all posts

7 July 2026

Journal Entry 1 - Orientation, Environment Setup and Initial Task Assessment

internshipcybersecuritynixosweb-developmentonboardingmoldova

Introduction

In this first journal entry, I present my internship reflection as an Application Security Intern at the Public Institution Theoretical Lyceum "Mihai Eminescu". The primary goal of this role is to design and implement cybersecurity measures across various organizational vectors, including physical security, web-based applications and core network infrastructure within an educational institution.

The Lyceum comprises over 60 staff members, including teaching, administrative personnel and approximately 1,000 pupils enrolled across the spring and autumn semesters. It is ranked 8th among the 300 schools in Moldova, reflecting its standing as one of the more prestigious institutions in the country.

At this stage of its development, the institution requires a structured justification and proper supplementation of its technological advances, as it has only recently begun establishing its digital infrastructure.

Personal Goals and Expectations

Among everything mentioned, for me the ability to effectively communicate and defend IT-related decisions to non-technical individuals, while contributing to a more functional and secure digital environment for a large and diverse user base is an important skill.

Operating with a significant degree of autonomy introduces a notable sense of professional responsibility. Unlike a technical environment where peers share a common knowledge base, this context requires that complex concepts be conveyed in simpler terms. Terminology familiar to IT professionals may look unfamiliar to general staff and solutions that are apparent from a technical perspective require additional explanation for others. As such, effective communication becomes as important as technical competence. While staff members are not expected to possess advanced knowledge of computing systems, they benefit from informed professional guidance.

Such counselling was highlighted in the academic coursework and practical experience I gained at TalTech. It provided a solid foundation for this role, because concepts that were previously only partially grasped, such as the distinction between wide area networks (WAN) and local area networks (LAN), became more .

Internship at a School

This internship opportunity was secured through direct outreach to the institution, an approach that reflects the value of proactive initiative. While many candidates rely on established employment platforms such as LinkedIn or Rabota.md (cv.ee equivalent), this experience demonstrates that opportunities can also be created through self-presentation and the identification of organizational needs. The proposal submitted to the Lyceum showcased potential contributions across several areas: the repurposing of legacy computers, the implementation of self-hosted services, and the delivery of staff training programs.

Previous Experience

Prior to this internship, a number of hobby projects were undertaken in the areas of infrastructure management and network hardening. These projects, initiated during the early stages of university studies, were motivated by a desire to develop and deploy functional systems for practical use, such as a web-based "Secret Santa" application. Through this process, it became clear that such systems require robust security measures to mitigate the risk of compromise. Consequently, penetration testing was conducted on self-developed web applications to assess vulnerabilities, including the potential for unauthorized data extraction or root-level server access.

Why Cybersecurity

The decision to pursue cybersecurity as a field of study started a in personal experience with the consequences of insufficient digital security. An early encounter involved the download of video game cheats embedded with Remote Access Trojans (RATs), which resulted in login credentials theft and operating system damage. This experience, met at a young age and without the benefit of prior cybersecurity education, served as a defining motivator to develop competence in the field and to contribute to the protection of others from similar threats.

First two weeks

The first week began with a formal introduction to the work description and the scope of responsibilities during the internship. To ensure proper understanding of my rights and obligations, I reviewed the relevant Moldovan legislation governing internship activity. This included the Labour Code of the Republic of Moldova (Law No. 154/2003), the Law on Education in the Republic of Moldova (Law No. 152/2014), and the Law on Information Technology and Electronic Communications, all sourced through the official Moldovan legislative portal, www.legis.md. This step is important because it clarifies what exactly I can do and what I cannot.

First Task: Student Council Website

My first assigned task was to design and develop a website for the school's Student Council. The goal was not to build just a functional site, but to incorporate a secure development practices from the ground up. Before touching a single line of code, I made a decision to use this internship as an opportunity to grow technically by migrating away from my familiar, comfortable Windows + WSL setup and committing fully to a Linux-only environment. Specifically, I chose NixOS, because of its declarative nature.

This turned out to be considerably more time consuming than anticipated. A significant portion of the first week was spent understanding nix concepts: structuring configuration.nix, setting up home-manager at the user level and the generations system that NixOS uses for rollbacks. Each misconfiguration required a rebuild cycle, and errors were not always immediately obvious. It was genuinely difficult, where inattentiveness played a huge rule. Leaving the comfort zone of a familiar toolchains is a major step in becoming a better self. Yet, it reminded me of the coursework we have at TalTech: Linux Administration and Introduction to Networking, which helped a lot.

Configuring user-groups and automating system settings felt familiar from our lab exercises, which made this part of the setup more manageable. Once everything was done, I moved on to configuring my IDE (VS Code) and installing the cybersecurity tooling I would need throughout the internship.

Since the students are currently on summer vacation, direct feedback from the Student Council members is not yet possible, but my design choices are cooperated with my supervisor. To compensate as well, I began researching existing student council websites such as the student council pages of Liceul Aristotel [https://aristotel.md/crearea-retelei-nationale-a-consiliilor-elevilor/], IPLT "Ginta Latina" [https://liceulmeu.md/en/consiliul-elevilor/] and other international websites. This allowed me to begin forming a content architecture and identifying what sections are typically needed by students and staff. Some of the examples of other websites were adviced by my colleagues, which I appreciate!

Overall, these first two weeks have laid a necessary technical foundation, even if progress on the website itself remains limited because of bureaucracy.

photo 2026 07 07 16 11 29

photo 2026 07 07 16 11 29 (2)