Student Fellows

CACR Student Fellowship Program

2024-2025 Fellows

Ben Lazarine, Kelley School of Business, Operations and Decision Technologies (ODT) Ph.D. Program

Mohammad Nasir Moradi, Graduate Student from the Luddy School of Informatics, Computing, and Engineering

Katherine Naughton, Kelley School of Business, MS in Information Systems

Tanner Wilburn, Maurer School of Law and Kelley School of Business MS

Through the CACR student fellowship program, leading cybersecurity experts at Indiana University equip graduate students with on-the-job experiences in protecting critical information and systems.

CACR student fellows are at the forefront of client work, conducting cyber assessments and operations research, and finding ways to increase automation.

With cybersecurity undergraduate and graduate programs across several schools, IU is a national leader in multidisciplinary cybersecurity education. Programs such as the Master of Science in Cybersecurity Risk Management degree program allow students to take coursework from the Luddy School of Informatics, Computing and Engineering, the Kelley School of Business and the Maurer School of Law. A joint degree program between the Hamilton Lugar School of Global and International Studies and the Luddy School offers a Bachelor of Science in Cybersecurity and Global Policy.

Every student fellow is paired with a CACR staff mentor, and  contributes directly to CACR’s active projects, programs, and initiatives over the course of a year-long appointment. 

If you have questions, contact cacr@iu.edu with the subject line "Question regarding the CACR Student Fellowship Program."

--> Prior to applying, closely review the information below in each of the categories. <--

Submit Application

More on the CACR Student Fellowship Program

Student fellow appointments are for one year, beginning at the start of the fall semester and ending before the beginning of the subsequent fall semester, with an option to include the intervening summer term. Onboarding activities will begin in the two weeks prior to or following the start of the semester depending on student and staff availability.

During the spring semester each year, we will announce the deadline for applicants wishing to be considered for that fall’s cohort. While we plan to align the start of each cohort with the beginning of the academic year, we are accepting applications year-round.

To be eligible, applicants must be enrolled as an Indiana University graduate student with a GPA of at least 3.4.

All IU Maurer School of Law students are eligible to apply, but should be aware of the existing for-credit Student Affiliate Program associated with the graduate certificates for cybersecurity and information privacy law and policy. Those opportunities are distinct from this program.

International graduate students are eligible for the program. International students on visas who are selected for fellowships will work with staff at the Office of International Services and CACR to ensure that they can complete their fellowship requirements.

Click the button below to begin your application. Attach the following required documents:

1) Resume or CV

2) A Statement of Interest no longer than 1 page. In developing your statement, we recommend referencing the R&D topics detailed below. However, your interest in these research topics is not a requirement for CACR to consider you for a fellowship.

3) Two references, including contact information

Optional, but strongly preferred:

4) A Writing Sample. Samples can be of any length and on any topic. Existing published and unpublished work may be used. Writing is an important part of working at CACR, and we want to get a sense of your writing style and capabilities. This must be your own work product, with proper attribution and unaided by AI/ML.

Applicants and applications not meeting these requirements will not be considered.

APPLY HERE

Student fellows will be compensated at a rate of $25/hour for up to $10,000 total for the year.

Student fellows commit to devote no fewer than 200 hours and no more than 400 hours to CACR work over the course of the one-year appointment.

Student fellows will meet and communicate regularly with their CACR mentor.

Students fellows will meet CACR's standards for professionalism, teamwork, respect for others, and timeliness.

Students who successfully complete their fellowship will be acknowledged permanently as CACR Student Fellows.

Research and produce reports/memoranda on:

a) Emerging research showing the effectiveness, costs, doability, and other practical parameters related to commonly recommended cybersecurity practices.
b) Trends, best practices, and issues regarding cybersecurity incident response, cyber insurance, and cyber- and privacy-related litigation.
c) Frameworks and approaches to conduct cybersecurity exercises.
d) Best-of-class and tailored cybersecurity continuing education programs (including for organizational leaders, cybersecurity practitioners, and everyday technology users).
e) The range and qualities of emerging approaches to cybersecurity assessments. This would build on our CAPP work: https://apps.dtic.mil/sti/citations/AD1049123
f) The development processes underlying commonly cited cybersecurity baseline control sets (e.g., NIST 800-53; NIST CSF; CIS Controls).
g) Information diffusion of vulnerability discovery or exploitation through temporal and 'spatial' dimensions. Example, when/where was the log4j exploit first mentioned on the internet and where did the mentions of it diffuse? The objective of this research is to improve the I/Ws that are cued by blue teams. Stretch goal, develop automated tools to provide earlier warnings of critical vulnerabilities or exploits.
h) Trends on cybersecurity workforce staffing in organizations (i.e., cyber FTE headcount).
i) Cybersecurity research review and consolidation: What exciting research is already happening that we don’t know about? Develop tools for conducting market scanning and assessment.
j) Free tool hunt: Find all of the valuable free tools that are available. Develop automated scanning tools.
k) Assessments of emerging AI-powered tools.
l) Research on the application of AI (e.g., LLMs) on the cyber risk insurance industry.

2) Develop an advanced security log analysis training exercise.

3) Work with SecureMyResearch to develop/collect metrics, research issues related to incoming tickets, research human aspects of security, and/or participate in engagements.

4) Conduct preliminary software security reviews such as initial fact-finding from the software's public facing fronts.

5) Conduct OSINT gathering for assessment analysis.

6) Develop something akin to STIGs for K-12 school environments to improve e-Safety of students.

7) Review available/accessible acceptable use policies (AUPs) for K-12 schools and perform a comparative analysis. Propose a standard AUP for K-12 school environments.

8) Develop automation for CACR workflows.

9) Research and/or develop a technical solution to our calendaring challenges: One single source of truth that then populates only relevant information out to project-specific calendars and documents. Ideally use a solution integrated within our existing workflows (e.g., Google AppSheet).