Power point #19
Description
- Introduction
Industrial training is a key part of the Bachelor of Engineering program at the University of Buea, College of
Technology. It serves as a bridge between academic learning and real-world professional practice. While
university courses provide the theoretical knowledge and technical skills needed in engineering, the workplace
introduces challenges, responsibilities, and practical skills that cannot be fully taught in a classroom.
As part of my program requirements, I undertook a two-month internship at Securex Global Services LTD, a
cybersecurity company specializing in threat intelligence, security consulting, and cyber defense services. I
was assigned to the Cyber Threat Intelligence (CTI) department, which aligned well with my background in
software engineering and my growing interest in cybersecurity.
The internship ran from August 6th to October 6th, 2025. During this period, I worked closely with experienced
cybersecurity professionals and was exposed to how organizations monitor, analyze, and respond to cyber
threats. My training was structured to build gradually, starting with foundational concepts of threat intelligence
and progressing to more advanced tasks such as analyzing threat actors, assessing vulnerabilities, and
producing intelligence reports.
This report documents the activities, experiences, challenges, and lessons I gained throughout the internship.
It highlights not only the work I performed but also the skills I developed, including technical, analytical, and
professional competencies. The experience gave me practical insight into the cybersecurity profession and
helped me understand how to apply classroom knowledge to solve real-world problems.
Through this internship, I learned that effective threat intelligence requires a combination of technical skills,
analytical thinking, attention to detail, clear communication, and understanding of the business context. The
SecureX Global Services LTD | Karata, Limbe, P.O. Box 524, Cameroon | Contact: +237 678 34 12 61 | Email: info@securexglobal.net
10
opportunity to work in a professional, high-pressure environment allowed me to grow both academically and
personally, preparing me for future work in cybersecurity and related fields.
SecureX Global Services LTD | Karata, Limbe, P.O. Box 524, Cameroon | Contact: +237 678 34 12 61 | Email: info@securexglobal.net
11 - Overview of Securex Global Services LTD
4.1 Company Background
Securex Global Services LTD is a Cameroon based cybersecurity and information technology services
company established to address the growing security challenges faced by organizations in Central Africa. The
company operates from its offices in Karata Limber and serves clients across various sectors including finance,
telecommunications, government, and education.
4.2 Services and Operations
The company's core services include:
Cyber Threat Intelligence: Monitoring and analyzing cyber threats relevant to client environments,
producing actionable intelligence reports, and providing early warning of emerging attack campaigns.
Security Consulting: Assessing organizational security posture, identifying vulnerabilities, and
recommending improvements aligned with international standards and best practices.
Incident Response: Supporting organizations during and after security incidents, conducting
investigations, and helping restore normal operations.
Security Awareness Training: Educating employees about cyber risks and safe computing practices,
which remains one of the most effective defenses against social engineering attacks.
Risk Assessment and Management: Helping organizations understand their security risks and
develop appropriate mitigation strategies.
4.3 Organizational Structure
The CTI department where I worked is part of the Security Operations division. The team is relatively small
but highly skilled, with members bringing backgrounds in computer science, information security, and
intelligence analysis. This compact structure meant I had the opportunity to work closely with senior staff and
observe decision making processes that might have been invisible in a larger organization.
SecureX Global Services LTD | Karata, Limbe, P.O. Box 524, Cameroon | Contact: +237 678 34 12 61 | Email: info@securexglobal.net
12
4.4 Work Culture
From my first day, I noticed that Securex maintains a professional yet supportive work environment. The dress
code is business casual, punctuality is expected, and there's a strong emphasis on clear communication.
However, the culture also encourages questions and learning. I never felt dismissed when I needed clarification,
and team members regularly shared knowledge during informal discussions.
The organization uses a combination of proprietary processes and industry standard frameworks. While I
cannot disclose specific operational details due to confidentiality agreements, I can say that the company's
approach to threat intelligence follows recognized methodologies and emphasizes quality over quantity.
SecureX Global Services LTD | Karata, Limbe, P.O. Box 524, Cameroon | Contact: +237 678 34 12 61 | Email: info@securexglobal.net
13 - Objectives of the Internship
The internship was designed with both broad and specific objectives:
5.1 Primary Objectives
Understanding Cyber Threat Intelligence Fundamentals: Develop a solid grasp of what CTI
actually is, why it matters, and how it differs from other security functions. This included understanding
the distinction between data, information, and intelligence.
Learning the CTI Lifecycle: Gain practical knowledge of how intelligence operations work from
beginning to end, from identifying intelligence requirements through collection, processing, analysis,
and dissemination.
Developing Analytical Skills: Learn to think critically about threat data, identify patterns, assess
credibility, and draw meaningful conclusions that can inform security decisions.
Mastering Documentation Standards: Learn to write clear, structured intelligence reports that
communicate findings effectively to different audiences.
Professional Development: Develop workplace professionalism, time management, teamwork, and
communication skills essential for career success
5.2 Personal Learning Goals
Beyond the formal objectives, I set personal goals for the internship:
Understand how cybersecurity professionals think about problems
Learn what daily work in cybersecurity looks like
Build professional relationships that could support my career development
Identify areas where I need additional study or skill development
Gain confidence in my ability to contribute meaningfully to security operations
SecureX Global Services LTD | Karata, Limbe, P.O. Box 524, Cameroon | Contact: +237 678 34 12 61 | Email: info@securexglobal.net
14
Looking back, I achieved most of these objectives, though some revealed gaps in my knowledge that I have
since worked to address.
SecureX Global Services LTD | Karata, Limbe, P.O. Box 524, Cameroon | Contact: +237 678 34 12 61 | Email: info@securexglobal.net
15 - Scope of Work and Activities
6.1 Introduction to Cyber Threat Intelligence
The first week involved intensive learning about what CTI means. I learned that threat intelligence is not simply
collecting information about attacks. It's about understanding who is conducting attacks, why they're doing it,
what methods they use, and what that means for specific organizations.
We discussed the difference between strategic, operational, and tactical intelligence. Strategic intelligence
helps executives understand long term threats and make policy decisions. Operational intelligence helps
security teams understand active campaigns and adversary behaviors. Tactical intelligence provides specific
indicators that technical teams can use for detection and blocking.
I also learned about the intelligence cycle: planning and direction, collection, processing, analysis,
dissemination, and feedback. This framework, borrowed from traditional intelligence agencies, provides
structure to what could otherwise become an overwhelming flow of information.
6.2 Threat Data Collection
Much of my early work involved collecting raw information that could be processed into intelligence. This
primarily meant working with open source intelligence (OSINT), which is publicly available information that,
when properly analyzed, can reveal significant insights about threats.
SecureX Global Services LTD | Karata, Limbe, P.O. Box 524, Cameroon | Contact: +237 678 34 12 61 | Email: info@securexglobal.net
16
My daily routine included:
Monitoring Security News Sources: I regularly checked websites like Bleeping Computer, The
Hacker News, Krebs on Security, and threat intelligence vendor blogs. These sources report on new
vulnerabilities, active attack campaigns, and security trends.
Reviewing Vendor Advisories: Companies like Microsoft, Cisco, Adobe, and others publish security
advisories when they discover vulnerabilities in their products. I learned to read these advisories,
understand the severity ratings, and assess which ones were most relevant to our typical client
environments.
Following Security Researchers: Many cybersecurity researchers share their findings on Twitter
(now X), personal blogs, and platforms like GitHub. I learned to identify credible researchers and
follow their work, which often provides early warning of emerging threats.
Tracking Threat Actor Groups: Various organizations track known threat actor groups and their
activities. I learned about groups like APT29, FIN7, and others, studying their typical targets, attack
methods, and indicators of compromise.
The challenge in this phase was not finding information. The internet is full of security content. Rather,
it was determining what was relevant, credible, and actionable. I learned to ask questions like: Is this
source reliable? Is this threat relevant to our clients? Is this information current? Is this actually new or
just a repackaging of old information?
6.3 Threat Analysis and Interpretation
As I became more comfortable with data collection, I was given opportunities to analyze what I was finding.
This proved more difficult than I expected.
Analysis involved several steps:
SecureX Global Services LTD | Karata, Limbe, P.O. Box 524, Cameroon | Contact: +237 678 34 12 61 | Email: info@securexglobal.net
17
a) Verification: First, I had to verify that reported information was accurate. Sometimes early reports of
attacks or vulnerabilities contain errors or are based on speculation. I learned to look for corroboration from
multiple sources and to be skeptical of single source reports, especially those that seemed sensational.
b) Contextualization: Raw information means little without context. If a new ransomware variant is
discovered, what does that mean? Is it targeting specific industries? Does it use new techniques? How does
it compare to existing ransomware threats? I learned to place new information into a broader context of
what we already knew.
c) Relevance Assessment: Not every threat is relevant to every organization. A vulnerability in industrial
control systems matters greatly to manufacturing clients but may be irrelevant to financial services firms.
I learned to think about threats from the perspective of different client types.
d) Pattern Recognition: Over time, I began recognizing patterns. Certain types of attacks increase at certain
times of year. Particular threat actors show consistent behaviours. Vulnerability exploitation often follows
predictable patterns. These patterns help predict future activity and prioritize defences.
e) One particular assignment involved analysing a series of phishing campaigns targeting African
organizations. I collected examples of phishing emails, analysed the social engineering techniques used,
identified the infrastructure hosting malicious content, and documented the entire attack chain. This
comprehensive analysis helped me understand how threat actors think and operate.
6.4 Documentation and Intelligence Reporting
The most important skill I developed was writing clear intelligence reports. In cybersecurity, you can conduct
brilliant analysis, but if you cannot communicate your findings effectively, the analysis has limited value. I
learned that good intelligence reports have several characteristics:
a. Clear Structure: Reports should follow a logical structure that guides the reader through the information.
We typically used an executive summary for quick understanding, followed by detailed findings, and ending
with recommendations.
SecureX Global Services LTD | Karata, Limbe, P.O. Box 524, Cameroon | Contact: +237 678 34 12 61 | Email: info@securexglobal.net
18
b. Audience Awareness: Technical staff need different information than executives. Technical reports
include indicators of compromise, attack techniques, and detection methods. Executive reports focus on
business impact, risk levels, and recommended actions.
c. Conciseness: Security professionals are busy. Reports should be as brief as possible while still conveying
necessary information. I learned to eliminate unnecessary words and focus on essential points.
d. Accuracy: Intelligence reports inform important decisions. Errors can lead to wasted resources or missed
threats. I learned to double check facts, cite sources, and clearly distinguish between confirmed information
and assessment.
e. Timeliness: Intelligence loses value over time. A report about a vulnerability is most valuable before
attackers begin exploiting it widely. I learned that a good report delivered quickly is often more valuable than
a perfect report delivered late.
b) Threat Intelligence Documents
During my internship, I prepared different types of cybersecurity documents:
Daily Threat Summaries: Short reports about important cybersecurity events each day. Reported phishing
emails targeting banks like Afriland First Bank and Société Générale Cameroon, and new types of
malwares spreading in local corporate networks.
Detailed Threat Analysis Reports: In-depth reports about specific attacks or threat actors. Studied a
phishing campaign aimed at government offices in Yaoundé, such as the Ministry of Finance, explaining
how it worked and what risks it posed.
Vulnerability Assessments: Checked newly disclosed security flaws and their risks.
Assessed general web application vulnerabilities such as injection flaws or authentication weaknesses that
could affect critical services and described how such issues should be fixed and mitigated within telecom
or corporate networks.
Weekly Intelligence Briefings: Summarized trends and patterns observed in cybersecurity threats.
Identified a rise in ransomware attacks targeting businesses and institutions in Cameroon, highlighting
SecureX Global Services LTD | Karata, Limbe, P.O. Box 524, Cameroon | Contact: +237 678 34 12 61 | Email: info@securexglobal.net
19
common attack techniques such as phishing emails, malicious links, and unpatched software
vulnerabilities.
6.5 Intelligence Dissemination and Stakeholder Communication
The final stage of the intelligence cycle is dissemination, getting intelligence to the organisations who need
it, in formats they can use, at the time they need it. I learned that different stakeholders need different types
of intelligence:
Executive Leadership: Needs strategic intelligence about emerging threats, industry trends, and risk
landscape changes. Reports should be concise, business focused, and include clear recommendations.
Security Operations Teams: Need tactical intelligence including indicators of compromise (IP addresses,
domains, file hashes), attack techniques, and detection rules they can implement immediately.
IT Operations: Need information about vulnerabilities affecting their systems, patch requirements, and
configuration changes to reduce risk.
Risk Management: Needs intelligence about threat trends, attacker capabilities, and likelihood of different
attack types to inform risk assessments.
I also learned about the ethical considerations in intelligence sharing. While collaboration and information
sharing strengthen collective defense, intelligence organizations must protect client confidentiality, respect
privacy, and be careful about potentially sensitive information. We discussed scenarios where sharing
certain intelligence might inadvertently cause harm and how to navigate these situations responsibly.
6.6 Practical Exercises and Case Studies
Throughout the internship, I worked on several practical exercises that simulated real intelligence
requirements:
SecureX Global Services LTD | Karata, Limbe, P.O. Box 524, Cameroon | Contact: +237 678 34 12 61 | Email: info@securexglobal.net
20
Ransomware Landscape Analysis: I was tasked with researching the current ransomware threat
landscape, identifying the most active groups, their typical targets and demands, and trends in ransomware
attacks. This required synthesizing information from dozens of sources into a coherent analysis.
Vulnerability Impact Assessment: When a critical vulnerability was disclosed in widely used software,
I assessed which of our clients were likely affected, the severity of the risk, and recommended response
actions. This exercise taught me to think quickly and prioritize under time pressure.
Threat Actor Profile: I developed a detailed profile of a specific threat actor group, documenting their
history, capabilities, targeting patterns, and indicators of compromise. This deep dive exercise helped me
understand how threat intelligence professionals track adversaries over time.
Industry Threat Brief: I prepared a brief on cybersecurity threats specifically affecting the financial
services sector in Africa, which required understanding both cybersecurity and business context.
These exercises were challenging but extremely valuable. They pushed me to apply what I was learning,
think critically, and produce work that could actually be used operationally.
SecureX Global Services LTD | Karata, Limbe, P.O. Box 524, Cameroon | Contact: +237 678 34 12 61 | Email: info@securexglobal.net
21 - Methodology and Approach
The internship followed a structured approach designed to build knowledge and skills step by step. I progressed
from foundational learning to guided practice, semi-independent work, and finally integration of all skills
through larger projects.
7.1 Learning Framework
a) Week 1 to 2: Foundation Building
These weeks focused on building a strong foundation. I read extensively about threat intelligence concepts,
studied the intelligence cycle, and learned about different types of cyber threats. My supervisor assigned
readings, and we held daily discussions to clarify key concepts.
b) Week 3 to 4: Guided Practice
I began hands-on work under close supervision. I collected threat data and shared my findings with my
supervisor, who guided me on evaluating sources, assessing relevance, and organizing information. I also
started writing simple threat summaries, which were reviewed and critiqued.
c) Week 5 to 6: Semi-Independent Work
I took on more responsibility and began analyzing threats and preparing reports with less direct supervision.
My supervisor still reviewed my work but expected me to make independent judgments. I also participated
more in team discussions and started contributing my own ideas.
d) Week 7 to 8: Integration and Synthesis
The final weeks involved applying all the skills I had developed. I worked on larger projects that required
integrating monitoring, analysis, and reporting. I also assisted in training a new intern who joined in week 7,
which reinforced my own learning and understanding.
7.2 Learning Methods
Hands-On Practice: Most learning came from doing real threat intelligence work under supervision. This
was far more effective than just reading.
SecureX Global Services LTD | Karata, Limbe, P.O. Box 524, Cameroon | Contact: +237 678 34 12 61 | Email: info@securexglobal.net
22
Mentoring and Feedback: Regular sessions with my supervisor helped me improve, identify mistakes,
and refine my methods.
Collaborative Learning: Working alongside experienced professionals allowed me to observe decision-
making, ask questions, and learn from their expertise.
Self-Directed Research: I explored topics independently, improving my research skills and curiosity.
Reflective Practice: At the end of each week, I wrote notes about what I learned, questions I had, and
areas needing more focus. This helped consolidate my knowledge.
7.3 Tools and Techniques
To carry out my tasks, I used a combination of technical tools and structured methods:
AlienVault USM (SIEM): For centralized logging, correlating security events, and analyzing Open Threat
Exchange (OTX) pulses.
Python: I wrote scripts using libraries like Pandas and Regular Expressions to clean and filter firewall log
exports.
The Intelligence Cycle: Planning, Collection, Analysis, and Feedback formed a constant loop in all
intelligence activities.
SecureX Global Services LTD | Karata, Limbe, P.O. Box 524, Cameroon | Contact: +237 678 34 12 61 | Email: info@securexglobal.net
23 - Weekly Summary of Activities
a) Weeks 1 to 3: Orientation and Log Fundamentals
The first three weeks focused on getting settled, learning the basics of threat intelligence, and understanding
the network architecture. I completed HR onboarding, reviewed company policies, set up my workspace, and
met my supervisor and team. I learned about the CTI department’s role and discussed internship goals and
success criteria.
I began reading resources from NIST and the SANS Institute to understand the difference between threat data,
threat information, and threat intelligence. I also learned how different audiences influence reporting. CEOs
focus on strategic risks, while security analysts need technical details.
Practically, I spent time observing how Firewall logs are generated and stored, learning the anatomy of log
entries including source and destination IPs, ports, protocols, and action codes. I also started monitoring open-
source intelligence sources like cybersecurity news sites, vendor blogs, vulnerability databases, threat-sharing
platforms, and social media accounts of security researchers. Initially, filtering important information was
challenging, but guidance from my supervisor helped me focus on threats that were active, relevant, and
credible.
By the third week, I was preparing daily briefings summarizing the most significant developments, learning to
balance detail with clarity. I also started studying vulnerabilities, CVE identifiers, CVSS scores, and threat
actor groups, and I gained an initial understanding of how to assess business impact versus technical severity.
b) Weeks 4 to 5: SIEM Integration and Python Automation
Weeks four and five marked the start of more practical work. I was introduced to AlienVault USM, learning
to search for specific events and correlate them with known malicious IPs. To improve efficiency, I wrote
SecureX Global Services LTD | Karata, Limbe, P.O. Box 524, Cameroon | Contact: +237 678 34 12 61 | Email: info@securexglobal.net
24
Python scripts that flagged high-risk IP addresses, such as those from suspicious regions or Tor exit nodes,
reducing manual filtering time by nearly 60 percent.
I worked on a research project analyzing a ransomware strain. I examined how it operated, who it targeted,
indicators of compromise, and assessed risks for clients. I also investigated a phishing campaign affecting
organizations in Africa. By collecting emails, examining headers, links, and attachments, and comparing global
reports, I determined it was a coordinated Business Email Compromise campaign. I documented findings in
detailed reports for managers, including guidance on identifying and mitigating risks. During this period, I
joined my first client call, observing how intelligence is communicated and how client needs influence
reporting priorities.
c) Weeks 6 to 7: Threat Hunting and Sector Profiling
Week six focused on understanding how threat intelligence supports other security functions, including
incident response, vulnerability management, security operations, and risk management. I observed the
incident response team using intelligence to answer questions such as what kind of attack is occurring, who
might be behind it, what could they do next, and which systems are at risk. I also learned about threat modeling
and its use in identifying realistic organizational risks.
This week, I worked on a weekly intelligence report summarizing emerging threats and trends. My supervisor
suggested I improve on linking technical findings to business impact, which highlighted the importance of
translating technical intelligence into actionable insights for decision-makers.
In week seven, I helped orient a new intern, which reinforced my own understanding. I also started a major
project: developing a threat profile for the telecommunications sector. This involved researching sector-
specific threats, understanding unique vulnerabilities, analyzing recent attacks, studying case studies, and
consulting colleagues with telecom expertise. I used AlienVault and Python for analysis, including detecting
coordinated attacks and documenting findings with frameworks like the Cyber Kill Chain.
SecureX Global Services LTD | Karata, Limbe, P.O. Box 524, Cameroon | Contact: +237 678 34 12 61 | Email: info@securexglobal.net
25
The final telecom threat profile identified key threats, explained why they are particularly dangerous for the
sector, included real-world examples, and recommended mitigation strategies. This project demonstrated that
effective threat intelligence requires both technical knowledge and an understanding of business operations
and industry context.
d) Week 8: Final Reporting and Handover
The last week focused on consolidating all my work. I completed and presented the telecommunications threat
profile to the team. Presenting was challenging, but feedback and questions helped me refine my analysis. I
also created a guide documenting the processes and procedures I had learned, providing a reference for future
interns.
My supervisor and I held a final evaluation meeting, discussing areas of growth and further development. The
feedback was positive and validating after two months of effort. I spent the final days handing over ongoing
tasks, saying goodbye to colleagues, and reflecting on my internship experience.
This internship gave me practical exposure to threat intelligence operations, allowed me to apply software
engineering skills in cybersecurity, and helped me develop both technical and professional competencies. I left
with a strong appreciation for the team’s expertise and guidance and a clearer sense of my career interest
SecureX Global Services LTD | Karata, Limbe, P.O. Box 524, Cameroon | Contact: +237 678 34 12 61 | Email: info@securexglobal.net
26 - Skills and Knowledge Acquired
The internship developed both technical and professional skills:
9.1 Technical Skills
a. Threat Intelligence Fundamentals: I gained solid understanding of CTI concepts, the intelligence
cycle, types of intelligence, and how intelligence supports security operations.
b. Analytical Thinking: I learned to analyze threat information critically, assess credibility, identify
patterns, and draw meaningful conclusions. This analytical approach extends beyond cybersecurity to
problem solving in general.
c. Research Skills: The internship developed strong research capabilities: finding information efficiently,
evaluating sources, synthesizing information from multiple sources, and filling knowledge gaps
independently.
d. Technical Writing: My documentation and reporting skills improved dramatically. I learned to write
clearly, structure information logically, adapt content for different audiences, and eliminate unnecessary
complexity.
e. Cybersecurity Knowledge: I deepened my understanding of cyber threats, attack techniques,
vulnerabilities, and defensive strategies. While I knew cybersecurity theory from coursework, the
internship provided practical context that made this knowledge more meaningful.
9.2 Professional Skills
a. Time Management: Balancing multiple tasks (daily monitoring, ongoing projects, ad hoc assignments)
required effective time management. I learned to prioritize, work efficiently, and meet deadlines.
b. Communication: I improved both written and verbal communication skills. Intelligence work demands
clear communication, and I received regular practice and feedback.
c. Attention to Detail: Intelligence work requires careful attention to detail. Small errors can lead to
significant misunderstandings. I became more meticulous in my work.
SecureX Global Services LTD | Karata, Limbe, P.O. Box 524, Cameroon | Contact: +237 678 34 12 61 | Email: info@securexglobal.net
27
d. e. f. Professional Conduct: I learned workplace professionalism: punctuality, appropriate dress, respectful
communication, confidentiality, and taking initiative.
Adaptability: The threat landscape changes constantly, and intelligence priorities shift rapidly. I learned
to adapt to changing requirements and handle ambiguity.
Collaboration: Working as part of a team taught me about coordination, supporting colleagues, giving
and receiving feedback, and contributing to collective goals
9.3 Personal Growth
Beyond learning technical skills, the internship helped me grow personally. I became more confident in my
abilities and realized that even as a student, I could make a real contribution to professional work. I also learned
to ask questions and admit when I did not understand something, which taught me that it is okay not to know
everything. Being open to learning is important.
The internship also helped me clarify my career interests. I discovered that cybersecurity fits well with my
strengths, and I enjoy analytical work more than purely technical tasks.
SecureX Global Services LTD | Karata, Limbe, P.O. Box 524, Cameroon | Contact: +237 678 34 12 61 | Email: info@securexglobal.net
28 - Professional Conduct and Evaluation
10.1 Professional Standards
Throughout the internship, I maintained professional standards that Securex Global Services expects from all
team members:
a) Punctuality and Attendance: I arrived on time every day and maintained full attendance throughout the
eight week period. I understood that reliability is fundamental to professional credibility.
b) Professional Appearance: I adhered to the company's business casual dress code, recognizing that
appearance affects how others perceive professionalism and credibility.
c) Confidentiality: I treated all company and client information as confidential, understanding that trust is
essential in cybersecurity work. I did not discuss client information outside appropriate contexts and was
careful about information security.
d) Initiative: Rather than waiting for tasks to be assigned, I proactively sought opportunities to contribute.
When I completed assigned work, I asked what else I could help with or pursued independent learning.
e) Receptivity to Feedback: I welcomed constructive criticism and worked to implement suggestions. I
recognized that feedback accelerates learning and shows that colleagues care about my development.
f) Respect and Collaboration: I treated all colleagues with respect, regardless of their position. I contributed
positively to team dynamics and helped where I could.
10.2 Performance Evaluation
According to my field supervisor, Mr. Emmanuel Egbewatt, my performance during the internship was
evaluated as follows:
Regularity and Punctuality: Excellent. I attended consistently and arrived on time.
Professional Appearance and Conduct: Excellent. I maintained proper professional standards
throughout.
Task Comprehension and Execution: Excellent. I was able to understand assignments and complete
them effectively.
SecureX Global Services LTD | Karata, Limbe, P.O. Box 524, Cameroon | Contact: +237 678 34 12 61 | Email: info@securexglobal.net
29
Interpersonal Relationships: Excellent. I built positive relationships with colleagues and contributed
well to the team.
Overall Performance Score: 91/100
The evaluation showed that I am strong at analyzing information, writing clearly, and learning quickly. It also
pointed out that I could improve my technical skills in some areas and be more confident when speaking with
clients.This feedback was very encouraging. It confirmed that my hard work during the internship paid off and
gave me clear ideas on how to keep improving.
SecureX Global Services LTD | Karata, Limbe, P.O. Box 524, Cameroon | Contact: +237 678 34 12 61 | Email: info@securexglobal.net
30
11 Challenges Encountered and Solutions
During the internship, I faced several challenges that tested my skills and encouraged growth. The main
challenges and solutions are summarized below:
Challenge Description Solution
Data Overload /
Information
Overload
The large volume of logs and threat
intelligence sources was
overwhelming. Initially, I struggled
to identify what was important.
Developed filtering criteria with guidance from my supervisor.
Focused on high-impact threats by asking: Which systems are
affected? Are attacks active? Who is the likely target? Prioritized
quality over quantity.
Encrypted Data Some logs contained encrypted
payloads that could not be directly
analyzed.
Focused on traffic analysis using metadata such as packet timing,
frequency, and size instead of content.
Technical
Learning Curve
AlienVault SIEM is a complex tool,
and some threats required technical
knowledge I had not yet acquired.
Used AlienVault documentation, practiced in a lab environment,
and conducted self-directed learning. Consulted colleagues when
needed.
Analysis
Paralysis
It was challenging to know when
analysis was sufficient.
Learned to deliver analysis that was “good enough for the decision
at hand” and document assumptions and confidence levels clearly.
Writing for
Different
Audiences
Explaining technical threats to non-
technical stakeholders was difficult.
Learned to tailor reports to different audiences, presenting risk in
business terms for managers and detailed technical data for
analysts.
Key Takeaways:
Effective intelligence is about focusing on what matters most, not covering everything.
Analysts need broad technical awareness, but not deep expertise in every area.
Timely, actionable analysis is more valuable than perfect analysis delivered too late.
SecureX Global Services LTD | Karata, Limbe, P.O. Box 524, Cameroon | Contact: +237 678 34 12 61 | Email: info@securexglobal.net
31
12 Lessons Learned
a) Code with Purpose
During the internship, I learned that scripts in threat intelligence are not just written for functionality, but for
speed and accuracy. Well-designed scripts help detect and respond to threats quickly, allowing analysts to act
before potential attacks escalate.
b) Context is Critical
Individual log entries are merely isolated data points. It is the patterns and relationships across multiple logs
that reveal meaningful information, such as targeted attacks, reconnaissance activity, or unusual behavior.
Understanding context is essential to convert raw data into actionable intelligence.
c) The Human Element Matters
While SIEM tools and automation provide valuable assistance, the real intelligence comes from the analyst.
Recognizing patterns, connecting seemingly unrelated events, and interpreting the significance of alerts
requires human judgment and expertise.
SecureX Global Services LTD | Karata, Limbe, P.O. Box 524, Cameroon | Contact: +237 678 34 12 61 | Email: info@securexglobal.net
32
13 Conclusion
My internship at Securex Global Services LTD was a highly valuable professional experience. I successfully
combined software engineering techniques with threat intelligence operations.
Through hands-on work with AlienVault, log analysis, and Python scripting, I developed a specialized skill set
that is highly relevant to today’s cybersecurity-focused industry. This experience enhanced my technical,
analytical, and professional skills, preparing me for a career in cybersecurity and IT security management.
a. Appendix
Appendix A: Python Script for Automated Log Filtering
During the internship, I developed a Python script to automatically extract high-risk IP addresses from firewall
logs. The script identified “frequent offenders” that triggered multiple deny actions within a short period.
b. Script Overview:
Libraries: pandas for data manipulation, re for IP pattern matching
Input: Raw firewall CSV export (Source IP, Destination IP, Port, Action)
Filtering: Keep rows where Action = ‘Deny’
Aggregation: Count occurrences of each Source IP
Output: Export the top suspicious IPs for further investigation in SIEM
SecureX Global Services LTD | Karata, Limbe, P.O. Box 524, Cameroon | Contact: +237 678 34 12 61 | Email: info@securexglobal.net
33
c. Sample Python Logic Script:
import pandas as pd
Load the raw firewall log
data = pd.read_csv('firewall_logs_august.csv')
Filter for denied attempts
denied_traffic = data[data['Action'] == 'Deny']
Count occurrences of each Source IP
threat_counts = denied_traffic['Source_IP'].value_counts()
Identify IPs with more than 100 denied attempts
high_risk_ips = threat_counts[threat_counts > 100]
Export to CSV for SIEM cross-referencing
high_risk_ips.to_csv('suspicious_ips.csv')
Appendix B: Sample Log Analysis Data
The table below shows a simplified view of the firewall logs analysed during Week 6 using AlienVault and
Python scripts:
Date / Time Source IP Destination
Action SIEM Correlation / Threat Level
Port
14/09/2025 10:15 185.156.73.xx 22 (SSH) Deny Brute Force Attempt (High)
14/09/2025 10:16 185.156.73.xx 22 (SSH) Deny Coordinated Botnet
15/09/2025 14:22 45.33.12. xx 443 (HTTPS) Permit Normal Traffic
16/09/2025 09:05 91.241.19. xx 3389 (RDP) Deny Unauthorized Scan (Medium)
SecureX Global Services LTD | Karata, Limbe, P.O. Box 524, Cameroon | Contact: +237 678 34 12 61 | Email: info@securexglobal.net
Create a pier point from this