Sin Fung_Kwok
Sin Fung Kwok
My Cybersecurity Internship
Joy Of Motion Dance Center
Quick Facts
Joy of Motion Dance Center empowers individuals through dance, promoting creativity, confidence, and physical well-being.
As a hub for artistic expression and personal development, it offers a supportive space for dancers of all skill levels.
JOMDC is committed to accessibility, providing both recreational and pre-professional training for children, teens, and adults.
Its programs foster growth, inclusivity, and a lifelong appreciation for the transformative power of dance.
Joy Of Motion Dance Center
About the Nonprofit
Joy of Motion Dance Center empowers individuals through dance, fostering creativity, confidence, and physical well-being. As a vibrant hub for artistic expression and personal growth, the center offers a welcoming and supportive environment for dancers of all ages and experience levels.
JOMDC is committed to accessibility, providing a wide range of programs that include both recreational and pre-professional training for children, teens, and adults.
By nurturing talent and promoting inclusivity, the center helps participants build essential life skills while cultivating a deep appreciation for the art of dance and the positive impact it has on community well-being.
Joy Of Motion Dance Center
Community Involvement
Joy of Motion Dance Center thrives through a strong sense of community, led by passionate faculty members who are professional dancers, choreographers, and instructors. Their personalized, high-quality instruction supports dancers’ growth across all levels.
JOMDC actively collaborates with local schools, community groups, arts organizations, and professional dance companies to expand learning and performance opportunities. These partnerships enrich programming, promote arts advocacy, and connect students with mentorship and advanced training.
Key partners include Bloomberg Philanthropies, the DC Commission on the Arts and Humanities, and United Way of the National Capital Area, all helping to strengthen the center’s impact through dance.
Joy Of Motion Dance Center
Current Vulnerabilities
As Joy of Motion Dance Center expands its digital offerings through online registration, virtual classes, and digital communications, cybersecurity remains a top priority. The center protects student and staff information with secure payment systems, encrypted gateways, and strict data privacy policies.
Staff receive training to recognize phishing and cyber threats, while strong password protocols and regular platform updates add additional safeguards. Virtual classes are conducted through secure platforms with access controls in place.
These proactive measures help JOMDC maintain trust, ensure data protection, and support a safe, modern experience for its growing dance community.
My Security Presentation
During the Cybersecurity & Defense Internship, I worked with Beth Cerrone and Jamie Kreider to learn the basics of cybersecurity and explore its practical applications.
Throughout the week, I worked with a nonprofit to develop cybersecurity solutions to protect against various cyber threats. I worked with my team to analyze the threats to the organization and then developed a comprehensive solution.
At the conclusion of this internship, our team pitched the final proposal to the Leadership Initiatives Grant Committee, earning a microgrant to support the implementation of our proposal.
My Security Proposal
Throughout the program, we worked closely with Joy of Motion Dance Center to gain a clear understanding of their goals. These meetings provided valuable insights into critical gaps within their cybersecurity system and the potential risk they pose to the operation of their business.
The most pressing issue facing Joy Of Motion Dance Center is the unsecured handling of customer data, including storage in open-access Google Docs, lack of encryption or secure backups, and outdated user permissions that may still allow access to former staff or volunteers, which significantly undermines the organization’s ability to protect families’ personal information, increasing the risk of identity theft, payment fraud, and reputational damage that could impact both student safety and future enrollment or donations.
To address this issue, we developed a comprehensive security proposal that included a SWOT analysis of the Joy of Motion Dance Center’s current situation. Drawing on international cybersecurity standards, I proposed migrating all sensitive customer data to Google Workspace, where admin-only access ensures tighter control over who can view or edit important files. We will activate two-factor authentication (2FA) across all accounts and implement a monthly account clean-up to remove inactive or suspicious users. Staff will also undergo training on creating strong passwords and identifying phishing attempts to reduce the risk of human error. Next, we propose double-encrypting all sensitive files. First, using PGP (Pretty Good Privacy) software, data will be encrypted before being uploaded to Google Drive, which already includes built-in encryption—creating a dual layer of protection that ensures data is only accessible by those with authorized encryption keys. Finally, to enhance physical and transaction security, we recommend transitioning to the Clover payment system, which offers a secure, streamlined point-of-sale experience. This setup not only protects customer financial data but also builds trust with families and donors, ensuring their information is handled responsibly and securely.
Internship Highlights
I was given the unique opportunity to take exclusive tours of multiple government and security sites to speak directly with security professionals. During these tours, I was able to witness firsthand how cybersecurity operates at the national and international level.
I was able to visit the United States’ Security Innovation Lab. Throughout this visit, I was able to learn firsthand from government officials regarding how the government funds and establishes cyber-intelligence and cyber-counterintelligence technology.
We also toured the Homeland Security Investigations' (HSI) Technical Operations Center. During this visit, we learned how the government uses technology to track major crimes including wire-fraud, human trafficking, child exploitation, and more.
In order to apply the skills I learned throughout the internship, I worked directly with a nonprofit based in the Washington D.C. area to discuss their company's cybersecurity needs.
After three meetings where I walked through the organization model, protected information, and staff training of the nonprofit, I worked with my team to create a staff training protocol and threat analysis for my partner.
At the end of the internship, I advocated for, and received funding for, my nonprofit partner to implement the cybersecurity training protocols so they can best protect their client information and continue to develop with a reduced fear of cyber attacks and cybersecurity threats.
To learn more about the world of cybersecurity, I was given the unique opportunity to speak directly with cybersecurity experts from multiple organizations and backgrounds.
I worked directly with one of the leading consultants in Cyber Threat Management, and a lead Cyber Consultant from Ernst & Young, Phuong Nguyen, to learn about common threat assessment and cybersecurity counterintelligence. I also heard from the Director of Government Compliance for KPMG, Lisa Mathews, and the lead SME for the FutureG Initiative for the Department of Defense, Dr. Dan Massey.
Throughout the internship, I also heard presentations from and spoke with representatives from the Department of Defense, Department of Homeland Security, and the National Security Agency. To learn the physical side of cybersecurity, we also had the unique opportunity to meet with globally recognized penetration testers and network threat assessors.
In order to put the skills we learned to the test, I had the unique opportunity to work with cybersecurity software typically used in graduate-level instructional courses. This provided me with a hands-on environment to develop and apply a wide range of cybersecurity skills.
I began with network cybersecurity, completing labs focused on network security and Linux to gain a deeper understanding of how networks communicate and where vulnerabilities may arise. This experience highlighted the ways in which cybersecurity threats can disrupt or compromise these communications, reinforcing the importance of proactive defense measures.
Building on these Linux skills, I participated in capture-the-flag coding competitions and explored virtual rooms designed to simulate real-world cybersecurity challenges. These activities tested both my technical abilities and problem-solving skills, allowing me to apply classroom concepts in practical, scenario-based settings.