LONDON METROPOLITAN UNIVERSITY

PROFESSIONAL WORK PLACEMENT

LEARNING LOG
YOUR ID: 19033799

YOUR NAME: Shahnawaz Alam

YOUR COURSE: Work Related Module (WRL)

YOUR WRL TUTOR: Ravi Chandra Gurung/Bibek Khanal

PLACE OF WORK (Company Name): Vairav Technology

DATES OF ENTRIES IN LEARNING LOG:

Log Start Date End Date Company Supervisor

Index Signature
Log 1 21/09/2021 30/09/2021
Log 2 01/10/2021 10/10/2021
Log 3 11/10/2021 16/10/2021
 Log 4 26/10/2021 10/11/2021
Log 5 12/11/2021 23/11/2021

Log 6 24/11/2021 26/11/2021

LEARNING LOG 1
For the period ___21 September______ (start date) to ___30 September________ (end
date)

What have I done? (relate tasks to Learning Outcomes)

On September 20th, I received an email from Vairav Technology informing me that I had
been chosen as an intern at the firm. On the same day, I received an email from Miss Anima
Pokharel informing me that your internship will be held online and notifying me of the
department in which I will be working, as well as the meeting link for internship class. They also
mentioned us about the three department that we will be working on in this period (GRC, SOC
& VAPT) we also assigned in three groups and I was in Group A and GRC was the first
department assigned to group A. On 21 September I join the meet link 5 minutes (LO1), after
well all join the meeting we were welcomed by our supervisor and team. We got briefed details
about the company and its working fundamentals and our roles in the company. They also
asked us to give a short introduction of ourselves. I was so nervous at the beginning because I
didn’t have a habit of talking in a mass. (LO4). Then we were informed about the timelines
about our online meetings. We also talk to supervisor’s team about the roles and
responsibilities that we are going to play during the internship periods. Before the meeting was
about to end, I asked about what will be the learning outcomes after the completion of the
internship and also about the company privacy and policies because we have to attached the
proof of our works in WRL report which we have to submit as academic Work Related Learning
Module’s report to college.

On 3rd September I got an email from miss Anima and we all are now in GRC
department. They provided us a meeting link for the introduction class to review the subject and
topic, as well as the plan for the upcoming sessions, and the time is 12:30 p.m. I arrived 5
minutes late for the meeting link in order to learn more about the GRC department (LO1). We
were told that Anima Pokhrel was assigned as our supervisor. This department, according to
Ma'am, is all about study, analysis, and comprehending the responsibilities assigned by the
supervisors. We must all deliver a virtual presentation of a small study project and demonstrate
that we comprehend the supervisors' tasks (LO7).

On this GRC department, we received four task from the GRC department, all of which
required us to conduct research and write a thorough report (LO5) The first duty is to conduct
research about GRC and its relevance in any organization. After doing some research on GRC,
I discovered that GRC stands for Governance, Risk, and Compliance, and that it is critical for
any organization or corporation to manage security (LO1). We also learn about the regulations
and laws that apply to any organization or firm. GRC creates an environment that allows
businesses to effectively manage IT and security risks, reduce expenses, and adhere to laws. It
also enhances decision-making and performance by offering a comprehensive view of a
company's risk management. On next class we were supposed to explain about the GRC and
its roles in any organization. I also shared my understandings and views about the same topic
which helped me to develop my communication as well as presentation skills (L04)

The second objective is to conduct research on cybersecurity and its related fields. I
write a decent cybersecurity report (LO5). Cybersecurity is all about how to defend a company
from hackers and how to set up a testing environment to keep any business safe from
intruders. The final assignment entails conducting research in any two cybersecurity topics. And
cryptography and security management are my choices. Cryptography in its most basic form I
learnt how to use an algorithm to convert plan text to cipher text. Cryptography taught me how
to protect my data from hackers using cryptography (LO1). For securing and penetration
testing, I employed a variety of tools and applications (LO3).

The fourth responsibility is to do research about the current state of cybersecurity in

Nepal and throughout the world. I learned that Nepal is one of the countries with the highest
rates of cybercrime in the world. In today's world, cybercrime occurs everywhere, and no one is
safe from it. I learnt about Nepalese rules for hackers and attackers that do harm to any
institution (LO2). I realized through my research that every business may have a security
problem, and I learned how to address it (LO4).
What I did well (refer to skills used)
All of the task are research based task So I did research about the topics and noted the
understanding on my report. I did my report on time and submit to out supervisor and I
presented those report in a proper format.

What I could improve on (i.e. skills I want to improve)

As I did good research but it was not sufficient as my supervisor feedback so I need to do depth
research about the topics.
Action I can take to improve my skills and learning (make these “SMART”):
Goal - To develop research skills

Action - I will do more research on different topic and also read books, blogs as well as the
genuine site for the research part.

Timing –
 LEARNING LOG 2
For the period ___1 October______ (start date) to ___10 October________ (end date)

What have I done? (Relate tasks to Learning Outcomes)

We worked at the GRC Department from November 12 to November 26. The GRC
department has assigned six tasks to us. I've previously mentioned tasks 1 through 4 in
learning log 1. Now, in learning log 2, I'm going to talk or describe what I did in the GRC
department from task 5 to task 7.

Our internship was conducted entirely online, and they provided us with a meeting link for
the internship courses at 2:00 p.m. I arrived 10 minutes early for the meeting link in order to
learn more about the GRC department (LO1). As I said in my learning log 2, all of the
assignments assigned by the GRC department are research-based and require a thorough
report (LO5). The GRC department is responsible for doing research, analyzing data, and
comprehending the responsibilities assigned by supervisors. And we all have to provide a
presentation of a small research project and a comprehension of the supervisors' tasks (LO4).
After we discussed our understanding. They assigned us a next task

What I did well (refer to skills used)

Threat hunting and threat intelligence - I was able to complete this task entirely on my own, with
no assistance. The threat intelligence concept became clearer as a result of the research and
analysis, and putting the research into practice for the fourth part of the task helped me realize
that cyber threat intelligence is one of the key pillars of SOC. I also met the deadline for this
task. Despite the fact that I was able to complete all of the tasks on time.

What I could improve on (i.e., skills I want to improve)

Problem Solving – The tools I had available for the fourth part of the task, gathering
intelligence, didn't provide enough detail. I could provide much more detailed intelligence and
information if I looked for more advanced tools and learned how to use them.
Action I can take to improve my skills and learning (make these “SMART”):
Goal - To identify the most effective threat intelligence tools and learn how to use them.

Action Ask a few questions with my superiors and conduct internet research to view
intelligence gathering videos and tools.

Timing – 15 October 2021.

LEARNING LOG 3
For the period ___11 October______ (start date) to ___16 October________ (end date)

What have I done? (Relate tasks to Learning Outcomes)

What have I done? (Relate tasks to Learning Outcomes)
The last task similarly dealt with threat intelligence, but this time with Open-Source Intelligence
OSINT. This challenge asked us to finish an Udemy course on three separate topics. Because
the courses on Udemy were free, we couldn't acquire any credentials, so we were instead given
questions on each topic. We completed the work by conducting research by viewing all of the
course videos on Udemy and writing a report based on the questions provided. (LO6).

The first lesson was about OSINT and its tools and methodologies. Throughout the course,
there was a variety of information that included flowcharts to illustrate the OSINT process, and I
was able to comprehend the OSINT tools and machine to perform investigations. The second
course I took was Cybersecurity Threat Intelligence Researcher, which was also billed as a free
course on Udemy. After completing the training, I had a high-level understanding of the seven
threat intelligence steps (LO2. I was able to comprehend the objectives of threat hunting,
feature extraction, behaviour extraction, grouping and correlation, threat actor attribution,
tracking, and capturing the attacker. (LO2). I learned that each of these phases was equally
significant, and the data obtained from the procedures helps you to take confident actions
(LO1). We were able to learn about attack pathways and the benefits of detecting new types of
assaults by answering the questions provided as our job. The most recent course I took was
Advanced Persistent Threat, which exposed me to Stuxnet and APT1. The seminar provided a
brief history on this terminology, allowing us to comprehend the lifespan of these threat actors
and groups (LO1, LO2, LO3. I submitted the SOC part of the task on time. by preparing a report
on the given questions of each of the courses as proof of completion. (LO5, LO7).

We were given other tasks dealing with Incident Response and Archiving after two days. A
small piece of information was attached to the task that gave us some insight into the
importance of incident response and archiving. Along with the task, a set of seventeen links
(educational blogs, articles, and websites) were attached, which we could use as a reference to
complete the tasks and learn the contents of the websites. This task allowed us to investigate
the NIST (National Institute of Standards and Technology) and SANS (Security and National
Intelligence Services) Incident Response Framework (Sysadmin, Audit, Network and Security)
(LO1, LO2, LO3). We had to find the differences between the two frameworks while researching
the two frameworks. In addition to the frameworks, I learned about the CSIRT (Computer
Security Incident Response Team) and its roles and responsibilities. (LO1). Not only that, but
the tasks also required us to create an Incident Response for any threat, which included
Malware, Phishing Email, and Ransomware, using either NIST or SANS. Making an incident
response took a lot of research, and after surfing the internet, I came up with an incident
response for Phishing emails. We also had to determine the purpose of archiving, specifically
email archiving, and I was able to learn how archiving can aid the Incident Response Process
by following the links to educational articles and blogs. (LO1, LO2).

What I did well (refer to skills used)

Enhance my knowledge of information security After completing this task, I realized that
incident response is an important part of the Security Operations Centre that can contribute to
information security Threat Intelligence and Hunting.

Center that can contribute to information security Threat Intelligence and Hunting. It assisted
me in developing an incident response plan that included detection and analysis, as well as
threat intelligence and hunting.
What I could improve on (i.e., skills I want to improve)
Problem Solving – Although there were links provided to assist in the completion of the tasks, I
could have done more research on the internet in addition to the links to obtain additional
information and include it in the report.
Action I can take to improve my skills and learning (make these “SMART”):
Goal - To conduct more research outside of the box, rather than relying solely on available
resources.

Action - Reviewed the task questions, look for articles and journals to research, and do more
research if you're still unsure.

Timing – 20 October 2021.

 LEARNING LOG 4
For the period ___26 October ______ (start date) to ___10 November________ (end date)

What have I done? (relate tasks to Learning Outcomes)

On 26th October I got email from Mr Rishitosh Ghatani that our department is changed
from GRC to SOC department as we already finished the intern in GRC department. And they
sent us a meeting links for the meet and we were introduced about the SOC department and
what we have to do on this department. And he assigned our first task to install VM ware and
create a virtual machines by deploying 3 virtual machines which are Kali-Linux, Metasploitable-
2 and Windows 7. We installed scanning tools like Nagios, Cacti and Snort in kali-linux. We also
have to install Wireshark and Glassware tools in window 7.After the setup we have to test the
connectivity from virtual machine.

What I did well (refer to skills used)

All tasks that are given is research based. I researched every task very well with good points. I
represent all our tasks to the supervisor very well. In every task I make a good report and
submit to the supervisors early from the deadline.

What I could improve on (i.e., skills I want to improve)

For Penetration testing many tools are used. I don’t know how to use the tools for pen testing. I
want to improve my skills in penetration testing tools for scanning the vulnerability for any
organization.
Action I can take to improve my skills and learning (make these “SMART”):

Goal - To develop my technical abilities.

Action – I am going to install my penetration testing tool in my computer and I an going to take
some online classes to improve my technical skills in that pen testing tools.

Timing – 15 November 2021.

 LEARNING LOG 5

For the period ___12 November______ (start date) to ___23 November________ (end
date)

What have I done? (Relate tasks to Learning Outcomes)

From 12 November to 26 November, we were in GRC Department. There are 6 tasks

that are given from GRC department. From task 1 to 4 I have already discussed in learning log
2. Now form task 5 to task 7 I am going to discussed or describe in learning log 3 that what I
have done in GRC department.

Our internship held online, and they sent us meeting link for the internship classes at 2
P.M. I joined the meeting link 10 minutes early for learning and understanding about GRC
department (LO1). As I already describe in my learning log 2 that all the tasks that are given
from GRC department is researched based and make a good report on it (LO6). GRC
department is all about research, analysis and understanding the tasks that are given from the
supervisors. And we all have to give virtual presentation of brief research and the
understanding of the tasks that are given from the supervisors (LO7).

From 12 November to 26 November, we have got 3 tasks from GRC department all the
tasks are research based and make a good report on it (LO6). Fifth task is research on ISO
27000 and ISO 27001.

After the brief research on ISO 27000 and ISO 27001 I got to know that it stands for
International Organization for Standardization (LO1). We also get to know about the
Understanding security standards like the ISO 27000 series may help businesses maintain their
data and digital assets safe from attackers. This will be necessary to safeguard financial data,
customer information, employee information, and intellectual property (LO2). Also, after the
researched of ISO 27001 I get know that to Any group or organisation wishing to enhance its
information security practices or policies can use ISO 27001 as a guideline (LO2). ISO 27001
accreditation is the aim for firms wanting to be best-in-class in this field. To defend your
company from attacks such as ransomware, full compliance implies that your ISMS has been
determined to follow all best practices in the field of cybersecurity. (LO3)

Sixth task is research on data centre, its important of data centre and Infrastructure and
Security required for a data centre and make a good report on it (LO6). During the research of
data centre, I get to know about that A data centre is a physical location where businesses keep
their mission-critical programs and data. It's critical to consider long-term about how to preserve
their dependability and security as they expand from centralized on-premises facilities to edge
deployments to public cloud services (LO3).

I learned from data centre that almost all contemporary businesses and government
agencies require their own data centre or can lease one. If they have the means, large
enterprises and government entities may opt to create and administer them in-house (LO1).

During the research I get to know that there are a few critical data centre physical
security standards and technologies every colocation customer should evaluate when they’re
looking to partner with a facility are Layered Security Measures, Access lists, Video
Surveillance, Secure Access points, Background checks and Exit procedures etc. that how you
can create and provide a better environment for security of your organization (LO3). Any
organization have issue and problems in physical security they must have to use this
methodology to resolve that issue (LO4).

Last and the Seventh task is research on SOC 2 compliance. After the researched I get
to know that SOC 2 is an auditing procedure that ensures your service providers securely
manage your data to protect the interests of your organization and the privacy of its clients. All
the tasks that are given from GRC department is learning and researched based and all the
task that I have done with my team member. Every task gets easy when I do with my team
member (LO5). And I discussed every topic of the tasks with my team member for improving
my communication skills (LO7).

What I have done well (refer to skills used)

All tasks that are given is research based. I researched every task very well with good points. I
represent all our tasks to the supervisor very well. In every task I make a good report and
submit to the supervisors early from the deadline.
What I could improve on (i.e., skills I want to improve)
Last Wednesday when the session of GRC department is going on Sunil sir ask me about the
cryptography algorithm, encryption and decryption and symmetric key and asymmetric key. I
know the answer but, I could not give my answer properly. So, I am going to do a lot of
research on Cybersecurity.
Action I can take to improve my skills and learning (make these “SMART”):
Goal - To develop my research skills and technical abilities.

Action – I am going to do a lot of research on cybersecurity and going to install a lot of tools for
network scanning and penetration testing.

Timing – 28 November 2021.

 LEARNING LOG 6

For the period ___24 November______ (start date) to ___26 November________ (end
date)

What have I done? (Relate tasks to Learning Outcomes)

Last and the Seventh task is research on SOC 2 compliance. After the researched I get
to know that SOC 2 is an auditing procedure that ensures your service providers securely
manage your data to protect the interests of your organization and the privacy of its clients. All
the tasks that are given from GRC department is learning and researched based and all the
task that I have done with my team member. Every task gets easy when I do with my team
member (LO5). And I discussed every topic of the tasks with my team member for improving
my communication skills (LO7).

Like before I had prepared a note to pitch my research verbally (LO7). The assignment for next
session was to have in-depth research on data centre, its importance and the security
infrastructure and requirements to operate data centre. This was an interesting task after I
surfed ono the internet data centre was importance since important systems like servers and
data storage, business applications were supported by it. I was curious on what infrastructures
were used to secure data centre. Through my research I was able to tell that layered security
measures, access lists, video surveillance, secure access points etc. were some important
requirements to secure data centres (LO4, LO1, LO2).

The last assignment of the GRC section was given to us on November 24 and it was to
research on SOC 2 Compliance. I had a slight idea about SOC 2 compliance, and after
researching more about it I had the facts and the knowledge about it in a more detailed way.
SOC 2 compliance was required for many organizations and system, I learnt that a SOC 2
compliance is a minimal requirement when considering a SaaS (Software as a service)
provider. I also read about the SOC 2 certifications, reports and steps for implementing it (LO1,
LO4). And finally on November 26, 2021, we had our final session of the GRC section of
internship at Vairav Technologies. After the meeting discussion we were informed that the
internship period in GRC department had officially been concluded today. Our supervisor
wished us a good luck for future and ended the last online session(LO5).
What I have done well (refer to skills used)
SOC 2 compliance – I think throughout the period, I had the most time given to research about
SOC 2 compliance. And with that I had a wide range of knowledge on it especially SOC 2. The
report writing skills have improved significantly with the amount of research put on it.

What I could improve on (i.e., skills I want to improve)

Problem Solving and Communications - I think I could still improve on speaking and
presenting more well. During the internship it definitely helped to speak more often
presenting my research and idea, but I still think I need to work on asking more
questions and discuss with my colleagues.

Action I can take to improve my skills and learning (make these “SMART”):
Goal - To participate in interactions during the online sessions.

Action – Practice speaking, have a full understanding of the topic, be prepared to counter a
cross question.

Timing – 30 November 2021.

GUIDELINES FOR COMPLETING YOUR LEARNING LOG

Purpose of Learning Log

Your Learning Log involves recording what you’ve done during your work placement and
encourages you to carry out self-assessment and reflection on how effectively you’ve performed
tasks.

It will help you to monitor your progress in working towards your learning outcomes and to
identify skills you’ve used and developed during the placement. You should attach a copy of
your Learning Agreement and the Skills Audit to the Learning Log.

Along with a written report, the Learning Log will form part of the assessment for the module.
For some courses, you will also deliver an oral presentation. In such cases, the Learning Log
will help you in preparing these by reminding you of task you were involved with and what you
learned from them.

When to complete the Learning Log

You should complete it and email a weekly log to your academic tutor.

How to complete the Learning Log

What have I done? (relate tasks to Learning Outcomes)

Against each task you record, you should show which learning outcome (LO) it relates to. It isn’t
necessary to write out the whole LO. Referring to your Learning Agreement, number each
Learning Outcome consecutively (LO1, LO2, LO3, etc). You can then use the numbering to
identify the relevant LO in your Learning Log e.g. Met with the Head of Human Resources to
find out about the organisational structure and the remit and functions of different departments
(LO3).

What I did well (refer to skills)

Look at the skills audit you completed during your PWP Induction Workshop and use these as
prompts for the possible skills you may be developing on your work placement.

Note down things you feel went well and what you did to achieve this. This means that, in
addition to saying what you think you did well, you also need to say why it went well – what was
it that you did to secure a positive result?

Example:
Communication and interpersonal – in asking the Head of HR for a meeting, I introduced myself
and was clear about what I wanted to know. I took detailed notes of the meeting and wrote them
up into a summary immediately after the meeting whilst the information was fresh in my mind.
What I could improve on (i.e. skills I want to improve)
Here, try to identify any tasks you feel you might have done better or where you felt uncertain or
unconfident about something. Again, you may find it helpful to think of this in terms of skills, so
use your skills audit for ideas.

Example:
“Initiative and problem-solving – I sometimes lack confidence about approaching people I
haven’t met before. As a result, I put off doing some things like arranging a meeting and this can
then cause problems with meeting deadlines”.

Action I can take to improve my skills and learning (make these “SMART”)
In this section and using your reflection so far, set yourself goals for the coming period (e.g. for
the next week). These are likely to be about tasks which relate directly to one of your Learning
Outcomes and/or which address skills you want to improve.

Make them SMART (specific, measurable, achievable, realistic and time-bound) as this will help
you to clearly identify your actions and goals for the next period.

Example:
Following on from the example above:
“To improve my confidence in approaching people, I’ll plan in advance what I want to say and
write out a short script for myself. I’ll do this first thing next Monday (give date).

To make sure I don’t miss deadlines, I’ll work out and write down a schedule of what I need to
do by when and then I’ll use this to identify tasks and what I need to achieve on a daily basis. I’ll
have the schedule completed by the end of Monday next week (give date)”.

Or, you might prefer to separate out the stages and write in note form, for example,

Goal - to improve my confidence in approaching people

Action - plan in advance what I want to say; write a script
Timing - first thing Monday (give date).