It was the best way that I could have spent my summer break!

Arul

I had a very fixed view of cybersecurity as just hackers trying to penetrate systems, but after this internship, I realized there is much more research that goes into the field.

Elias

I learned a lot about the research process and how the findings are being applied at a greater scale.

Rachel

Are you a high school student in the Phoenix area interested in cybersecurity research?

Do you want to experience the hottest up-and-coming security lab around, work on cool projects, and do Capture the Flag (CTF) hacking competitions on the side?

You’ve come to the right place.

Arizona State University’s Center for Cybersecurity and Trusted Foundations is looking for high school students with a passion for hacking and computer science to do a research internship with us during the summer months.

In general, we are looking for students who are:

  • interested in cybersecurity
  • ready to learn
  • have tech skills
  • have experience with Python and other programing languages
  • are interested in CTFs (even if you’ve never participated in one!)
  • are self-driven, collaborative workers, critical and creative thinkers, and have strong communication and writing abilities, a solid work ethic, and the ability to manage their time.


Summer 2025 Schedule

JanuaryMarch – AprilMay – JulyEnd of July
Application opens: Monday, January 13

Finalists Application Round: Saturday, March 15 (tentative)

Orientation:
Tuesday, May 20, afternoon

Internship concludes: TBD

Application closes: Monday, January 27All applicants will receive decision notifications in the first half of AprilInternship starts:
Tuesday, May 27

Frequently asked questions

A research internship serves several purposes:

  1. It exposes you to the environment of a world-class cybersecurity research lab and conveys what it means to conduct impactful research.
  2. Because you’ll be carrying out academic research, the internship can act as a “preview” to our computer science programs for those of you considering studying at ASU in the future.
  3. The internship introduces you to prominent researchers in the field, giving you valuable interpersonal connections for future pursuits within and outside of academia.
  4. Because your work will be on the cutting edge, you’ll be exposed to emerging concepts and technologies (for example, binary analysis using angr at a more fundamental level than just by cloning them on github).

You will be paired with a PhD student who has a similar passion for your research interests, and will act as a research mentor. They will have a variety of project options that may include research they’re currently working on, or new ideas that you’ll help develop.

Alternatively, you might arrive with ideas of what you want to work on. If this is the case, you’ll collaborate with a graduate student to fully develop the project for the internship.

Some examples of past internship projects include:

  • Comparing linting tools and ChatGPT for reviewing code errors and syntax
  • Creating a bot simulation of a secure finance setting that highlights vulnerabilities in Python
  • Exploring social media ad scams based on consumer demographics and algorithm variations
  • Analyzing hosting provider responses to phishing reports

The internship is an 8-week experience that takes place in the summer, mostly across June and July. Specific dates vary year-by-year, and will be listed on the application.

We recognize that high school districts are not on the same summer break schedule, so there’s some flexibility to customize the plan based on the interns’ needs.

Internships are carried out under the guidance of PhD students in our SEFCOM Lab, and are overseen by Center leadership/professors: Yan Shoshitaishvili (known in the CTF scene as Zardus), Adam Doupé (adamd), Ruoyu (Fish) Wang (fish), and Tiffany Bao (__tiffanyb__). Yan, Adam, Fish, and Tiffany are well-known researchers and avid CTF players (having played and hosted CTFs with Shellphish, the ASU Hacking ClubOrder of the Overflow, and Nautilus Institute).

Yes, this is a paid internship! An intern will be paid a stipend amount of $1,800 at the end of the experience if completed in full. The stipend will be prorated if the individual leaves the program early.

This is fairly flexible, but we generally expect interns to dedicate 15-20 hours per week.

The internship is hybrid with in-person components held in the SEFCOM lab at Arizona State University in Tempe, AZ. The address of our building is Brickyard Engineering, 699 S Mill Ave, Tempe, AZ 85281. Interns are responsible for their transportation to and from the campus, along with any associated costs (including parking).

At the end of the eight weeks, you’ll have the chance to share your research project and findings with a lab of graduate students, professors, and other guests in a presentation. This is an opportunity to discuss the questions you developed, the challenges you encountered, and what you learned along the way. Depending on your higher education goals, this project could easily transition into a longer-term research project!

It is important to note that, in the end, this internship is more for you than it is for us. A good outcome (and we will strive to help you get there) is awesome for everyone. A bad outcome (and these, unfortunately, do happen) is not the end of the world. Bad outcomes here means that no progress is made and nothing is produced. This is not to make the internship seem insignificant, but to relieve the pressure: our lives do not “hang” on your performance—don’t panic! Of course, if you’re looking for a letter of recommendation from us, shoot for a good outcome.

We have weekly meetings of the whole lab where everyone presents their progress, along with as-needed one-on-one sessions. You should be present at these meetings (or let us know of your absence in advance) even when you have not made progress. Research sometimes progresses in bursts, and you sometimes need to sit back and think on things for a while. This is fine, and we are absolutely accepting of it, but we like to know what’s going on so that we can help if you’re blocked.

Yes! We all strongly believe in open access to research, and barring weird unforeseen circumstances, you will be encouraged to open source your projects with collaboration of your mentor.

We love to CTF! We are home of the ASU Hacking Club that meets weekly and plays CTFs on the weekends, and some members of Shellphish. If you like to CTF, then CTF will be a fundamental part of your internship. Come hack with us, develop ideas inspired by CTF, and help push the community forward!

Anyone who is a Phoenix-area high school student at the time of the application is eligible! This means if you’re a senior about to graduate, you’re invited to apply to the program (which will take place in the summer directly following your graduation).

Applicants must be enrolled in a high school that is located within the Phoenix-metro area.

There are no age restrictions, though there will be a few extra steps if you’re under the age of 18. For example, your parent or guardian will need to sign off on your participation. More information for parents/guardians can be found in this FAQ.

Great! We’re excited to learn more about you. The timeline above shows when you can expect to hear back from us (and you will hear from us, one way or the other).

If you’re selected for the internship, we’ll send you a few forms you and/or your parent/guardian need to review and sign. We’ll also work with you and the other interns to schedule an orientation, introductions with your mentor, and help you get plugged in to the lab communication channels. After that, you’ll spend the next eight weeks doing awesome cybersecurity research!

If you’re not selected for the internship, this is important: it’s not a reflection on you. You may be stellar student who is going to continue rocking the world of computer science! If we could, every single applicant would be in the program, but the primary limitation we come up against is bandwidth (available time commitments, not data transfer rates).

CTF and SEFCOM have a very limited number of mentors available who are also conducting their PhD research full-time during the summer. To ensure the high school interns receive individualized guidance and collaboration, and make sure the PhD mentors have capacity to further develop their own academic research, we limit how many interns are assigned to each mentor. Year after year, we have many more applicants than mentors.

We take safety very seriously. As precautions, anyone who interacts in a 1:1 capacity with interns who are minors will have:

  • completed the “Minors on Campus” training, provided by ASU’s Risk Management Office
  • received a background check
  • been fingerprinted

All faculty and staff working on the program have completed the above steps. Anyone who has not completed these steps is not permitted to interact with the intern unless they are accompanied by someone who has completed the above protocols.

Any intern, regardless of age, is not permitted to be in the cybersecurity lab space on campus without the accompaniment of their PhD mentor.

If you have questions or concerns, please email [email protected].

Summer 2025 Application

If you have questions, or want to receive updates about the Summer 2025 program, please use the contact button below.