Don’t underestimate student talent, says Jay James, the Security Operations Center (SOC) Director at Auburn University, who built the center at Auburn over the last decade. Part of the center’s mission is to employee students to help with cybersecurity as a way of strengthening the efficacy of the SOC but also providing students with hands-on experience in the field.
Creating a SOC to respond to increasing attacks on schools and universities was one of the strategies Microsoft highlighted in its recent cyber threat intelligence brief Cyber Signals.
Here are James’ tips for putting students at the center of the SOC at your institution.
Staffing Your Security Operations Center (SOC) With Students: Establishing Scope
As any cybersecurity professional knows, one of the big challenges of creating a SOC is resources. Before you even start, you want to think about how you are going to direct the limited resources you have, James says.
To do this, he advises really asking yourself why you are creating the center. “Is it for more compliance reasons — where you have to make sure that you have a SOC in place? Are you trying to look for certain threats? Are you trying to protect certain types of data?” he says. Once you’ve identified that “why,” you can prioritize resources.
The next step is developing your specific metrics for success, James says. He adds that if you’re trying to sell the idea of a SOC at your institution, the student and education component can be really appealing to various stakeholders.
Building Student Roles
For the student component, you need to also build a program that is specific to students.
“So when you hire a student, they’re in a program where they can thoroughly get trained in cybersecurity basics, how to be a SOC analyst, and how to really thrive in the work that they’re going to be doing in the SOC,” James says.
He adds that you also want to develop specific student-centered employee training for new student hires. “Having a specialized training program for students is going to be necessary because they’re getting up to speed pretty quickly and they’re also learning how to work in a professional environment, something that a lot of the students have not had the opportunity to do,” he says.
Complementing The Curriculum
Work that students do in the SOC at Auburn is not directly linked to their degrees or a graduation requirement, but James works with professors in relevant fields so he knows what skills students have and how students can build on these while working at the SOC.
“We understand what they’re learning in the class, and we provide additional training,” he says. “It’s a win-win. We’re getting these very brilliant students that are able to support us and keep the campus more secure but they are also gaining hands-on skills that would be much harder for them to get if they were not in the program.”
Students also get the opportunity to work on projects of their choosing, gaining valuable experience in the process. “As long as they’re doing their day-to-day triage of security alerts and incidents, we give them the opportunity to focus on a project that would help support us, but it’s also a great resume builder for them,” James says.
Recruiting Students To SOC
When you first start working with students at a SOC, James says you may have to devote more time to recruitment, which was the case in his experience. He advises connecting with the departments in which cybersecurity classes are housed in your university for help with recruitment.
Reaching out to student organizations can also be effective.
“If there is a hacking club or if there is a women in business or minorities in business and/or women in technology, or minorities in technology club, all of those types of organizations have students that you can pull from,” he says. “After it’s established, and after students start to experience the benefits of the SOC, they start selling it for you.”