Before 2019, Cal Poly CISO Doug Lomsdalen had to handle the suspicious-login alerts coming from his security information and event management (SIEM) tool largely by himself.
Since then, Lomsdalen has added some help: Students.
Colleges are turning to undergrads to field notifications from security operations centers (SOCs). Students in the SOC can get a taste of cybersecurity professional life while reducing IT costs and CIO effort.
“They can allow my staff, myself, to be addressing more strategic and operational things while they’re dealing with the alerts,” said Lomsdalen.
A SOC, inside-out. A security operations center proactively monitors for incidents, often indicated by the SIEM tools. The SIEM monitors network-connected products, like firewalls and email, to address cyberthreats, of which universities have plenty.
A report from the cybersecurity firm Check Point found that the most attacked industry in Q3 2022 was the education/research sector, averaging 2,148 weekly attacks, an 18% year over year increase.
The Cal Poly “junior security operations center analyst” is expected to work between 10–16 hours per week during the school year. The so-called “learning SOC” provides the students an opportunity to learn real-world tools, like their go-to SIEM product Splunk Enterprise Security, and to address questions as they arise:
Is a faraway sign-on attempt, for example, from a hacker or a senior on spring break?
Identity-and-access-management logs reveal a path for the cybersecurity newbie to solve. “That’s the art part of doing an analysis. It’s not always strict rules that you can follow. You have to look at the context of the logins,” said Lomsdalen.
IT has a tough time at school. The pandemic strained many universities’ IT environments and budgets. A May 2022 survey from the nonprofit Educause found that 42% of the 267 IT administrators saw their team get smaller in the previous year.
Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
“[There was a] 15% reduction in IT [full-time employees]. That seems small, but we are really feeling the loss. The service backlog is growing,” one respondent told Educause.
A 2023 Gartner CIO and Technology Executive Survey revealed more constrained budgets, too: Higher-education IT spending is expected to increase by just 3.2% in an inflationary 2023.
“We went about a year or so without a true incident response expert,” said Matt Williams, deputy CISO at University of Cincinnati, who saw cybersecurity talent “decimated” as employees moved on to corporate America. UC’s SOC program now relies on both full-time employees and about four to seven grads at any given time. Williams spoke with both Lomsdalen and LSU CIO Craig Woolley as part of a customer roundtable discussion, put on by Splunk in March.
“We’ve really started to leverage our student resources much more heavily than in the past,” Williams told IT Brew.
In March, LSU partnered with the cybersecurity firm TekStream to provide network-defense and incident-response training to students.
“We knew that a SOC with a SIEM was the next step, but then how do you make it somewhat affordable? Bringing in the students not only gives them great work experience, and helps us with some of the workforce issues we’ve got in the state, but also helps to reduce costs,” said Woolley.
The cybersecurity workforce is growing rapidly, as is demand. An analysis from (ISC)2’s cybersecurity workforce gap study found nearly 70% of respondents felt their organization lacked enough cybersecurity staff to be effective.
“We have all of these bright, talented, ambitious students. Let’s train them a little bit and see if they can actually help the university while they’re here, earning a degree in preparation [for] going out into corporate America,” said Williams.—BH