My IBM Internship Experience
Last week I finished my summer internship at IBM as Security Specialist intern with Enterprise Technology and Security Business unit. I was able to work in the office of the Chief Information Security Officer, Koos Lodejiwx for the summer and got an opportunity to meet and connect with wonderful IBMers.
I am grateful that I had the chance to work alongside 26 interns and 3 apprentices. I’m indebted to my mentor and project lead, David Gawron who always used to quote the saying when I used go down a rabbit hole.
“Only when you have discovered three solutions to a problem have you begun to understand the problem”
He always had a unique way of leading me to the solution (which he already knew) by letting me think critically and approach each problem by taking a step back to always verify my solution. I want to thank my managers, Raymond Fallon, Mike Zemcik and IBM Software Vice President, Angela Jarrar who had guided me through each bi-weekly executive showcase presentation at IBM. These presentations are where I learned how to present to executives.
I had the opportunity to have a tech filled geek conversation with IBM CISO — Koos Lodejiwx, IBM Enterprise Technology and Security Vice President — Bill Tworek, IBM Enterprise Technology and Security Director — Nicole O’Connor and IBM Supply Chain Security Director — Chris Desforges, Chris Kulakowski, a threat hunter in the detection engineering team with IBM X-Force and Jeremy Khalouian, an Incident Responder with IBM X-Force.
Chris and Jeremy had given me abundant of resources to get started with Incident Response and how to carry out forensic triage after running atomic red scripts and how to associate each attack with the MITRE ATT&CK Framework and so much more. Chris Kulowski also had given me an overview of different teams within threat hunting and how the threat hunting teams perform when a new APT is detected.
Apart from work, my BigBlue Fam and I had loads of fun which can’t be put into words. I am grateful to IBM social captains and their mentors for organizing watch parties and summer events where us interns got an opportunity to connect with other IBMers. A short video is embedded to make the experience much more enjoyable.
Last but not the least, a special thank you to Lory Larma-Hopper for guiding us since the beginning and without whom the trip to Carowinds wouldn’t be a reality.
My Summer Intern Project
Since most of the applications today run on containers it was necessary to create a tool which would normalize and correlate the scan results from the industry leading scanners into a single report for our product teams. During the summer I worked on a Docker/Podman container scanning tool called the Multi-Scanner Data Analysis and Reporting tool.
This tool is a one stop shop of many industry well-known container scanning tools like Aqua, Twistlock, Grype, IBM Vulnerability Advisor, Trivy and Stackrox.
Features developed over the Summer
- CISO Override Integration into the Correlated Report — CISO Override is a order which the CISO pushes out for few zero day exploits which the CISO finds that the company should patch at a remediated rate. The attributed of a CISO override was integrated into the correlated report which the multi-scanner gives out.
- CISA Known exploited vulnerabilities catalog Integration into the Correlated Report — Most of the product teams also sell their products and softwares to the government, so it is mandatory that they also remediate 0 days according to the CISA known exploited vulnerabilities catalog. To make this happen CISA catalog has been integrated into the correlated report. Both the CISA and the CISO feature have been pushed into production and is available to the product teams
- Scanner Agreement Algorithm — The algorithm that I had come up with to show how much agreement there is across the six separate scanner results that the multi-scanner uses for container scanning 5 critical columns (Severity, CVSSBaseScore, CVSSExploitabilityScore, CVSSImpactScore, CVSSVector).
Impact
- These features helped the Cloud Pak product teams remediate vulnerabilities faster before the products are sold to the government and clients to prioritize vulnerabilities at a faster rate efficiently.
- Even after the products reach the client, the clients themselves run different container scanning tools and come back with their finding.
- Since most of the industry leading tools are integrated into the multi-scanner we can come across the different results from a single report.
- The scanner agreement score also shows how much agreement there is across all the individual scan results for 5 critical columns (Severity, CVSSBaseScore, CVSSExploitabilityScore, CVSSImpactScore, CVSSVector)
5th Annual Call for Code Global Challenge
How can technology improve sustainable production, consumption, and management of resources, reduce pollution creation, and protect biodiversity to create a greener future?
My team and I (Green Ink) for the hackathon built a website called Green Academy which would build equitable access to sustainability solutions, education, and job opportunities.
Green Ink secured 2nd place in the Hackathon
Our implementation towards the challenge topic — Equitable Access — is a portal, Green Academy which showcases an open-source course platform directly streamlined to getting hired into green jobs through the company’s partners, non profit organizations and other government firms. This allows to create equitable access to green jobs which in turn reduces the use of fossil fuels, and earth’s temperature.
