Over the holidays from May to July 2021, I've had the priviledge of interning at the Defence Science Technology Agency (DSTA) as a cybersecurity intern.

The Anxious Buildup

As a computer science student, I was anxious about securing an internship. My peers in computing were all gunning for top internships in places like Facebook (now Meta), Grab, Shopee, Stripe and so on. Having an impressive portfolio would help tremendeously in making me a more attractive candidate, yet it was something that I did not have. My year 1 holidays was not spent as productively as I hoped to. Joining my friend in trying to build his startup, Vibefam, I spent most of my time developing a mobile application using Flutter. While the product still in its infant stages, I felt that this project wasn't something that I was interested in the long run and left shortly after the holidays. Unfortunately, without a working product, I could not evince my efforts and learning process even if I had wrote it down on my portfolio.

The consequences showed itself as I was applying for internship opportunities during the 2nd semester of year 2. Many companies were not offering me interviews. In such a competitive environment, I was barely noticeable in the sea of applications. The weeks of semester 2 went by and I still had nothing. Then one day, I received a message from a staff at DSTA, requesting for an interview with me. The interview was short and quick. A few days later, I received an email offering me a position to intern in DSTA's cybersecurity department. Not wanting to lose the opportunity, I accepted it almost immediately.

Working in DSTA

My experience in DSTA was amazing. I was tasked to analyse one of the encryption algorithms that made its way into the finals of NIST Lightweight Cryptography competition. My mentor instructed me that the particular algorithm could potentially benefit from optimisations from Single Instruction/Multiple Data parallelism. In the beginning, I read a handful of academic papers on encryption algorithms. My knowledge acquired from the introductory course on information security was inadequate to comprehend the complexities of these algorithms. I spent much of my first week watching youtube lectures on different encryption constructions such as Feistel Networks, Sponge constructions, parallelism through AVX, etc. It was daunting having to scale such a steep learning curve. But I pushed through. Within a few weeks, I managed to get working implementation of the algorithm I was supposed to analyse and integrated Intel's AVX2 instructions into it. Following that, I performed benchmark tests to see if there was indeed any performance gains. To increase the scope of my tests, I also made comparisons against existing encryption algorithms like AES-NI and AES-OCB.

Throughout the whole internship period, there were plenty of technical challenges. Some of the challenges included:

• Understanding assembly language
• Learning to use C macros and pointers effectively (more so on the former than the latter as I had opportunities to use pointers in school assignments)
• Applying my knowledge of computer architecture (caches, registers, etc.) when I was trying to compare performances between the different algorithms

Honing the soft skills

In addition to these, my interactions with my mentor and fellow colleagues forced me to learn how to communicate my thoughts more effectively. My mentor often said this to me: "I only have cursory knowledge of the technologies in your project. It is your job to be able to communicate your ideas and problems to me in a way that I can help you in your progress." Through my weekly online check-ins, I honed my ability to succinctly present my progress and challenges to my mentor. Thankfully, he was really knowledgeable and could understand some of my lesser articulated thoughts.

Conclusion

This internship certainly challenged and spurred me to be more interested in the field of computer security. In fact, I have decided to pursue more advanced modules in NUS pertaining to parallel computing as well as cryptography.