GuidePoint Security Fall 2025

The Commonwealth Cyber Initiative (CCI) is partnering with GuidePoint Security for a Fall 2025 program to recruit up to five apprentices to create a “SOC-in-a-Box,” a scalable and deployable lab environment for cybersecurity practitioners to practice and hone their skills.

Project Overview

The created environment should include all essential elements of a Security Operations Center (SOC), including a log aggregation platform, case management system, basic active directory ecosystem, and a host-based detection tool. 

The deployment and configuration of this lab and its parts should be automated using Infrastructure as Code (IaC) solutions. 

This project will expose students to technologies they’ll encounter in the cybersecurity field while providing insight into such roles as:

• Incident response analyst.
• Threat intelligence specialist.
• Detection engineer.
• Adversary emulation specialist.

What You’ll Do

Apprentices will work as a team, establishing a routine and communication practices for internal interactions. 

Participants will:

• Design and deploy an environment with five or more virtual machines connected to an active directory using IaC.
• Write a script to simulate typical user activity on end-user devices, imitating normal network traffic.
• Install a host-based detection solution on end-user devices. 
• Deploy a vulnerable web server that can be attacked by machines on the network.
• Set up a SIEM (security information and event management), collecting appropriate data from systems on the network.
• Set up a SOAR (security, orchestration, automation, and response) solution with basic case management.  
• Generate malicious activity, attacking the vulnerable web server to test case management.
• Provide weekly updates on project status. 

What You’ll Get

Selected students, who can participate in the project for one semester or one academic year, will:

• Receive up to $2,400, depending on hours worked and requirements met.
• Work on real-world cybersecurity scenarios/projects.
• Be mentored by GuidePoint Security professionals.
• Get access to approved systems (for example, a VPN).
• Receive materials required to complete the project.
• Enhance such soft skills as communication, critical thinking, time management, problem solving, adaptability, and teamwork.
• Network with students, faculty, and CCI partners.

Office hours for questions and information will be held on Fridays from 11 a.m. to noon ET for the duration of the project.  

In addition, participants will be invited to attend optional internal training sessions hosted by GuidePoint Security professionals. Sessions take place at various times throughout the week and cover a wide range of topics. 

In previous project-based learning programs, students have attended sessions on:

• Application Security Assessments
• Linux Fundamentals
• Automating Pentesting
• Working in the Federal Space
• Technical Interview Prep

Eligibility Requirements

To be considered for selection, candidates must:

• Be a U.S. citizen
• Currently studying at a Virginia institution of higher education
• Have completed one academic year.
• Have declared their major in a cyber or cyber-related field.
• Commit to staying in the program.
• Attend the virtual project kick-off meeting.
• Be enrolled in cyber or cyber-adjacent courses.
• Demonstrate an interest in cybersecurity (e.g. does Hack the Box or other online CTF-style activities, has a home lab, cyber club, etc.).

The most qualified candidates will have taken a class in, or have experience with:

• Security operations or a Security Operations Center (SOC).
• Cloud technologies.
• Coding or scripting.

Selected candidates must:

• Work on the program for a maximum of 2 to 8 hours a week.
• Meet four days a month with GuidePoint Security. Meetings will be scheduled in advance and will be conducted virtually.
• Provide their own equipment, including a computing device with a working microphone and video.
• Have access to a stable internet connection.
• Inform their university/college advisor of project participation.
• Provide CCI with PI/advisor name, title, and email.

Commitment Requirements

Students are required to:

• Read through the provided resource packet PRIOR to attending the project kick-off meeting.
• Attend the project kick-off meeting at 12:00 pm ET on September 2
• Attend weekly virtual meetings on Tuesdays at 12:00 pm ET from September 2 – December 2, 2025
• Present their final project deliverables on December 5, 2025 (time TBD based on student schedule). 
• Work as part of a team to complete project-related tasks
• Work on the program for a maximum of 8 hours per week. 
• Notify their student advisor regarding their participation in the project

Expectations and Repercussions

This project presents a professional opportunity for students, who are expected to conduct themselves in a professional manner. Attendance at meetings and active participation in project-related tasks is required.

Students can be dismissed from the program if they fail to:

• Attend eight out of 10 weekly update meetings.
• Attend the virtual kickoff session.
• Actively participate in project-related tasks.
• Refuse or fail to work effectively with their team partners.
• Attend mandatory meetings and participate in project-related tasks.

Advisors will be notified once via email that a student is in danger of being dismissed. 

Failure to resolve attendance and participation issues will result in dismissal, and the student and advisor will be notified.

Mandatory Meetings

• SEP 2 – 12:00 pm – Project Kickoff Session
• SEP 5 – 11:00 am - Ansible Training (Friday)
• SEP 9 – 12:00 pm – Initial Update Call
• SEP 16 – 12:00 pm – Student Updates
• SEP 23 – 12:00 pm – Student Updates
• SEP 30 – 12:00 pm – Student Updates
• OCT 7 – 12:00 pm – Student Updates
• OCT 14 – 12:00 pm – Student Updates
• OCT 21 – 12:00 pm – Student Updates
• OCT 28 – 12:00 pm – Student Updates
• NOV 4 – 12:00 pm – Student Updates
• November 11 is a corporate holiday - updates provided via email this week
• NOV 18 – 12:00 pm – Student Updates
• NOV 25 – 12:00 pm – Student Updates, Cutoff for New Architecture
• DEC 2 – 12:00 pm – Presentation Draft & Documents Review
• DEC 5 – Time TBD – Project Presentation & Closeout

Optional Meetings

• Office Hours:  Every Friday from 11:00 am – 12:00 pm 
• GuidePoint Security University training – you will be invited to internal training hosted by GuidePoint Security professionals, but they are entirely optional.  Trainings occur at various times throughout the week and cover a wide range of topics. In the past, students have been invited to: 
  • Introduction to Cybersecurity
  • Introduction to Application Security Assessments
  • Linux Fundamentals
  • Automating Pentesting
  • IOC Enrichment & Remediation
  • Certification Review Sessions
  • Working in the Federal Space
  • Effective PowerPoints for Technical Presentations
  • Public Speaking
  • Technical Interview Prep
  • Resume / LinkedIn Workshops

For more information, contact CCI's Kendall Beebe at kwbeebe@vt.edu.