Walk me through your typical day at Return Path.
Throughout each day, I do some combination of the following:
- Setting up and testing various mobile device management solutions. Return Path has been looking for software solutions that will allow them control over the company-related data on employee mobile devices. That way, if a device is lost or an employee leaves, Return Path will have the ability to control any data on the device that pertains to the company and leave the personal data untouched.
- Helping to vet penetration testing companies to decide which will test Return Path’s infrastructure in a few months. We talk to various companies and determine, based on the services offered, reputation, pricing, and interactions with representatives, which company would be the best fit to test for security vulnerabilities within RP. This helps ensure safety for both our company and our customers.
- Writing relatively simple scripts, usually in Python. One of the more involved (and more fun) coding tasks that I took on involved performing data analysis on the result of a company-wide phishing test, where we sent a pseudo-phishing email to all employees and recorded how each user interacted with the email.
One task that was particularly fun to work on involved a program that needed to access a database without any user interaction in order to complete its task. Without user interaction, any credentials (username/email, password) needed to access a relevant database must be stored somewhere for the program to access. Further, the program’s code would be stored on a Git repository.
After a lot of brainstorming and work, we eventually came up with a solution that maximized security as best possible in concrete ways. This involved the following steps:
- Storing the credentials in their own file, as opposed to within the code itself, and not pushing the credentials up to the Git repository. This way, the credentials stay on the user’s computer and are not stored with the code that uses them. The code can then access the credentials if it’s running on a computer that has the credentials file.
- Running the program under a service account, which is essentially a low-privilege account that only has access to the files it absolutely needs. In this case, the account would only need to access the program itself and the file storing the credentials.
- Limiting the permissions on the credentials file so that it could not be viewed by those who shouldn’t be viewing it.
What is your favorite aspect about being an intern at Return Path?
My favorite aspect about being an intern at Return Path is the getting to work through problems and learn about different aspects of privacy and security both on my own and with the rest of the team.
What type of advice would you give to future interns looking to work at Return Path?
Take advantage of the opportunity that Return Path gives you and learn as much as you can while you have access to the resources and people available to you.
What is one item on your bucket list?
To travel all around the world until my legs get too tired to carry on.
Check out our other interns here.