Cyber graduate
Do you want to graduate at Deloitte Cyber Risk Services? Cool! Graduate at Deloitte to receive great support, and get introduced to Deloitte while getting paid.
While you work on your thesis, you are treated as a Deloitte staff member. This gives you access to our extracurricular activities such as:
- Cyber Risk Services Ski-trip
- LAN parties
- Pizza-sessions
- Training, such as Deloitte HackLabs.
- Regular drinks @ The Edge
- Teambuilding activities
- Conferences and seminars, hosted and/or organized by Deloitte
Each project can obviously be tailored to your specific needs!
If you are at Deloitte for an internship while writing your thesis, you will receive compensation. Depending on the kind of internship and the number of days that you are with us, we offer compensation in line with the market. You will also be provided with a laptop during your internship period. Read more about our employment benefits.
List of thesis topics
Below you find a list of thesis topics we have available at the moment, divided into technical (Cyber Operations) and non-technical (Cyber Privacy Advisory) topics. Click on one of the topics to read more about the topic.
Cyber Strategy
- Robot security
- IBM Watson
- The role of cyber risk in M&A
- Understanding and simulating adversarial risk
- Dev Sec Ops: Automated testing. Open source vs Closed Source
- Embedding quantification of cyber risk into operational risk models
- Public Cyber Strategy
- Dashboarding / Metrics of Security Awareness
- Cyber Operating model
- How can Blockchain technology ‘improve’ the supply chain
- Cyber governance models
- Added value of agile methodology in cyber security projects
- How to build industry blockchain consortiums
- Security Analytics implementation & governance
- Product Security TOM & Governance (and SCADA)
- Lean Cyber Security
- The safety and security risks of civil drone usage
- The privacy issues of civil drone usage
- A comparison between cyber crisis management in enterprises in the critical infrastructure and enterprises in the non-critical infrastructure
- Cyber security awareness of citizens (in the Netherlands)
- Cultural differences and security awareness campaigns
- Governance structure for ICS security
- Critical Infrastructure decision process in the Netherlands vs other countries
- Current state of security in different industry sectors
Cyber Secure
- Quantum Key Distribution
- ICS/SCADA monitoring system
- Adding some new tests to our existing QuickScan vulnerability scanner
- Evaluating various executable packers (MS Windows) and understanding how A/V products behave
- Building an A/V assessment platform
- Researching possibilities for individual labels assets (barcodes, rfid, etc) and implement them in to a new planning tool
- Creation of various CTF challenges in our online Hackazon portal
- Development of a worldwide online hacking course for students
- General development of our online Hackazon portal
- Researching and building an online tracker for IoT devices to demonstrate privacy and security issues
- Identity & Access Management Issues
- The Passwordless World
- Protecting industrial IOT networks against cyber attacks and ensuring production can continue uninterrupted
- Creating new hardware hacking services and applying these to (medical) IOT devices, to ensure they can be used safely.
- Resilience of self driving cars to noisy input
- Interface between 3th party software and an embedded OS
- Release Windows Kerberos Credentials in Industrial Control Systems (ICS)
- Vulnerability assessment of Safety instrumented system (SIS)
- Security of upcoming ICS/IOT communication protocols
- ICS process mapping to finite state machines and analyzing system behavior
- State of open source robotics
Cyber Vigilant
- Custom crypto in Redstar OS
- Deep & Dark Web
- Building an IDS/IPS solution for inline usage during Red Teaming
- How to remain undetected in an environment with Microsoft Advanced Threat Analytics (ATA)
- The connection of incident management and crisis management
- Security Operations Centre (SOC)
- Intrusion detection for car systems
- Comparing ICS IDS, asset discovery and inventory solutions
- ICS malware network behavioral analysis
Cyber Strategy
Topic: Robot security
Area of expertise: technical security.
Abstract: Robots zullen in de toekomst een grote rol spelen in onze samenleving, zoals in de zorg of op het gebied van beveiliging. Bedrijven willen in de toekomst robots breed in gaan zetten om zo lagere personeelskosten en een betrouwbaardere uitvoering van diverse taken te bewerkstelligen. Naast het gemak en de kostenbesparing brengt deze ontwikkeling ook digitale risico's met zich mee. In samenwerking met Deloitte en Robot Security Systems (RSS) ga je een framework ontwikkelen dat kan worden gebruikt om de security risico's van robots in kaart te brengen en deze beter te beveiligen. Vervolgens zal je dit framework in de praktijk brengen op een robot die is ontwikkeld door RSS.
Duration: 6 maanden
Topic: IBM Watson
Area of expertise: Strategy & Transformations
Abstract: Cognitive computing is still in its infancy. However, it’s not too soon to imagine businesses and industries could be positively disrupted by this new technology. The question is to what extent this new technology can be used for cyber security purposes. By gaining insight in the pro’s and con’s of using cognitive computing you will unravel this question.
Duration: 6 months
Topic: The role of cyber risk in M&A
Area of expertise: Cyber Risk Quantification
Abstract: Cyber security and cyber risks have so far rarely been part of M&A due diligence. Potential M&A targets might be riddled with vulnerabilities. Mitigating these risks will cost a lot of money which should have been part of the initial purchasing deal. Your goal is to develop insight into these risks by examining M&A deals from the past.
Duration: 3-6 months
Topic: Understanding and simulating adversarial risk
Area of expertise: Cyber Risk Quantification
Abstract: Compared to the risk associated to natural disasters, cyber risk is special because it is caused by intelligent adversaries who can strategize and learn about their opponents and decide to adapt their strategies and actions. To make cyber security proactive, the cyber attack cat-and-mouse game between hackers and defending parties needs to be better understood. You will use methods such as game theory and agent-based modeling to develop these insights.
Duration: 6 months
Topic: Dev Sec Ops: Automated testing. Open source vs Closed Source
Area of expertise:
Abstract: Identify criteria that favor open source of closed source tooling for automated security testing in Dev Sec Ops. Also, create tool inventory with pro’s and con’s.
Duration: 4-6 months
Topic: Embedding quantification of cyber risk into operational risk models
Area of expertise: CRQ/ Operational risk framework
Abstract: How can quantifying cyber risks benefit operational Risk Models?
Duration: 3-6 months
Topic: Public Cyber Strategy
Area of expertise:
Abstract: De Nederlandse rijksoverheid doet aanzienlijke investeringen in de Generieke Digitale Infrastructuur zoals elektronische toegangsdiensten, berichten uitwisseling en transacties. Cybersecurity is een cruciaal element hiervan. Het onderzoek betreft een review van de ambities van het kabinet tegen de huidige uitvoering initiatieven.
Duration: 4-6 maanden
Topic: Dashboarding / Metrics of Security Awareness
Area of expertise: SA
Abstract: Research if it is porrible to quantify the effectiveness of SA activities. Make an overview of possible SA metrics and see if these are automatically collectable at mature clients
Duration: 4-6 months
Topic: Cyber Operating model
Area of expertise: Target operating model
Abstract: Managing cyber security in this new digital age requires a new operating model for cyber risk. How should the operating model change to deal with topics such as Cloud, robotics etc.?
Duration:
Topic: How can Blockchain technology ‘improve’ the supply chain
Area of expertise: Blockchain
Abstract: How can Blockchain characteristics help to improve the supply chain?
Duration:
Topic: Cyber governance models
Area of expertise: Governance
Abstract: Factors that influence the emergence of governance structures. Possible metrics: Industry, Size, Geography
Duration: 6-9 months
Topic: Added value of agile methodology in cyber security projects
Area of expertise: Cyber strategy
Abstract: Is working agile an added value for cyber security projects? What are the challenges? Is this a future proof method?
Duration: 5-9 months
Topic: How to build industry blockchain consortiums
Area of expertise: Strategy, technology
Abstract: What are typical business cases for industry blockchains? How to mobilize an industry consortia.
Duration: 4-5 months
Topic: Security Analytics implementation & governance
Area of expertise: Strategy, analytics
Abstract: How to govern data collection integration and use it for Sec Ops
Duration: 4-5 months
Topic: Product Security TOM & Governance (and SCADA)
Area of expertise:
Abstract: How to build a company’s security management for smart products and smart factories.
Duration: 6 months
Topic: Lean Cyber Security
Area of expertise: Strategy
Abstract: Cyber security like all risk areas has a habit of becoming unnecessary long and complex processes. By applying lean six sigma ideas, cyber terms can greatly increase the efficiency of their resources
Duration: 6 months
Topic: The safety and security risks of civil drone usage
Area of expertise: Civil drones
Abstract: Drones offer many opportunities that make our life easier in different ways. At the same time, however, this development also consists of new risks that have to be mitigated. The question becomes how these safety and security risks of civil drone usage can be mitigated, for example through regulation, taking technical measures, measures, etc.? Desk research and interviewing stakeholders will be necessary for researching this topic.
Duration: 4 - 5 months
Topic: The privacy issues of civil drone usage
Area of expertise: Civil drones
Abstract: The ample availability of affordable drones, equipped with a camera, has led to large amounts of drones being sold worldwide. Since these drones are well equipped with camera gear, one could ask the question what impact this has on the privacy of citizens. This research will dive into the privacy issues of drone usage, and how these issues should be handled. Desk research and interviewing stakeholders will be necessary for researching this topic.
Duration: 4 - 5 months
Topic: A comparison between cyber crisis management in enterprises in the critical infrastructure and enterprises in the non-critical infrastructure
Area of expertise: Cyber crisis management & Resilience
Abstract: A comparison between cyber crisis management in enterprises in the critical infrastructure and enterprises in the non-critical infrastructure will show valuable differences and/or similarities. One can research what enterprises in the non-critical infrastructure could learn from how cyber crisis management is being managed within enterprises in the critical infrastructure.
Duration: 4 – 5 months
Topic: Cyber security awareness of citizens (in the Netherlands)
Area of expertise: Cyber security awareness
Abstract: People are often the weakest link in the cyber security chain. It is necessary that people need better knowledge and more skills in order to minimize cyber security incidents. What kind of campaigns does the government has regarding cyber security awareness raising, and does it have effect on the citizens?
Duration: 4 – 5 months
Topic: Cultural differences and security awareness campaigns
Area of expertise: Cyber security awareness
Abstract: Cultural differences could influence the response to and effectiveness of security awareness campaigns. For example the response to a phishing campaign between the US, the EU and Asian countries. What are the reasons behind this?
Duration: 6 months
Topic: Governance structure for ICS security
Area of expertise: Combination of business and IT security
Abstract: Market research shows that many organizations with Industrial Control Systems struggle with implementing risk mitigating controls regarding cyber security. These controls are usually based on the controls implemented in the IT field, but are these controls the right controls for the ICS field as well? What are the differences in requirements and effectiveness of the controls between ICS and IT?
Duration: 6 months
Topic: Critical Infrastructure decision process in the Netherlands vs other countries
Area of expertise: Case study, ICS, Critical infrastructure, NISD, Security
Abstract: A part of the new European directive NISD requires countries to assign sectors which they define as critical infrastructure. Why did the Netherlands choose the sectors it did and why do they differ from other European countries?
Duration: 6 months
Topic: Current state of security in different industry sectors
Area of expertise: Industry, security, study
Abstract: What is the current state of cyber security in the different sectors/brands of industry? Are there any differences and what are the reasons behind these differences?
Duration: 6 months
Do you have other cool ideas? Let us know! You are always welcome to present your topic to us.
Cyber Secure
Topic: Quantum Key Distribution
Area of expertise: Cryptography
Abstract: Quantum key distribution is technologically much easier to implement than a full quantum computer and the first commercial implementations are already available today. Yet many challenges remain in bringing quantum key distribution into practise. What are the practical applications of quantum key distribution?
Duration: 6 months
Topic: ICS/SCADA monitoring system
Area of expertise: Hacking
Abstract: Interconnected ICS/SCADA systems around the world are exposed to risk due to lack of security countermeasures or misconfiguration issues. This project aims to regularly perform online scanning on the country i.e. (Netherlands) to identify permanent or mistakenly interconnected ICS/SCADA systems by recognizing default ICS ports, vendors’ interfaces and online search engines’ results.
Duration: 1 month
Topic: Adding some new tests to our existing QuickScan vulnerability scanner
Area of expertise: Development / Hacking.
Abstract: We are in the process of updating our existing QuickScan vulnerability scanner. It currently scans for issues such as improperly configured certificates, existence of admin interfaces, vulnerabilities such as Heartbleed, etc. We would like to add some tests, such as a check for Shellshock, HttPoxy, support for Perfect Forward Secrecy and Secure Renegotiation.
Duration: 1 month (UvA students only)
Topic: Evaluating various executable packers (MS Windows) and understanding how A/V products behave
Area of expertise: Red Teaming Operations
Abstract: An executable packer is a software that modifies the actual executable code while maintaining the files behavior. Commonly used to reduce the file size of large executables for added portability or most commonly to obfuscate them and make reverse engineering an complicated and costly or intensive process. There are multiple legitimate and underground software packers. The purpose of this research is to identify the most common of them and evaluate them against a number of common Antivirus (A/V) products in order to understand the particularities between different A/V products, signature based detection and heuristic algorithms.
Duration: 1 month (UvA students only)
Topic: Building an A/V assessment platform
Area of expertise: Red Teaming Operations
Abstract: Using common tools such as Puppet, Docker or other mass-deployment solutions create a Windows and Linux blended solution that enables the automatic creation of a virtualized test lab for the evaluation of a potential malware across multiple Antivirus (A/V) products concurrently and securely. This does not involve analysis of the potential malware in a sandbox such as Cuckoo sandbox but the evaluation of an executable across multiple free and commercial A/V products.
Duration: 1 month (UvA students only)
Topic: Researching possibilities for individual labels assets (barcodes, rfid, etc) and implement them in to a new planning tool
Area of expertise: software development, maybe some hardware skills depending on the output of the research.
Abstract: We are looking for an automated way for people to pick up and return assets. They need to register them via a website, but we want to explore methods to make the (return)process better. We are thinking about a unique identifier per asset so people can scan them, and when returned it will be marked as available again on the website.
Duration: 1-3 months
Topic: Creation of various CTF challenges in our online Hackazon portal
Area of expertise: technical security: hacking, reverse engineering, red teaming, blue teaming
Abstract: We have developed an online Capture the Flag (CTF) platform “Hackazon” to train our professionals, our clients, and host CTF events world-wide. We are constantly updating the platform’s content with new challenges and are looking for students that would like to contribute new challenges under the supervision of our senior security specialists.
Duration: 1-6 months
Topic: Development of a worldwide online hacking course for students
Area of expertise: software engineering, or other technical computer skills
Abstract: The Deloitte Hacklab Massive Online Open Course aims to enthuse kids and students about cyber security by providing a challenge-based, exciting learning experience which is freely accessible to all. But how do we optimally reach the right target audience? How to create hacking challenges in a digital environment, without the need for a dedicated server farm? How to ensure that the challenges are at the right difficulty level? Many practical questions are possible around this subject, both technical and non-technical. You are also more than welcome to come up with your own. Multi-student projects are also possible.
Duration: 6 months
Topic: General development of our online Hackazon portal
Area of expertise: software engineering, efficient programming skills
Abstract: We have developed an online Capture the Flag (CTF) platform “Hackazon” to train our professionals, our clients, and host CTF events world-wide. We are constantly updating and improving our platform. Please join us if you are looking for a practical (programming) assignment. Assignments are too be determined in good cooperation.
Duration: 1-6 months
Topic: Researching and building an online tracker for IoT devices to demonstrate privacy and security issues
Area of expertise: IoT, development, SDR, privacy, security
Abstract: Existing IoT devices can leak information in their communication and for a specific kind of devices we would like you to dive into this. Investigate which kind of information is leaked and how this best can be intercepted. Based on the unique identifiers an online tracker portal will have to be developed in order to track the IoT devices and show the leaked information. This can be done as a Proof of Concept and will ultimately be used in demonstrations around IoT, privacy and security.
Duration: 1-3 months
Topic: Identity & Access Management Issues
Area of expertise: Identity and Data Protection
Abstract: Identifying who is who online becomes the basis for digital business. Both externally, towards customers and partners, as well as internally, towards employees and guests. How their identities are established and how they can be used will enable or disable digital business. What are the most common problems in specific sectors with regards to identities and access? By interviewing different stakeholders you will identify and analyze the most common issues. Are there any differences per sector? The goal is to give specific sector related solutions for the identified problems.
Duration: 3-6 months
Topic: The Passwordless World
Area of expertise: Identity and Data Protection
Abstract: Passwords are increasingly seen as one of the main weaknesses in data security. What are the drivers, the main solutions, and their handicaps? Knowing this, what is the way forward to transition a company to this nirvana?
Duration: 3-6 months
Topic: Protecting industrial IOT networks against cyber-attacks and ensuring production can continue uninterrupted
Area of expertise: ICS/SCADA
Abstract: What happens when industrial networks are hacked? How can these IoT networks be protected to ensure that production can continue?
Duration: 6 months
Topic: Creating hardware hacking services for medical IOT devices
Area of expertise: ICS/SCADA
Abstract: Creating new hardware hacking services and applying these to (medical) IOT devices, to ensure they can be used safely
Duration: 6 months
Topic: Resilience of self driving cars to noisy input
Area of expertise: Pattern recognition
Abstract: Test recognition models/algorithms for levels of noise, obstruction and unwanted input. (People put stickers on road signs, which trip up self driving cars. This can be a security issue due to life threatening situations)
Duration: 6 months
Topic: Interface between 3th party software and an embedded OS
Area of expertise:
Abstract: In Industrial Systems vendors only provide support until a certain patch of an OS. However OS versions are reliant on patching for solving security issues. Is it possible to develop an interface between the software and the OS in such a way that its possible to maintain availability and security?
Duration: 6 months
Topic: Release Windows Kerberos Credentials in Industrial Control Systems (ICS)
Area of expertise: Security, memory management
Abstract: Windows saves all credentials entered into it since boot. Because ICS systems need a near 100% availability, a reboot of the machine is not possible to clear the memory of the credentials. Is there a way to securely and without any compromises to the availability remove these credentials from the memory in ICS systems?
Duration: 6 months
Topic: Vulnerability assessment of Safety instrumented system (SIS)
Area of expertise: Security testing
Abstract: SIS are promoted as being more secure, reliable and redundant. Is this true or are these systems still vulnerable? How more secure are these systems really? What are the differences between PLC and SIS?
Duration: 6 months
Topic: Security of upcoming ICS/IOT communication protocols
Area of expertise: Security testing
Abstract: Assessing the security of upcoming protocols for ICS systems, comparing them to each other and also to the current industry standards.
Duration: 6 months
Topic: ICS process mapping to finite state machines and analyzing system behavior
Area of expertise: Theoretical Computer Science / Automation / Patter recognition / Data Analysis
Abstract: It is possible to map a process (control, safety, ...) used in ICS systems to a finite state machine (FSM). Can this process of conversion be made easier for ICS processes? Is it possible to use this FSM to monitor the behavior of the system and see if it shows unusual behavior (malware or defect equipment)?
Duration: 6 months
Topic: State of open source robotics
Area of expertise: Open source, Robotics, security
Abstract: Open source tools rely on hundreds of thousands of users and developers around the world. More and more companies in industry are working with these tools. However this raises the question, what is the state of security of open source robotics after implementation/integration in an ICS environment
Duration: 6 months
Do you have other cool ideas? Let us know! You are always welcome to present your topic to us.
Cyber Vigilant
Topic: Custom crypto in Redstar OS
Area of expertise: Cryptography
Abstract: During the 32C3 conference, two researchers showed that Redstar OS - North Koreas OS - implements custom cryptography in the pilsung.ko kernel module. Reverse engineer this module. Understand what is different in the pilsung implementation of AES compared to normal AES. Is there some kind of backdoor or weakness in pilsung?
Duration: 6 months
Topic: Deep & Dark Web
Area of expertise: Cyber Threat Intelligence
Abstract: Gathering information from Deep & Dark web social services and channels. IRC - Most of the communication within this hidden services is done via anonymous IRC services. IRC Bots could be used to log communication in public channels, and also keeping track of the users who are posting it. Those bots could analyze the conversations and record sensitive information like links, names, companies, security issues, and offensive discussions.
Duration: 6 months
Topic: Building an IDS/IPS solution for inline usage during Red Teaming
Area of expertise: Red Teaming Operations
Abstract: Customize an existing IDS sensor device in a way that can be used as an IDS/IPS during Red Teaming Operations inline between the attackers (red team) and the client's network (defensive team), that will pre-emptively alert and block known attack patterns used by the RTO. Additionally the device should monitor potential scans performed by the defensive team and targeting the attacker (red team) systems, for example to fingerprint the attackers (red team). Signatures that you should think of are ones to detect man-in-the-middle attacks, port scans and commonly used attacks such as PSEXEC/WMIEXEC with(out) pass-the-hash.
Duration: 1 month (UvA students only)
Topic: How to remain undetected in an environment with Microsoft Advanced Threat Analytics (ATA)
Area of expertise: Red Teaming Operations
Abstract: In 2015 Microsoft launched an on-premises platform that protects Microsoft-driven environments from advanced targeted attacks by automatically analyzing, learning and identifying normal and abnormal behavior of users, devices and resources. This platform can detect a number of attacks commonly used during Red Teaming engagements such as Pass-the-Hash and abnormal usage of the Kerberos Golden Ticket within a domain. The purpose of this research is to figure out how to identify one or more of the following items; the usage of ATA within a network, the location of the "beacons" that can be used to detect an attack and to investigate what specific Windows events, network signatures or other events (could) trigger an alert.
Duration: 1 month (UvA students only)
incident management and crisis management
Area of expertise: Crisis Management & Resilience
Abstract: What are the critical success factors on process, organizational and human level to effectively link the incident management and crisis management processes? By doing desk research, and interviewing stakeholders you will identify the success factors for an effective link between incident and crisis management. The objective is to have clear indicators / best practices on process, organizational, and human level for the connection of incident and crisis management.
Duration: 6 months
Topic: Security Operations Centre (SOC)
Area of expertise: Strategy & Transformations
Abstract: A modern Security Operations Center (SOC) contains a vast array of sophisticated detection and prevention technologies using a virtual sea of cyber intelligence. The access to security talent is however limited which makes it necessary to make hard choices on which capabilities to prioritize. This research will help cyber security leadership optimize the effectiveness and development of their SOC analysts for the best possible long term results.
Duration: 6 months
Topic: Intrusion detection for car systems
Area of expertise: Carhacking, IDS, protocols
Abstract: Cars are becoming more connected and networked, because of this more attack vectors available on a car. Is it possible to develop an intrusion detection system for a car and what are the possible actions that can be taken after an alert is posted? Are new protocols being developed to replace CAN (like Flexray) secure enough?
Duration: 6 months
Topic: Comparing ICS IDS, asset discovery and inventory solutions
Area of expertise: Security
Abstract: Three topics companies are currently struggling with are intrusion detection systems (IDS), asset discovery and inventory. What are the current solutions and how do they compare? Where do they need to improve? What are the problems facing these solutions?
Duration: 6 months
Topic: ICS malware network behavioral analysis
Area of expertise: Machine Learning, Pattern recognition
Abstract: How does malware look like on an ICS network? Does this differ from regular IT systems and are pattern based / machine learning based solutions applicable to ICS systems?
Duration: 6 months
Do you have other cool ideas? Let us know! You are always welcome to present your topic to us.