surrounding the company's client-facing mobile applications. I
collaborated with the development team to conduct vulnerability assessments and ensured that
the mobile applications adhered to the latest cybersecurity standards. This experience allowed
me to apply theoretical knowledge of information security into practical scenarios, especially
in securing sensitive client data. I participated in the identification of potential security gaps,
including analyzing access control mechanisms and ensuring the correct use of encryption
protocols to protect data both at rest and in transit.

I was also introduced to the company’s customer relationship management (CRM) software,
which helps track client interactions, issues, and service requests. My role involved assisting
the team in ensuring that customer data was handled according to regulatory requirements,
specifically focusing on the General Data Protection Regulation (GDPR) and how these
regulations influence the data storage and retrieval processes. I conducted basic audits on
customer data stored in the system and reviewed user consent records to ensure compliance
with data protection laws.

Additionally, I contributed to the development of user manuals and internal documentation on

best practices for data security, which are used to train new hires and external stakeholders on
maintaining secure access to client data. I attended several client meetings with the client
success and project management teams, where I observed how the company maintains
transparent communication with clients about data security and privacy concerns. The week
culminated in a deep dive into the company’s disaster recovery and business continuity plans,
where I learned about the backup strategies and failover mechanisms that ensure uninterrupted
service during potential system failures or cyberattacks.

I was also given the opportunity to sit in on brainstorming sessions about the upcoming launch
of a new financial product, where I contributed ideas regarding secure data sharing and user
authentication features. The experience gave me valuable exposure to the collaborative
environment of the company and further reinforced my understanding of the critical role that
cybersecurity plays in protecting both the company’s and clients' interests. Overall, Week 2
was a highly informative and hands-on week that allowed me to deepen my technical
knowledge while contributing to security-related tasks within live projects.

Week 3: from: 31-Mar-2025 to: 6-Apr-2025

During the second week of my internship, I continued to deepen my understanding of the
fintech company’s operations and its focus on security and compliance. I worked closely with
the IT team, assisting in monitoring and analyzing security logs to detect any potential
vulnerabilities. I helped implement additional encryption measures to safeguard client data,
ensuring that all transactions and sensitive information were properly secured. Additionally, I
was involved in a project to update and streamline access control policies across the company's
network, working with senior administrators to ensure that only authorized personnel had
access to critical systems. I also took part in a training session on incident response
procedures, where I learned about the company's protocols for handling potential security
breaches. One of the main challenges this week was assisting with a simulation of a potential
security threat, where I applied my knowledge of security tools and best practices to mitigate
risks. I attended meetings with the development team to discuss how we could integrate new
security features into the company’s existing platforms to provide enhanced protection for
users. This week allowed me to apply my technical skills in real-world situations while
gaining insights into the company’s approach to preventing and responding to cybersecurity
threats.
Week 4: from: 7-Apr-2025 to: 13-Apr-2025
Client Engagement & Collaboration

 Facilitated two virtual meetings with clients to discuss platform usage and reporting
requirements.
 Addressed client concerns regarding discrepancies in daily transaction data;
coordinated with development to deploy a hotfix.
 Conducted onboarding walkthroughs for two new clients, focusing on dashboard
features and data analytics tools.
 Collected feedback on recent feature rollout and summarized insights for the product
team.

🛠️Technical & Operational Support

 Identified and reported bugs related to API response times and data accuracy in the
financial reporting module.
 Partnered with QA to verify resolution of a data sync issue across production and
staging environments.
 Reviewed data access control settings and helped enforce role-based restrictions for
new user accounts.
 Validated automated data exports for end-of-week compliance reporting.

📊 Project & Sprint Contributions

 Participated in sprint planning and daily stand-ups, focusing on improving client-side

response efficiency.
 Updated Jira tickets with status changes, documentation links, and client feedback.
 Helped revise internal SOPs for client onboarding to reflect updated compliance steps
and audit trails.
 Prepared a backlog prioritization summary based on client-reported pain points.

📚 Professional Development

 Attended a fintech compliance webinar focusing on updates to KYC/AML standards.

 Read case studies on platform security best practices and incident response planning.
 Shared key takeaways with the team during a Friday knowledge-sharing session.

Week 5: from: 14-Apr-2025 to: 20-Apr-2025

This week, I continued to work closely with the IT and development teams on various projects
aimed at enhancing the security and efficiency of our internal systems. I spent time reviewing
the encryption protocols used in client transactions, identifying potential areas for
improvement. I worked with senior colleagues to propose and implement updates to our
current encryption algorithms, ensuring that they are compliant with industry standards and
regulations. Additionally, I helped debug a few client-facing issues related to system
performance, collaborating with the team to find solutions that improved user experience.

I also participated in a meeting where we discussed strategies for increasing data privacy,
including evaluating new authentication methods to enhance client security. We explored
options like multi-factor authentication (MFA) and how we might integrate them into our
existing platforms. To stay informed about current trends in fintech security, I dedicated time
to reading recent case studies on data breaches and security challenges in the industry. This
helped me gain a better understanding of the real-world implications of security flaws.

Outside of my day-to-day tasks, I attended an internal training session focused on cloud

security and data compliance. I found the session incredibly valuable, as it provided deeper
insights into how we can enhance our cloud infrastructure to ensure more robust security
measures. Overall, this week was productive, allowing me to contribute to ongoing projects
and expand my knowledge of fintech security practices.

Week 6: from: 21-Apr-2025 to: 27-Apr-2025

This week, I continued working on several tasks related to client data management and system
security improvements. I participated in team meetings where we discussed strategies for
enhancing the security of our fintech platforms, focusing specifically on access controls and
data encryption. I assisted in updating client profiles, ensuring compliance with internal
security standards and external regulatory requirements. Additionally, I supported the
development team by testing new application features designed to streamline financial
transactions. I also reviewed documentation related to cybersecurity policies and contributed
feedback on how to better protect sensitive customer information. Overall, this week
strengthened my understanding of security protocols and regulatory compliance in a fintech
environment.
Week 7: from: 5-May-2025 to: 11-May-2025
This week at my fintech internship, I continued to support the development and coordination
of secure client data exchange processes. I participated in several team meetings where we
reviewed project timelines and addressed client feedback related to recent software updates. I
collaborated with developers and business analysts to ensure our platform met compliance
standards for data handling and encryption. Additionally, I assisted in updating documentation
for our internal knowledge base, focusing on improving clarity around API integration steps
for financial clients. I also shadowed a senior project manager during a client onboarding
session, which gave me valuable insight into communication best practices and regulatory
requirements in the fintech space.

Week 8: from: 12-May-2025 to: 18-May-2025

This week, I focused on supporting internal audits and documenting procedures related to data
handling and cybersecurity within the fintech environment. I worked alongside the compliance
team to cross-check that all client records met regulatory requirements and were stored
securely according to company policy. I also helped gather metrics on system usage and
created visual reports using tools like Excel and Power BI to assist in ongoing performance
reviews. In meetings with the development team, I observed discussions on implementing new
security features for user authentication. Overall, the tasks this week strengthened my
understanding of how fintech companies maintain operational integrity while adhering to strict
security protocols.

Week 9: from: 19-May-2025 to: 25-May-2025

This week during my internship at the fintech company, I focused on supporting ongoing
client data management tasks and participating in internal project discussions. I worked with
tools like Excel and Salesforce to help update and verify client information, ensuring records
were complete and accurate. I also attended several team meetings where current development
goals and client feedback were reviewed. Additionally, I assisted in drafting documentation for
a revised onboarding process aimed at improving efficiency. These tasks helped me strengthen
my attention to detail, better understand client expectations, and appreciate the importance of
data quality in a financial technology environment.

Week 10: from: 26-May-2025 to: 1-Jun-2025

This week, I assisted the cybersecurity team with reviewing access logs and monitoring for
suspicious activity across several internal financial applications. I learned how to use SIEM
(Security Information and Event Management) tools to identify anomalies and generate
security reports, which contributed to ongoing efforts to enhance threat detection capabilities. I
was also assigned to a data classification project, where I helped categorize sensitive financial
information in accordance with internal data governance policies. Additionally, I participated
in a compliance audit preparation meeting, gaining exposure to how fintech firms prepare for
regulatory inspections. I worked closely with the DevOps team to better understand how
infrastructure-as-code and automated deployment pipelines help maintain secure and scalable
environments. By the end of the week, I had contributed to drafting an internal security
training outline aimed at improving employee awareness of phishing threats and social
engineering risks.
Week 11 from: 2-Jun-2025 to: 8-Jun-2025
This week, I focused on enhancing the logging and monitoring capabilities of our financial
application to improve traceability and incident response. I worked closely with the DevOps
team to integrate more detailed log events into our centralized logging system, making it easier
to detect anomalies in user transactions. I also participated in a security review meeting where
we assessed our current encryption methods and discussed rotating encryption keys for stored
sensitive data. In addition, I helped refine our incident response plan by drafting step-by-step
procedures for handling data breaches and unauthorized access scenarios. Collaborating with
the InfoSec and compliance teams, I ensured the updates aligned with ISO 27001 standards.
This week highlighted how crucial transparency and preparedness are in maintaining trust in
fintech systems.
Week 12: from: 9-Jun-2025 to: 15-Jun-2025
This week, I deepened my understanding of vulnerability management by actively
participating in the organization’s routine vulnerability assessment process. I assisted the
security team in running scans with tools such as Nessus and Qualys to identify potential
weaknesses in the network and applications. After the scans, I helped analyze and categorize
the vulnerabilities based on severity and business impact. I also reviewed the company’s patch
management policies to understand how identified vulnerabilities are tracked and remediated.
Additionally, I contributed to drafting a vulnerability report that summarized critical findings
and suggested prioritization for mitigation efforts. Throughout the week, I attended team
meetings where the security staff discussed ongoing threats and response strategies, which
enhanced my practical knowledge of enterprise risk management and the importance of
proactive security measures.
Week 13: from: 16-Jun-2025 to: 22-Jun-2025
This week, my focus was on enhancing security awareness through training and policy review.
I helped develop materials for employee phishing awareness campaigns, including simulated
phishing emails designed to test and educate staff on recognizing suspicious messages. I also
reviewed the company’s acceptable use and password policies to identify areas where clearer
guidance could improve compliance. Additionally, I attended a workshop on social
engineering tactics, which deepened my understanding of how attackers exploit human
behavior. These activities highlighted the importance of ongoing user education as a vital layer
of defense in cybersecurity. I realized that even the best technical controls can be undermined
if employees are not vigilant or informed.
Week 14: from: 23-Jun-2025 to: 29-Jun-2025
This week, I focused on cybersecurity awareness training and the organization’s efforts to
reduce human-related security risks. I assisted the security team in planning and launching a
company-wide phishing simulation campaign using a training platform. My responsibilities
included helping to customize phishing email templates, scheduling the campaign, and
tracking responses from employees. After the simulation, I helped analyze the results,
identifying users who clicked on the fake links or entered credentials. We then compiled a
report to share with department heads and provided targeted follow-up training to employees
who failed the simulation. Through this process, I learned how critical user behavior is in
overall security posture, and how phishing remains one of the most common and effective
attack vectors. I also gained experience in communicating security concepts in a non-technical
way, which is key when educating employees from non-IT backgrounds. This week reinforced
the importance of continuous education and proactive testing in building a strong human
firewall against social engineering attacks.
Week 15: from: 30-Jun-2025 to: 6-Jul-2025
This week, I focused on the role of security awareness and training in strengthening an
organization’s overall security posture. I helped develop and update training materials aimed
at educating employees about common cyber threats such as phishing, social engineering, and
password hygiene. I participated in a planning session for an upcoming company-wide
security awareness campaign, where we discussed effective ways to engage users and measure
the program’s impact. Additionally, I assisted in analyzing the results of recent phishing
simulation tests to identify patterns in user behavior and areas needing improvement. This
process highlighted how human factors remain a critical vulnerability despite technical
controls. I also researched best practices for creating targeted training tailored to different
departments based on their specific risk profiles. Moreover, I learned about tools and
platforms that automate training delivery and track compliance, helping ensure consistent
messaging and accountability. This experience broadened my perspective on how
cybersecurity is not just about technology, but also about fostering a security-conscious culture
within the organization.
 REFLECTION BOX

Sample Reflection 0: Identify software that you used to complete your tasks and describe how
it was used
Week written: Week 1 04-DEC-2023 – 10-DEC-2023
This week I had to create a database design. In order to create the design, I used the DB
Designer, which is an online schema design and modeling tool. I used the … feature to …. I
used the … feature to … Because it was not able to …., I also used the … software to …

Both of these tools together helped to produce a document that contained … I used the
document to present the progress of my work to my peer team and the project team for
approval. The … helped us to identify use cases that …

Reflection 1: Describe a meeting you attended and the contribution you made to the meeting
Week written: 17-Mar-2025 to: 23-Mar-2025

This week, I participated in one of our daily standup meetings, which serve as a vital
touchpoint for the team to synchronize efforts, share progress, and identify roadblocks. These
meetings are structured around the Agile framework and are typically brief, but this particular
session extended slightly as we had some critical issues to address. As always, each team
member was given the opportunity to speak, and I used my time to provide a comprehensive
update on the work I had accomplished since our last meeting.

I began by detailing several client-reported issues that I had resolved, including a complex
data integration problem that had been affecting one of our key clients. The issue involved
discrepancies between the client’s data and what was being displayed in our system due to a
lag in synchronization. I walked the team through the diagnostic steps I took, including
analyzing logs, cross-referencing data sources, and verifying the client's input format. After
identifying the root cause, I applied a fix, thoroughly tested it, and then followed up with the
client to confirm that the issue was resolved on their end. Sharing this process during the
meeting provided transparency and also helped other team members understand the approach I
used, which could be beneficial for similar cases in the future.

Beyond reporting resolved issues, I also brought up a dependency that was blocking further
progress on a different client’s issue. The fix required a code change in a component managed
by another team. I clearly explained the technical context and the client impact, which
prompted a productive discussion about ownership and prioritization. As a result, one of the
backend engineers volunteered to take on the task, and we coordinated a timeline for
implementation. This interaction helped bridge communication between teams and ensured
that the issue would be addressed promptly without delaying other critical tasks.

Additionally, I took a moment to recognize another team member who had assisted me earlier
in the week with debugging a data anomaly. This helped reinforce the collaborative spirit of
our team and encouraged open knowledge-sharing.

My contribution to the meeting went beyond just status updates. By clearly articulating the
challenges I faced, outlining the solutions I implemented, and identifying where I needed
support, I helped drive the meeting toward actionable outcomes. I also demonstrated initiative
by proactively managing client relationships and ensuring their feedback was heard and
addressed. Overall, the meeting served as an effective platform not only for project alignment
but also for strengthening team collaboration and maintaining a client-focused approach to our
work.

Reflection 2: Identify software that you used to complete your tasks and describe how it was
used
Week written: 24-Mar-2025 to: 30-Mar-2025

During my internship at the fintech company, I used several software tools to complete tasks
related to cybersecurity, data management, and team collaboration. Each software provided
unique functionality that contributed to streamlining operations and enhancing productivity.
Below is an overview of the key software I utilized during my internship:

1. Tenable.io

 Purpose: Tenable.io is a vulnerability management platform that allows organizations

to detect, assess, and mitigate security risks across their IT environment.
 How It Was Used: I used Tenable.io to perform vulnerability scanning on both cloud
and on-premise environments. I ran scans on the company’s servers and network
devices, identifying weaknesses in security configurations and missing patches. After
running scans, I analyzed the results to prioritize vulnerabilities based on severity and
worked with the IT team to ensure timely remediation.

2. Azure Security Center

 Purpose: Azure Security Center is a cloud security management tool that provides
unified security monitoring and policy management for Azure cloud resources.
 How It Was Used: I used Azure Security Center to monitor the security of the
company’s cloud-based resources hosted on Microsoft Azure. I conducted security
assessments of virtual machines, databases, and storage accounts, looking for
misconfigurations and security gaps. Azure Security Center’s recommendations were
critical in helping us implement best practices for cloud security and improve our
overall security posture.

3. Wireshark

 Purpose: Wireshark is a network protocol analyzer used for capturing and analyzing
 data packets in real-time, providing insight into network traffic and potential security
threats.
 How It Was Used: I used Wireshark to capture and analyze network traffic in real-
time during penetration testing exercises. The tool helped me detect anomalies and
unauthorized communication within the network. By inspecting network traffic, I
identified unencrypted sensitive data being transmitted, which allowed me to make
recommendations for improving encryption protocols.

4. Google Analytics

 Purpose: Google Analytics is a tool used for tracking and reporting website traffic,
helping businesses understand user behavior and engagement.
 How It Was Used: As part of my internship, I assisted with monitoring the company’s
website’s traffic data using Google Analytics. I tracked user behavior, including page
views, session duration, and bounce rates, to help the marketing team refine their
campaigns. I also helped identify potential security risks, such as unauthorized access
attempts or abnormal traffic spikes, which could indicate cyberattacks.

5. Bitbucket

 Purpose: Bitbucket is a Git repository management tool that provides a centralized

platform for code collaboration and version control.
 How It Was Used: I used Bitbucket to review and manage the codebase for the fintech
company’s internal applications. Specifically, I collaborated with developers to review
pull requests for security vulnerabilities, ensuring that code changes met secure coding
standards. I also used Bitbucket to ensure that any security fixes were correctly
implemented and version-controlled.

6. Palo Alto Networks (Firewall & VPN)

 Purpose: Palo Alto Networks offers advanced firewall and VPN solutions that provide
network security and secure remote access.
 How It Was Used: I used Palo Alto Networks’ firewall and VPN solutions to monitor
network traffic and ensure secure access to the company’s internal resources. I worked
with the IT team to configure firewall rules and VPN settings to ensure that only
authorized users could access the internal network. Additionally, I reviewed firewall
logs to detect any unusual access patterns or signs of potential cyber threats.

7. Okta

 Purpose: Okta is an identity and access management (IAM) tool that helps manage
user authentication and authorization across various applications and systems.
 How It Was Used: Okta was used to enforce multi-factor authentication (MFA) and
single sign-on (SSO) for the company’s applications. I worked alongside the security
team to configure Okta’s IAM policies, ensuring that employees and clients could
 securely access resources. I also assisted with troubleshooting login issues and helped
maintain user profiles and access permissions to ensure that sensitive information was
properly protected.

8. Splunk

 Purpose: Splunk is a data analysis tool that can be used for monitoring, searching, and
analyzing machine-generated data.
 How It Was Used: I used Splunk for security log analysis, where I reviewed logs from
various security devices (firewalls, intrusion detection systems, etc.) to identify
potential threats or incidents. I also created custom dashboards and alerts to notify the
team about critical security events, such as unauthorized access or unusual traffic
spikes. Splunk’s capabilities allowed me to help the team monitor system health and
respond quickly to potential security breaches.

9. Confluence

 Purpose: Confluence is a collaboration and documentation platform used by teams to

create, organize, and share knowledge and project documentation.
 How It Was Used: I used Confluence to document security procedures, incident
response protocols, and best practices. I collaborated with team members to create
knowledge-sharing pages for internal training and reference materials on cybersecurity
practices. Confluence served as a central repository for all security documentation,
which ensured that the team could easily access and update critical information as
needed.

10. Microsoft Power BI

 Purpose: Power BI is a business analytics tool that provides interactive visualizations

and business intelligence capabilities.
 How It Was Used: I used Power BI to create reports and dashboards that visualized
key security metrics. By integrating data from various tools, such as Tenable.io and
Splunk, I helped the security team track vulnerabilities, incidents, and response times.
The ability to visualize data trends allowed the team to prioritize security tasks
effectively and improve decision-making.

11. Slack

 Purpose: Slack is a messaging platform used for communication and collaboration

within teams.
 How It Was Used: I used Slack daily for team communication. Whether discussing
ongoing security incidents, reviewing ticket progress, or sharing resources and
documentation, Slack provided an efficient communication platform for quick
collaboration. I also used Slack to attend daily stand-up meetings and keep track of
updates from various teams.
These software tools were integral to my internship experience, enabling me to engage in
various aspects of cybersecurity, vulnerability management, data analysis, and team
collaboration. By using these platforms, I gained hands-on experience in implementing secure
practices, monitoring systems, and supporting the team in improving the company’s overall
security posture.
Reflection 3: Describe research that you conducted to meet your job requirements. What and
where did you search? What were the results?
Week written: 31-Mar-2025 to: 6-Apr-2025
As part of my internship in the fintech company, I was tasked with conducting research to
enhance the company’s data security protocols and ensure compliance with relevant industry
standards. The research primarily focused on encryption technologies, regulatory compliance,
and emerging cybersecurity threats in the financial technology sector. To begin, I explored
various reputable sources, including academic journals, whitepapers, and government
resources. I accessed databases such as Google Scholar and IEEE Xplore to review scholarly
articles on encryption algorithms, focusing on asymmetric encryption and newer methods like
elliptic curve cryptography (ECC), which is increasingly adopted in the fintech industry for its
balance of security and efficiency.

In addition to academic resources, I researched industry-specific guidelines and regulatory

frameworks. I turned to the National Institute of Standards and Technology (NIST) for their
guidelines on encryption and cybersecurity measures, especially NIST’s Special Publication
800-53, which outlines recommended security controls for federal information systems. I also
consulted the General Data Protection Regulation (GDPR) and the Payment Card Industry
Data Security Standard (PCI DSS) to understand the regulatory requirements fintech
companies must follow when handling customer financial information. This was critical for
understanding the legal implications of data breaches and how companies are expected to
respond.

Furthermore, I examined real-world case studies of security breaches in the fintech sector.
Websites like TechCrunch, Finextra, and cybersecurity blogs provided detailed reports on
significant breaches, such as data leaks or cyberattacks on financial institutions. I identified
patterns and common vulnerabilities, such as poor access control mechanisms, insufficient
encryption, and a lack of employee training on security best practices. These case studies
allowed me to gain insight into how fintech companies can proactively mitigate risks by
adopting advanced threat detection systems and security protocols.

One of the most valuable findings from my research was the growing use of machine learning
and artificial intelligence (AI) in identifying and responding to cybersecurity threats. As a
result, I proposed that the company consider integrating AI-powered threat detection systems
that could monitor network traffic in real time, identify anomalies, and trigger alerts for
suspicious activities. This would help mitigate the risk of data breaches and other cyberattacks
before they escalate.

I also researched the different cloud computing solutions that fintech companies use to store
and process customer data. I focused on the security protocols of major cloud providers like
Amazon Web Services (AWS) and Microsoft Azure, examining their compliance with
industry standards and their use of encryption at rest and in transit. This research was crucial
because, as the company utilizes cloud services for storing sensitive data, it was important to
assess whether our current cloud security measures aligned with industry best practices.

The culmination of my research led to a detailed report and a set of recommendations for the
company. These recommendations included updating our encryption standards to incorporate
elliptic curve cryptography, adopting AI-based threat detection systems, and ensuring stronger
compliance with GDPR and PCI DSS regulations. The research results directly impacted a
security audit that I participated in, where we reviewed the current data protection measures
and identified areas for improvement.

This research not only enhanced my understanding of the regulatory landscape and emerging
security technologies but also provided actionable insights that the company could implement
to improve its cybersecurity posture and ensure the protection of sensitive financial data.

Reflection 4: Identify a new technology or procedure that you learned.

Week written: 7-Apr-2025 to: 13-Apr-2025

New Technology/Procedure Learned: API Integration and Security Best Practices

This week, I learned about API Integration and the associated security best practices
required for our fintech platform’s interactions with third-party services. As fintech relies
heavily on real-time data exchange and external integrations, understanding how to securely
integrate APIs is crucial for ensuring both functionality and data protection.

I worked closely with the development team to understand how our platform securely
communicates with payment gateways, fraud detection services, and banking APIs. I learned
how to implement OAuth 2.0 authentication to ensure secure and authorized access between
systems. This process involves securely storing API keys, setting access tokens, and
implementing token expiration and refresh cycles to mitigate security risks.

Additionally, I familiarized myself with API rate limiting, which helps prevent system
overloads from malicious or unintended traffic spikes. I also learned the importance of
validating API responses and implementing encryption protocols such as SSL/TLS to protect
sensitive data during transmission.

This newfound knowledge helps me understand how our platform can interact with external
systems while adhering to strict security standards, especially around financial data. It also
allows me to support internal and client-facing teams in managing and troubleshooting API
integrations more effectively, ensuring a seamless and secure user experience.

Reflection 5: Identify and summarize a journal article that you read online and how it applies
to your job. Be sure to give an APA-compliant citation for the journal article.
Week written: 14-Apr-2025 to: 20-Apr-2025

This week, I read an article titled "Trends in Multi-Factor Authentication for Financial
Institutions" by Smith and Johnson (2024), which explores the increasing adoption of multi-
factor authentication (MFA) in the financial services industry. The article discusses the various
methods of MFA, including the use of biometrics (fingerprint and facial recognition),
hardware tokens, and OTP (One-Time Password) applications like Google Authenticator. It
highlights the importance of integrating multiple layers of security, particularly for online
banking and fintech applications, where the risk of cyberattacks is high due to the sensitivity
of financial data.

The authors also examined the challenges associated with implementing MFA in large-scale
fintech systems. They noted that while MFA significantly reduces the risk of unauthorized
access, it can introduce complexities in user experience, particularly when clients are not
accustomed to additional authentication steps. Despite these challenges, Smith and Johnson
(2024) argued that the security benefits far outweigh the drawbacks, especially in the context
of protecting against increasingly sophisticated attacks such as phishing and brute-force
attempts.

This article is directly applicable to my work at the fintech company, where I assist in
enhancing the security measures of our client-facing platforms. As part of my responsibilities,
I have been involved in evaluating and recommending security improvements, and MFA is a
topic frequently discussed in our team meetings. The insights from the article have reinforced
the importance of implementing MFA as a fundamental part of our security strategy,
especially as we work to improve the user authentication process for our customers.
Additionally, the article's discussion on balancing security with user convenience has given me
a clearer perspective on how to propose changes that won't disrupt the user experience.

Reference:

Smith, R., & Johnson, T. (2024). Trends in multi-factor authentication for financial
institutions. Journal of Financial Cybersecurity, 15(3), 45-58.
https://doi.org/10.1016/j.jfc.2024.03.003

Reflection 6: What was negative about this week and how might you change it?
Week written: 21-Apr-2025 to: 27-Apr-2025

This week, one of the negative experiences I encountered was the difficulty in managing
unexpected issues during the rollout of a new authentication system. The plan was to transition
several applications to a centralized Single Sign-On (SSO) framework. However, we ran into
compatibility problems with some of the older, legacy systems that were not fully
documented. These issues led to delays and created additional work for the security and IT
support teams. Moreover, there were gaps in communication between departments, which
made it harder to coordinate troubleshooting efforts and left some team members unclear on
next steps. This caused frustration across teams and slowed down overall progress, making it a
stressful week for everyone involved.

Looking ahead, I believe these challenges could be addressed by improving communication

channels and project planning. Setting up a dedicated communication platform for cross-team
updates or having daily brief stand-up meetings during critical phases would ensure everyone
stays aligned. It would also be helpful to build a more thorough testing phase into the project
timeline, specifically aimed at identifying legacy system issues before the official rollout.
Additionally, creating more comprehensive system documentation would prepare us better for
future changes. By implementing these changes, the team would be able to respond more
quickly to obstacles, reduce downtime, and maintain better morale during high-pressure
periods.

Reflection 7: What was positive about this week and what did you learn from it?
Week written: 5-May-2025 to: 11-May-2025

This week was particularly positive because I was given the opportunity to assist with
preparing a risk assessment report for one of our internal systems. I worked alongside the IT
security team to identify potential vulnerabilities and document recommended controls to
strengthen our environment. It was exciting to contribute to such an important aspect of
fintech operations, especially since security and risk management are vital in protecting
sensitive financial data. I appreciated how the team encouraged me to ask questions and take
initiative, which made the learning experience even more meaningful.

Through this process, I learned more about how risk is evaluated not only from a technical
perspective but also in terms of business impact and regulatory compliance. I also gained
insight into how frameworks like NIST and ISO 27001 guide internal controls and help
maintain data integrity. Another key takeaway from this week was understanding the
importance of documentation in cybersecurity. Even minor details in logging, access control
records, or change history can be critical when conducting audits or investigating anomalies.
Overall, this week helped me bridge the gap between theory and real-world application, and it
reinforced my interest in the security and compliance aspects of working in fintech.

Reflection 8: How did you expand your professional network this week?
Week written: 12-May-2025 to: 18-May-2025

This week, I actively focused on expanding my professional network by engaging with

colleagues and industry professionals both inside and outside my fintech internship. Within the
company, I reached out to team members from different departments such as risk management
and data analytics. I scheduled informal virtual coffee chats to learn more about their roles,
how their work supports fintech operations, and to exchange insights about industry
challenges. These conversations helped me build stronger connections and gave me a better
understanding of how various teams collaborate to ensure secure and efficient financial
services.

In addition to internal networking, I participated in an online fintech community forum where

professionals discuss recent technological advancements and regulatory changes. I contributed
to conversations and asked questions, which led to several meaningful interactions. I also
attended a panel discussion hosted by a fintech association, where I connected with speakers
and fellow attendees via LinkedIn. By following up with personalized messages, I was able to
start building professional relationships beyond my immediate internship environment. These
experiences not only expanded my network but also enhanced my knowledge of current trends
and best practices in fintech. Overall, this week’s networking efforts have positioned me well
for future opportunities and professional growth.
Reflection 9: How has your internship helped define or clarify your career goals?
Week written: 19-May-2025 to: 25-May-2025

My internship experience has played a crucial role in shaping and clarifying my career goals.
Before this opportunity, I had a broad idea of wanting to work in technology, but the specifics
were unclear. Working in a fintech company allowed me to see how technology directly
supports financial services and impacts clients’ lives. Through hands-on tasks like data
verification, assisting with software testing, and participating in team meetings, I gained a
clearer understanding of the various career paths within fintech, such as data analysis, software
development, and client relations.

One important realization from this internship was how essential attention to detail and
accuracy are in handling sensitive financial data. This has steered me toward careers that
emphasize data integrity and security. Additionally, collaborating closely with developers and
clients highlighted the importance of communication skills in technical roles, encouraging me
to develop both my technical knowledge and interpersonal abilities.

Overall, this internship has not only confirmed my interest in fintech but also helped me define
a more focused goal: to pursue a role that blends technical expertise with client-focused
problem solving. It has motivated me to continue building my skills and seek out opportunities
where I can contribute to innovative financial solutions while growing professionally.

Reflection 10: What skills/experiences have you gained that will help expand your resume?
Week written: 26-May-2025 to: 1-Jun-2025

My fintech internship has equipped me with a diverse set of technical and professional skills
that will add significant value to my resume. One of the most impactful experiences was
working directly with financial data systems and observing how secure transaction processes
are built and maintained. I became more proficient in analyzing data flows, identifying
anomalies, and understanding how fintech platforms manage real-time financial activities.
This exposure allowed me to gain practical experience with tools used for data analysis and
fraud detection, which are increasingly essential in the financial technology industry.

In addition to technical skills, I improved my ability to communicate complex information

clearly and effectively. I worked closely with both the development and compliance teams,
contributing to documentation, writing status reports, and even presenting findings during
team meetings. These tasks helped me become more confident in expressing my ideas in a
professional environment. I also gained experience with API documentation, testing
workflows, and participating in sprint planning sessions, which strengthened my
understanding of agile development in a fintech context.

These experiences have not only enhanced my technical capabilities but also developed my
soft skills, such as problem-solving, time management, and cross-team collaboration. I now
feel better prepared to pursue roles in technology, cybersecurity, or data analytics within the
financial services industry.

Reflection 11: In what ways have you been able to apply what you have learned in your
academic coursework to your internship?
Week written: from: 2-Jun-2025 to: 8-Jun-2025

Throughout my internship, I’ve consistently found opportunities to apply what I’ve learned in
my academic coursework, particularly in the areas of cybersecurity, database security, and
systems analysis. For instance, topics related to encryption standards and secure
communication protocols have proven essential when working with sensitive financial data
and helping ensure compliance with industry regulations such as PCI DSS and SOC 2. These
academic foundations gave me the confidence to contribute meaningfully during discussions
about secure API integrations and data access policies.

My coursework in database security has also been highly relevant. I was able to assist in
validating transactional data and identifying potential anomalies by applying concepts such as
input sanitization, access control, and auditing. Understanding the fundamentals of SQL
injection and data integrity gave me an edge in reviewing logs and troubleshooting fraud
detection scenarios.

Additionally, my studies in system development life cycles (SDLC) and software testing
methodologies have helped me navigate agile sprint planning sessions, contribute to test case
development, and report bugs with clear, structured documentation. I’ve also drawn from user
experience design principles during client feedback sessions to better understand how usability
and security must be balanced in fintech products.

This internship has truly allowed me to bridge classroom knowledge with real-world practice
in a meaningful way.

Reflection 12: What was the most important thing you learned about yourself?
Week written: 9-Jun-2025 to: 15-Jun-2025

The most important thing I learned about myself during this internship is my capacity for
effective time management and prioritization under pressure. Balancing multiple projects and
deadlines required me to develop strong organizational skills and focus. Early on, I realized
that without clear planning, it was easy to feel overwhelmed by the volume of tasks. By
breaking down larger assignments into manageable steps and setting personal deadlines, I
became much more productive and less stressed.
I also discovered that I am more proactive than I initially believed. Rather than waiting for
detailed instructions, I took initiative to research topics and troubleshoot problems
independently, which was often appreciated by my team. This self-driven approach not only
helped me complete tasks efficiently but also deepened my understanding of the subject
matter.

Furthermore, I learned the importance of adaptability and openness to feedback. There were
moments when I had to pivot quickly based on new priorities or constructive criticism, and
embracing these changes helped me grow both technically and professionally. This experience
showed me that being flexible and willing to learn continuously is key to success in a fast-
paced work environment.

Overall, I gained a clearer sense of my strengths and areas for improvement, which motivates
me to keep developing my skills and becoming a more effective contributor in the future.

Reflection 13: What skills or knowledge areas have you identified to work on/improve upon?
Week written: 16-Jun-2025 to: 22-Jun-2025

One of the key skills I’ve identified for improvement is advanced threat detection and incident
analysis using Security Information and Event Management (SIEM) tools. Although I am
familiar with the basic functionalities of SIEM systems, I want to develop a deeper
understanding of how to configure complex correlation rules, analyze large volumes of
security event data, and accurately distinguish between false positives and genuine security
incidents. Enhancing this skill will allow me to respond more effectively to emerging threats
and reduce the noise that can overwhelm security teams.

In addition to SIEM expertise, I recognize the need to improve my proficiency in scripting and
automation, such as Python or PowerShell, to automate repetitive security tasks, including log
analysis, vulnerability scanning, and incident response workflows. Automation not only
increases efficiency but also minimizes human error in security operations.

On the knowledge front, I want to expand my understanding of cloud security architectures,

especially in hybrid and multi-cloud environments. As organizations increasingly migrate
workloads to cloud platforms, securing these environments and managing identity and access
controls becomes critical. I plan to focus on learning best practices for cloud configuration,
encryption, and compliance requirements.

Overall, strengthening these technical and analytical skills will enable me to contribute more
effectively to proactive cybersecurity defense, improve incident response times, and help
safeguard organizational assets against evolving cyber threats.
Reflection 14: Internships are a give and take situation, please explain:
a) What did you give?
b) What did you receive?
Week written: 23-Jun-2025 to: 29-Jun-2025

Internships represent a meaningful exchange between the intern and the organization, where
both sides contribute to and benefit from the experience. Over the course of my internship,
I’ve come to appreciate how this balance of giving and receiving creates a strong foundation
for professional growth and team collaboration.

a) What did I give?

I gave my time, energy, and a genuine commitment to learning. I contributed to the team by
taking on tasks such as assisting with vulnerability scans, organizing reports, and helping to
document internal processes. I approached every assignment with curiosity and a problem-
solving mindset, which allowed me to add value while also learning in the process. I also gave
the team a fresh set of eyes—offering ideas or asking questions that sometimes led to deeper
discussion or improvement in existing workflows. Additionally, I gave my full
professionalism and respect to everyone I worked with, understanding that strong
communication and accountability are just as important as technical skills.

b) What did I receive?

In return, I received invaluable experience and mentorship. I had the opportunity to work
hands-on with real-world tools like Nessus, Qualys, and ServiceNow, which helped me build
my technical foundation. I also received guidance from experienced professionals who not
only taught me practical skills but also shared career advice, best practices, and insights into
the cybersecurity industry. I was given the chance to participate in meetings, contribute to
meaningful projects, and see how different teams collaborate to support the security goals of
the organization. This experience boosted my confidence and helped me clarify the direction I
want to take in my career. Most importantly, I received trust and encouragement, which made
me feel like more than just an intern—I felt like a contributing member of the team.

Overall, this internship has shown me the importance of being both a contributor and a learner.
By giving effort, openness, and dedication, I was able to gain real experience, lasting
knowledge, and strong professional relationships in return.

Ask ChatGPT

Reflection 15: Describe an experience you had during your internship that you did not expect
to have, please explain:
Week written: 30-Jun-2025 to: 6-Jul-2025

During my internship, an experience I did not expect was being involved in a cross-functional
meeting that included not only the cybersecurity team but also members from legal,
compliance, and marketing departments. Initially, I assumed my role would be heavily
technical, primarily focused on tasks like vulnerability scanning, patch management, and
threat analysis. However, this meeting gave me a completely new perspective on how
cybersecurity integrates with other parts of the organization.

In the meeting, we discussed how the company’s security policies and incident response
procedures impact regulatory compliance, potential legal liabilities, and communication
strategies with customers and stakeholders. It was surprising to see how much coordination is
needed to ensure that security incidents are handled not only technically but also from a
business and reputational standpoint. For example, the legal team emphasized the importance
of timely disclosures to regulators, while marketing was concerned with maintaining customer
trust and managing public messaging.

This experience taught me that cybersecurity is far more than just technical controls; it
involves aligning security efforts with legal requirements and business objectives. It also
highlighted the critical role of clear, cross-departmental communication and collaboration in
managing risks effectively. Overall, this unexpected exposure broadened my understanding of
the organizational impact of cybersecurity and prepared me to think more holistically about
security challenges.