Tim Kircher, a junior cybersecurity student at the University of South Florida, jumped at the chance to get real-world experience at the institution’s Security Operations Center (SOC).
“It opened my eyes to a lot of the opportunities and broad paths within cybersecurity,” says Kircher, who is an intern at the University of South Florida’s SOC. He adds that working at the SOC empowers him and other students. “It gives us the tools and the abilities to think outside the box and think critically while also learning the critical and technical tools of cybersecurity.”
Kircher is one of many across the country who is benefiting from an increasingly popular strategy of recruiting students to help secure school networks from the ever-increasing number of cybersecurity threats. The strategy was recently highlighted by Microsoft in a blog post on digital transformation.
The approach is a win-win that both prepares students with real-world experience and helps universities in their ongoing cybersecurity efforts, say those who have been involved with these types of SOCs.
The Benefits of Student Cybersecurity Involvement
For students like him, Kircher says getting involved with an SOC is an important opportunity to start networking in the field, in addition to learning hands-on skills. He adds that the students who work in these centers also give back to their universities.
“The beauty of our program is that we can take the burden off of our organizations that receive such a large number of security alerts,” he says.
Corey J. Lee, a security CTO at Microsoft, says he is always being asked how to get started in cybersecurity. “From my vantage point, the best place to start is in one of these security operations centers.” He adds this is because many of those hiring for cybersecurity roles, even early career roles, require applicants to have a wide range of experience with different digital threats. “Working in a security operations center, you get exposure to a large number of security domain areas, identity, email security, endpoint security, network security, etc.”
Participating in a student SOC can also help students meet the experience requirements of many jobs.
“A lot of early in career opportunities expect cybersecurity professionals to have three to five years of experience,” Lee says. “What we're seeing is if a student has been working in their student SOCs for three years, and maybe starting in high school, or they've done this throughout their career in college, they're graduating with three to four years of cybersecurity experience.”
Starting A Student-Supported SOC At Your School
Developing a student-involved SOC at your school can be all about matching students with the right roles in your cybersecurity scheme.
Ryan Irving, who manages the student SOC at the University of South Florida, says doing this involves finding the right balance.
“We want to get students exposed to real-world, hands-on events and alerts and give them the chance to investigate and triage. But we want to limit the risk to the organization as well as to the students,” he says. “So what we do here is we focus predominantly on the level one triage. So we will identify an alert from any given tool. We'll investigate it, we'll do our thing on it. We'll run it down as far as we can, and then whatever we identify via assets, users, open source intelligence on IP addresses, other investigative artifacts, things like that, we will curate that we will create a report, and we'll escalate that.”
While these types of measures are important, it’s also critical to help students who are interested in cybersecurity develop the skills they need while working at a student-led SOC. Lee notes that in his experience, oftentimes a passion for learning outshines existing knowledge.
“The talent shortage that we're dealing with right now isn't just about a deficit in humans. It's also a deficit in folks that are interested and willing to learn more and to go into some of the emerging spaces,” he says. “So I can't stress it enough that harnessing the curiosity that exists from students is an opportunity to fill gaps in security operation teams.”
