2025 Intern report – Nicholas

Introduction

Hi, my name is Nicholas Russell, and I was an intern at Socialis. I’m originally from Atlanta, Georgia, USA, and I’m an incoming second-year student at Howard University, majoring in Computer Information Systems with a concentration in Cybersecurity.

Project overview

During this internship, I had the opportunity to explore the core security architecture and threat models behind large-scale digital systems. Especially those exposed to the open internet, such as search engines and web platforms that rely on dynamic indexing, user queries, and ranking algorithms. Instead of focusing purely on traditional web application vulnerabilities, I took a broader approach by analyzing the entire system lifecycle from data crawling and ingestion to indexing, query processing, and result rendering.

One area that stood out to me was the risk of malicious content ingestion, such as XSS payloads or spam being injected during the crawling process, and how it could lead to vulnerabilities downstream if not sanitized or filtered properly. This made me think more deeply about input validation, crawler sandboxing, blacklisting strategies, and the use of content security policies (CSPs) to limit the impact of potentially harmful data entering the system.

When exploring the indexing and storage layer, I learned how sensitive information could be unintentionally leaked or corrupted. I looked into how tools like Data Loss Prevention (DLP) systems, pre-indexing filters, and role-based access control (RBAC) help prevent unauthorized access or data poisoning. I also considered how to implement index integrity verification, and how log encryption and audit trails can support both accountability and compliance with data protection regulations like GDPR and CCPA.

From a privacy perspective, I began to understand how even simple analytics for example storing user queries or access logs can introduce risks. I explored techniques like pseudonymization, IP anonymization, and differential privacy, which help balance the value of analytics with the responsibility to protect users’ identities and behaviors.

To make this more hands-on, I was challenged to build a basic search engine. I then developed a custom application-layer firewall that monitors traffic and uses simple logic to detect and block abusive behaviors like excessive requests, bot traffic, or signature-based attacks targeting the query interface.

This internship helped me understand application security and gave me the confidence to pursue more technical skills. I’m now seriously considering minoring in computer science so I can gain hands-on coding experience alongside my cybersecurity knowledge. I want to know how to build a real, functional system, not just understand how to protect them, but also understand how to create and implement them in the real world.