Cybersecurity Reach Foundation · TTPR @baruch
As a TTPR resident you'll explore real data from systems that attackers hit every day — ask your own question, find the story in the numbers, and publish a report with your name on it. No advanced technical background needed; we'll guide you the whole way.
The short version
It's a guided research experience from the Cybersecurity Reach Foundation, a 501(c)(3) nonprofit, run together with TTPR @baruch. You join a small team, work with live cybersecurity data, and produce a real, published report.
We provide the data, the tools, and one-on-one support. You bring curiosity and a question you want to answer. By the end, you'll have done genuine research — the kind that goes on a résumé and gets read by security professionals.
First, the key idea
A honeypot is a decoy computer we put on the internet on purpose. It looks like an ordinary, slightly vulnerable server — but nothing real runs on it. Its only job is to get attacked.
Every time a hacker, bot, or automated scanner pokes at it — guessing passwords, probing for weaknesses, trying to drop malware — we quietly record exactly what they did. Because the machine has no real purpose, every single visitor is suspicious. That gives us an unusually clean logbook of how attackers behave, captured from sensors around the world.
So our database isn't a list of customers or sales. It's a record of attacks — millions of them — waiting for someone to find the patterns inside.
What you'll work with
Millions of records of real intrusion attempts captured from our own infrastructure: where each attack came from, what service it targeted, which usernames and passwords were tried, and which known exploits were thrown.
See every field, explained →A separate dataset, unrelated to the honeypot: a running history pulled from ransomware gangs' public "shame sites," where attackers name the organizations they've breached. Each record has the victim, the group claiming it, and when it appeared.
See the fields →You don't need to understand every column to start. The Data Guide explains each one in plain language, and Project Ideas gives you ready-made questions — each with a query you can copy and run.
How it works
A clear arc from "what is this data?" to a finished, published piece. Your team sets the pace; we're with you at each step.
The payoff
A published report — distributed to security professionals, with your name on it.
Real research experience working with live, messy, real-world data.
A portfolio piece for college, scholarship, and job applications.
A byline under the Cybersecurity Reach Foundation (501c3).
A letter of recommendation from the Foundation on completion.
Ready?
Four steps. Take them in order, and you'll have a question to chase by the end of your first session.
Metabase lets you explore the data with clicks or simple queries — no setup required. Open Metabase (ask Leonard for your login if you need one).
Get a feel for what's in the data. The Data Guide explains every field in plain language and flags the few you can ignore.
Not sure what to ask? Project Ideas offers ten starting points, grouped by dataset, each with angles to explore and a ready-to-run query. Pick one that interests you.
Decide together what you want to find out. A focused question you care about beats a broad one you don't.
Leonard is available throughout for help with the data, the analysis, or the write-up.