LMI IoT Protocol Testing, Benchmarking, and NIST Standards Compliance Roadmapping Project
Recruitment closed Oct. 3, 2025

Dive into real-world cybersecurity issues through mentored work experience while earning $25 an hour in LMI's IoT Protocol Testing, Benchmarking, and NIST Standards Compliance Roadmapping project, part of CCI’s Project-Based Learning Program.
The project is part of CCI’s mission of Workforce Development.

About the Project
This project provides students the opportunity to work on a secure IoT protocol designed to help leverage the benefits of the IoT devices without creating excess risk to the security of critical government networks and systems.
Project tasks:
- Analyze the security posture of common IoT protocols such as WirelessHART, ZigBee Pro, Thread, Wi-SUN, Bluetooth Low Energy, LoRaWAN, and Narrow Band IoT. Students will:
- Build a threat model (STRIDE + ATT&CK for ICS/IoT) for tag to edge to cloud paths;
- Develop a protocol analysis harness (pcap capture + dissectors + fuzz inputs), run passive/active tests (replay, malformed frames, downgrade attempts), and document resilience and findings;
- Produce a comparative security benchmark (controls, crypto use, pairing flows, resilience to jamming/replay);
- Deliver hardening recommendations and a portable test plan you can hand to a 3rd party lab later. Outputs map directly into RMF core documents and reciprocally consumable evidence (e.g., SSP control implementations; SAR test methods; RAR risks; POA&M entries).Create a FIPS 140‑3 readiness package for the Mist protocol cryptographic implementation (in a commercial lab)
What You’ll Do
- Work on real-world cybersecurity scenarios/projects
- Enhance your soft skills
- Network with students, faculty, and CCI partners
What You’ll Get
- A stipend of $25 per hour will be paid through CCI
- Mentorship by LMI experts
- Access to approved systems (e.g. VPN)
- Challenge, project outline, and materials required to complete the tasks
- Report describing the vulnerabilities of common IoT protocols
- Threat model and test Plan that can be implemented by a 3rd party lab
Timeline
Milestone | Date |
Recruitment opens | Sept. 22, 2025 |
Recruitment closes | Oct. 3, 2025 |
Round One: LMI written assessment | Oct. 20-24, 2025 |
Round Two: LMI interviews | Oct. 27 - Nov. 7, 2025 |
Selected students notified | Nov. 14, 2025 |
Project duration | Jan. 19 - April 6, 2026 |
Kick-off meeting | Jan. 19, 2026 |
Presentation and Project End Date | April 6, 2026 |
Eligibility Requirements
To qualify for the program, you must:
- Be a U.S. citizen
- Be currently studying at a Virginia institution of higher education
- Have completed one year of schooling
- Be enrolled full-time through the fall 2026 semester
- Have declared their major in cyber or cyber-related field
- Cybersecurity
- Computer Science
- Engineering
- Network Security
- Applied Cryptography
- Commit to staying in the program from Jan. 19 - April 6, 2026
Additional preferred qualifications:
- Network/protocol analysis (Wireshark/tshark), basic scripting (Python), fuzzing frameworks
- Threat modeling (STRIDE), attack surface mapping (MITRE ATT&CK for ICS/IoT)
- Cryptography fundamentals (symmetric/asymmetric, RNGs, self‑tests)
- C/C++ or Python lab scripting; Linux build/toolchains
- Technical writing (security policy, test plan)
Project Requirements
If selected for the program, you must:
- Work on a cybersecurity project from Jan. 19 - April 6, 2026
- Work on the program for a minimum of 10 hours per week during Jan. 19 - April 6, 2026
- Meet one day a week with LMI and student team (meetings will be scheduled in advance and will be virtual)
- Prepare the final project presentation to be delivered on April 6, 2026
- Provide your own computers, laptops, etc.
- Inform your university/college advisor of project participation
- Provide CCI with your advisor’s name, title, and email
Expectations
This is a professional opportunity, and you’re expected to conduct yourself in a manner befitting a professional environment.
You will be held accountable for attending meetings and actively participating in project-related tasks. Failure to meet these expectations could result in your dismissal and forfeiture of your stipend. You must:
- Attend 90% percent of mandatory meetings
- Participate in project-related tasks
- Resolve any attendance and participation issues
If you’re interested in seeing this program at your school or sponsoring such a program at your company, please contact Sarah Hayes at sshayes@vt.edu.