Summer 2020 at Aon

08/16/2020

Here's my interview and internship experience with Aon!

Aon provides five solution lines, one of which is Data & Analytic Services. Within Data & Analytic Services, they have the Cyber Solutions Practice. And down that rabbit hole, have three large practices in there!

Their LA office has a large DFIR team and two smaller Pen-Testing(lol p much non-existent) and Advisory teams. The DFIR team spends most of the time in office (bc they're handling/retrieving physical evidence) while the other two can work remotely.

There are two rounds of interviews. I had a very pleasant experience! It's honestly very non-technical; they just want to know how interested you are in cybersecurity and how you think out loud. Here's how my process went:

  1. Apply for "Cyber Summer Associate" on website
  2. Complete a pre-recorded interview w infinite tries (behavioral)
  3. On-site interview in NYC with senior consultants, managers, and vice presidents (behavioral/technical)
    • Behavioral
    • Scenario
    • Logical
    • Group
  4. Decision emailed/phoned

I had an unforgettable experience! Aon was veryyy accomodating. They arranged the flights and stay, reimbursed any cab fees, and organized a whole tour day. Besides hustling the interview, I had time to relax in my hotel and hangout with some hometown friends :-)

In my oovoo java Ramen w frens

Two weeks after my interview, I received a phone call with awesome news!

Soo of course Ms. Rona made this experience virtual and reduced it from 10 weeks to 8 weeks, which had its own set of pros and cons. One thing is for sure, I was really looking forward to returning to NYC for the 3-day intern orientation followed by a CTF!

8 Week Timeline

Week 1: Orientation + IT set up

Week 2: Receive CSA and Aon United project

Week 4: Midpoint check up + feedback

Week 8: Present projects

Most of your time is intended to be decided by you! I came in to learn about DFIR and Aon/Stroz Friedberg's culture so here's how I spent my time.

50% Working on Cyber Summer Associate Project w my partner from Washington D.C.

20% Examining cases and sitting on client calls

20% Networking/meeting w my manager or colleagues from different practices

I always put my CSA project first, because that's what my final presentation and evaluation by HR is on. I dedicated the rest of my time to learning about Aon's culture and client cases via networking calls and shadowing cases.

DFIR is flipping intense!

My managers work plenty of overtime hours. The LA office historically works only in Digital Forensics (edisco) but we've been getting a lot of Incident Response (ransomware, threat hunts, business email compromises) cases recently.

Also Windoze is everything. Lots of businesses use Windows = we report and remediate a lot of Windows machines. As a Linux gal, I heard so many unfamiliar words for forensic artifacts like shellbags, jumplists, userlists, and so on. Cyber CTF's help out!

Aon is lawful good.

Aon believes in putting their employees and clients first. During 'rona, Aon did not fire any employees; ironically the company works counter cyclical to pandemics. With companies demanding how to insure themselves and cyber attacks running at a high, Aon consultants are more busy than ever! Anyways instead of firing employees, Aon cut senior lvl and above's paychecks by 20% but gave it back alongside a 5% bonus!

We had three optional meetings per week that focus on professional and personal development. Topics range from like "Finance 101" to "How to ask for Feedback"! Wholesome stuff ya know.

#AonUnited we have weekly and monthly meetings connecting different regions and practices together. West Coast DFIR Cyber Huddle is definitely my favorite one!

Some personal takeaways from my experience:

I whole-heartedly would recommend this internship program to anyone! You're informed from the very beginning the expectations and timeline HR set for you and you are given plenty of time and freedom to explore the business.