Author Archives: Chris Rodman

About Chris Rodman

Information Security and Assurance Grad Student, Class of 2016

Orrick Technology Internship Opportunities

Orrick’s Global Operation Center in Wheeling, WV has excellent opportunities for Technology Internships for students working towards their Associates or Bachelor’s degrees:

Applications Intern: Provide assistance with the technical support of firm-wide software applications including testing, documenting and trouble-shooting applications, communicating with internal customers and imaging desktops.

Applications Database Intern: Provide assistance with the technical support of firm-
wide software applications including testing, documenting and trouble-shooting applications, communicating with internal customers, imaging desktops and infrastructure support including servers and database systems.

Project Management Office Intern: Assists with the tracking and management of various IT projects. Working with other members of the PMO as well as our various IT teams, the IT PM intern will be exposed to real-world projects and issues. Furthermore, they will receive hands-on experience with enterprise class project management solutions. In addition, there will be an expectation that the PM intern will complete various on-line educational courses offered by Orrick. These courses will be provided at no cost to the intern and will be from a registered education provider for the Project Management Institute (PMI).

Service Operations Intern: Provide front line telephone support to attorneys and staff on all firm computer systems (hardware and software) and to work on special projects as needed.


  • Excellent analytical skills.
  • Proficiency with desktop operating systems and Microsoft Office.
  • Understanding of networking concepts, database concepts and basic scripting and/or
  • Ability to adapt to a changing environment and multitask assignments, and to approach problems with a sense of ownership, enthusiasm and innovation.
  • Willingness to learn and grow in a professional environment.
  • GPA of 3.2 or above

Additional Information:

Our Interns work 20-25 hours per week and are paid $10.00 per hour.Students can visit our web site at to learn more about our firm and to apply on line through our careers page.


PC Support Intern – Dollar Bank

The following internship for a PC Support Technician for Dollar Bank is now available through Colonial Trak.

The purpose of the PC Support intern position is to provide first level technical support to branch and back office users. First level technical support may include, but not be limited to, the following: cloning workstations, installing workstations in the back office and branches, racking servers, moving computer equipment, performing routine hardware and software upgrades, and first level troubleshooting. The position reports to a PC Support Officer.

Technical Qualifications:
* Completion of 1 year of college/technical school to include classes in Windows operating systems, PC repair, and networking.
* A working knowledge of Ethernet and TCP/IP.
* A strong commitment to customer service.
* Occasional availability to work after hours and weekends.
* Occasional overtime may be necessary to accomplish group goals.
Principal Activities:
* Install and configure PCs for use in the back office and branches.
* Assist with the installation of servers in the back office and branches.
* Troubleshoot, diagnose, and resolve hardware and software problems.
* Provide high level technical support for both branch and back office desktops and servers.
* Perform routine hardware and software upgrades.
Additional information and instructions to apply can be found at:

Apple App Store Suffers First Malware Infiltration

I would like to start today’s post with a question to my fellow iPhone-owning students, faculty and staff. How many apps do you have installed on your device? For comparison’s sake, I’ll limit this example to just iPhones. At the time of this post I counted 47 installed on my own device. Now that you have that number for your own device, stop and ask yourself, how many of these apps do I know were written and published using trusted code sets and verified publishers? Would I have installed these apps if I knew that they were not trusted and potentially malicious?

In order to thwart the publication of malicious apps Apple, Inc. has developed stringent policies and review processes around application development for their OS X and iOS platforms. To complement these processes, developers are required to use a specific software development package called Xcode.

Earlier this week Apple News announced that it had found that an unprecedented number of apps had made it past the review process and were published to the App Store, subsequently downloaded. To put this in perspective, “Prior to this attack, a total of just 5 malicious apps had ever been found in the App Store, according to cyber security firm Palo Alto Networks, Inc.”, says Jim Finkle from Reuters.  To be more precise, 344 apps have been discovered by Chinese security firm Qihoo360 Technology Co. to be potentially affected by this attack.

This begs the question, how could this have happened? How could an organization with such strict requirements on app development inadvertently release apps infected with malicious code? The answer to this question lies with the software that we discussed earlier. Essentially a malicious copy of Xcode was created, also known as XcodeGhost. This framework almost identically mimics Xcode, with the exception that it can be modified to contain malicious code. While this may appear to be a rather simple concept the underlying logic of XcodeGhost is far more complex, a discussion which deserves its own white paper.

The fundamental issue with XcodeGhost is that it could potentially be used by legitimate app developers without their knowledge. Therefore we can assume that legitimate applications that leverage this malicious framework could be susceptible to SQL injection, XSS, or other client-based security flaws that could result in data leakage from a mobile device. Considering the types of apps that are available for banking, location tracking and social media, the problem of data leakage poses a very large and very real problem.

With that in mind, I think back to the 47 apps I have installed on my iPhone and wonder which apps I have installed that could potentially be vulnerable. Should there be a more strict verification process for app development that evaluates even the underlying development software that is being used? While we could leverage peer review methods or even the use of trusted certificates to avoid these situations we may continue to see these types of threats at a high frequency in the very near future. What do you think? Any discussion is welcome in the comments on how an organization might be able to avoid these situations.


My New Shoes: Tips for Software Evaluation and Selection

Student Editorial

I recently have been in the market for a new pair of running shoes. To most people, purchasing a new pair of shoes comes without a second thought; I see things a little differently. A good friend once told me that if there were two items that were worth spending money on it’s mattresses and shoes, because you spend half your lifetime in one or the other. So in search for my new pair of shoes, I found myself evaluating many different aspects of footwear. The materials, quality, fit, purpose, reputation, price, even the level of support and warranty offered by the manufacturer of the shoe all came under scrutiny in my evaluation. Once my criterion was met I was able to make a conscious decision.

At this point, you’re probably wondering what my search for new footwear has to do with anything IT related. Over the past few weeks I’ve been involved in consultation engagement to select a software solution for an ongoing project at my full time job. It was during the second proof of concept testing that it dawned on me that my evaluation of this security implementation has a lot in common with my search for my next pair of kicks. Critically evaluating the same areas of concern as my running shoes, I was able to provide greater value to the project by selecting an appropriate solution. In the following sections I’ve selected the three most important factors that I found helpful in both cases.


I found that this aspect of the software evaluation process was the most important of the metrics. Like shoes, purchasing a software solution is meaningless unless it fits its intended purpose. When you think about it, you wouldn’t purchase stilettos for running a marathon… then again, maybe you would, who am I to judge. The point is to select the best piece of software for the intention of its use. There are many good resources from companies like Gartner that show software solutions for many different technology paths.


Size is one of the most important aspects of shoe and software purchasing. Of course you wouldn’t purchase a size 4 shoe for a size 11 foot. The fit alone would make the product unusable. In the same respect purchasing a larger shoe for a small foot may serve a purpose if you anticipate growth to support the purchase of a larger shoe. These same concepts apply to the selection process of software solutions. Let’s say your user base is 100 people, selecting a solution that is only scalable to 20 users will likely under perform and result in system stability issues following implementation. Adversely, selecting a program that is designed for hundreds or thousands of users may result in higher costs and wasted funds. As such this translates to our next element of evaluation, cost.


Whether for shoes, software, clothes or cars, price is likely a factor by which you make your selection. In most cases price negotiation is possible when the software implementation is of a substantial price. However when the software is lower in cost, room for negotiation is sometimes nonexistent. While cost analysis is something that could be compared between both shoe buying and software, there would likely not be any negotiation process for footwear. Ultimately cost of either item is something that will come under the most scrutiny.


Finally, I took the liberty to look into product warranty and support standards. In the case of the shoe purchases I took into account the warranty that was offered by the manufacturer. Shoe manufacturers that offer extended support for the product line often produce a premium product over their competitors. In the world of software vendors, the saving grace relies with the support of the product. When a vendor takes the time and cost to setup a superior support structure around their product, this can speak volumes of the product line and company as a whole. Having premium support and backing for a product will save lots of headaches down the road.

After assessing each point for my software evaluation, I was able to make a conscious recommendation to my customer. The end result being a product that fit appropriately to the user scope and cost less than alternate products. Additionally the support agreement was suitable for the implementation and on going support of the environment.  I also purchased my new running shoes, which after all of my assessment I ended up with great pair of shoes that were admittedly more expensive than I budgeted. I suppose that sometimes you get what you pay for.

IT Internship Opportunity – Mitsubishi Electric Power Products Inc.

Mitsubishi Electric Power Products Inc. is currently seeking qualified IT Interns to fill 2 openings at their corporate office in Warrendale, PA. This internship applies to both undergraduate and graduate students

Job Description: 

Great PAID Summer Internship Opportunity with a Corporate IT Department.
Seeking students enrolled in their Management Information Systems Management, IT or Computer Science Bachelor’s Degree program to take part in an exciting internship opportunity to learn real world experience. In this internship you will work closely with Business Analyst in setting up users, permissions and creating training material. You will work with security devices and work on network infrastructure. You may also work on projects to create and update an internet site and reports with SQL.


Must Have:

  • Interested in learning Corporate IT functions
  • Must be motivated
  • Experience with Windows Installation
  • Excellent communication skills

Preferred but not required:

  • Classes focusing on Network Security, Database, ERP Systems, Programming

Application instructions and additional information can be found at: