π¬ Blog
MoneyLion Internship Experience
date
Jul 31, 2023
slug
moneylion-internship
author
status
Public
tags
MoneyLion
Internship
CSIRT
Threat Intel
API Security
Application Security
summary
The tale of a 4-month cybersecurity internship journey at MoneyLion.
type
Post
thumbnail
.jpg?table=block&id=4d3227fa-86da-4223-9585-0fcd0a1eb6f0&cache=v2)
category
π¬ Blog
updatedAt
Sep 18, 2023 06:12 PM
It's been quite the ride, and I'm thrilled to share the highlights of my 4 months cybersecurity internship journey at MoneyLion (Since a lot of people have been asking how was the internship conducted etc), so I hear yall! π
Β
Over the past few months, I've had the incredible opportunity to dive headfirst into the world of cybersecurity and explore various departments, each with its own unique set of challenges and revelations. So, grab a cup of coffee (or boba milk tea) and join me as I take you through my whirlwind rotation of four departments: CSIRT, Threat Intelligence, Application Security, and API Security. Of course, thereβs a small dash on the company culture in itself, so without further ado, letβs goooo!
Β
A bit of context about how the internship was structured: I had the opportunity to rotate through every cybersecurity department within the company for 1 month. Following the rotation, I would then select a department in which to continue and work on a project. This project would then be presented to the entire company at the conclusion of my internship period. Since I came here to learn, I decided to focus on the 2 departments where I felt less confident: Application Security and API Security, and I completed 2 projects in these areas by the end of my internship. Hooray! (I won't mention the specifics of my projects here though)
.jpg?table=block&id=9111fe6e-663c-4784-946b-da81282a2ca5&cache=v2)
Β
This blog is really long, brace yourselves π
Β
Index:
CSIRT: Unveiling the Heroes Behind the ScenesThreat Intelligence: Rabbit Holes has Never Been this Interesting πApplication Security: Fortifying the Digital GatesAPI Security: Safeguarding the Juicy PartsSo, Did it Help?A Little Treat, the Amazing Company CultureThe Intern Bermuda TriangleA Tribute to the Man that Started it AllCredits
CSIRT: Unveiling the Heroes Behind the Scenes
Diving into the world of CSIRT (Cyber Security Incident Response Team) during my cybersecurity internship at MoneyLion was like opening a door to a whole new dimension. At first, I'll admit, I thought it might be a bit repetitive, dealing with similar queries day in and day out. But boy, was I super wrong π€£
Β
One of the most eye-opening experiences was learning the art of scoping. You see, scoping is like deciding where to draw the line β what information is enough to avoid tumbling down a never-ending rabbit hole. My colleagues, Jayden and Siddiq were like wizards in this aspect. They had this incredible ability to zoom in on the crucial details, avoiding unnecessary detours while investigating incidents. Let me tell you, Iβm definitely the worst at scoping, and Iβm still very curious how my colleagues did it π However, looking at their triages and queries from time to time did gave me a lot of insights, so kudos to them!
Β
But that's not all. Those queries, the ones that I initially thought might be mundane, turned out to be a source of exhilaration. And if you're wondering what fueled this newfound enthusiasm, it was KC7 Foundationβs modules β which is mostly KQL queries on Active Directory. The satisfaction that came from piecing together the puzzle was super addictive. In fact, my dedication to mastering KQL queries led to an unexpected and humbling opportunity. Little ol' me was invited to be a DEFCON challenge tester! It was a moment of validation, a realization that one thing had led to another in this incredible journey. But the writeup for that shall be a story for another day π
Β
So, a mini moral lesson: never underestimate the power of diving into what might seem routine. You never know where it might take you. As I look back on my CSIRT experience at MoneyLion, I'm grateful for the lessons, the threat hunts, the adrenaline, and the unexpected doors that swung wide open. Here's to scoping, queries, and the electrifying world of cybersecurity β a realm that continues to surprise, challenge, and thrill me with every twist and turn.
Β
Threat Intelligence: Rabbit Holes has Never Been this Interesting π
Let's talk about the Threat Intelligence department β the one I was very eagerly looking forward to because I had this deep, borderline irrational affection for OSINT challenges. And guess what? My excitement was well-placed. It was like my OSINT dreams had come true. I was handed tasks that took me on a delightful journey into the dark web with a mission. π
Β
What really blew my mind, though, was the chance to play with those fancy-schmancy cyber intelligence platforms (I donβt know if I could mention them or not so Iβm not going to name them). You know, the ones that seem to have dollar signs attached to every click? I got to dive headfirst into these tools, sifting through data, and extracting insights that felt like gold nuggets in a data mine.
Β
But here's the kicker β when I first waltzed into the Threat Intelligence department, everything seemed to be neatly laid out, all structured and organized. It wasn't until the last few days of my internship that I decided to take a peek at the documents created by my colleague - Ly Dion from the past. The amount of research, the fine-tuning, the countless iterations β a reminder that what I saw was the result of meticulous hard work and dedication. I had unknowingly taken this level of craftsmanship for granted. Lesson learned, my friends.
Β
Oh, and speaking of lessons, let me give a shoutout to another colleague β Lancer who decided to sprinkle some machine learning magic into the threat intelligence cauldron (He taught himself that, what a chad). He took machine learning and infused it into our daily operations. I learned a ton just by observing his process, and let me tell you, it was a geeky thrill like no other.
Β
So there you have it, my dive into the world of Threat Intelligence β a land of OSINT wonders, dark web escapades, expensive/open-sourced tools, and eye-opening revelations about the art of crafting structured intelligence. It's been a wild ride, and I've come out the other side with a backpack full of insights, skills, and a newfound respect for the complexity that goes into every piece of the cybersecurity puzzle.
Β
Application Security: Fortifying the Digital Gates
Ah, let's dive into Application Security β the place where I went from "What's Terraform?" to "Please let my next task be Terraform! π₯Ί" It was a rollercoaster of learning, trial, and error, and I'm here to spill the beans on this exhilarating ride.
Β
First things first, our good olβ friend GitHub. From grappling with errors daily on GitHub to the grand transformation of going error-free, I owe a huge shoutout to my colleague, CX. He struck the perfect balance between spoon-feeding and letting me stumble my way to solutions (And that is VERY hard to find in a mentor, I appreciate that). Anyways, stumbling led to my very own GitHub error encyclopedia. Yep, I've got a whole documentation stash dedicated to these errors :β)
Β
Now, Terraform, I loved this language. This was the ONLY language that I am happy when I did an error. I donβt know why, but it is what it is. No more words needed.
Β
But that's not all, my friends. Go came sauntering into the picture. So, I did what any aspiring techie would do β I glanced at a 10-minute tutorial and dived headfirst into a Go task. Now, if you're wondering if I'm a Go code guru, I'll be real with you β no. But guess what? Thanks to my all-star colleagues, CX, Lian De, Luqman, and Miki, the code they wrote was super readable that I can code without fulling understanding the code. (Of course, I circle back later to deep dive into the nitty-gritty) But this made me realize how important readable code is, and how much time did it saved.
Β
One of the highlights of my time in Application Security was those brainstorming sessions and stand-ups. Picture this: a room full of brilliant minds tossing ideas like a game of catch. Witnessing genius minds at play was an absolute treat. We always had a whiteboard to for our ideas and discussions, and that whiteboard changes every week π The team had this uncanny ability to make even the most complex challenges seem like a playground puzzle, and I was super happy to be a small part of the process.
Β
Hence, that was my stint in the Application Security world at MoneyLion. From GitHub sufferings to Terraform triumphs to Go code camaraderie, it was a whirlwind of growth, fumbles, and a whole lot of "Finally, it worked :βD" moments. Remember, it's okay to stumble, it's okay to learn as you go, and it's perfectly fine to acknowledge that you donβt know something.
Β
API Security: Safeguarding the Juicy Parts
API, API, API β the buzzword that seems to echo everywhere. Funny thing is, this was my first real dive into the cybersecurity side of APIs π (Iβm sorry I usually focus more on DFIR :β))
Β
So, there I was, stepping into the realm of API security, and I was excited to build something meaningful from scratch (Well, almost). Finally, a chance to put my coding skills to real-world use, and not just churning out those run-of-the-mill inventory record programs for my university assignments β you know, the ones that collect virtual dust.
Β
My colleague β Hafiz became my go-to guru throughout my API related project. He had answers for all my questions β and believe me, there were many. With a plethora of use cases to explore, every corner turned was a lesson learned.
Β
Crafting this project also shed light on the art of efficiency. It's not just about getting the job done; it's about getting it done in the fastest way possible. I got a crash course in data structures, threading, and more.
Β
But it didn't stop there. This adventure spurred me to take a deeper dive. I embarked on an API fundamentals course, eager to understand the ins and outs of securing APIs and why it's a big deal. It was like peeling back layers of a digital onion β the more I learned, the more I realized, APIs are really really juicy for attackers.
Β
From a newbie wrangling with APIs to someone who understands their inner workings, it's been a journey of exploration and enlightenment. Who knew that three letters could hold so much power and potential? As I reflect on this experience, I'm reminded that sometimes the best learning happens when you dive headfirst into the unknown.
Β
So, Did it Help?
Learning from all four departments during my internship turned out to be a goldmine of knowledge. Let me share a cool scenario where this newfound wisdom came in handy β the realm of conferences. A place where minds mingle, ideas collide, and, if you're lucky through the power of social engineering, you score some sweet loot (but let's keep that on the down-low π).
Β
There's something exhilarating about being surrounded by fellow enthusiasts, all nerding out about the same things you love. So picture this: I'm at a conference, having a chat with some like-minded folks. And you know what's awesome? I can drop little nuggets of wisdom, like the tiniest gems of knowledge I've picked up from each department. The reaction I get is priceless β raised eyebrows, intrigued nods, and a general vibe of "Hey, you know your stuff!"
Β
But that's not all. The magic of cross-department learning kicks in. As I stroll through the conference halls, eyeballing vendor products and tech solutions, a whole new perspective unfolds. See, knowing how things work manually in various cybersecurity realms opens up new dimensions of understanding. I look at these tools and products and think, "Wait a second, I've done something like this manually before. It could be automated/approached differently? THATβS SO COOL YO-"
Β
And here's the kicker β this is just one basic scenario. Imagine the ripple effect across other aspects of cybersecurity, from brainstorming with colleagues to tackling real-world challenges. The knowledge mashup from all four departments turbocharges your problem-solving skills and widens your perspective in ways you'd never imagine.
Β
A Little Treat, the Amazing Company Culture
MoneyLion's company culture is a breath of fresh air β it's not your typical sit-in-front-of-a-computer-all-day gig. Nope, it's a vibrant ecosystem where work seamlessly blends with play, creating an atmosphere that's both invigorating and fulfilling.
Β
Tech talks? Check. β
Social nights? Double check. β
You think thatβs all? Nope, we're talking laser gun tags, cinema night, folks.
Β
And speaking of bonding, board game were the stuff of legends. Trust me, when I say we played board games, I mean we dove headfirst into epic sagas that lasted a whopping 6 hours. Battles were waged, alliances formed and shattered, all these while intense battle music are blasting in the background π
Β
On a side note, I also convinced some of my colleagues to struggle together in CTF questions HAHAH Those were fun and I loved it! (3 chilis are no longer our obstacles! β iykyk)
Β
But the adventure didn't stop there. MoneyLion had us covered in the sports department too. We're talking bouldering, badminton, running, and let's not forget padel β the sport that stole my heart. (MoneyLion introduced me to this gem, and let me tell you, I loved it so much that I really wanna go back but the sport is super expensive asdfghjkl)
.jpeg?table=block&id=398b2d1e-fc90-4bab-a7b7-547eaaf9b57c&cache=v2)
Β
The cherry on top? MoneyLion footed the bill for all these escapades! Yep, you heard that right. Sports, cinema, board games β all on the house. Thatβs not all though, we had free meals on the daily, nap rooms, JAPANESE TOILETS- (Ok Iβll stop it here)
Β
So, what more could you ask for, you say? Well, MoneyLion's company culture is a shining example of how work can be enjoyable, engaging, and downright awesome. It's the kind of place where you don't just work β you thrive, you play, and you create memories that stick with you long after you've clocked out. Cheers to everyone in MoneyLion, because yall made the experience like no other, and Iβll miss the place so much π
Β
The Intern Bermuda Triangle
Donβt let the negative sounding title trick you π These past few months with my 2 best internship friends β Ian and Annie have been a whirlwind of adventure, coffee trips, hackathons, and a whole lot of crazy shenanigans. 3 different departments, 3 distinct preferences, and yet, we vibe like no other.
Β
Anyways, here's to my two incredible intern friends β the meme-loving, hackathon-conquering, crazy-adventure-loving duo that added an unforgettable dimension to my internship journey. You've made these months unforgettable, and we should go to the next hackathon since we won best innovation anyways π
Β
A Tribute to the Man that Started it All
Of course, I definitely need to mention the man, the legend that introduced me to this company β Tommy. He had not only recommended me to this incredible journey, but also shaped it into an unforgettable adventure. As him being the current Vice President of Cybersecurity in MoneyLion, his leadership skills are something that I truly admire and aspire to achieve the level of greatness he exhibits in leading a team. And to that, I'm beyond grateful. In the unlikely event that he comes across this blog (which I think he wonβt because the guy is super busy), cheers to you, my friend β you're the real MVP!
Credits
- The best Cybersecurity team
- The intern Bermuda Triangle β Ian and Annie
- My partners in the Sports Competitions! β Billy (Badminton), Timothy (Run), Dafuallah (Run), and Kenji (Padel)
- Sports ERG people
- Abner (The design chad)
- PeopleOps Team
- Every individual in MoneyLion because yall rock