The cybersecurity industry is facing an unprecedented workforce shortage that grew nearly 10 percent this past year, according to a study from nonprofit organization ISC2.
Some analysts employed in the industry aren’t fully equipped with the skills to operate efficiently, further exacerbating the workforce shortage.
LSUS is working toward alleviating both problems as it will be employing students from a range of degree programs to work in its on-campus Security Operations Center (SOC).
Student applications are now being accepted with the hiring process beginning in March.
Employing students for this invaluable hands-on experience will also lower costs in protecting the university’s network.
“Employers today are looking exclusively for hands-on experience,” said Ched Wiggins, Security Operations Center lead at LSUS. “Certifications and degrees always help, but if you only have a degree or certification with no hands-on experience, it’s tough.
“What students can get here is experience dealing with alerts, analyzing malware, seeing what attacker trends are. You’ll be developing the same skills needed to land a job in the industry.”
What’s a SOC?
The Security Operations Center is responsible for monitoring and analyzing LSUS’s network traffic to identify and respond to cybersecurity threats.
The SOC consists of various hardware and software that aggregates and analyzes data from all university computers and devices, looking for abnormalities and other signs of potential cyberattacks.
Splunk, a big data platform that simplifies the task of collecting and managing massive volumes of machine-generated data, is a key tool used by the LSUS SOC.
“We’re looking for data or patterns that could be problematic, such as if a person logged in from one location, then five minutes later, logged in from another location across the world,” said James Jackson, associate director of IT Security at LSUS. “An incident is generated, and then it’d be assigned to an analyst for review by a person.
“That incident can either be handled by that analyst or escalated.”
LSUS constructed its SOC in conjunction with LSU A&M as each entity was awarded $2.5 million from the Louisiana Legislature in 2022, an investment in the future of the state’s higher education cybersecurity.
Universities are prime targets for cyberattacks because of the sensitivity of data collected and the number of people and devices that access that data.
LSUS’s SOC is already active, with third-party TekStream analysts providing the human manpower to identify and respond to cyberthreats.
TekStream, an Atlanta-based technology services firm, has agreed to train LSUS students to become SOC analysts.
“Our model was always to provide SOC services by implementing Splunk technology, but we jumped at the opportunity to do something different with (the LSU system),” TekStream CEO Rob Jansen said in an October statement celebrating the new model with the LSU system. “We essentially agreed to work our way out of business by helping to train students to do more and more advanced work.
“Why? Because we saw all of the amazing upsides of the partnership, since we all struggle to find and hire enough talent. That’s why the LSU-LONI model is groundbreaking – it’s a first in our industry.”
The LONI (Louisiana Optical Network Infrastructure) is a high-speed fiberoptic network owned by the Louisiana Board of Regents and managed by LSU. This network connects 31 of the state’s colleges, which offers the opportunity for other schools to either use existing SOCs like LSUS and LSU to protect their networks or develop their own SOCs and train their own students.
A Day in the Life
Because colleges and other entities face cyberthreats 24/7, a typical Security Operations Center will work around the clock to address any incoming threats.
At the LSUS SOC, TekStream analysts are currently ensure LSUS systems are always protected (remotely), but trained LSUS students will increasingly take on this role as schedules allow.
“Whenever student workers are hired, they’ll have the exact same capabilities as TekStream analysts and will have access to the same training and tools,” Jackson said.
An analyst starting their shift will review any open investigations from the previous shift before conducting system health checks.
“You make sure your tools, for us Splunk is the main one, are running and reporting, and then you start your triage process,” said Ched Wiggins, Security Operations Center lead at LSUS. “You’re looking at alerts flagged by your tools, investigating whether they are benign or whether it needs further attention.
“An example of a benign alert would be that our firewall blocked a connection.”
Critical alerts are handled first, with More simplistic incidents can be handled by Tier I analysts, while more complex issues could be elevated to Tier 2 or Tier 3 analysts.
“We have a series of playbooks that have been generated, so that’s taken a lot of mental heavy lifting out of it,” Wiggins said. “That way when something happens, you pull out that playbook and follow the steps.”
Those steps could include containing the problematic device and possibly “nuking” it, wiping it clean of any information before restoring backups and data.
Because universities are prime targets, they could be a testing ground for new types of cyberattacks.
“Maybe we need to take a malware sample and put it in a ‘sandbox’ environment – a computer that’s more fortified – to either detonate it or study it for further research,” Wiggins said. “If it’s a new malware, we may be the first to see it.
“We can share things with industry experts.”
The SOC analysts are in regular communication with the LSUS IT staff to address any issues with a particular device or with the network in general.
Not Just Computer Science
While cybersecurity may seem like playing field just for computer science majors, backgrounds of all types are sought in the industry.
That’s because analyzing and recognizing cyberattack attempts involves psychology.
Wiggins and Jackson said teachers, law enforcement and data analysts are just a few of the fields that tend to transfer well into cybersecurity.
“Attacks like phishing have a social engineering element to it, and teachers tend to be really good at detecting attacks because they’re used to dealing with children who try to wiggle their way out of things,” Wiggins said. “Law enforcement tends to have rules and regulations they are used to following, so following a playbook may come more easily to them.
“Data analysts are already looking at data to find patterns, so those skills are transferrable to finding and correlating data in these platforms as well,” Jackson added.
LSUS encourages undergraduate and graduate students in all backgrounds to apply.
Students can apply by joining Handshake, an app that connects students to campus jobs, and entering their student email. Learn more about Handshake in the help center.