Hello! I have been a long-time reader of this reddit and I am asking for any advice or opinions on current summer internship offers that I have.

*Apologies for the long post but just want to give you as many details as I can! Thank you for any insight you all can give me, it is always very appreciated. I bolded the portion of the post that discusses the offers.*

I am a junior majoring in Comp sci and have very recently taken the leap to start emphasizing my degree and studies in cybersecurity. I dedicate a good amount of time outside of university on security-related extracurriculars and courses currently in ethical hacking + pentesting on networks and web applications.

Although red-teaming and pentesting are very interesting to me, I am unsure if that is what I want to pursue. I am still searching for what part of security is most interesting to me and hoping that an internship will help me gain experience in more areas.

That being said, in the pursuit of trying to pick up different skills and trying out other fields in security, I applied to a wide variety of internships and roles that just seemed interesting to me.

I have already accepted a Spring internship with a very large company working on mostly vulnerability management+mitigation, patching of OT devices, GRC, and other security-related tasks. Thought it would be a great opportunity to learn from a different perspective of security than I am used to (and also the only Spring internship I applied to so there was no reason for me to not accept it lol)

I currently have two offers for a summer internship that I am considering, and just completed a final round interview with a security firm (I have not received a decision for this, so I will not discuss it here; it would be a red-team consultant internship though)

**Offer 1:**

**Role: Application Security Engineer Intern**

**Data science and analytics software company; ~7000 global employees; would be working directly on the company’s software w SAST, DAST, SCA, etc. for identifying software vulnerabilities, assist the team in managing and employing ci/cd pipeline**

**The interview process was very smooth; gave a technical presentation to them on a project I worked on in the past and a behavioral interview; got grilled on some technical details during my presentation, but was a very friendly and open convo; remote position**

**Currently in emails with managers and employees researching more about the role itself and what I would be doing day-to-day as an intern, but I have a hard deadline that ends this Friday to accept the offer :/**

**Offer 2:**

**Role: Security Consulting Intern**

**IT consulting firm that works with Microsoft ecosystem; ~50k employees; unsure of what project specifically I would be working on during the internship itself; remote position; offers a guaranteed full-time role at the company after completing the internship**

**I will say that I have a background with this company as I have a scholarship with them and they have paid for a large chunk of my college tuition lol but I have nothing binding me to accept this offer; I have worked with interns and full-time employees at this company previously and they spoke very highly of their experience and I thought it was worth a shot to apply**

**I brought up some of the concerns I had with a consulting role to the interviewer and contacts I have at this specific firm (being pigeonholed, working unpaid overtime, etc.) and they cleared them all out for me**

**I am unsure of the implications of working in security consulting solely on Microsoft products and whether this would relate to other security-related roles well, so if any of you had insight on that, it would be very helpful.**

For me, my current thoughts are leaning a bit more towards the consulting role as it would (from my understanding at least) give me the ability to branch out more and experience different projects until I perhaps find what I truly want to work on long-term or if I just enjoy jumping from project to project. I also do not mind being client-facing and working on teams.

I know that AppSec is still a huge field with tons of opportunities to work in also though and I am probably biased to the consulting offer because of my background with the company and employees there, so I would love any opinions on the roles in front of me!

I hope this post does not make me seem as though I am just all over the place lol, I definitely am just trying to experiment and learn as much as I can while I am still in university. I know that there is no real right decision for an internship, but I am just a mess of thoughts and what-ifs currently!

Share This Discussion

1 Comment

  • tim-brottsling

    November 18, 2021

    In my opinion the appsec position would both be more interesting, and open more doors when you put it on your résumé. I’ve worked both as a generalist security consultant and in appsec, and I found appsec to be more giving. But that’s of course a personal preference.

    Reply

Leave a Comment

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.