Zachary_Johnston
Zachary Johnston
My Cybersecurity Internship
City Kids Wilderness Project
Quick Facts
This organization creates lasting change in youth from underserved communities through outdoor education.
They build resilience, teamwork, and personal development by providing positive, life-changing experiences.
Their mission inspires young people to overcome challenges and pursue aspirations.
Through these efforts, they help youth grow into confident and capable individuals ready to make a difference in their communities and beyond.
Their programs foster lasting bonds, encouraging lifelong growth and a commitment to protecting the natural world.
City Kids Wilderness Project
About the Nonprofit
The City Kids Wilderness Project is a nonprofit organization dedicated to providing transformative outdoor experiences for underserved youth in Washington, D.C. Their mission focuses on empowering young people by exposing them to nature, fostering personal growth, leadership skills, and self-confidence.
Through programs that combine adventure, mentorship, and environmental education, the organization helps youth realize their full potential.
By nurturing a deep respect for the environment, City Kids Wilderness Project creates meaningful opportunities that inspire growth, resilience, and lasting positive impact in the lives of the communities they serve. Their work builds stronger futures for youth through connection with nature.
City Kids Wilderness Project
Community Involvement
The City Kids Wilderness Project benefits from a dedicated faculty of highly trained professionals, including experienced outdoor educators, youth development specialists, and program managers.
These staff members work closely with participants to ensure their safety and personal growth during outdoor adventures. They provide mentorship and support, helping youth develop valuable life skills like resilience, teamwork, and leadership.
The organization collaborates with nonprofit groups, local government agencies, and community partners such as DC Central Kitchen, National Park Service, Sandy Spring Adventure Park, and REI DC. These partnerships enhance programming, extend reach, build a strong support network, and foster lasting community connections for the youth they serve.
City Kids Wilderness Project
Current Vulnerabilities
The City Kids Wilderness Project faces important cybersecurity concerns, particularly regarding the protection of personal data. Since the organization collects sensitive information, it is crucial to securely store and transmit data to prevent unauthorized access or breaches.
Like many nonprofits, they must remain vigilant against data breaches that could lead to misuse of personal information. Additionally, the organization is at risk of phishing attacks and email fraud targeting staff, volunteers, and donors.
Regular training on recognizing phishing attempts and implementing strong email filters helps reduce these threats and protect their community’s information. Ongoing investment in advanced cybersecurity tools and protocols is essential to maintaining trust and safeguarding the organization’s digital infrastructure.
My Security Presentation
During the Cybersecurity & Defense Internship, I worked with Beth Cerrone and Jamie Kreider to learn the basics of cybersecurity and explore its practical applications.
Throughout the week, I worked with a nonprofit to develop cybersecurity solutions to protect against various cyber threats. I worked with my team to analyze the threats to the organization and then developed a comprehensive solution.
At the conclusion of this internship, our team pitched the final proposal to the Leadership Initiatives Grant Committee, earning a microgrant to support the implementation of our proposal.
My Security Proposal
Throughout the program, we worked closely with City Kids Wilderness Project to gain a clear understanding of their goals. These meetings provided valuable insights into critical gaps within their cybersecurity system and the potential risk they pose to the operation of their business.
The most pressing issue facing City Kids Wilderness Project is the widespread lack of cybersecurity awareness and safeguards, including inadequate employee training, irregular password updates, and the use of personal email accounts to access confidential information, which significantly undermines its ability to protect personal information, recover from incidents, and maintain the trust of stakeholders and program members.
To address this issue, we developed a comprehensive security proposal that included a SWOT analysis of the City Kids Wilderness Project’s current situation. Drawing on international cybersecurity standards, we proposed monthly password changes with no repetition, mandatory VPN use on employee devices, and strict data-sharing policies—such as limiting access to PII to PDF-only transfers by admins—to reduce exposure risks. We also recommended switching from Flickr to SmugMug for secure media sharing, anonymizing sensitive alumni data, and performing regular audits of Google Drive access via an organized tracking sheet. To build a culture of cybersecurity, we introduced training through Google Classroom, CanIPhish, and KnowBe4 exercises for both employees and youth participants, and advised segmenting the Wi-Fi network by splitting the 2.4GHz and 5GHz bands. These measures are designed to mitigate human error, protect sensitive data, and ensure long-term organizational resilience against cyber threats.
Internship Highlights
I was given the unique opportunity to take exclusive tours of multiple government and security sites to speak directly with security professionals. During these tours, I was able to witness firsthand how cybersecurity operates at the national and international level.
I was able to visit the United States’ Security Innovation Lab. Throughout this visit, I was able to learn firsthand from government officials regarding how the government funds and establishes cyber-intelligence and cyber-counterintelligence technology.
We also toured the Homeland Security Investigations' (HSI) Technical Operations Center. During this visit, we learned how the government uses technology to track major crimes including wire-fraud, human trafficking, child exploitation, and more.
In order to apply the skills I learned throughout the internship, I worked directly with a nonprofit based in the Washington D.C. area to discuss their company's cybersecurity needs.
After three meetings where I walked through the organization model, protected information, and staff training of the nonprofit, I worked with my team to create a staff training protocol and threat analysis for my partner.
At the end of the internship, I advocated for, and received funding for, my nonprofit partner to implement the cybersecurity training protocols so they can best protect their client information and continue to develop with a reduced fear of cyber attacks and cybersecurity threats.
To learn more about the world of cybersecurity, I was given the unique opportunity to speak directly with cybersecurity experts from multiple organizations and backgrounds.
I worked directly with one of the leading consultants in Cyber Threat Management, and a lead Cyber Consultant from Ernst & Young, Phuong Nguyen, to learn about common threat assessment and cybersecurity counterintelligence. I also heard from the Director of Government Compliance for KPMG, Lisa Mathews, and the lead SME for the FutureG Initiative for the Department of Defense, Dr. Dan Massey.
Throughout the internship, I also heard presentations from and spoke with representatives from the Department of Defense, Department of Homeland Security, and the National Security Agency. To learn the physical side of cybersecurity, we also had the unique opportunity to meet with globally recognized penetration testers and network threat assessors.
In order to put the skills we learned to the test, I had the unique opportunity to work with cybersecurity software typically used in graduate-level instructional courses. This provided me with a hands-on environment to develop and apply a wide range of cybersecurity skills.
I began with network cybersecurity, completing labs focused on network security and Linux to gain a deeper understanding of how networks communicate and where vulnerabilities may arise. This experience highlighted the ways in which cybersecurity threats can disrupt or compromise these communications, reinforcing the importance of proactive defense measures.
Building on these Linux skills, I participated in capture-the-flag coding competitions and explored virtual rooms designed to simulate real-world cybersecurity challenges. These activities tested both my technical abilities and problem-solving skills, allowing me to apply classroom concepts in practical, scenario-based settings.