Cybersecurity & Network DefenseLab-first · Mentored · Portfolio-backed

Cybersecurity & Network Defense Internship

Turn your Cryptography & Network Security course into a defensible network — deploy PKI, firewalls, VPNs and a live SIEM, then run an incident from alert to report.

8 modules24 labs3 formatsCredit-mappable

Overview

What this internship makes you able to do.

Almost every CSE and IT student studies Cryptography & Network Security. They can define AES, draw the RSA key exchange, and recite the CIA triad — and then cannot generate a certificate, read a TLS handshake in Wireshark, or tell you why a firewall rule is not matching. The classroom stops at the equation; the job starts at the CLI. The RKR Cybersecurity & Network Defense Internship closes that gap by making you build, break and defend a real network: certificates you actually issue, firewalls you actually tune, and alerts you actually triage in a SIEM that is watching live traffic.

This is a defender's program, not a slideshow of attacks. You start from the threat landscape and the cyber kill chain, then work up the defensive stack the way a real security engineer does: applied cryptography and a working PKI (TLS, X.509, mutual auth), next-generation firewalls with macro- and micro-segmentation, IPsec and SSL VPNs for site-to-site and remote access, identity and access control with 802.1X/RADIUS and NAC, and a Zero Trust design that ties it together. Then you turn on detection — Suricata/Snort IDS/IPS feeding a Wazuh/ELK SIEM inside a Security Onion sensor — and finally run a full incident: detect, contain, investigate with DFIR technique, and write it up against India's DPDP Act 2023 breach-notification duties. You will use pfSense, Juniper SRX and iptables, Wireshark, Kali, OpenVPN/strongSwan and FreeRADIUS on a cloud lab you can open from a college laptop.

The internship is built for the Indian academic calendar and the AICTE/NEP 2020 internship mandate. Take it as a 4-week winter sprint, an 8-week summer internship, or a 24-week final-semester capstone that maps to your project/internship credits. Every track ends the same way: a graded, defended capstone where you segment and defend a network and run an investigation, a portfolio of real configurations, packet captures and an incident report, an RKR completion certificate formatted for internal credit, and — for the strongest interns — a direct bridge into the RKR Certified Security Professional (RCSP) ladder and the hiring pipeline behind it.

Built on your syllabus

The courses this internship extends.

You've already studied these. Here's how each one becomes a deployable skill.

Cryptography & Network SecurityCSE · IT · AI&ML
AICTE model CNS / Anna Univ CS3492 · CB3491 / VTU 21CS733 / JNTU CNS

You solved AES, RSA and Diffie-Hellman as exam problems. Here you run them for real — generate a CA and certificates, stand up TLS with mutual auth, and read the handshake key-exchange packet by packet in Wireshark.

Cyber Security / Information SecurityCSE · IT
AICTE model CS / Anna Univ CB3491 / VTU 21CS642

The CIA triad, kill chain and attack taxonomies you memorised become an operational defense: you map real alerts to kill-chain stages and defend against traffic you can see.

Computer NetworksCSE · IT · ECE
AICTE model CN / Anna Univ CS3591 / VTU 21CS52 / JNTU CN

TCP/IP, ports and the OSI layers stop being a diagram — they become firewall rules, NAT and segmentation boundaries you write, and the exact fields an IDS signature matches on.

Operating SystemsCSE · IT
AICTE model OS / Anna Univ CS3451 / VTU 21CS44

Processes, users, permissions and logging become the forensic surface of an incident — where you hunt persistence, read auth logs and pull artifacts during a DFIR investigation.

Choose your format

Matched to the Indian academic calendar.

Winter Internship
4 weeks
20 hrs / week · Virtual — live evening mentoring + 24×7 cloud lab

Credit: Fits a 2–4 week AICTE winter/vacation internship; certificate + logbook for internal credit

Best for: Pre-final year students wanting a fast, intense first exposure to network defense

Summer Internship
8 weeks
25 hrs / week · Hybrid — live mentoring, cloud lab, weekly reviews

Credit: Maps to the standard 6–8 week AICTE summer internship required between 3rd and 4th year

Best for: The core track — 3rd-year students building a placement-ready security portfolio

Semester Capstone Internship
24 weeks
18 hrs / week · Hybrid — sustained project work with a dedicated mentor

Credit: Maps to the NEP 2020 full-semester / final-year internship-project credits (often 12–20 credits)

Best for: Final-semester students doing internship-in-lieu-of-project

The curriculum

8 modules. 24 labs. Week by week.

This is the full plan for the 8-week track (the winter and semester formats compress or extend the same arc). Every week ends in a deliverable your mentor reviews.

Week 1

Threat landscape, kill chain & the defender's lab

Set up the range and learn to think like a defender. You map real traffic to the cyber kill chain and MITRE ATT&CK before you touch a single control.

You'll do
  • Cloud-lab onboarding; build the reference topology (LAN, DMZ, WAN edge) and baseline it
  • Run a benign attack from Kali (recon → scan) and capture it in Wireshark end to end
  • Map each captured stage to the cyber kill chain and to MITRE ATT&CK techniques
Deliverable: Annotated capture mapping an attack to kill-chain stages + a defended-topology diagram
Week 2

Applied cryptography & a working PKI

Take AES, RSA and Diffie-Hellman out of the exam and into production. You stand up your own certificate authority and secure a service with TLS.

You'll do
  • Use OpenSSL to generate keys, a root CA and signed X.509 certs; build the trust chain
  • Deploy TLS on a web service with mutual (client-cert) authentication
  • Capture and dissect the TLS 1.3 handshake in Wireshark; identify the key-exchange and cipher suite
Deliverable: Working private PKI + TLS service with an annotated handshake capture
Week 3

Firewalls, NGFW & segmentation

The perimeter and the interior. You write stateful policy on three engines and prove that macro- and micro-segmentation actually contain lateral movement.

You'll do
  • Author a stateful ruleset on pfSense and on iptables/nftables; verify with connection-state tests
  • Configure zones and application-aware policy on a Juniper SRX; build a DMZ
  • Implement macro/micro-segmentation and prove an attacker in one segment cannot reach another
Deliverable: Segmentation design + firewall policy set with a rule-by-rule verification log
Week 4

VPNs — IPsec & SSL remote access

Encrypted connectivity done for real: a site-to-site IPsec tunnel and a remote-access SSL VPN, with the crypto negotiation inspected on the wire.

You'll do
  • Build a site-to-site IPsec tunnel with strongSwan (IKEv2); verify SAs and phase-1/phase-2
  • Deploy an OpenVPN SSL remote-access gateway with certificate auth and a split-tunnel policy
  • Capture the IKE negotiation and confirm ESP encryption; troubleshoot a deliberately broken tunnel
Deliverable: Working IPsec + SSL VPN configs with a tunnel-verification and troubleshooting runbook
Week 5

Identity, AAA, 802.1X & NAC

Control who and what gets on the network. You centralise authentication with RADIUS and enforce port-based access before an endpoint gets an IP.

You'll do
  • Stand up FreeRADIUS as the AAA server and integrate it with the network devices
  • Configure 802.1X port-based authentication with EAP; enforce it on access ports
  • Add a NAC posture rule (dynamic VLAN / quarantine) and prove an unauthorised device is isolated
Deliverable: 802.1X + RADIUS deployment with a NAC posture policy and access-control test evidence
Week 6

Zero Trust architecture

Assemble weeks 2–5 into a coherent Zero Trust design — never trust, always verify, least privilege — and pressure-test it against lateral movement.

You'll do
  • Design a Zero Trust reference architecture (identity, device, segmentation, encryption) for the lab network
  • Enforce least-privilege, identity-aware policy between segments and services
  • Re-run the lateral-movement attack from Week 1 and document what Zero Trust now blocks
Deliverable: Zero Trust architecture document + before/after lateral-movement containment evidence
Week 7

Detection: IDS/IPS, SIEM & SOC monitoring

Turn on the eyes. You deploy a Security Onion sensor, tune Suricata, and pipe everything into a SIEM where you build detections and triage like a SOC analyst.

You'll do
  • Deploy Suricata/Snort inline (IPS) and on a tap (IDS); write and tune a custom signature
  • Ship logs and alerts into Wazuh/ELK; build dashboards and a correlation/detection rule
  • Triage a stream of alerts: separate true positives from noise and escalate a real detection
Deliverable: Working Security Onion + SIEM stack with a custom detection rule and a triage log
Week 8

Capstone: incident response, DFIR & DPDP compliance

Put it all together — defend and segment a network, then run a live incident from first alert to a compliant report, and defend your work to a mentor panel.

You'll do
  • Detect and contain an injected intrusion using your SIEM and firewall/NAC controls
  • Investigate with DFIR method: timeline the attack, pull artifacts, identify root cause and scope
  • Write the incident report and a DPDP Act 2023 breach-notification assessment; defend it live
Deliverable: Full incident-response report + DPDP notification assessment + recorded defence
Tools & tech you'll use
pfSense · Juniper SRX · iptables/nftablesWireshark · tsharkSuricata · Snort (IDS/IPS)Wazuh · ELK/Elastic SIEMSecurity OnionOpenVPN · strongSwan (IPsec)FreeRADIUS · 802.1X / NACOpenSSL · step-ca (PKI)Kali Linux (attack simulation)

The capstone

Defend, Segment & Investigate a Live Network

You are handed a written brief for an organisation with a flat, under-defended network and a compliance obligation. You must harden and segment it, stand up detection, then respond to a live intrusion injected by the mentor team — detecting, containing, investigating and reporting it — and defend every decision in a live review.

A segmented architecture (DMZ + macro/micro-segmentation) enforced on NGFW/firewall with a defensible ruleset
PKI-backed TLS and an IPsec or SSL VPN for secure connectivity, verified on the wire
Identity and access control with 802.1X/RADIUS and a NAC posture policy
A Zero Trust policy layer and a live IDS/IPS → SIEM detection pipeline with at least one custom rule
A completed incident response: detection, containment, DFIR timeline and root-cause
An incident report with a DPDP Act 2023 breach-notification assessment and verification evidence for every claim
How it's graded: Graded against a published rubric on defensive correctness, segmentation effectiveness, detection quality, IR rigour and the live defence. A pass earns the RKR Cybersecurity & Network Defense certificate; a distinction earns a fast-track referral into the RKR certification ladder and hiring pipeline.

Measurable outcomes

Walk out able to do this — on record.

Stand up a working PKI and deploy TLS with mutual authentication, and read the handshake at the packet level

Write and verify stateful firewall/NGFW policy on pfSense, Juniper SRX and iptables/nftables with real segmentation

Deploy site-to-site IPsec and remote-access SSL VPNs and troubleshoot a broken tunnel from the wire

Enforce identity-based access with 802.1X, FreeRADIUS and a NAC posture policy

Design a Zero Trust architecture and demonstrate measurable containment of lateral movement

Operate an IDS/IPS → SIEM detection pipeline and run a full incident from alert to a DPDP-aware report

What you keep

Your portfolio artifacts.

Defense configuration portfolio (GitHub)

Every control you built — firewall/NGFW policy, VPN configs, PKI, 802.1X/RADIUS, Zero Trust rules — version-controlled and readable by a hiring manager.

Detection & triage logbook

Custom Suricata signatures, SIEM correlation rules, dashboards and a documented alert-triage log proving you can run a SOC console, not just describe one.

Packet-capture & crypto evidence set

Annotated Wireshark captures of TLS handshakes, IKE negotiation and a mapped attack — the wire-level proof that each control actually worked.

Incident-response & DPDP report

An analyst-grade IR report with attack timeline, root cause, containment actions and a DPDP Act 2023 breach-notification assessment.

RKR completion certificate

Verifiable certificate stating the graded outcome and hours — mappable to your AICTE/NEP internship credit.

Mentorship
  • Assigned mentor who is a working security engineer / SOC practitioner, not a content narrator
  • Weekly live review of your controls, captures and detection rules
  • Async help channel with 1-business-day response on blockers
  • Interview-prep session: how to talk through an incident and defend a design like an analyst
Evaluation & certificate

Continuous assessment on weekly deliverables (60%) plus a graded, defended capstone (40%). Every intern receives a verifiable RKR completion certificate with the graded outcome and logged hours, formatted for AICTE/NEP internship-credit submission. Distinction-grade interns receive a letter of recommendation and priority access to the RKR hiring pipeline into the RCSP certification ladder.

Career plan

Where this internship takes you.

This internship is engineered to land the first security role and skip the generic IT-support detour. India cannot fill defensive roles fast enough — 73% of datacenter monitoring and incident-response roles are hard to fill — because degree-holders can't demonstrate hands-on defense. A graded RKR capstone, with a real segmented network and a defended incident report, is exactly that demonstration, and it bridges straight into the RKR Certified Security Professional (RCSP) ladder.

Roles unlocked
SOC Analyst (L1/L2)Security Engineer (Network Defense)Incident Response / DFIR AssociateNetwork Security EngineerGRC / Compliance Analyst (DPDP)
Entry band (post)
Rs 4–8 LPA entry, with a credible 8–15 LPA step within 2–3 years on the specialist track
Stipend
Merit stipend during the internship for distinction-track interns; performance-based project stipend on the semester capstone

Conversion: Distinction-grade interns are referred into the RKR hiring-partner pipeline and fast-tracked for the paid RKR Certified Security Professional (RCSP) credential that unlocks the SOC/DFIR salary premium.

Rung 1 · 0-1 yr
SOC Analyst (L1)
Rs 4-6 LPA
Rung 2 · 1-3 yrs
Security Engineer / SOC L2
Rs 7-14 LPA
Rung 3 · 3-6 yrs
Incident Response / Network Security Engineer
Rs 14-26 LPA
Rung 4 · 6+ yrs
Security Architect / DFIR Lead
Rs 24-45 LPA
Demand signal

As of 1 July 2026, 73% of datacenter monitoring and incident-response roles are reported hard to fill, and niche AI-infrastructure and security specialists command up to a 1.7x pay premium — against a projected ~53% AI-skills gap in India in 2026 (TeamLease, 2025).

8 modules. 24 labs. One credit-mappable certificate.

Build it on real gear, defend a capstone, and walk into placements with proof.