LMI IoT Protocol Testing, Benchmarking, and NIST Standards Compliance Roadmapping Project

Dive into real-world cybersecurity issues through mentored work experience while earning $25 an hour in LMI's IoT Protocol Testing, Benchmarking, and NIST Standards Compliance Roadmapping project, part of CCI’s Project-Based Learning Program.

The project is part of CCI’s mission of Workforce Development.

About the Project

This project provides students the opportunity to work on a secure IoT protocol designed to help leverage the benefits of the IoT devices without creating excess risk to the security of critical government networks and systems.

Project tasks:

• Analyze the security posture of common IoT protocols such as WirelessHART, ZigBee Pro, Thread, Wi-SUN, Bluetooth Low Energy, LoRaWAN, and Narrow Band IoT. Students will:
  • Build a threat model (STRIDE + ATT&CK for ICS/IoT) for tag to edge to cloud paths;
  • Develop a protocol analysis harness (pcap capture + dissectors + fuzz inputs), run passive/active tests (replay, malformed frames, downgrade attempts), and document resilience and findings;
  • Produce a comparative security benchmark (controls, crypto use, pairing flows, resilience to jamming/replay);
  • Deliver hardening recommendations and a portable test plan you can hand to a 3rd party lab later. Outputs map directly into RMF core documents and reciprocally consumable evidence (e.g., SSP control implementations; SAR test methods; RAR risks; POA&M entries).Create a FIPS 140‑3 readiness package for the Mist protocol cryptographic implementation (in a commercial lab)

What You’ll Do

• Work on real-world cybersecurity scenarios/projects
• Enhance your soft skills
• Network with students, faculty, and CCI partners

What You’ll Get

• A stipend of $25 per hour will be paid through CCI
• Mentorship by LMI experts
• Access to approved systems (e.g. VPN)
• Challenge, project outline, and materials required to complete the tasks
• Report describing the vulnerabilities of common IoT protocols
• Threat model and test Plan that can be implemented by a 3rd party lab

Timeline

Eligibility Requirements

To qualify for the program, you must:

• Be a U.S. citizen
• Be currently studying at a Virginia institution of higher education
• Have completed one year of schooling
• Be enrolled full-time through the fall 2026 semester
• Have declared their major in cyber or cyber-related field
  • Cybersecurity
  • Computer Science
  • Engineering
  • Network Security
  • Applied Cryptography
• Commit to staying in the program from Jan. 19 - April 6, 2026

Additional preferred qualifications:

• Network/protocol analysis (Wireshark/tshark), basic scripting (Python), fuzzing frameworks
• Threat modeling (STRIDE), attack surface mapping (MITRE ATT&CK for ICS/IoT)
• Cryptography fundamentals (symmetric/asymmetric, RNGs, self‑tests)
• C/C++ or Python lab scripting; Linux build/toolchains
• Technical writing (security policy, test plan)

Project Requirements

If selected for the program, you must:

• Work on a cybersecurity project from Jan. 19 - April 6, 2026
• Work on the program for a minimum of 10 hours per week during Jan. 19 - April 6, 2026
• Meet one day a week with LMI and student team (meetings will be scheduled in advance and will be virtual)
• Prepare the final project presentation to be delivered on April 6, 2026
• Provide your own computers, laptops, etc.
• Inform your university/college advisor of project participation
• Provide CCI with your advisor’s name, title, and email

Expectations

This is a professional opportunity, and you’re expected to conduct yourself in a manner befitting a professional environment.

You will be held accountable for attending meetings and actively participating in project-related tasks. Failure to meet these expectations could result in your dismissal and forfeiture of your stipend. You must:

• Attend 90% percent of mandatory meetings
• Participate in project-related tasks
• Resolve any attendance and participation issues

If you’re interested in seeing this program at your school or sponsoring such a program at your company, please contact Sarah Hayes at sshayes@vt.edu.