Cyber graduate

Do you want to graduate at Deloitte Cyber Risk Services? Cool! Graduate at Deloitte to receive great support, and get introduced to Deloitte while getting paid. 

While you work on your thesis, you are treated as a Deloitte staff member. This gives you access to our extracurricular activities such as:

  • Cyber Risk Services Ski-trip
  • LAN parties
  • Pizza-sessions
  • Training, such as Deloitte HackLabs.
  • Regular drinks @ The Edge
  • Teambuilding activities
  • Conferences and seminars, hosted and/or organized by Deloitte

Each project can obviously be tailored to your specific needs!

If you are at Deloitte for an internship while writing your thesis, you will receive compensation. Depending on the kind of internship and the number of days that you are with us, we offer compensation in line with the market. You will also be provided with a laptop during your internship period. Read more about our employment benefits.

List of thesis topics

Below you find a list of thesis topics we have available at the moment, divided into technical (Cyber Operations) and non-technical (Cyber Privacy Advisory) topics. Click on one of the topics to read more about the topic.

Cyber Strategy


Cyber Secure

Cyber Vigilant

Cyber Strategy

Topic: Robot security
Area of expertise: technical security.
Abstract: Robots zullen in de toekomst een grote rol spelen in onze samenleving, zoals in de zorg of op het gebied van beveiliging. Bedrijven willen in de toekomst robots breed in gaan zetten om zo lagere personeelskosten en een betrouwbaardere uitvoering van diverse taken te bewerkstelligen. Naast het gemak en de kostenbesparing brengt deze ontwikkeling ook digitale risico's met zich mee. In samenwerking met Deloitte en Robot Security Systems (RSS) ga je een framework ontwikkelen dat kan worden gebruikt om de security risico's van robots in kaart te brengen en deze beter te beveiligen. Vervolgens zal je dit framework in de praktijk brengen op een robot die is ontwikkeld door RSS.​
Duration: 6 maanden

Topic: IBM Watson
Area of expertise: Strategy & Transformations
Abstract: Cognitive computing is still in its infancy. However, it’s not too soon to imagine businesses and industries could be positively disrupted by this new technology. The question is to what extent this new technology can be used for cyber security purposes. By gaining insight in the pro’s and con’s of using cognitive computing you will unravel this question.
Duration: 6 months

Topic: The role of cyber risk in M&A
Area of expertise: Cyber Risk Quantification
Abstract: Cyber security and cyber risks have so far rarely been part of M&A due diligence. Potential M&A targets might be riddled with vulnerabilities. Mitigating these risks will cost a lot of money which should have been part of the initial purchasing deal. Your goal is to develop insight into these risks by examining M&A deals from the past.
Duration: 3-6 months

Topic: Understanding and simulating adversarial risk
Area of expertise: Cyber Risk Quantification
Abstract: Compared to the risk associated to natural disasters, cyber risk is special because it is caused by intelligent adversaries who can strategize and learn about their opponents and decide to adapt their strategies and actions. To make cyber security proactive, the cyber attack cat-and-mouse game between hackers and defending parties needs to be better understood. You will use methods such as game theory and agent-based modeling to develop these insights.
Duration: 6 months

Topic: Dev Sec Ops: Automated testing. Open source vs Closed Source
Area of expertise:
Abstract: Identify criteria that favor open source of closed source tooling for automated security testing in Dev Sec Ops. Also, create tool inventory with pro’s and con’s.
Duration: 4-6 months

Topic: Embedding quantification of cyber risk into operational risk models
Area of expertise: CRQ/ Operational risk framework
Abstract: How can quantifying cyber risks benefit operational Risk Models? 
Duration: 3-6 months

Topic: Public Cyber Strategy
Area of expertise: 
Abstract: De Nederlandse rijksoverheid doet aanzienlijke investeringen in de Generieke Digitale Infrastructuur zoals elektronische toegangsdiensten, berichten uitwisseling en transacties. Cybersecurity is een cruciaal element hiervan. Het onderzoek betreft een review van de ambities van het kabinet tegen de huidige uitvoering initiatieven.
Duration: 4-6 maanden

Topic: Dashboarding / Metrics of Security Awareness
Area of expertise: SA
Abstract: Research if it is porrible to quantify the effectiveness of SA activities. Make an overview of possible SA metrics and see if these are automatically collectable at mature clients
Duration: 4-6 months 

Topic: Cyber Operating model
Area of expertise: Target operating model
Abstract: Managing cyber security in this new digital age requires a new operating model for cyber risk. How should the operating model change to deal with topics such as Cloud, robotics etc.?

Topic: How can Blockchain technology ‘improve’ the supply chain
Area of expertise: Blockchain
Abstract: How can Blockchain characteristics help to improve the supply chain?

Topic: Cyber governance models
Area of expertise: Governance 
Abstract: Factors that influence the emergence of governance structures. Possible metrics: Industry, Size, Geography
Duration: 6-9 months

Topic: Added value of agile methodology in cyber security projects
Area of expertise: Cyber strategy
Abstract: Is working agile an added value for cyber security projects? What are the challenges? Is this a future proof method?
Duration: 5-9 months

Topic: How to build industry blockchain consortiums
Area of expertise: Strategy, technology
Abstract: What are typical business cases for industry blockchains? How to mobilize an industry consortia.
Duration: 4-5 months

Topic: Security Analytics implementation & governance
Area of expertise: Strategy, analytics
Abstract: How to govern data collection integration and use it for Sec Ops
Duration: 4-5 months

Topic: Product Security TOM & Governance (and SCADA)
Area of expertise:
Abstract: How to build a company’s security management for smart products and smart factories.
Duration: 6 months

Topic: Lean Cyber Security
Area of expertise: Strategy
Abstract: Cyber security like all risk areas has a habit of becoming unnecessary long and complex processes. By applying lean six sigma ideas, cyber terms can greatly increase the efficiency of their resources
Duration: 6 months

Topic: The safety and security risks of civil drone usage
Area of expertise: Civil drones 
Abstract: Drones offer many opportunities that make our life easier in different ways. At the same time, however, this development also consists of new risks that have to be mitigated. The question becomes how these safety and security risks of civil drone usage can be mitigated, for example through regulation, taking technical measures, measures, etc.?  Desk research and interviewing stakeholders will be necessary for researching this topic.  
Duration: 4 - 5 months 

Topic: The privacy issues of civil drone usage 
Area of expertise: Civil drones 
Abstract: The ample availability of affordable drones, equipped with a camera, has led to large amounts of drones being sold worldwide. Since these drones are well equipped with camera gear, one could ask the question what impact this has on the privacy of citizens. This research will dive into the privacy issues of drone usage, and how these issues should be handled. Desk research and interviewing stakeholders will be necessary for researching this topic.  
Duration: 4 - 5 months 

Topic: A comparison between cyber crisis management in enterprises in the critical infrastructure and enterprises in the non-critical infrastructure 
Area of expertise: Cyber crisis management & Resilience
Abstract: A comparison between cyber crisis management in enterprises in the critical infrastructure and enterprises in the non-critical infrastructure will show valuable differences and/or similarities. One can research what enterprises in the non-critical infrastructure could learn from how cyber crisis management is being managed within enterprises in the critical infrastructure. 
Duration: 4 – 5 months 

Topic: Cyber security awareness of citizens (in the Netherlands)
Area of expertise: Cyber security awareness
Abstract: People are often the weakest link in the cyber security chain. It is necessary that people need better knowledge and more skills in order to minimize cyber security incidents. What kind of campaigns does the government has regarding cyber security awareness raising, and does it have effect on the citizens? 
Duration: 4 – 5 months

Do you have other cool ideas? Let us know! You are always welcome to present your topic to us.

Cyber Secure

Topic: Quantum Key Distribution
Area of expertise: Cryptography
Abstract: Quantum key distribution is technologically much easier to implement than a full quantum computer and the first commercial implementations are already available today. Yet many challenges remain in bringing quantum key distribution into practise. What are the practical applications of quantum key distribution?
Duration: 6 months   

Topic: ICS/SCADA monitoring system
Area of expertise: Hacking
Abstract:  Interconnected ICS/SCADA systems around the world are exposed to risk due to lack of security countermeasures or misconfiguration issues. This project aims to regularly perform online scanning on the country i.e. (Netherlands) to identify permanent or mistakenly interconnected ICS/SCADA systems by recognizing default ICS ports, vendors’ interfaces and online search engines’ results.
Duration: 1 month

Topic: Adding some new tests to our existing QuickScan vulnerability scanner
Area of expertise: Development / Hacking.
Abstract: We are in the process of updating our existing QuickScan vulnerability scanner. It currently scans for issues such as improperly configured certificates, existence of admin interfaces, vulnerabilities such as Heartbleed, etc. We would like to add some tests, such as a check for Shellshock, HttPoxy, support for Perfect Forward Secrecy and Secure Renegotiation.
Duration: 1 month (UvA students only)

Topic: Evaluating various executable packers (MS Windows) and understanding how A/V products behave
Area of expertise: Red Teaming Operations
Abstract:  An executable packer is a software that modifies the actual executable code while maintaining the files behavior. Commonly used to reduce the file size of large executables for added portability or most commonly to obfuscate them and make reverse engineering an complicated and costly or intensive process. There are multiple legitimate and underground software packers. The purpose of this research is to identify the most common of them and evaluate them against a number of common Antivirus (A/V) products in order to understand the particularities between different A/V products, signature based detection and heuristic algorithms.
Duration: 1 month (UvA students only)

Topic: Building an A/V assessment platform
Area of expertise: Red Teaming Operations
Abstract:  Using common tools such as Puppet, Docker or other mass-deployment solutions create a Windows and Linux blended solution that enables the automatic creation of a virtualized test lab for the evaluation of a potential malware across multiple Antivirus (A/V) products concurrently and securely. This does not involve analysis of the potential malware in a sandbox such as Cuckoo sandbox but the evaluation of an executable across multiple free and commercial A/V products.
Duration: 1 month (UvA students only)

Topic: Researching possibilities for individual labels assets (barcodes, rfid, etc) and implement them in to a new planning tool
Area of expertise: software development, maybe some hardware skills depending on the output of the research.
Abstract: We are looking for an automated way for people to pick up and return assets.  They need to register them via a website, but we want to explore methods to make the (return)process better.  We are thinking about a unique identifier per asset so people can scan them, and when returned it will be marked as available again on the website.
Duration: 1-3 months

Topic: Creation of various CTF challenges in our online Hackazon portal
Area of expertise: technical security: hacking, reverse engineering, red teaming, blue teaming
Abstract: We have developed an online Capture the Flag (CTF) platform “Hackazon” to train our professionals, our clients, and host CTF events world-wide. We are constantly updating the platform’s content with new challenges and are looking for students that would like to contribute new challenges under the supervision of our senior security specialists.
Duration: 1-6 months

Topic: Development of a worldwide online hacking course for students
Area of expertise: software engineering, or other technical computer skills
Abstract: The Deloitte Hacklab Massive Online Open Course aims to enthuse kids and students about cyber security by providing a challenge-based, exciting learning experience which is freely accessible to all. But how do we optimally reach the right target audience? How to create hacking challenges in a digital environment, without the need for a dedicated server farm? How to ensure that the challenges are at the right difficulty level? Many practical questions are possible around this subject, both technical and non-technical. You are also more than welcome to come up with your own. Multi-student projects are also possible. 
Duration: 6 months

Topic: General development of our online Hackazon portal
Area of expertise: software engineering, efficient programming skills
Abstract: We have developed an online Capture the Flag (CTF) platform “Hackazon” to train our professionals, our clients, and host CTF events world-wide. We are constantly updating and  improving our platform. Please join us if you are looking for a practical (programming) assignment. Assignments are too be determined in good cooperation.
Duration: 1-6 months

Topic: Researching and building an online tracker for IoT devices to demonstrate privacy and security issues
Area of expertise: IoT, development, SDR, privacy, security
Abstract: Existing IoT devices can leak information in their communication and for a specific kind of devices we would like you to dive into this. Investigate which kind of information is leaked and how this best can be intercepted. Based on the unique identifiers an online tracker portal will have to be developed in order to track the IoT devices and show the leaked information. This can be done as a Proof of Concept and will ultimately be used in demonstrations around IoT, privacy and security.
Duration: 1-3 months

Topic: Identity & Access Management Issues
Area of expertise: Identity and Data Protection
Abstract: Identifying who is who online becomes the basis for digital business. Both externally, towards customers and partners, as well as internally, towards employees and guests. How their identities are established and how they can be used will enable or disable digital business. What are the most common problems in specific sectors with regards to identities and access? By interviewing different stakeholders you will identify and analyze the most common issues. Are there any differences per sector? The goal is to give specific sector related solutions for the identified problems.
Duration: 3-6 months       

Topic: The Passwordless World
Area of expertise: Identity and Data Protection
Abstract: Passwords are increasingly seen as one of the main weaknesses in data security. What are the drivers, the main solutions, and their handicaps? Knowing this, what is the way forward to transition a company to this nirvana?
Duration: 3-6 months

Do you have other cool ideas? Let us know! You are always welcome to present your topic to us.

Cyber Vigilant

Topic: Custom crypto in Redstar OS
Area of expertise: Cryptography
Abstract: During the 32C3 conference, two researchers showed that Redstar OS - North Koreas OS - implements custom cryptography in the pilsung.ko kernel module. Reverse engineer this module. Understand what is different in the pilsung implementation of AES compared to normal AES. Is there some kind of backdoor or weakness in pilsung?
Duration: 6 months

​​​​​​​Topic: Deep & Dark Web
Area of expertise: Cyber Threat Intelligence
Abstract: Gathering information from Deep & Dark web social services and channels. IRC - Most of the communication within this hidden services is done via anonymous IRC services. IRC Bots could be used to log communication in public channels, and also keeping track of the users who are posting it. Those bots could analyze the conversations and record sensitive information like links, names, companies, security issues, and offensive discussions.
Duration: 6 months

Topic: Building an IDS/IPS solution for inline usage during Red Teaming
Area of expertise: Red Teaming Operations
Abstract:  Customize an existing IDS sensor device in a way that can be used as an IDS/IPS during Red Teaming Operations inline between the attackers (red team) and the client's network (defensive team), that will pre-emptively alert and block known attack patterns used by the RTO. Additionally the device should monitor potential scans performed by the defensive team and targeting the attacker (red team) systems, for example to fingerprint the attackers (red team). Signatures that you should think of are ones to detect man-in-the-middle attacks, port scans and commonly used attacks such as PSEXEC/WMIEXEC with(out) pass-the-hash.
Duration: 1 month (UvA students only)

Topic: How to remain undetected in an environment with Microsoft Advanced Threat Analytics (ATA)
Area of expertise: Red Teaming Operations
Abstract: In 2015 Microsoft launched an on-premises platform that protects Microsoft-driven environments from advanced targeted attacks by automatically analyzing, learning and identifying normal and abnormal behavior of users, devices and resources. This platform can detect a number of attacks commonly used during Red Teaming  engagements such as Pass-the-Hash and abnormal usage of the Kerberos Golden Ticket within a domain. The purpose of this research is to figure out how to identify one or more of the following items; the usage of ATA within a network, the location of the "beacons" that can be used to detect an attack and to investigate what specific Windows events, network signatures or other events (could) trigger an alert.
Duration: 1 month (UvA students only)

Topic: Hunting stack
Area of expertise: Cyber Incident Response
Abstract: During cyber security breaches it is important to act quickly. However, the responders are faced with multiple challenges under a time pressure: first, the client may not have the tools they need, and, second, the client’s network and systems may be compromised and cannot be relied upon. The solution is to have a stack of software that can be configured per client (either on-premise or remotely) that supports the teams with a secure and trustworthy toolset. The stack will include threat hunting, communication, and file sharing tools. You will be asked to create an architecture, develop and document deployment scripts, and evaluate the stack in the field.
Duration: 1-2 months

Topic: The connection of incident management and crisis management
Area of expertise: Crisis Management & Resilience
Abstract: What are the critical success factors on process, organizational and human level to effectively link the incident management and crisis management processes? By doing desk research, and interviewing stakeholders you will identify the success factors for an effective link between incident and crisis management. The objective is to have clear indicators / best practices on process, organizational, and human level for the connection of incident and crisis management.
Duration: 6 months

Topic: Security Operations Centre (SOC)
Area of expertise: Strategy & Transformations
Abstract: A modern Security Operations Center (SOC) contains a vast array of sophisticated detection and prevention technologies using a virtual sea of cyber intelligence. The access to security talent is however limited which makes it necessary to make hard choices on which capabilities to prioritize. This research will help cyber security leadership optimize the effectiveness and development of their SOC analysts for the best possible long term results.
Duration: 6 months

Do you have other cool ideas? Let us know! You are always welcome to present your topic to us.


Naar boven