Over the years, CACR has hosted dozens of student interns and fellows. Considering all these positive experiences, increasing student interest, and new opportunities for student research experiences aligned with IU2030. CACR launched our Student Fellows Program pilot in March of 2024. The application window for students wishing to be considered for the fall 2024 cohort has closed. While our next planned cohort will begin in fall 2025, we welcome applications throughout the year from interested students.
APPLY HERE
In this inaugural year, we have limited slots available and will be learning a lot… This "Alpha'' student fellow cohort will help shape CACR’s student opportunities for those who come after. Each student fellow will be paired with a CACR staff mentor, and will contribute directly to CACR’s active projects, programs, and initiatives over the course of a year-long appointment.
Founded in 2003, CACR specializes in helping communities and organizations representing the full range of critical infrastructure with practical cybersecurity. Our work is research-driven, evidence-based, multidisciplinary, collaborative, and – above all – mission-focused. We are very hands-on, frequently working with communities, organizations, and individuals directly facing down cyber threats. Our work focuses on researching and developing assessment methodologies, conducting assessments, developing frameworks and guidance, developing and delivering training, and designing and leading community-building activities.
Here's what one student fellow had to say about his experience working with CACR:
"My student fellowship with CACR ignited my interest in cybersecurity and launched my career. I wouldn’t be where I am today had I not been given the chance to work and grow with CACR. There's no better place for IU students to immerse themselves in practical, robust, and battle-tested cyber research." - Grayson Harbour, B.A.J. ’15, M.S. ’19, J.D. ‘19
Prior to applying, closely review the following information. If you have questions, contact cacr@iu.edu with the subject line "Question regarding the CACR Student Fellowship Program."
APPLY HERE
Schedule and Logistics
Student fellow appointments are for one year, beginning at the start of the fall semester and ending before the beginning of the subsequent fall semester, with an option to include the intervening summer term. Onboarding activities will begin in the two weeks prior to or following the start of the semester depending on student and staff availability.
During the spring semester each year, we will announce the deadline for applicants wishing to be considered for that fall’s cohort. While we plan to align the start of each cohort with the beginning of the academic year, we are accepting applications year-round.
Eligibility Requirements
To be eligible, applicants must be enrolled as an Indiana University graduate student with a GPA of at least 3.4.
All IU Maurer School of Law students are eligible to apply, but should be aware of the existing for-credit Student Affiliate Program associated with the graduate certificates for cybersecurity and information privacy law and policy. Those opportunities are distinct from this program.
International graduate students are eligible for the program. International students on visas who are selected for fellowships will work with staff at the Office of International Services and CACR to ensure that they can complete their fellowship requirements.
Application Requirements
Click the button below to begin your application.
Attach the following required documents:
1) Resume or CV
2) A Statement of Interest no longer than 1 page. In developing your statement, we recommend referencing the R&D topics detailed below. However, your interest in these research topics is not a requirement for CACR to consider you for a fellowship.
3) Two references, including contact information
Optional, but strongly preferred:
4) A Writing Sample. Samples can be of any length and on any topic. Existing published and unpublished work may be used. Writing is an important part of working at CACR, and we want to get a sense of your writing style and capabilities. This must be your own work product, with proper attribution and unaided by AI/ML.
Applicants and applications not meeting these requirements will not be considered.
APPLY HERE
Compensation and Expectations
Student fellows will be compensated at a rate of $25/hour for up to $10,000 total for the year.
Student fellows commit to devote no fewer than 200 hours and no more than 400 hours to CACR work over the course of the one-year appointment.
Student fellows will meet and communicate regularly with their CACR mentor.
Students fellows will meet CACR's standards for professionalism, teamwork, respect for others, and timeliness.
Students who successfully complete their fellowship will be acknowledged permanently as CACR Student Fellows.
For Reference: Potential Student Fellow R&D Areas and Topics
1) Research and produce reports/memoranda on:
a) Emerging research showing the effectiveness, costs, doability, and other practical parameters related to commonly recommended cybersecurity practices.
b) Trends, best practices, and issues regarding cybersecurity incident response, cyber insurance, and cyber- and privacy-related litigation.
c) Frameworks and approaches to conduct cybersecurity exercises.
d) Best-of-class and tailored cybersecurity continuing education programs (including for organizational leaders, cybersecurity practitioners, and everyday technology users).
f) The development processes underlying commonly cited cybersecurity baseline control sets (e.g., NIST 800-53; NIST CSF; CIS Controls).
g) Information diffusion of vulnerability discovery or exploitation through temporal and 'spatial' dimensions. Example, when/where was the log4j exploit first mentioned on the internet and where did the mentions of it diffuse? The objective of this research is to improve the I/Ws that are cued by blue teams. Stretch goal, develop automated tools to provide earlier warnings of critical vulnerabilities or exploits.
h) Trends on cybersecurity workforce staffing in organizations (i.e., cyber FTE headcount).
i) Cybersecurity research review and consolidation: What exciting research is already happening that we don’t know about? Develop tools for conducting market scanning and assessment.
j) Free tool hunt: Find all of the valuable free tools that are available. Develop automated scanning tools.
k) Assessments of emerging AI-powered tools.
l) Research on the application of AI (e.g., LLMs) on the cyber risk insurance industry.
2) Develop an advanced security log analysis training exercise.
3) Work with SecureMyResearch to develop/collect metrics, research issues related to incoming tickets, research human aspects of security, and/or participate in engagements.
4) Conduct preliminary software security reviews such as initial fact-finding from the software's public facing fronts.
5) Conduct OSINT gathering for assessment analysis.
6) Develop something akin to STIGs for K-12 school environments to improve e-Safety of students.
7) Review available/accessible acceptable use policies (AUPs) for K-12 schools and perform a comparative analysis. Propose a standard AUP for K-12 school environments.
8) Develop automation for CACR workflows.
9) Research and/or develop a technical solution to our calendaring challenges: One single source of truth that then populates only relevant information out to project-specific calendars and documents. Ideally use a solution integrated within our existing workflows (e.g., Google AppSheet).
