Formation, not instruction.

Networking

Security-centric network fundamentals studied from both attacker and defender perspectives, with emphasis on real failure modes over textbook descriptions.

• TCP/IP stack behavior, handshake mechanics, and failure modes under adversarial conditions
• DNS, HTTP/S, and SMTP analyzed from both attacker and defender perspectives
• Packet capture, traffic analysis, and manual inspection of live network data
• Common network misconfigurations, exposure patterns, and how they are abused

Operating Systems

Linux and Windows internals studied at the level required to understand how attackers gain persistence and how defenders detect and remove them.

• Linux permissions model, process hierarchy, filesystem structure, and kernel interfaces
• Windows authentication mechanisms, registry behavior, event logging, and service architecture
• OS-level attack surfaces including privilege escalation paths and lateral movement vectors
• Defensive controls, hardening techniques, and detection points at the OS layer

Virtualization and Environments

Building isolated, reproducible lab environments that allow safe experimentation with real attack and defense scenarios without risk to production systems.

• Virtual machine architecture, hypervisor concepts, and network isolation techniques
• Constructing multi-host lab environments from scratch for realistic practice scenarios
• Snapshot management, rollback strategies, and deliberate failure and recovery exercises
• Environment documentation standards so that labs can be reproduced and shared accurately

Programming Fundamentals

Python-focused programming literacy developed to the level where interns can read, modify, and write practical security tooling without full software engineering experience.

• Reading and understanding existing Python codebases, including security tools and scripts
• Writing automation scripts for repetitive tasks, data collection, and environment control
• Parsing structured and unstructured log data to extract meaningful security signals
• Understanding runtime behavior and side effects of code without needing to author it from scratch

Security Operations

The foundational discipline of monitoring, detection, and response that underpins every security function at Vexelon, regardless of specialization path.

• Log sources, alert types, and the practical distinction between signal and noise in real environments
• Incident fundamentals including initial triage, scope assessment, and escalation decision points
• Operational discipline, shift handover standards, and documentation required for effective response
• Understanding how detection gaps form and how to identify blind spots in a monitoring coverage model

Daily Technical Report

Mandatory at the end of every internship day. Evaluated for clarity, depth, honesty, and reasoning quality.

• 01

  Objective and Actions Taken

  What the candidate set out to achieve and the exact commands, tools, and configurations they applied to pursue it.

• 02

  Observed Results and Failures

  What actually happened, including everything that did not work, the assumptions that were wrong, and why.

• 03

  Technical Reasoning

  The logic behind every decision made during the session, written clearly enough for a peer to follow and challenge.

• 04

  Open Questions and Key Insight

  What remains unresolved and requires further investigation, plus the single most important thing understood that day.