Virginia Tech® home

Call for Proposals: Cybersecurity Innovation Bridge Fund


Virginia’s Commonwealth Cyber Initiative (CCI) aims to create a commonwealth-wide ecosystem of innovation excellence at the intersection of cybersecurity, autonomous systems, and data. CCI’s mission includes research, innovation, and workforce development.


CCI seeks proposals for Virginia university-affiliated cyber technologies to help bridge the gap between pre-seed and seed funding. The objective is to enhance pre-product, cybersecurity innovation companies/university projects by developing a cyber technology prototype to attract seed/series-A funding.

Cybersecurity innovations are defined as technologies and processes that protect systems, networks, programs, data, and operations from digital attacks. Aspects of protection can include risk analysis, vulnerability assessment, system protection/mitigation, information security, threat detection/characterization, real-time defense, restoration activities, and end-user education/training. CCI is especially interested in applications across the overlapping areas of cyber-physical systems, autonomous systems, robotic process automation, critical infrastructure, and endpoint security.


Eligibility Requirements

  1. Institution of higher education (IHE) research team – Funds would go to a CCI-affiliated IHE to further develop a technology (by university or college employees and/or students) that: (i) researchers intend to commercialize; and (ii) is covered by a written invention disclosure received by the university’s/college’s technology transfer office.

  2. Institution of higher education (IHE) and company research team - Funds would go to the lead institution of higher education to further develop a technology in partnership with a company, wherein the company (corporation or LLC) must: (i) be headquartered in Virginia with intent to grow the company in Virginia; (ii) have a license/option for the technology with an CCI-affiliated IHE at the time of award; and (iii) be at a pre-product stage.


We anticipate funding proposals with a budget that does not exceed $50,000 USD. The amount of support granted to each project will be weighted by the maturity level of the technology. Budgets should be proportional to anticipated scale of impact.

Budget items can include, for example:

  • Prototype development and testing
  • Generation of data for proof-of-concept
  • Software coding and user interface work
  • Independent verification and validation (IV&V)
  • Pay for students or postdoctoral fellows, with total labor costs (including benefits) limited to <75% of budget

Period of performance must be between June 15, 2021 – May 30, 2022. Reporting is required on December 1, 2021 and June 1, 2022.

According to the terms under which CCI is funded, the following costs are not allowable:

  • Costs of developing and delivering undergraduate capstone programs, except as part of the larger effort to align cyber and CPSS-focused undergraduate program content with industry needs.
  • Portion of salaries and benefits of faculty for time spent teaching undergraduates, including teaching cyber-related courses.
  • Scholarships for costs of attendance at institutions of higher education.

Award Selection:

The competition’s selection committee, which may include members of CCI’s Innovation Committee, will provide funding recommendations to CCI’s Leadership Council. The final decision on the awards will be made by the CCI Leadership Council. Additionally, a mentor panel, composed of Innovation Committee members, will guide awardees throughout the award year.

Identified Commitment 

Because this is a CCI Node-funded program, the awardee must provide a 1:1 identified commitment to this grant. While indirect costs (IDC) are NOT eligible costs in the proposals submitted in response to this RFP, unrecovered IDC can be used to partially fulfill this requirement. No funds from other CCI-funded projects can be used as identified commitment.

Proposals and budgets should go through the appropriate approval process at the PI’s institution. For instance, many universities require researchers to include a proposal and budget which have been approved in the standard OSP pre-award procedure.

Some possible examples of identified commitment are:

  • Salary for student or faculty member on the team, or company personnel, proportional to percent effort
  • Patent or copyright expenses
  • Waived license fee or indirect costs
  • External funds expended on the project within the period of performance of the award

Successful applicants are expected to participate fully in the activities of CCI, including providing materials needed for reports, participation in CCI meetings, and responding to data collection requests by CCI. All publications and presentations resulting from the grant should acknowledge support from the Commonwealth Cyber Initiative (CCI). Grant award letters will supply an example of this acknowledgement.


Proposal Format

Proposals must use 1-inch margins, 11-point font or larger (Arial or Helvetica) and single line spacing. The following outline is to be followed:

1. Title page (one page, example included below)

  • Title of the proposed project, abstract, name, affiliation, and contact information for Principal Investigator (PI) and co-Principal Investigators (co-PIs), if any.

2. Proposed Project (up to 4 pages)

  • Description of the project: objectives, methodology, milestones, and timeline.
  • Past performance: description of methodology, scale, success, and lessons-learned from prior iterations of project
  • Discussion of the alignment of the project with CCI objectives.
  • Measures of success: key performance indicators, how success will be measured and tracked.

3. Commercialization potential including competitive landscape (2 pages)

  • Description of unmet need and why the proposed technology is a better solution than other approaches
  • Size of market and ability to capture market share in the short and long term
  • Potential obstacles to success
  • Commercial development strategy   

4.  Budget (up to 2 pages)

  • Budget items and justification.
  • The budget must contain both the requested amount and the identified commitment. The latter should be in the form of a table according to the following format: Download worksheet PDF.

5.  Biographies

  • Up to 2 pages each for PI and co-PIs, using NSF format.





Request for Proposals Released

April 21, 2021

Last Day for Q&A

May 14, 2021; 5 p.m. ET

Proposals Due

May 21, 2021 5 p.m. ET

Award Notification

June 11, 2021

Award Accepted & Signed

June 16, 2021 5 p.m. ET

Certify Documentation - Discloser with TTO, Licensing Agreement, and/or VA-based Registration

June 16, 2021 5 p.m. ET

Pitch Day with Virginia-based investors 10 a.m.-5 p.m. ET July 14, 2022 (date may change)

Proposal Submission

The proposal must be submitted via email to no later than the close of business day (5:00 p.m. ET) on Friday, May 21, 2021. Be sure to include the subject line Cybersecurity Innovation Bridge Fund Proposal in the email.

All proposals must be submitted as a single PDF document.

Evaluation Criteria

Proposals will be evaluated as follows:

Commercialization Potential (25%)

  • Clearly defined problem/unmet need
  • How will proposed technology address this problem/need
  • Technical feasibility
  • Data or prototype available
  • Strength, experience, and engagement of team

Market Potential (25%)

  • Market size or opportunity
  • Strength of competition and competitive products
  • Ability of proposed solution to capture market share
  • Ability to secure long-term competitive advantage including IP protection

Development Plan and Budget (25%)

  • Clear and appropriate budget that aligns with technology development plan
  • Plan can be achieved in allotted time frame with requested funding
  • Milestones have defined end points and deliverables
  • Scientific/development methods are valid

Value of the Funding (25%)

  • Commercialization funds will move technology to clearly defined next stage or inflection point
  • Value of potential technology development greatly exceeds the risk-adjusted cost of funding
  • Achievement of milestones will de-risk technology and/or validate market opportunity
  • Funds will have proportional impact on moving technology forward with CCI goals

Request for Proposals Frequently Asked Questions 

1.    The General Assembly, through VRIC, has directed that all Node-Contributed CCI funds have a 1:1 comparable contribution. These contribution requirements need to align to the four categories outlined in the CCI Blueprint: Research, Regional Innovation Ecosystem, Talent Pipeline, and Operations. We understood this to mean that labor funds must be comparable by labor (remember that salary+fringe+IDC for labor all count), equipment funds by equipment, etc. Since most of the projects we support do NOT purchase equipment or software, labor funding is always what is funded. Fortunately, labor costs also dominate most of the research in cybersecurity being done by CCI partners.

Comparable federal funds (or other non-Commonwealth funds) that support related projects (projects related to cybersecurity, autonomous systems, and data qualify) demonstrate the institution's commitment to this effort. Non-Commonwealth funded projects or non-Commonwealth grants (gifts by a commercial entity, individuals, etc.) related to cybersecurity can count as an acceptable contribution. Otherwise, the faculty member will need to "donate" some labor towards curriculum development (e.g., if 20% Labor is required, she can get funded for 10% and use 10% as a contribution).

Funds from the Virginia Research Investment Fund, Virginia Biosciences Health Research Corporation, Commonwealth Health Research Board, Center for Innovative Technology, Tobacco Commission, GO Virginia or Virginia Economic Development Partnership cannot be used as an acceptable contribution for CCI projects. CCI funds may be used as a demonstrated contribution for grants from federal, foundation, and/or industry sources.

No node-contributed funds that have already been committed as a demonstrated contribution for any other program shall be offered as the basis for CCI comparable funds.

  • Cybersecurity and CPSS-focused experiential learning opportunities (internships, research experiences, etc.) for undergraduate and graduate students enrolled at public institutions; to the extent possible, matching funds for internships should be contributed by the employer hosting the intern (the VRIC work group expects that the employer would be a formal partner to the Node, so the contribution would count as Node-contributed funds)
  • A program that informs and prepares undergraduate and graduate students enrolled in public institutions of higher education to obtain security clearances (program created once and then disseminated across all Nodes)
  • Alignment of undergraduate cybersecurity and CPSS-focused degree program content across Node institutions and with industry needs (as described in the Blueprint)
  • Expansion of curricula at the Cyber Range
  • Expansion of programming at the Cyber Range for PK-12 teachers and community college faculty to promote its use
  • Shared research resources, such as test beds, secure networks, etc., described in Node applications
  • Cross-Node visiting researcher program
  • Build-out of technology transfer office cybersecurity and CPSS expertise; expertise to be shared within the Node and/or across the Network
  • Scouting for cybersecurity and CPSS inventions
  • Patent costs for cybersecurity and CPSS inventions
  • Customer discovery programs; NSF i-Corp-style and i-CAP programs for cybersecurity and CPSS-focused products of research
  • Other support for commercialization of the products of Node-based cybersecurity and CPSS research
  • Collaborative activities across Nodes related to institutional IT security, technology needs of researchers, mutual support agreements, incidence response, etc.

Any Node-contributed funds used for the following activities shall not be offered as the basis for CCI matching funds. CCI matching funds shall not be used for the following activities.

  • Any activity restricted by law, regulation, policy, etc., for the use of state funds (e.g., alcohol, lobbying, etc.)
  • Activities at private PK-12 schools
  • Any costs associated with undergraduate degree growth
  • Any costs associated with designing new undergraduate degree programs
  • Costs of developing and delivering undergraduate capstone programs, except as part of the larger effort to align cyber and CPSS-focused undergraduate program content with industry needs listed under Allowable, above.
  • Portion of salaries and benefits of faculty for time spent teaching undergraduates, including teaching cyber-related courses
  • Fees for security clearances
  • Programs for veterans to transition to cyber and CPSS careers (the Commonwealth has already funded programs such as these)
  • Professional development for incumbent IT workers to gain cybersecurity proficiencies and certifications (the Commonwealth has already funded programs such as these)
  • Costs to develop post-baccalaureate certificate program for graduates who majored in other fields to gain proficiency in cybersecurity and CPSS
  • Scaling of digital fluency across all undergraduate majors
  • Scholarships for costs of attendance at institutions of higher education
  • Stand-alone technology transfer office dedicated only to serving commercialization of Node research
  • CCI funds should be used to build capacity and develop platforms for multifaceted programs, rather than to fund individual research projects (in accordance with the recommendation of the CCI Leadership Council)
  • Talent Pipeline: Before including a Talent Pipeline strategy and associated initiatives in the budget request, Nodes should ensure alignment with the VRIC work group’s discussion explained under Node Strategic Plans, above.
  • Private Institutions of Higher Education (non-profit and for-profit):
    • Experiential Learning: No CCI funds may be used for payments to students enrolled in private institutions of higher education for experiential learning opportunities.
    • Payments to those students from other sources shall not count as the basis for the match of CCI funds.
    • If CCI funds are expended on shared infrastructure located at a public institution of higher education, then private institutions may also use those resources.
    • Nodes may contract with private institutions to provide access to resources for faculty at, and students enrolled in, public institutions.
  • Public PK-12 School Systems: VRIC work group members remind Nodes that PK-12 funding for activities similar to those described in Node applications has routinely been removed from the state budget by the General Assembly. Therefore, caution is advised in requesting funding for PK-12 activities.
    • Developing cyber and CPSS-focused curricula and delivering it to PK-12 public school teachers is an allowable use of funds (created once and disseminated).
    • Cyber and CPSS-focused research experiences at public institutions of higher education for PK-12 teachers is an allowable use of funds.
    • Camps for kids, career exploration fairs and/or other programs that promote general tech sector careers (even those with a cybersecurity component) are usually an unallowable use of funds; however, VRIC will consider meaningful, rigorous, cyber- and CPSS-specific activities for PK-12 students on a case-by-case basis.
  • Virginia Space Grant Consortium: The funds provided by the state to VSGC, including GO Virginia funds, shall not count as Node-contributed funds offered as the basis for CCI matching funds. Nodes may contract with VSCG to provide services to the Node.
  • Indirect Costs and/or Facilities & Administration Costs: CCI funds shall not be used for facilities and administration costs (i.e., indirects). Nodes may offer unrecovered F&A as the basis for matching funds, separately calculated for each of the four broad categories.
  • Endowments: CCI funds shall not be placed in an endowment; expenditures from an endowment may count as Node-contributed funds offered as the basis for CCI matching funds.

Cash Contribution – The most common type of contribution, and the easiest to track, is cash contribution. Cash contribution is either the grantee organization’s own funds or cash donations from other partner organizations. A cash contribution is an actual cash contribution. Example, a business partner provides $10,000 in cash to support a research project.

In-Kind contribution – In-Kind contribution contributions come from the grantee organization or from third party (partner organizations). In-kind contribution is typically in the form of the value of personnel, goods, and services, including direct and indirect costs. In-kind contribution must be documented as to where and how the contribution is calculated. Faculty release time is a common in-kind contribution. Example: A faculty member is working on a new curriculum as part of a CCI sponsored project. His time/effort spent on teaching similar curricula and receiving training on curriculum development can be counted as in-kind contributions.


All proposals must have a lead institution/organization identified. This institution will submit the final proposal on behalf of all partner institutions/organizations. The lead institution needs to ensure that all partners provide the required budget requirements and other documents as specified in the RFP. The proposal must also clearly identify the principal investigator (PI) and any co-principal investigator(s) (co-PI) for the project.

Institutions outside Virginia cannot receive CCI funding. Since the objective of CCI is to build the research capacity and increase the cyber workforce in Virginia, faculty from institutions of higher learning outside of Virginia are not allowed to participate in CCI sponsored projects. An exception can be made if the faculty member is hired by one of the CCI partner universities, another CCI node university, as an adjunct faculty member.

Each institution of higher education has their own process for budget preparation and calculation. Therefore, submitters should contact their institution’s Office of Sponsored Programs (OSP) (or similar office) due to the institutional commitment required and the need for an accurate budget (with unrecovered indirect).

Use this language in all publications submitted as part of CCI sponsored activities:

“This work was supported [in part] by the Commonwealth Cyber Initiative, an investment in the advancement of cyber R&D, innovation, and workforce development. For more information about CCI, visit

VRIC. (2019, August 13). VRIC Meetings. Retrieved from SCHEV: to-regional-nodes---requests-for-funding.pdf