GRIMM 2020 Summer Internships
Program History
The GRIMM Intern program began three years ago. Interns work on billable client and research projects. Additionally, past Interns worked on the development of GRIMM’s “Howdy Neighbor”, a portable Capture the Flag competition built entirely around hacking Home Automation devices. Howdy Neighbor is one of GRIMM’s go-to, hands-on demonstrations at conferences across the country. Several of the interns involved have since been hired by GRIMM and its spin-off software company, SCYTHE.
Intern life at GRIMM
Program Summary
Developing the next generation of cybersecurity talent is a priority at GRIMM. Our interns receive interactive mentorship, on thought-provoking work, designed to ready them for careers in cybersecurity. Our internship program seeks passionate students, from high school to Ph.D. level, to work on the front lines of innovation, gaining meaningful real-world experience.
Interns will benefit from:
- Mentorship (guidance, helping them learn, but also expecting them to put in the effort)
- Experience with a professional services firm (specific skills will vary from one practice to another)
- We hire only the best and brightest.
- You will work on real-world challenging problems.
- You can make a difference in the work and research performed.
AppSec
These are not the typical "intern projects" such as building some boring tool or repeatedly doing a manual task that should have been automated. Instead, they will be integrated with the team working on actual client work or Internal Research and Development! This means solving real problems, finding real vulnerabilities, writing exploits/proof of concepts, and proposing remediation solutions.
What Will They Do?
The type of work we typically do includes threat modeling, design review, implementation review (usually with source code), and dynamic and static testing). We also build a number of Capture The Flag [CTF] (hacking) challenges for training and for the community. In addition to doing the work, you'll also be contributing to the client-facing reports or documentation.
What Will They will learn?
How to find design flaws and predict where the vulnerabilities will be before spending time going through code. The skills needed to do security analysis on systems in general (applications, networks, human processes, and combinations), with software systems being the primary focus. Basic LaTeX skills, for writing professional documents (as code). If working on CTF challenges, learn how automated deployment systems work. These are the same technologies as are used in Continuous Integration/Continuous Development (CI/CD) and DevSecOps.
What Skills required?
They will need the ability to read and understand multiple programming languages (C, JS, Bash, Python, etc.), as well as the ability to write code, install and configure software. Bonus points if they have familiarity with automation.
What Will They Do?
The type of work we typically do includes threat modeling, design review, implementation review (usually with source code), and dynamic and static testing). We also build a number of Capture The Flag [CTF] (hacking) challenges for training and for the community. In addition to doing the work, you'll also be contributing to the client-facing reports or documentation.
What Will They will learn?
How to find design flaws and predict where the vulnerabilities will be before spending time going through code. The skills needed to do security analysis on systems in general (applications, networks, human processes, and combinations), with software systems being the primary focus. Basic LaTeX skills, for writing professional documents (as code). If working on CTF challenges, learn how automated deployment systems work. These are the same technologies as are used in Continuous Integration/Continuous Development (CI/CD) and DevSecOps.
What Skills required?
They will need the ability to read and understand multiple programming languages (C, JS, Bash, Python, etc.), as well as the ability to write code, install and configure software. Bonus points if they have familiarity with automation.
CyPhy (Cyber-Physical Systems Security)
The Cyber-Physical Systems (Cy-Phy) work at GRIMM focuses on combining the world of “smart” devices and cybersecurity. GRIMM’s CyPhy team supports our clients in the development of building more secure, connected products. Projects the CyPhy team addresses include securing connected cars, aerospace, robotics, medical devices and critical infrastructure for both military and commercial applications within industry.What Will They Do?
CyPhy interns will have the opportunity to work on research projects which will include hands-on work with hardware products offering software, WiFI/Bluetooth integration. As an intern, you will be involved in the reverse engineering of software / firmware / hardware for products you use in your everyday life and you will live on the cutting-edge of where IT and OT intersect. Interns receive mentorship and professional development for reversing, exploitation, and the chance to develop the tools to accomplish these tasks.
What Will They Learn?
CyPhy projects vary in scope and project goals and objectives are rarely the same from project-to-project. Interns invited to join GRIMM’s CyPhy team will be involved in development and reverse engineering of software/firmware/hardware.
At GRIMM, we recognize if you do not love what you do - you will not do it for long. The CyPhy team will take the time to listen to the interns cybersecurity interests and will make an effort to match intern’s interests to active projects.
What Skills Are Required?
They are looking for C coding skills, understanding of reverse engineering and/or hardware development, soldering (optional), and a passion for growing and learning and becoming more. They are also looking for a hacker mindset. Automotive, Aerospace, embedded knowledge/experience is an added bonus, but obviously not expected.
Selection process
Passion and knowledge. We want people with a passion for cybersecurity. Interns should be able to demonstrate their knowledge and passion for cybersecurity outside of the classroom. Candidates are initially screened based on their resumes and cybersecurity related extracurricular activities. The best candidates will receive an initial phone screening. We have a very high selection bar, similar to our full time hires. The top candidates who make it past this screening meet with a series of our technical leads who evaluate their knowledge and abilities, and if they’re a fit, they receive offers to join the respective teams.
2020 Interns:
Sophia Kraus
Sophia Kraus joins GRIMM’s Cyber Physical (CyPhy) Systems Security team as an Intern for the summer of 2020. Sophia is an Electrical Engineering student at Michigan Tech University and credits her passion for cybersecurity as starting when she had an opportunity to be a high school student participant in the 2018 SAE CyberAuto Challenge. Sophia’s experience at the SAE CyberAuto Challenge inspired her to further knowledge within the field of transportation cybersecurity and thus; she applied and was granted participation in the CyberTruck Challenge in 2019. GRIMM’s CyPhy team proudly supports the CyberAuto and CyberTruck (and soon, the CyberBoat Challenge) as an opportunity to mentor the next generation of transportation security professionals. As she began her academic career, Sophia joined the Red Team Cybersecurity Organization at Michigan Tech University, which serves as a platform for Sophia to learn from her peers while competing in increasingly challenging CTFs. Outside of Sophia's studies and her passion for cybersecurity, Sophia enjoys spending time with her dog and going adventuring throughout the Keweenaw Peninsula in Michigan’s northern country. You can follow Sophia on LinkedIn, at: http://linkedin.com/in/sophia-kraus-50b1461aa
Alex Lin
Alex Lin joins GRIMM's Application Security team as an Intern for the summer of 2020. Alex is a junior in Computer Engineering at Purdue University. He enjoys hacking by playing CTFs with team Perfect Blue, currently the #1 team in the US on ctftime. Outside of his studies and CTF domination, he enjoys traveling, learning about how things work, and drinking tea. During his internship Alex will be helping GRIMM advance the state of the art in binary analysis through internal research and development projects. Alex already made great strides on a tool to assist with dynamic deep code analysis of binary only applications. You can follow Alex on LinkedIn, at https://www.linkedin.com/in/alex-lin-646916172
Talia Gifford
Talia became interested in cybersecurity working for a Harvard policy group on US election infrastructure vulnerabilities. She still thinks about big policy questions, like whether cyber conflict actually makes kinetic warfare less likely. In addition to the theoretical, she has found passion in technical research. During the school year, she researches deep neural networks with the SAND Lab at the University of Chicago. While not at school in Chicago studying Physics, she lives in Boston with her German Shepherd Rambo. Talia also loves the discipline of mountaineering and has five first ascent climbs in British Columbia, Canada.
https://www.linkedin.com/in/taliagifford/
https://www.linkedin.com/in/taliagifford/