CHAPTER ONE

INTRODUCTION

1.1 History of the Organization

Nascomsoft Embedded Hub is an indigenous Information and Communication

Technology (ICT) company based in Bauchi State, Nigeria. The organization was
established to address the increasing demand for practical, industry-oriented technology
skills and ICT solutions, particularly in Northern Nigeria. It began operations in 2018 as
a small training and innovation center focused on equipping young people with hands-
on computer and software skills.

Following the positive impact of its early training programs and growing demand for
professional ICT services, Nascomsoft Embedded Hub was formally registered with the
Corporate Affairs Commission (CAC) in 2019. Since its incorporation, the organization
has expanded its scope of operations to include cybersecurity services, software
development, embedded systems solutions, and professional ICT training.

Nascomsoft Embedded Hub operates from its headquarters located in Bauchi

metropolis, where it maintains well-equipped training laboratories and workspaces. The
organization has trained numerous students, graduates, and professionals, while also
delivering ICT consultancy and technical services to individuals, educational
institutions, businesses, and government agencies.

In recent years, Nascomsoft Embedded Hub has developed strong capacity in

cybersecurity and ethical hacking, establishing a dedicated Cybersecurity Unit
responsible for penetration testing, vulnerability assessments, security awareness
training, and incident response support. This unit plays a critical role in strengthening
the security posture of client systems and training aspiring cybersecurity professionals.

1.2 Nature of the Organisation and Services Rendered

1
Nascomsoft Embedded Hub operates within the ICT sector and provides a wide range
of technology-driven services. The major services rendered by the organization include:

Cybersecurity and Ethical Hacking Services: Penetration testing, vulnerability

assessment, security audits, security awareness training, and incident response services.

Professional ICT Training: Training programs in cybersecurity, web development,

networking, embedded systems, Linux administration, and certification preparation.

Software Development: Design and development of web applications, mobile

applications, and database-driven systems for clients.

Embedded Systems and IoT Solutions: Development of microcontroller-based

systems, automation solutions, and Internet of Things (IoT) projects.

ICT Consultancy Services: Technology advisory services, IT infrastructure planning,

system deployment, and digital transformation support.

The organization combines theoretical instruction with hands-on practical training,

ensuring that trainees and interns acquire industry-relevant skills.

2.3 Departments, units and their functions

2.3.1 The Director (CEO)

The Director is responsible for supervision and providing maximum support to all
aspects of the Organization. He supervises the activities of the head of operations. He is
also in control of various contractors from other companies who are partners to
Nascomsoft Embedded for various reasons. The Director gives orders to all other units.

2.3.1 Head of operations (HOP)

The HOP is responsible for supervision and general management of all other units. He
also supervises IT/NYSC staff attached to the institute. He remains answerable only to
the director.
2
2.3.3 Accounting unit

They compile and analyze the financial information so as to prepare financial statements
including monthly and annual accounts.

2.3.4 Head of instructors (HOI)

The Head of Instructors is responsible for supervising all the instructors and providing
quality academic instructions to students. He is also in charge of student’s placement to
class.

2.3.5 Customer care/ Counsellor

Collaborate with the instructors, administrators, to identify and meet student career
planning and placement needs.

2.3.6 Head of marketing

They formulate, direct and coordinate marketing activities and policy to promote
product and services, working with advertising agencies. They also identify, develop
and evaluate marketing strategy, based on knowledge of establishment objectives,
market characteristics, cost and makeup factors.

2.3.7 Engineering unit

This unit is responsible for installation and maintenance of computer software and
hardware, establishment networks and other related technical responsibilities. They unit
comprises of network engineers, hardware/ software engineers and technicians

The Network Engineers

The network engineers are responsible for teaching students taking networking courses
as well as to perform various corrective and preventive maintenance on site when
required. They are also responsible for trouble-shooting, repair, replacement and
maintenance of site equipment to keep the network stable. They perform different site
operations from ensuring proper waterproofing, sanctity of installation, cleanliness of

3
equipment, visual inspections, hardware replacement, and software upgrades. They are
responsible for executing site transmission activities, such as cabling, traffic routing, E1
alignment and site configuration for transmissions using various tools and system
software.

Hardware Engineers

The Hardware Engineers are the computer repairers who are responsible for the
repairing of any fault computer of the company, staff and students as well as external
customers requesting for such service. They also engage in site maintenance and repairs
be it laptop, desktop, photocopier, printer, projector, cctv cameras and any other
machine. What the owner needs is to take the system to the engineering department,
these engineers are there to help them solve their problem without collecting any
money, as every system taken there must have been registered with the cashier unit for
documentation and payment unless there is something to be replaced on the system.
These Engineers are responsible for the formatting of systems, upgrading of system
windows, troubleshooting of the system hardware components and also software and
wireless network installation. They are also responsible for designing electronics
circuits, simulations, PCB designs and Embedded systems designs and developments.
They also design transformers and inverters.

Software Engineers

The software Engineers are the software programmers and developers, they are
responsible for designing websites, hosting of web pages and portals, developing of
android applications as well as desktop applications. They are also responsible for
training and certifications of software related packages.

4
Figure 1.1 picture of the temporary site of Nascomsoft Embedded

Figure 1.2: Organisational Structure of Nascomsoft Embedded Hub

5
1.4 Summary of the Intern’s Role, Responsibilities, and Activities

During my eleven-month Industrial Training at Nascomsoft Embedded Hub, I was

attached to the Cybersecurity Unit as a Cybersecurity Intern under the supervision of
Munir Abdulfatah Head of the Cybersecurity Unit.

My primary role was to acquire practical skills in cybersecurity, ethical hacking, and
penetration testing while actively participating in the unit’s daily technical activities. I
worked under close supervision and mentorship to ensure professional and ethical
practice.

My responsibilities included:

Learning and applying fundamental cybersecurity concepts and principles

Conducting network scanning and reconnaissance using tools such as Nmap

Performing web application security testing using Burp Suite

Participating in vulnerability assessments and penetration testing exercises

Using Kali Linux and various command-line tools for security testing

Documenting daily activities in a logbook

Preparing technical reports on vulnerabilities discovered

Assisting in cybersecurity training sessions and mentoring junior trainees

Participating in a real-world penetration testing project under supervision

Through these activities, I gained hands-on experience in professional cybersecurity

operations and developed technical, analytical, and documentation skills relevant to the
industry.

6
7
 CHAPTER TWO

2.1 Introduction

This chapter presents a detailed account of the day-to-day activities carried out during
my eleven-month Industrial Training at Nascomsoft Embedded Hub, Bauchi, from
January 2025 to December 2025. The activities are presented chronologically,
highlighting my level of involvement, tools used, and responsibilities assigned during
each phase of the training.

2.2. Phase One: Orientation and Foundation Training (January – April 2025)

The first phase of the training focused on orientation, familiarization with the
organization, and acquisition of foundational cybersecurity and computing skills.

2.2.1 Orientation and Familiarization

During the first week, I was formally introduced to the organization’s policies, rules,
and working environment. I was assigned to the Cybersecurity Unit and introduced to
staff members, trainers, and fellow interns. Safety guidelines, professional ethics, and
acceptable use of systems were explained.

I was also introduced to the tools, laboratories, and systems used by the cybersecurity
unit, including Linux-based systems and training platforms.

2.2.2 Cyber security Fundamentals Training

I received structured training on fundamental cybersecurity concepts, which included:

Confidentiality, Integrity, and Availability (CIA Triad)

Basic networking concepts

Types of cyber threats and attacks

Ethical hacking principles and legal considerations

Introduction to penetration testing methodology

Daily lessons were followed by practical demonstrations and guided exercises.

8
 Figure 2.1

2.2.3 Linux Operating System Training

A significant part of the foundation phase was intensive Linux training using Kali
Linux. My daily activities included:

Navigating the Linux file system using terminal commands

Creating, copying, moving, and deleting files and directories

Managing file permissions and ownership

Monitoring running processes

Using networking commands such as ping, ifconfig, ip, and netstat

Installing and updating software packages

I practiced these commands daily through hands-on exercises and assignments.

9
Figure 2.1: Offsec Machine

2.3 Phase Two: Penetration Testing Tools and Techniques (May – July 2025)

The second phase focused on penetration testing tools, methodologies, and hands-on
security testing activities.

2.3.1 Network Scanning and Enumeration

I was trained on network reconnaissance and scanning techniques using Nmap. My

activities included:

Performing host discovery scans

Identifying open ports and running services

Detecting service versions

Conducting basic vulnerability scans using Nmap scripts

Saving scan results for documentation and reporting

These activities were carried out on test environments and training networks.
10
Figure 2.2: Nmap Scan

2.3.2 Exploitation Framework Training

I was introduced to the Metasploit Framework for exploitation and post-exploitation

tasks. My responsibilities included:

Searching for exploits related to detected vulnerabilities

Configuring exploits and payloads

Launching exploits on vulnerable test systems

Managing active sessions

Performing basic post-exploitation activities

All exploitation activities were carried out in controlled and authorized environments.

2.3.3 Web Application Security Testing

Web application testing formed a major part of my daily activities. I used Burp Suite
extensively to:

Intercept and analyze HTTP/HTTPS requests

11
Modify request parameters for testing

Perform manual vulnerability testing

Automate attacks using Burp Intruder

Test authentication and input validation mechanisms

These tasks were conducted on deliberately vulnerable applications and training

platforms.

2.4 Phase Three: Advanced Web Security and Practical Projects (August–
Octorber 2025)

The final phase focused on advanced web application security testing and real-world
exposure.

2.4.1 PortSwigger Web Security Academy Laboratories

I completed numerous laboratory exercises on the PortSwigger Web Security

Academy. Daily activities included:

12
Solving SQL Injection laboratories

Exploiting Cross-Site Scripting (XSS) vulnerabilities

Testing authentication and access control flaws

Identifying Server-Side Request Forgery (SSRF) vulnerabilities

Performing file upload and command injection attacks

Each lab required understanding the vulnerability, exploiting it, and documenting the
outcome.

Figure 2.3

2.4.2 Real-World Penetration Testing Exposure

Under supervision, I participated in a real-world penetration testing exercise on an e-

commerce web application. My involvement included:

Reconnaissance and information gathering

Identifying potential vulnerabilities

13
Testing application inputs

Documenting findings and proof-of-concept evidence

Assisting in report preparation

This experience exposed me to professional penetration testing workflows.

Figure 2.4

2.4.3 Documentation and Reporting

Throughout the training period, I was required to:

Maintain a daily logbook

Record tools used and tasks performed

Document vulnerabilities discovered

Prepare structured technical reports

This improved my technical writing and documentation skills.

2.5 Additional Responsibilities

14
In addition to core cybersecurity tasks, I also:

Assisted in teaching Linux basics to new trainees

Participated in group discussions and knowledge-sharing sessions

Helped troubleshoot technical issues for junior interns

Followed organizational policies and professional ethics

2.5.1 Hackathon

During the month of July to August, Nascomsoft organized her first ever hackathon 1.0.

Myself and my team built a QR based attendance management system. The Hackathon
opened me more to team work and of course built my communication skills. Although
my team did not emerge as the winners, the experience worth it. This period was
exciting filled with challenges, frustration and the joy of success.

15
Figure 2.5

16
 CHAPTER THREE

DISCUSSION, ANALYSIS AND EVALUATION

3.1 Introduction

This chapter presents a critical discussion and analysis of the experiences I gained
during the eleven-month Industrial Training at Nascomsoft Embedded Hub, Bauchi.
Unlike the previous chapter which was descriptive, this chapter evaluates the
knowledge, skills, tools, challenges, and professional development I acquired
throughout my training period. The chapter also examines how the internship
contributed to my understanding of real-world cybersecurity practices and professional
work environments.

3.2 Analysis of Experience Gained During the Training

The Industrial Training provided extensive exposure to both theoretical and practical
aspects of cybersecurity and penetration testing. The experience gained can be analyzed
based on key learning areas.

3.2.1 Cybersecurity Knowledge and Practical Skills

One of the major gains from the training was a deep understanding of cybersecurity
principles and their practical application. Concepts such as the CIA Triad, ethical
hacking principles, vulnerability assessment, and penetration testing methodology were
not only taught theoretically but applied in real scenarios.

Through hands-on practice, I learned how attackers exploit system weaknesses and how
security professionals identify and mitigate such vulnerabilities. This practical exposure
strengthened my understanding of security beyond classroom theory and improved my
ability to think critically like both an attacker and a defender.

3.2.2 Linux Operating System Proficiency

The training significantly improved my proficiency in using Linux, particularly Kali

Linux, which is widely used in cybersecurity. Prior to the training, my experience with
Linux was minimal. However, through continuous daily usage, I became comfortable

17
navigating the file system, managing processes, configuring permissions, and using
command-line tools efficiently.

Linux proficiency enhanced my productivity and made it easier to understand how

servers operate in real environments. It also improved my troubleshooting skills, as
many cybersecurity tools require command-line interaction and configuration.

3.2.3 Penetration Testing Methodology

A structured penetration testing methodology was emphasized throughout the training.

This included reconnaissance, scanning, vulnerability identification, exploitation, post-
exploitation, and reporting.

Understanding this methodology helped me approach security testing systematically

rather than randomly. It improved my ability to plan attacks within scope, prioritize
vulnerabilities based on risk, and document findings professionally. This structured
approach reflects industry best practices and prepared me for professional penetration
testing engagements.

3.3 Analysis and Description of Tools and Equipment Used

Several cybersecurity tools and platforms were used during the training. The most
significant ones are discussed below.

3.3.1 Kali Linux Operating System

Kali Linux served as the primary operating system for security testing. It provides a
wide range of pre-installed security tools for penetration testing, forensics, and
vulnerability assessment.

Using Kali Linux enabled me to work in a professional security environment. Its

stability, tool integration, and regular updates made it suitable for advanced security
testing. However, it also required adequate system resources, which sometimes posed
challenges during training.

3.3.2 Nmap Network Scanner

18
Nmap was used extensively for network scanning and reconnaissance. The tool allowed
identification of live hosts, open ports, running services, and service versions.

Through Nmap, I learned how attackers gather information before launching attacks.
The tool’s scripting engine (NSE) introduced me to automated vulnerability detection,
making reconnaissance faster and more efficient. This experience highlighted the
importance of securing exposed network services.

3.3.3 Metasploit Framework

The Metasploit Framework was used for exploitation and post-exploitation activities. It
provided a controlled environment to understand how vulnerabilities can be exploited in
real systems.

Using Metasploit improved my understanding of exploit-payload relationships and post-

exploitation techniques. It also emphasized the importance of patch management, as
many exploits target outdated software versions.

3.3.4 Burp Suite

Burp Suite was the primary tool for web application security testing. It enabled
interception, modification, and analysis of web traffic.

Through Burp Suite, I gained deep insight into how web applications handle user input
and authentication. Manual testing using Burp proved more effective than automated
scanning alone, reinforcing the importance of human judgment in security assessments.

3.4 Analysis of Problems Encountered and Solutions Applied

Despite the success of the training, several challenges were encountered.

3.4.1 Difficulty with Linux Command-Line Usage

19
Initially, I struggled with Linux command syntax and directory navigation. This was
overcome through constant practice, guided exercises, and peer support. Over time,
repeated use improved my confidence and efficiency.

3.4.2 Tool Configuration and Syntax Errors

Many cybersecurity tools require precise configuration. Errors in syntax or settings

often resulted in failed scans or exploits. These challenges were resolved by carefully
reading documentation, consulting supervisors, and troubleshooting step-by-step.

3.4.3 System Performance and Virtual Machine Issues

Running Kali Linux and vulnerable machines simultaneously required high system
resources. Occasional system crashes and slow performance affected productivity. This
was managed by optimizing virtual machine settings and closing unnecessary
applications.

3.4.4 Understanding Complex Security Concepts

Some advanced security concepts, such as SSRF and authentication bypass techniques,
were initially difficult to understand. These challenges were addressed through repeated
laboratory practice, mentorship, and reviewing online learning materials.

3.5 Evaluation of Professional Development and Work Ethics

The training significantly contributed to my professional development. I learned how to

work in a structured organization, follow instructions, respect confidentiality, and
adhere to ethical guidelines.

Team collaboration improved my communication skills, while documentation tasks

strengthened my technical writing abilities. Teaching junior interns also enhanced my
confidence and leadership skills.

The experience instilled discipline, time management, and responsibility, which are
essential qualities for a cyber-security professional.

20
21
 CHAPTER FOUR

CONCLUSION, LIMITATIONS AND RECOMMENDATIONS

4.1 Introduction

This chapter presents the conclusion of the Industrial Training programme carried out at
Nascomsoft Embedded Hub, Bauchi. It summarizes the overall experience gained
during the training, highlights the limitations encountered, and provides useful
recommendations for students, the training organization, educational institutions, and
the SIWES/IT scheme.

4.2 Conclusion

The six-month Industrial Training at Nascomsoft Embedded Hub was a highly valuable
and enriching experience. The training successfully bridged the gap between theoretical
knowledge acquired in the classroom and real-world practical application in the field of
cybersecurity and information technology.

Throughout the training period, I was exposed to professional cybersecurity practices

such as Linux system administration, network scanning, penetration testing, web
application security testing, and technical documentation. The hands-on approach
adopted by the organization enhanced my technical competence and confidence in
handling cybersecurity tools and methodologies.

The training also contributed significantly to my professional development by instilling

discipline, teamwork, ethical conduct, effective communication, and problem-solving
skills. Overall, the Industrial Training programme achieved its objectives and has
prepared me for future professional challenges in the ICT and cybersecurity industry.

4.3 Limitations Encountered During the Training

Despite the success of the training, some limitations were encountered:

4.3.1 Limited System Resources

22
The cybersecurity training required high-performance computer systems to run virtual
machines and security tools. However, limited system resources sometimes caused slow
performance and interruptions during practical sessions.

4.3.2 Power Supply Challenges

Irregular power supply occasionally disrupted training activities and practical sessions.
Although alternative power sources were available, they were not always sufficient for
prolonged practical work.

4.3.3 Limited Access to Real-World Systems

For ethical and legal reasons, access to real production systems was limited. Most
practical exercises were conducted on simulated environments and deliberately
vulnerable systems, which, although useful, may not fully represent all real-world
scenarios.

4.3.4 Time Constraints

The six-month training period, though adequate, was not sufficient to cover all
advanced cybersecurity domains such as digital forensics, malware analysis, and cloud
security in depth.

4.4 Recommendations

Based on the experience gained and challenges encountered, the following

recommendations are made:

4.4.1 Recommendations to Students

Students should develop basic computer and networking knowledge before

commencing Industrial Training.

Serious commitment, self-study, and regular practice are essential for maximum benefit
from the training.

Students should maintain proper documentation and logbooks throughout the training
period.

23
4.4.2 Recommendations to the Training Organization

The organization should upgrade computer systems to support advanced cybersecurity

tools.

More practical exposure to real-world case studies should be incorporated where

possible.

Continuous improvement of training materials and laboratory environments is

encouraged.

4.4.3 Recommendations to Educational Institutions

Institutions should strengthen practical components of ICT courses.

Better supervision and periodic visits to students on Industrial Training should be

encouraged.

Cybersecurity-related courses should be expanded to meet current industry demands.

4.4.4 Recommendations to SIWES/IT Coordinating Bodies

Improved funding and monitoring of the SIWES programme is necessary.

Stronger collaboration between institutions and industries should be promoted.

Training organizations should be properly evaluated and accredited.

24