CISA’s Vulnerability Management goes “Big” on Interns and the Results are Staggering!

<!DOCTYPE html> <html lang="en" dir="ltr" prefix="og: https://ogp.me/ns#" class="no-js"> <head> <meta charset="utf-8" /> <link rel="canonical" href="https://www.cisa.gov/news-events/news/cisas-vulnerability-management-goes-big-interns-and-results-are-staggering" /> <meta property="og:site_name" content="Cybersecurity and Infrastructure Security Agency CISA" /> <meta property="og:type" content="website" /> <meta property="og:url" content="https://www.cisa.gov/news-events/news/cisas-vulnerability-management-goes-big-interns-and-results-are-staggering" /> <meta property="og:title" content="CISA’s Vulnerability Management goes “Big” on Interns and the Results are Staggering! | CISA" /> <meta name="Generator" content="Drupal 10 (https://www.drupal.org)" /> <meta name="MobileOptimized" content="width" /> <meta name="HandheldFriendly" content="true" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> <link rel="icon" href="/profiles/cisad8_gov/themes/custom/gesso/favicon.png" type="image/png" /> <title>CISA’s Vulnerability Management goes “Big” on Interns and the Results are Staggering! | CISA</title> <link rel="stylesheet" media="all" href="/core/modules/system/css/components/align.module.css?sn7rxr" /> <link rel="stylesheet" media="all" href="/core/modules/system/css/components/fieldgroup.module.css?sn7rxr" /> <link rel="stylesheet" media="all" href="/core/modules/system/css/components/container-inline.module.css?sn7rxr" /> <link rel="stylesheet" media="all" href="/core/modules/system/css/components/clearfix.module.css?sn7rxr" /> <link rel="stylesheet" media="all" href="/core/modules/system/css/components/details.module.css?sn7rxr" /> <link rel="stylesheet" media="all" href="/core/modules/system/css/components/hidden.module.css?sn7rxr" /> <link rel="stylesheet" media="all" href="/core/modules/system/css/components/item-list.module.css?sn7rxr" /> <link rel="stylesheet" media="all" href="/core/modules/system/css/components/js.module.css?sn7rxr" /> <link rel="stylesheet" media="all" href="/core/modules/system/css/components/nowrap.module.css?sn7rxr" /> <link rel="stylesheet" media="all" href="/core/modules/system/css/components/position-container.module.css?sn7rxr" /> <link rel="stylesheet" media="all" href="/core/modules/system/css/components/reset-appearance.module.css?sn7rxr" /> <link rel="stylesheet" media="all" href="/core/modules/system/css/components/resize.module.css?sn7rxr" /> <link rel="stylesheet" media="all" href="/core/modules/system/css/components/system-status-counter.css?sn7rxr" /> <link rel="stylesheet" media="all" href="/core/modules/system/css/components/system-status-report-counters.css?sn7rxr" /> <link rel="stylesheet" media="all" href="/core/modules/system/css/components/system-status-report-general-info.css?sn7rxr" /> <link rel="stylesheet" media="all" href="/core/modules/system/css/components/tablesort.module.css?sn7rxr" /> <link rel="stylesheet" media="all" href="/core/misc/components/progress.module.css?sn7rxr" /> <link rel="stylesheet" media="all" href="/core/misc/components/ajax-progress.module.css?sn7rxr" /> <link rel="stylesheet" media="all" href="/core/modules/views/css/views.module.css?sn7rxr" /> <link rel="stylesheet" media="all" href="/profiles/cisad8_gov/modules/custom/toolbar_tasks/css/toolbar.css?sn7rxr" /> <link rel="stylesheet" media="all" href="/modules/contrib/extlink/css/extlink.css?sn7rxr" /> <link rel="stylesheet" media="all" href="/modules/contrib/ckeditor_accordion/css/accordion.frontend.css?sn7rxr" /> <link rel="stylesheet" media="all" href="/modules/contrib/paragraphs/css/paragraphs.unpublished.css?sn7rxr" /> <link rel="stylesheet" media="all" href="/modules/contrib/better_social_sharing_buttons/css/better_social_sharing_buttons.css?sn7rxr" /> <link rel="stylesheet" media="all" href="//fonts.googleapis.com/css2?family=Montserrat:wght@400;500;600;700&family=Public+Sans:wght@400;500;600;700&display=swap" /> <link rel="stylesheet" media="all" href="/profiles/cisad8_gov/themes/custom/gesso/dist/css/styles.css?sn7rxr" /> <script type="application/json" data-drupal-selector="drupal-settings-json">{"path":{"baseUrl":"\/","pathPrefix":"","currentPath":"node\/22577","currentPathIsAdmin":false,"isFront":false,"currentLanguage":"en"},"pluralDelimiter":"\u0003","suppressDeprecationErrors":true,"gtm":{"tagId":null,"settings":{"data_layer":"dataLayer","include_classes":false,"allowlist_classes":"","blocklist_classes":"","include_environment":false,"environment_id":"","environment_token":""},"tagIds":["GTM-53QLXSL9"]},"gtag":{"tagId":"","consentMode":false,"otherIds":[],"events":[],"additionalConfigInfo":[]},"ajaxPageState":{"libraries":"eJxdjdFuwzAIRX_IjT_JwoY6XoiJALfN38_q2k7byxXnCjiZ3EmTSWnAyVbQ1mvKw126RfOTJ4eyETYXTVCKKDbp8TMtV5Xu1DHQw-f2FlHHAby8MFSRypQcaqwz_vMCX_D4W-6hDrujxcqSgd_kBEYaDlCoCsdqb9Nvs4x-jMzNVsJgpzntMc-r4CKcQafAtvnph8KwK2GVW3rpoQOf3opFFsDLBy8Fe7g1ult85rILDqZvwyd8uQ","theme":"guswds","theme_token":null},"ajaxTrustedUrl":[],"data":{"extlink":{"extTarget":false,"extTargetAppendNewWindowLabel":"(opens in a new window)","extTargetNoOverride":false,"extNofollow":false,"extNoreferrer":false,"extFollowNoOverride":false,"extClass":"ext","extLabel":"(link is external)","extImgClass":false,"extSubdomains":true,"extExclude":"(.\\.gov$)|(.\\.mil$)|(.\\.mil\/)|(.\\.gov\/)","extInclude":"","extCssExclude":".c-menu--social,.c-menu--footer,.c-social-links,.c-text-cta--button,.usa-footer__contact-info","extCssInclude":"","extCssExplicit":"","extAlert":true,"extAlertText":"You are now leaving an official website of the United State Government (USG), the Department of Homeland Security (DHS) and the Cybersecurity and Infrastructure Security Agency (CISA). Links to non-USG, non-DHS and non-CISA sites are provided for the visitor\u0027s convenience and do not represent an endorsement by USG, DHS or CISA of any commercial or private issues, products or services. Note that the privacy policy of the linked site may differ from that of USG, DHS and CISA.","extHideIcons":false,"mailtoClass":"mailto","telClass":"","mailtoLabel":"(link sends email)","telLabel":"(link is a phone number)","extUseFontAwesome":false,"extIconPlacement":"append","extFaLinkClasses":"fa fa-external-link","extFaMailtoClasses":"fa fa-envelope-o","extAdditionalLinkClasses":"","extAdditionalMailtoClasses":"","extAdditionalTelClasses":"","extFaTelClasses":"fa fa-phone","whitelistedDomains":[],"extExcludeNoreferrer":""}},"ckeditorAccordion":{"accordionStyle":{"collapseAll":1,"keepRowsOpen":0,"animateAccordionOpenAndClose":1,"openTabsWithHash":1}},"user":{"uid":0,"permissionsHash":"0f75d40308887aebba0d5b0d2671305b73c9431902f86e672380a6dc6ab97d07"}}</script> <script src="/core/assets/vendor/jquery/jquery.min.js?v=3.7.1"></script> <script src="/core/assets/vendor/once/once.min.js?v=1.0.1"></script> <script src="/core/misc/drupalSettingsLoader.js?v=10.3.6"></script> <script src="/core/misc/drupal.js?v=10.3.6"></script> <script src="/core/misc/drupal.init.js?v=10.3.6"></script> <script src="/core/assets/vendor/tabbable/index.umd.min.js?v=6.2.0"></script> <script src="/modules/contrib/google_tag/js/gtm.js?sn7rxr"></script> <script src="/modules/contrib/google_tag/js/gtag.js?sn7rxr"></script> <script src="/core/misc/progress.js?v=10.3.6"></script> <script src="/core/assets/vendor/loadjs/loadjs.min.js?v=4.3.0"></script> <script src="/core/misc/debounce.js?v=10.3.6"></script> <script src="/core/misc/announce.js?v=10.3.6"></script> <script src="/core/misc/message.js?v=10.3.6"></script> <script src="/core/misc/ajax.js?v=10.3.6"></script> <script src="/modules/contrib/google_tag/js/gtag.ajax.js?sn7rxr"></script> </head> <body class="path-node not-front node-page node-page--node-type-article" id="top"> <div class="c-skiplinks"> <a href="#main" class="c-skiplinks__link u-visually-hidden u-focusable">Skip to main content</a> </div> <noscript><iframe src="https://www.googletagmanager.com/ns.html?id=GTM-53QLXSL9" height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript> <div class="dialog-off-canvas-main-canvas" data-off-canvas-main-canvas> <div class="l-site-container"> <section class="usa-banner" aria-label="Official government website"> <div class="usa-accordion"> <header class="usa-banner__header"> <div class="usa-banner__inner"> <div class="grid-col-auto"> <img class="usa-banner__header-flag" src="/profiles/cisad8_gov/themes/custom/gesso/dist/images/us_flag_small.png" alt="U.S. flag" /> </div> <div class="grid-col-fill tablet:grid-col-auto"> <p class="usa-banner__header-text">An official website of the United States government</p> <p class="usa-banner__header-action" aria-hidden="true">Here’s how you know</p></div> <button class="usa-accordion__button usa-banner__button" aria-expanded="false" aria-controls="gov-banner"> <span class="usa-banner__button-text">Here’s how you know</span> </button> </div> </header> <div class="usa-banner__content usa-accordion__content" id="gov-banner"> <div class="grid-row grid-gap-lg"> <div class="usa-banner__guidance tablet:grid-col-6"> <img class="usa-banner__icon usa-media-block__img" src="/profiles/cisad8_gov/themes/custom/gesso/dist/images/icon-dot-gov.svg" alt="Dot gov"> <div class="usa-media-block__body"> <p> <strong>Official websites use .gov</strong> <br> A <strong>.gov</strong> website belongs to an official government organization in the United States. </p> </div> </div> <div class="usa-banner__guidance tablet:grid-col-6"> <img class="usa-banner__icon usa-media-block__img" src="/profiles/cisad8_gov/themes/custom/gesso/dist/images/icon-https.svg" alt="HTTPS"> <div class="usa-media-block__body"> <p> <strong>Secure .gov websites use HTTPS</strong> <br> A <strong>lock</strong> (<span class="icon-lock"><svg xmlns="http://www.w3.org/2000/svg" width="52" height="64" viewBox="0 0 52 64" class="usa-banner__lock-image" role="img" aria-labelledby="banner-lock-title banner-lock-description"><title id="banner-lock-title">Lock</title><desc id="banner-lock-description">A locked padlock</desc><path fill="#000000" fill-rule="evenodd" d="M26 0c10.493 0 19 8.507 19 19v9h3a4 4 0 0 1 4 4v28a4 4 0 0 1-4 4H4a4 4 0 0 1-4-4V32a4 4 0 0 1 4-4h3v-9C7 8.507 15.507 0 26 0zm0 8c-5.979 0-10.843 4.77-10.996 10.712L15 19v9h22v-9c0-6.075-4.925-11-11-11z"/></svg></span>) or <strong>https://</strong> means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites. </p> </div> </div> </div> </div> </div> </section> <div class="c-block c-global-header-btns c-global-btns"> <div class="l-constrain l-constrain"> <div class="c-block__content"> <div id="block-globalbuttons" class="c-block c-block--provider-block-content c-block--id-block-content83069f9f-34fc-4d54-86ec-936a204f8088"> <div class="c-block__content"> <div class="c-field c-field--name-body c-field--type-text-with-summary c-field--label-hidden"> <div class="c-field__content"><p><a class="c-button c-button--basic c-button--blue" href="/resources-tools/resources/free-cybersecurity-services-and-tools" title="Free Cyber Services">Free Cyber Services</a><a class="c-button c-button--basic c-button--green60" href="/topics/election-security/election-threat-updates">Election Threat Updates</a><a class="c-button c-button--basic c-button--gray" href="/protect2024">#protect2024</a><a class="c-button c-button--basic c-button--teal" href="/node/18883">Secure Our World</a><a class="c-button c-button--campaign" href="/node/8056">Shields Up</a><a class="c-button c-button--report" href="/report">Report A Cyber Issue</a></p></div></div> </div> </div> </div> </div> </div> <div class="usa-overlay"></div> <header class="usa-header usa-header--extended" role="banner"> <div class="usa-navbar"> <div class="l-constrain"> <div class="usa-navbar__row"> <div class="c-block c-site-header"> <div class="l-constrain"> <div class="c-block__content"> <div id="block-guswds-cisaheaderblock" class="c-block c-block--provider-block-content c-block--id-block-contentbc4e6844-86b4-4e20-b163-a73bda3d1d76"> <div class="c-block__content"> <div class="c-field c-field--name-body c-field--type-text-with-summary c-field--label-hidden"> <div class="c-field__content"><a href="/"><img src = "/sites/default/files/images/SVG/header_logo_tagline_update.svg" alt="CISA logo image. America's Cyber Defense Agency, National Coordinator for Critical Infrastructure Security and Resilience"/></a></div></div> </div> </div> </div> </div> </div> <div class="c-block c-site-header-mobile"> <div class="l-constrain"> <div class="c-block__content"> <div id="block-guswds-cisaheaderblockmobile" class="c-block c-block--provider-block-content c-block--id-block-content283396c9-cd36-4ce3-b1e2-9b5576ab4f50"> <div class="c-block__content"> <div class="c-field c-field--name-body c-field--type-text-with-summary c-field--label-hidden"> <div class="c-field__content"><a href="/"><img src = "/sites/default/files/images/SVG/mobile_logo_wordmark.svg" alt="CISA Logo"/></a></div></div> </div> </div> </div> </div> </div> <div class="usa-navbar__search"> <div class="usa-navbar__search-header"> <p>Search</p> </div> <div class="usa-search"> <script async src=https://cse.google.com/cse.js?cx=ffc4c79e29d5b3a8c></script> <div class="gcse-searchbox-only" data-resultsurl="/search"> </div> </div> </div> <button class="mobile-menu-button usa-menu-btn">Menu</button> </div> </div> </div> <div class="c-block c-tagline-mobile"> <div class="l-constrain"> <div class="c-block__content"> <div id="block-guswds-mobiletaglinecontainer" class="c-block c-block--provider-block-content c-block--id-block-contentc8d12e9d-7e48-4708-90c1-563609c4b566"> <div class="c-block__content"> <div class="c-field c-field--name-body c-field--type-text-with-summary c-field--label-hidden"> <div class="c-field__content"><p><center><img src = "/sites/default/files/images/SVG/header_tagline_mobile_update.svg" alt = "America's Cyber Defense Agency" /></center></div></div> </div> </div> </div> </div> </div> <nav class="usa-nav" role="navigation" aria-label="Primary navigation"> <div class="usa-nav__inner l-constrain"> <div class="usa-nav__row"> <button class="usa-nav__close">Close</button> <div class="usa-search"> <script async src=https://cse.google.com/cse.js?cx=ffc4c79e29d5b3a8c></script> <div class="gcse-searchbox-only" data-resultsurl="/search"> </div> </div> <ul class="usa-nav__primary usa-accordion"> <li class="usa-nav__primary-item topics"> <button class="usa-accordion__button usa-nav__link " aria-expanded="false" aria-controls="basic-mega-nav-section-1"> <span>Topics</span> </button> <div id="basic-mega-nav-section-1" class="usa-nav__submenu usa-megamenu" hidden=""> <div class="usa-megamenu__parent-link"> <a href="/topics">Topics</a> </div> <div class="usa-megamenu__menu-items"> <div class="usa-col"> <div class="usa-nav__submenu-item"> <a href="/topics/cybersecurity-best-practices"> <span>Cybersecurity Best Practices</span> </a> </div> </div> <div class="usa-col"> <div class="usa-nav__submenu-item"> <a href="/topics/cyber-threats-and-advisories"> <span>Cyber Threats and Advisories</span> </a> </div> </div> <div class="usa-col"> <div class="usa-nav__submenu-item"> <a href="/topics/critical-infrastructure-security-and-resilience"> <span>Critical Infrastructure Security and Resilience</span> </a> </div> </div> <div class="usa-col"> <div class="usa-nav__submenu-item"> <a href="/topics/election-security"> <span>Election Security</span> </a> </div> </div> <div class="usa-col"> <div class="usa-nav__submenu-item"> <a href="/topics/emergency-communications"> <span>Emergency Communications</span> </a> </div> </div> <div class="usa-col"> <div class="usa-nav__submenu-item"> <a href="/topics/industrial-control-systems"> <span>Industrial Control Systems</span> </a> </div> </div> <div class="usa-col"> <div class="usa-nav__submenu-item"> <a href="/topics/information-communications-technology-supply-chain-security"> <span>Information and Communications Technology Supply Chain Security</span> </a> </div> </div> <div class="usa-col"> <div class="usa-nav__submenu-item"> <a href="/topics/partnerships-and-collaboration"> <span>Partnerships and Collaboration</span> </a> </div> </div> <div class="usa-col"> <div class="usa-nav__submenu-item"> <a href="/topics/physical-security"> <span>Physical Security</span> </a> </div> </div> <div class="usa-col"> <div class="usa-nav__submenu-item"> <a href="/topics/risk-management"> <span>Risk Management</span> </a> </div> </div> </div> <div class="c-menu-feature-links"> <div class="c-menu-feature-links__title"> <a href="/audiences"> How can we help? </a> </div> <div class="c-menu-feature-links__content"><a href="/topics/government">Government</a><a href="/topics/educational-institutions">Educational Institutions</a><a href="/topics/industry">Industry</a><a href="/topics/state-local-tribal-and-territorial">State, Local, Tribal, and Territorial</a><a href="/topics/individuals-and-families">Individuals and Families</a><a href="/topics/small-and-medium-businesses">Small and Medium Businesses</a><a href="/audiences/find-help-locally">Find Help Locally</a><a href="/audiences/faith-based-community">Faith-Based Community</a><a href="/audiences/executives">Executives</a><a href="/audiences/high-risk-communities">High-Risk Communities</a></div> </div> </div> </li> <li class="usa-nav__primary-item spotlight"> <a href="/spotlight" class="usa-nav__link" > <span>Spotlight</span> </a> </li> <li class="usa-nav__primary-item resources--tools"> <button class="usa-accordion__button usa-nav__link " aria-expanded="false" aria-controls="basic-mega-nav-section-3"> <span>Resources & Tools</span> </button> <div id="basic-mega-nav-section-3" class="usa-nav__submenu usa-megamenu" hidden=""> <div class="usa-megamenu__parent-link"> <a href="/resources-tools">Resources & Tools</a> </div> <div class="usa-megamenu__menu-items"> <div class="usa-col"> <div class="usa-nav__submenu-item"> <a href="/resources-tools/all-resources-tools"> <span>All Resources & Tools</span> </a> </div> </div> <div class="usa-col"> <div class="usa-nav__submenu-item"> <a href="/resources-tools/services"> <span>Services</span> </a> </div> </div> <div class="usa-col"> <div class="usa-nav__submenu-item"> <a href="/resources-tools/programs"> <span>Programs</span> </a> </div> </div> <div class="usa-col"> <div class="usa-nav__submenu-item"> <a href="/resources-tools/resources"> <span>Resources</span> </a> </div> </div> <div class="usa-col"> <div class="usa-nav__submenu-item"> <a href="/resources-tools/training"> <span>Training</span> </a> </div> </div> <div class="usa-col"> <div class="usa-nav__submenu-item"> <a href="/resources-tools/groups"> <span>Groups</span> </a> </div> </div> </div> </div> </li> <li class="usa-nav__primary-item news--events"> <button class="usa-accordion__button usa-nav__link usa-current" aria-expanded="false" aria-controls="basic-mega-nav-section-4"> <span>News & Events</span> </button> <div id="basic-mega-nav-section-4" class="usa-nav__submenu usa-megamenu" hidden=""> <div class="usa-megamenu__parent-link"> <a href="/news-events">News & Events</a> </div> <div class="usa-megamenu__menu-items"> <div class="usa-col"> <div class="usa-nav__submenu-item"> <a href="/news-events/news"> <span>News</span> </a> </div> </div> <div class="usa-col"> <div class="usa-nav__submenu-item"> <a href="/news-events/events"> <span>Events</span> </a> </div> </div> <div class="usa-col"> <div class="usa-nav__submenu-item"> <a href="/news-events/cybersecurity-advisories"> <span>Cybersecurity Alerts & Advisories</span> </a> </div> </div> <div class="usa-col"> <div class="usa-nav__submenu-item"> <a href="/news-events/directives"> <span>Directives</span> </a> </div> </div> <div class="usa-col"> <div class="usa-nav__submenu-item"> <a href="/news-events/request-speaker"> <span>Request a CISA Speaker</span> </a> </div> </div> <div class="usa-col"> <div class="usa-nav__submenu-item"> <a href="/news-events/congressional-testimony"> <span>Congressional Testimony</span> </a> </div> </div> <div class="usa-col"> <div class="usa-nav__submenu-item"> <a href="/cisa-conferences"> <span>CISA Conferences</span> </a> </div> </div> <div class="usa-col"> <div class="usa-nav__submenu-item"> <a href="/cisa-live"> <span>CISA Live!</span> </a> </div> </div> </div> </div> </li> <li class="usa-nav__primary-item careers"> <button class="usa-accordion__button usa-nav__link " aria-expanded="false" aria-controls="basic-mega-nav-section-5"> <span>Careers</span> </button> <div id="basic-mega-nav-section-5" class="usa-nav__submenu usa-megamenu" hidden=""> <div class="usa-megamenu__parent-link"> <a href="/careers">Careers</a> </div> <div class="usa-megamenu__menu-items"> <div class="usa-col"> <div class="usa-nav__submenu-item"> <a href="/careers/benefits-perks"> <span>Benefits & Perks</span> </a> </div> </div> <div class="usa-col"> <div class="usa-nav__submenu-item"> <a href="/careers/hirevue-applicant-reasonable-accommodations-process"> <span>HireVue Applicant Reasonable Accommodations Process</span> </a> </div> </div> <div class="usa-col"> <div class="usa-nav__submenu-item"> <a href="/general-recruitment-and-hiring-faqs"> <span>Hiring</span> </a> </div> </div> <div class="usa-col"> <div class="usa-nav__submenu-item"> <a href="/careers/resume-application-tips"> <span>Resume & Application Tips</span> </a> </div> </div> <div class="usa-col"> <div class="usa-nav__submenu-item"> <a href="/students-recent-graduates-employment-opportunities"> <span>Students & Recent Graduates</span> </a> </div> </div> <div class="usa-col"> <div class="usa-nav__submenu-item"> <a href="/careers/veteran-and-military-spouse-employment-opportunities"> <span>Veteran and Military Spouses</span> </a> </div> </div> <div class="usa-col"> <div class="usa-nav__submenu-item"> <a href="/careers/work-cisa"> <span>Work @ CISA</span> </a> </div> </div> </div> </div> </li> <li class="usa-nav__primary-item about"> <button class="usa-accordion__button usa-nav__link " aria-expanded="false" aria-controls="basic-mega-nav-section-6"> <span>About</span> </button> <div id="basic-mega-nav-section-6" class="usa-nav__submenu usa-megamenu" hidden=""> <div class="usa-megamenu__parent-link"> <a href="/about">About</a> </div> <div class="usa-megamenu__menu-items"> <div class="usa-col"> <div class="usa-nav__submenu-item"> <a href="/about/culture"> <span>Culture</span> </a> </div> </div> <div class="usa-col"> <div class="usa-nav__submenu-item"> <a href="/about/divisions-offices"> <span>Divisions & Offices</span> </a> </div> </div> <div class="usa-col"> <div class="usa-nav__submenu-item"> <a href="/about/regions"> <span>Regions</span> </a> </div> </div> <div class="usa-col"> <div class="usa-nav__submenu-item"> <a href="/about/leadership"> <span>Leadership</span> </a> </div> </div> <div class="usa-col"> <div class="usa-nav__submenu-item"> <a href="/doing-business-cisa"> <span>Doing Business with CISA</span> </a> </div> </div> <div class="usa-col"> <div class="usa-nav__submenu-item"> <a href="/site-links"> <span>Site Links</span> </a> </div> </div> <div class="usa-col"> <div class="usa-nav__submenu-item"> <a href="/reporting-employee-and-contractor-misconduct"> <span>Reporting Employee and Contractor Misconduct</span> </a> </div> </div> <div class="usa-col"> <div class="usa-nav__submenu-item"> <a href="/cisa-github"> <span>CISA GitHub</span> </a> </div> </div> <div class="usa-col"> <div class="usa-nav__submenu-item"> <a href="/cisa-central"> <span>CISA Central</span> </a> </div> </div> <div class="usa-col"> <div class="usa-nav__submenu-item"> <a href="/about/2023YIR"> <span>2023 Year In Review</span> </a> </div> </div> <div class="usa-col"> <div class="usa-nav__submenu-item"> <a href="/about/contact-us"> <span>Contact Us </span> </a> </div> </div> <div class="usa-col"> <div class="usa-nav__submenu-item"> <a href="/about/contact-us/subscribe-updates-cisa"> <span>Subscribe</span> </a> </div> </div> </div> </div> </li> </ul> <div class="c-block c-global-menu-btns c-global-btns"> <div class="c-block__content"> <div id="block-globalbuttons" class="c-block c-block--provider-block-content c-block--id-block-content83069f9f-34fc-4d54-86ec-936a204f8088"> <div class="c-block__content"> <div class="c-field c-field--name-body c-field--type-text-with-summary c-field--label-hidden"> <div class="c-field__content"><p><a class="c-button c-button--basic c-button--blue" href="/resources-tools/resources/free-cybersecurity-services-and-tools" title="Free Cyber Services">Free Cyber Services</a><a class="c-button c-button--basic c-button--green60" href="/topics/election-security/election-threat-updates">Election Threat Updates</a><a class="c-button c-button--basic c-button--gray" href="/protect2024">#protect2024</a><a class="c-button c-button--basic c-button--teal" href="/node/18883">Secure Our World</a><a class="c-button c-button--campaign" href="/node/8056">Shields Up</a><a class="c-button c-button--report" href="/report">Report A Cyber Issue</a></p></div></div> </div> </div> </div> </div> </div> </div> </nav> </header> <div class="l-breadcrumb"> <div class="l-constrain"> <div class="l-breadcrumb__row"> <nav aria-labelledby="breadcrumb-label" class="c-breadcrumb" role="navigation"> <div class="l-constrain"> <div id="breadcrumb-label" class="c-breadcrumb__title u-visually-hidden">Breadcrumb</div> <ol class="c-breadcrumb__list"> <li class="c-breadcrumb__item"> <a class="c-breadcrumb__link" href="/">Home</a> </li> <li class="c-breadcrumb__item"> <a class="c-breadcrumb__link" href="/news-events">News & Events</a> </li> <li class="c-breadcrumb__item"> <a class="c-breadcrumb__link" href="/news-events/news">News</a> </li> </ol> </div> </nav> <div id="block-bettersocialsharingbuttons" class="c-block c-block--social-share c-block--provider-better-social-sharing-buttons c-block--id-social-sharing-buttons-block"> <div class="c-block__content"> <div class="c-block__row"> <span>Share:</span> <div style="display: none"><link rel="preload" href="/modules/contrib/better_social_sharing_buttons/assets/dist/sprites/social-icons--no-color.svg" as="image" type="image/svg+xml" crossorigin="anonymous" /></div> <div class="social-sharing-buttons"> <a href="https://www.facebook.com/sharer/sharer.php?u=https://www.cisa.gov/news-events/news/cisas-vulnerability-management-goes-big-interns-and-results-are-staggering&title=CISA%E2%80%99s%20Vulnerability%20Management%20goes%20%E2%80%9CBig%E2%80%9D%20on%20Interns%20and%20the%20Results%20are%20Staggering%21%20" target="_blank" title="Share to Facebook" aria-label="Share to Facebook" class="social-sharing-buttons__button share-facebook" rel="noopener"> <svg width="18px" height="18px" style="border-radius:3px;"> <use href="/modules/contrib/better_social_sharing_buttons/assets/dist/sprites/social-icons--no-color.svg#facebook" /> </svg> </a> <a href="https://twitter.com/intent/tweet?text=CISA%E2%80%99s%20Vulnerability%20Management%20goes%20%E2%80%9CBig%E2%80%9D%20on%20Interns%20and%20the%20Results%20are%20Staggering%21%20+https://www.cisa.gov/news-events/news/cisas-vulnerability-management-goes-big-interns-and-results-are-staggering" target="_blank" title="Share to X" aria-label="Share to X" class="social-sharing-buttons__button share-x" rel="noopener"> <svg width="18px" height="18px" style="border-radius:3px;"> <use href="/modules/contrib/better_social_sharing_buttons/assets/dist/sprites/social-icons--no-color.svg#x" /> </svg> </a> <a href="https://www.linkedin.com/sharing/share-offsite/?url=https://www.cisa.gov/news-events/news/cisas-vulnerability-management-goes-big-interns-and-results-are-staggering" target="_blank" title="Share to Linkedin" aria-label="Share to Linkedin" class="social-sharing-buttons__button share-linkedin" rel="noopener"> <svg width="18px" height="18px" style="border-radius:3px;"> <use href="/modules/contrib/better_social_sharing_buttons/assets/dist/sprites/social-icons--no-color.svg#linkedin" /> </svg> </a> <a href="mailto:?subject=CISA%E2%80%99s%20Vulnerability%20Management%20goes%20%E2%80%9CBig%E2%80%9D%20on%20Interns%20and%20the%20Results%20are%20Staggering%21%20&body=https://www.cisa.gov/news-events/news/cisas-vulnerability-management-goes-big-interns-and-results-are-staggering" title="Share to Email" aria-label="Share to Email" class="social-sharing-buttons__button share-email" target="_blank" rel="noopener"> <svg width="18px" height="18px" style="border-radius:3px;"> <use href="/modules/contrib/better_social_sharing_buttons/assets/dist/sprites/social-icons--no-color.svg#email" /> </svg> </a> </div> </div> </div> </div> </div> </div> </div> <main id="main" class="c-main" role="main" tabindex="-1"> <div class="l-content"> <div class="is-promoted l-full"> <div class="l-full__header"> <div class="c-page-title"> <div class="c-page-title__inner l-constrain"> <div class="c-page-title__row"> <div class="c-page-title__content"> <div class="c-page-title__meta">Blog</div> <h1 class="c-page-title__title"> <span>CISA’s Vulnerability Management goes “Big” on Interns and the Results are Staggering! </span> </h1> <div class="c-page-title__date"> <div class="c-field c-field--name-field-release-date c-field--type-datetime c-field--label-above"> <div class="c-field__label">Released</div><div class="c-field__content"><time datetime="2024-11-14T12:00:00Z">November 14, 2024</time></div></div> </div> <div class="c-page-title__date"></div> <div class="c-page-title__author"> <p><em>Sandy Radesky, Associate Director, Vulnerability Management and Wendell Jose, Senior Program Manager, Student Programs </em></p> </div> <div class="c-page-title__topic"> <div class="c-topic__label"> Related topics: </div> <div class="c-top__topics"> <a href="/topics/cybersecurity-best-practices">Cybersecurity Best Practices</a> </div> </div> </div> </div> <div class="c-page-title__decoration"></div> </div> </div> </div> <div class="l-full__main"> <div class="c-wysiwyg"> <div class="l-constrain"> <div class="c-wysiwyg__inner"> <div class="c-field c-field--name-field-full-html c-field--type-text-long c-field--label-hidden"> <div class="c-field__content"><p>This year, we had an outstanding summer intern program and felt compelled to share our experiences and results. Our goal is to not only celebrate our team’s ingenuity and dedication but also to inspire others in the federal government to envision the possibilities of adopting a similar approach. We also hope this message informs and inspires other students, the future cyber leaders, to join CISA or similar organizations within the federal government.</p><p>The Vulnerability Management subdivision focuses on proactive vulnerability discovery and mitigation, technical and cybersecurity maturity-based assessments, and operational technology (OT) and software security. This unique and broad mission to bolster America’s cybersecurity posture presents challenges that need diverse insights and often additional human resources. </p><p>To tackle these challenges, we lean into support from collaborations and partnerships with industry, Federally Funded Research and Development Center (FFRDC), and academia. In addition, we prioritize connecting with highly creative problem-solving people as early in their career paths as possible to include our intern selections. </p><p>In January, our journey to identify prospective interns began at the Scholarship for Service (SFS) annual conference hosted by Office of Personnel Management (OPM ) in DC. Our team of experts set high expectations to spot diverse and motivated top-talent! As summer began, 17 exceptional interns from the SFS Program, Pathways, and the CISA Neurodiverse Federal Workforce (NFW) Initiative joined our team.</p><p>We assigned these interns to tackle real, challenging problems across the spectrum of our mission space. These projects included ransomware, vulnerability disclosure, open-source intelligence research, security researcher engagement, penetration testing automation, knowledge management, operations, and vulnerability analysis and discovery.</p><p>We are thankful to the following interns for their contributions to our mission: </p><ul><li>Elisabeth S., a Cadet at The Citadel, Military College of South Carolina, developed ransomware vulnerability guidance for K-12 stakeholders, enhancing awareness of critical vulnerabilities and reducing the time to mitigate vulnerabilities prior to ransomware encryption. </li><li>Karen E., from Old Dominion University, developed a strategy that reduced the time to process vulnerability disclosure information by 30%, with research that analyzed 7,100 vulnerabilities, and 2,546 published advisories.</li><li>Aston P., from Michigan Technological University, developed automations for the Risk and Vulnerability Assessment Reporting Engine reducing the need for manual reporting activities and saving a significant amount of time on assessments.</li><li>Fanta D., from University of Massachusetts, analyzed assessment surveys evaluate how often the customers implemented CISA’s risk reduction recommendations.</li><li>Gregory W., from Old Dominion University, designed a Search Center that allows employees to search the VM Information Hub and related sites, which increases efficiency across the subdivision when looking for workforce and mission-related information.</li><li>Sophia H., from Kansas State University, performed market research, capability, and legal analysis to enhance VM operations through the integration of open-source information and tools. </li><li>Laura S., from Fordham University, developed an automated tool using Python to parse scanning data, directly update vulnerability findings and optimizing assessment completion times.</li><li>Lucas S., from Oregon State University, developed automated scripts to monitor the data quality and completeness trends for CVEs. Through his analysis of security.txt file adoption, he identified thousands of sites and leveraged this critical technology, to uncover security.txt information used to analyze cybersecurity maturity.</li><li>Nia P., from Rochester Institute of Technology and Anthony Bartuch, from Marymount University teamed up and enhanced the Micro Evaluation Security Assessment (MESA) tool. This is a new tool being developed that enables assessment execution scaling. These efforts enhanced the tool's usability and automation, improving our success criteria for regional transition. </li><li>Elijah G., from Old Dominion University, used Packer, Ansible, and Terraform to automate the creation of virtual machines. His development efforts reduced the time required to patch the old infrastructure and automate the creation of new, and fully secured infrastructure used to support technical assessments.</li><li>Hannah B., from Old Dominion University, enhanced vulnerability open-source information gathering and security researcher partnership efforts. Her analysis enabled VM to implement an operationally dynamic communication method with valuable security researchers.</li><li>Anamaria Alvarez C., from Polytechnic University of Puerto Rico, created training materials on various platforms for vulnerability hunting. She also developed Python scripts to search scan data files and enhance vulnerability prevalence analysis.</li><li>Paul B. focused on developing user experience testing to enhance VM’s Information Hub usability. He also supported VM’s annual records inventory data exercise.</li><li>Robert B., from the New Jersey Institute of Technology designed a tool to monitor changes in externally facing web applications for federal agencies. This tool helped the Federal Attack Surface Testing (FAST) service prioritize operational testing.</li><li>George B., from Louisiana State University automated the RustPacker and PythonLoader family of phishing payloads. His tools significantly simplified the assessment teams' work, saving hours of manual effort for each assessment.</li><li>Makiyah D., from the Georgia Institute of Technology played a key role in the VM Assessment Modernization Team. She contributed to developing a proof of concept that aimed to modernize High Value Asset (HVA) and Risk & Vulnerability Assessments (RVA).</li></ul><p>As it did for us, these achievements serve as a reminder of the significant impact a single individual can make. However, when integrated into a team, “together everyone achieves more.” If you’re a student, intern, or new graduate, you have valuable skills and talents that our nation needs! </p><p>CISA’s overall involvement in connecting with students and recent graduates has us participating in over 25 different programs, including six dedicated solely to internships. In fiscal year 2024, more than 78 interns from diverse backgrounds and institutions, including the United States Military Academy, U.S. Coast Guard Academy, and Stanford University, served across the agency. We’ve noticed a rising interest in policy-focused students, with strong participation from law schools seeking vital cybersecurity experience to prepare future cyber policymakers. CISA also recently formed an agreement with Harvard University that allows their students to participate in a summer internship rotation in 2025. This growing interest signals a positive trend and indicates that CISA will continue to lead and benefit from the development of future cyber leaders in government!</p><p>For more information about how to participate in CISA’s internship program, please visit this site: <a href="https://www.cisa.gov/students-recent-graduates-employment-opportunities">https://www.cisa.gov/students-recent-graduates-employment-opportunities</a></p></div></div> </div> </div> </div> </div> <div class="l-full__footer"> <div class="c-view c-view--detail-page-related-content c-view--display-block_1 view js-view-dom-id-a9f0ff845485303f0a9d4423307eda4f75e12e1de1d5908787f3ef3b6e75d8ef c-collection c-collection--blue c-collection--two-column"> <div class="l-constrain"> <div class="c-collection__row"> <div class="c-collection__content"> <h2 class="c-collection__title"><span class="c-collection__title-wrap">Related Articles</span></h2> </div> <div class="c-collection__cards"> <article class="is-promoted c-teaser c-teaser--horizontal" role="article"> <div class="c-teaser__row"> <div class="c-teaser__content"> <div class="c-teaser__eyebrow"> <div class="c-teaser__date"><time datetime="2024-11-19T12:00:00Z">Nov 19, 2024</time> </div> <div class="c-teaser__meta">Blog</div> </div> <h3 class="c-teaser__title"> <a href="/news-events/news/usda-stops-credential-phishing-fido-authentication" target="_self"> <span>USDA Stops Credential Phishing with FIDO Authentication</span> </a> </h3> </div> </div> </article> <article class="is-promoted c-teaser c-teaser--horizontal" role="article"> <div class="c-teaser__row"> <div class="c-teaser__content"> <div class="c-teaser__eyebrow"> <div class="c-teaser__date"><time datetime="2024-10-02T12:00:00Z">Oct 02, 2024</time> </div> <div class="c-teaser__meta">Blog</div> </div> <h3 class="c-teaser__title"> <a href="/news-events/news/region-8-invites-you-secure-our-world-0" target="_self"> <span>Region 8 Invites You to Secure Our World</span> </a> </h3> </div> </div> </article> <article class="is-promoted c-teaser c-teaser--horizontal" role="article"> <div class="c-teaser__row"> <div class="c-teaser__content"> <div class="c-teaser__eyebrow"> <div class="c-teaser__date"><time datetime="2024-08-21T12:00:00Z">Aug 21, 2024</time> </div> <div class="c-teaser__meta">Blog</div> </div> <h3 class="c-teaser__title"> <a href="/news-events/news/shaping-legacy-partnership-between-government-and-private-sector-globally-jcdc" target="_self"> <span>Shaping the legacy of partnership between government and private sector globally: JCDC </span> </a> </h3> </div> </div> </article> <article class="is-promoted c-teaser c-teaser--horizontal" role="article"> <div class="c-teaser__row"> <div class="c-teaser__content"> <div class="c-teaser__eyebrow"> <div class="c-teaser__date"><time datetime="2024-07-30T12:00:00Z">Jul 30, 2024</time> </div> <div class="c-teaser__meta">Blog</div> </div> <h3 class="c-teaser__title"> <a href="/news-events/news/safecom-releases-new-resource-cloud-adoption" target="_self"> <span>SAFECOM Releases New Resource for Cloud Adoption</span> </a> </h3> </div> </div> </article> </div> </div> </div> </div> </div> </div> </div> </main> <footer class="usa-footer usa-footer--slim" role="contentinfo"> <div class="usa-footer__return-to-top"> <div class="l-constrain"> <a href="#">Return to top</a> </div> </div> <div class="usa-footer__upper"> <div class="l-constrain"> <ul class="c-menu c-menu--footer-main"> <li class="c-menu__item"> <a href="/topics" class="c-menu__link js-top-level" aria-current="false" data-drupal-link-system-path="node/7329">Topics</a> </li> <li class="c-menu__item"> <a href="/spotlight" class="c-menu__link js-top-level" aria-current="false" data-drupal-link-system-path="node/7330">Spotlight</a> </li> <li class="c-menu__item"> <a href="/resources-tools" class="c-menu__link js-top-level" aria-current="false" data-drupal-link-system-path="node/7331">Resources & Tools</a> </li> <li class="c-menu__item is-active-trail"> <a href="/news-events" class="c-menu__link js-top-level is-active-trail" aria-current="false" data-drupal-link-system-path="node/7332">News & Events</a> </li> <li class="c-menu__item"> <a href="/careers" class="c-menu__link js-top-level" aria-current="false" data-drupal-link-system-path="node/7323">Careers</a> </li> <li class="c-menu__item"> <a href="/about" class="c-menu__link js-top-level" aria-current="false" data-drupal-link-system-path="node/6944">About</a> </li> </ul> </div> </div> <div class="usa-footer__main"> <div class="l-constrain"> <div class="usa-footer__main-row"> <div class="usa-footer__brand"> <a class="c-site-name c-site-name--footer" href="/" rel="home" title="Go to the Cybersecurity & Infrastructure Security Agency homepage"> <span class="c-site-name__text">Cybersecurity & Infrastructure Security Agency</span> </a> </div> <div class="usa-footer__contact"> <ul class="c-menu c-menu--social"> <li class="c-menu__item"> <a href="https://www.facebook.com/CISA" class="c-menu__link--facebook c-menu__link js-top-level" aria-current="false">Facebook</a> </li> <li class="c-menu__item"> <a href="https://twitter.com/CISAgov" class="c-menu__link--twitter c-menu__link js-top-level" aria-current="false">Twitter</a> </li> <li class="c-menu__item"> <a href="https://www.linkedin.com/company/cybersecurity-and-infrastructure-security-agency" class="c-menu__link--linkedin c-menu__link js-top-level" aria-current="false">LinkedIn</a> </li> <li class="c-menu__item"> <a href="https://www.youtube.com/@cisagov" class="c-menu__link--youtube c-menu__link js-top-level" aria-current="false">YouTube</a> </li> <li class="c-menu__item"> <a href="https://www.instagram.com/cisagov" class="c-menu__link--instagram c-menu__link js-top-level" aria-current="false">Instagram</a> </li> <li class="c-menu__item"> <a href="/subscribe-updates-cisa" class="c-menu__link--rss c-menu__link js-top-level" aria-current="false">RSS</a> </li> </ul> <div class="usa-footer__contact-info"> <span>CISA Central</span> <a href="tel:1-844-Say-CISA">1-844-Say-CISA</a> <a href="mailto:SayCISA@cisa.dhs.gov">SayCISA@cisa.dhs.gov</a> </div> </div> </div> </div> </div> <div class="usa-footer__lower"> <div class="l-constrain"> <div class="usa-footer__lower-row"> <div class="usa-footer__lower-left"> <div class="c-dhs-logo"> <div class="c-dhs-logo__seal">DHS Seal</div> <div class="c-dhs-logo__content"> <div class="c-dhs-logo__url">CISA.gov</div> <div class="c-dhs-logo__text">An official website of the U.S. Department of Homeland Security</div> </div> </div> <ul class="c-menu c-menu--footer"> <li class="c-menu__item"> <a href="/about" class="c-menu__link js-top-level" title="About CISA" aria-current="false" data-drupal-link-system-path="node/6944">About CISA</a> </li> <li class="c-menu__item"> <a href="https://www.dhs.gov/performance-financial-reports" class="c-menu__link js-top-level" title="Budget and Performance" aria-current="false">Budget and Performance</a> </li> <li class="c-menu__item"> <a href="https://www.dhs.gov" title="Department of Homeland Security" class="c-menu__link js-top-level" aria-current="false">DHS.gov</a> </li> <li class="c-menu__item"> <a href="/oedia" title="Equal Opportunity & Accessibility" class="c-menu__link js-top-level" aria-current="false" data-drupal-link-system-path="node/21462">Equal Opportunity & Accessibility</a> </li> <li class="c-menu__item"> <a href="https://www.dhs.gov/foia" class="c-menu__link js-top-level" title="FOIA Requests" aria-current="false">FOIA Requests</a> </li> <li class="c-menu__item"> <a href="/no-fear-act" title="No FEAR Act Reporting" class="c-menu__link js-top-level" aria-current="false" data-drupal-link-system-path="node/21494">No FEAR Act</a> </li> <li class="c-menu__item"> <a href="https://www.oig.dhs.gov/" class="c-menu__link js-top-level" title="Office of Inspector General" aria-current="false">Office of Inspector General</a> </li> <li class="c-menu__item"> <a href="/privacy-policy" class="c-menu__link js-top-level" title="Privacy Policy" aria-current="false" data-drupal-link-system-path="node/16115">Privacy Policy</a> </li> <li class="c-menu__item"> <a href="https://public.govdelivery.com/accounts/USDHSCISA/subscriber/new?topic_id=USDHSCISA_138" title="Subscribe to Email Updates" class="c-menu__link js-top-level" aria-current="false">Subscribe</a> </li> <li class="c-menu__item"> <a href="https://www.whitehouse.gov/" class="c-menu__link js-top-level" title="The White House" aria-current="false">The White House</a> </li> <li class="c-menu__item"> <a href="https://www.usa.gov/" class="c-menu__link js-top-level" title="USA.gov" aria-current="false">USA.gov</a> </li> <li class="c-menu__item"> <a href="/forms/feedback" title="Website Feedback" class="c-menu__link js-top-level" aria-current="false" data-drupal-link-system-path="forms/feedback">Website Feedback</a> </li> </ul> </div> <div class="usa-footer__lower-right"> <iframe src="https://www.dhs.gov/ntas/" name="National Terrorism Advisory System" title="National Terrorism Advisory System" width="170" height="180" scrolling="no" frameborder="0" seamless border="0" ></iframe> </div> </div> </div> </div> </footer> </div> </div> <script src="/profiles/cisad8_gov/themes/custom/gesso/dist/js/common.js?sn7rxr"></script> <script src="/profiles/cisad8_gov/themes/custom/gesso/dist/js/uswds-init.es6.js?sn7rxr"></script> <script src="/profiles/cisad8_gov/themes/custom/gesso/dist/js/uswds.es6.js?sn7rxr"></script> <script src="https://dap.digitalgov.gov/Universal-Federated-Analytics-Min.js?agency=DHS&subagency=CISA&yt=true" id="_fed_an_ua_tag"></script> <script src="/modules/contrib/extlink/js/extlink.js?v=10.3.6"></script> <script src="/modules/contrib/ckeditor_accordion/js/accordion.frontend.min.js?sn7rxr"></script> <script src="/profiles/cisad8_gov/themes/custom/gesso/dist/js/teaser.es6.js?sn7rxr"></script> </body> </html>

CINXE.COM

CISA’s Vulnerability Management goes “Big” on Interns and the Results are Staggering! | CISA