My 1st idea pretty much stayed the same as it was last week w/ some additional details. Instead of just testing/researching about network security, Charlie advised to look into physical security (open ports on servers, etc) and social security.
Hacking into an air gapped device. Air gapped means that none of the devices interfaces have connectivity to the internet. Many believe this secures their device. I could look into and possibly use my own devices to test on.
Today, everyone has some sort of digital footprint. I could envision writing software, that given parameters such as name, DOB, and age, could go on the web and find more information about that person.
Thanks to Charlie for helping guide me to finding these ideas.