In a royally decorated, magnificently built common hall, away from the city’s searing temperature, It was the ‘Qualys Security Conference, 2017 at hotel The Leela, Mumbai,’ hosting some of the country’s best hacking minds and the Chief Information Security Officers (CISOs) of the biggest companies in the world.
And there I was- a summer intern from the Indian Institute of Management, Udaipur, interning with ICICI bank somehow amongst the stalwarts of this industry trying to make sense of everything. So how did I land up here?
Like I mentioned, I am currently interning with the ICICI bank at their Thane office in Hiranandani Estate. ICICI has a very lucid, delineated internship policy. I vividly remember the interview panel who took my interview, back at the IIM campus when I applied for the internship, asking me “which field would I want to work in if I get selected?” Thinking of it as just a filler question, but determined to answer it in the most honest manner possible nonetheless, I had said, “Since I come from a meta-assembly language background where I would write codes for a Bank’s transactions, I would want to work on something related to digital or technology”. I had no idea back then that the largest private bank in the country, known for its finance and marketing profiles, would take the pain to find a project that would precisely suit my interest. And thus I got a project in the technological hot-cake of our lifetime- Cloud-based Internet Security.
My first day of internship, often called the D-day or the Doom’s Day was anything but. It would be better if I call it the ‘Devour’ day for I had so much to learn; I was expected to hit the ground running. I was tagged along with a team working on an implementation project of a cloud-based vulnerability scanner. The team called the ‘Information-Security Group’, or the ISG, had chosen a vendor for its vulnerability management processes and I was required to design a model as to how to go about the implementation of it. For the uninitiated, a vulnerability management is a process by which a firm keeps a check on all its web applications, network appliances and any device connected to its network from falling into the wrong hands and getting hacked. The team comprised managers from ICICI and many developers and ethical hackers from different vendors to carry out the “penetration testing”. Needless to say, for a bank which has personal data of hundreds and thousands of customers, it is a crucial part of operations. Many would feel that a company would not give a significant work like this to its interns. Well, they cannot be more wrong. ICICI believes in empowerment. And it’s just not a bullet point in their brochures and PowerPoint presentations, but rather the employees preach and practice it religiously. I realised it as soon as I interacted with my project guide. She tagged me with the ISG team consisting of dynamic managers and experts on this field. She made it very clear that I was there for designing an optimum way of implementing the new system and I was required to do just that- think, analyse critically and deliver the best possible solution. And I was required to do this in the two months that I had. I had to learn how to run, even before I learn how to stand. But sometimes, it is exactly what life demands out of us.
So I started gathering knowledge about the product at hand, right away. Every auxiliary resource was made available to me instantly: a desk, a computer, a landline phone with a contact list of all the support teams and obviously the manuals of the QualysGuard system (the vendor which we had selected for the vulnerability scanning process). Since having worked in a corporate before, it was sort of a throwback for me and in a few days I got acclimatised to it perfectly- getting back to the corporate ways: formal dresses, the anxious environment of a development centre, people working incessantly on their laptops, the occasional ‘beeping’ of the main door from the ‘swipe-ins’ and ‘swipe-outs’ of the employees, and the ‘dings’ of the coffee machines. But I was often quickly brought back from this sweet nostalgia as my project mentor would ask me of things like to join in for a meeting with Verizon, who were our partners for providing support. The meetings included a technical hands-on from the Verizon team for us. It was a great opportunity for me too, to get a better understanding of the things, and coming from a similar background, soon enough I started to get the hang of things. The meetings would go on from 9 am and continued till we all satiated enough from the hands-on and famished otherwise, i.e. before the lunch time.
I usually visited the company canteen downstairs for my lunch. Being the only intern, at the Thane office, I had figured that the lunch time would be a great time to network with the people from other projects. The mess/canteens at colleges are majorly same as the corporate in terms of the aesthetics, but they are the world apart in terms of the atmosphere. While the gossips in the college canteen are invariably filled with an air of nonchalance, the talks in the office canteen are usually more serious in tone. People can be seen either discussing their projects at work, or their jobs and how they plan to move ahead in their career, or even about the family and household chores. One day, as I was thinking of topics to talk about to break the ice with few colleagues, I was called up by my project guide. There was the national conference of our vendors, QualysGuard and some of the team representatives were going there to attend it. My guide advised me to accompany them as well to interact with the Qualys team as I was to work in conjunction with them for the next two months.
So there I was, amidst the experts of the field, getting an opportunity to interact and learn from them directly. The conference hosted the likes of the Product Manager, VP, of the company, CISOs and executives of Infosys, BOA, HDFC, etc. Undoubtedly, it was an experience of a lifetime, getting to chat with all of them during the ‘snacks and networking’ break. The day ended with us getting goodies from the conference and the partners of the event.
My internship continued to surprise and inspire me in this way throughout the two months. A thing which started as a two-month thing taught me perhaps much more than any course could in years. I met with some brilliant people from different industry and came to learn about it; got to know about and contribute towards the prevention of damage from the “Ransomware"; coded, created and implemented a tool which brought the demand time from 2 days to 2 hours; and finally, even got into the project’s football club!
Therefore the two months were serendipitously eventful, to say the least. I am excited to think about the immense learning opportunities it provided. I had hoped to start with a clean slate and absorb as much as I can as I realised the massive opportunity I had been provided to enhance my skills and to make a difference. And though there’s still much more to learn, it definitely has been a great start.