Before 2019, Cal Poly CISO Doug Lomsdalen had to handle the suspicious-login alerts coming from his security information and event management (SIEM) tool largely by himself.

Since then, Lomsdalen has added some help: Students.

Colleges are turning to undergrads to field notifications from security operations centers (SOCs). Students in the SOC can get a taste of cybersecurity professional life while reducing IT costs and CIO effort.

“They can allow my staff, myself, to be addressing more strategic and operational things while they’re dealing with the alerts,” said Lomsdalen.

A SOC, inside-out. A security operations center proactively monitors for incidents, often indicated by the SIEM tools. The SIEM monitors network-connected products, like firewalls and email, to address cyberthreats, of which universities have plenty.

A report from the cybersecurity firm Check Point found that the most attacked industry in Q3 2022 was the education/research sector, averaging 2,148 weekly attacks, an 18% year over year increase.

The Cal Poly “junior security operations center analyst” is expected to work between 10–16 hours per week during the school year. The so-called “learning SOC” provides the students an opportunity to learn real-world tools, like their go-to SIEM product Splunk Enterprise Security, and to address questions as they arise:

Is a faraway sign-on attempt, for example, from a hacker or a senior on spring break?

Identity-and-access-management logs reveal a path for the cybersecurity newbie to solve. “That’s the art part of doing an analysis. It’s not always strict rules that you can follow. You have to look at the context of the logins,” said Lomsdalen.

Read more here.—BH

Do you work in IT or have information about your IT department you want to share? Email [email protected].

Y’know the old saying, “It’s not the destination, it’s the journey”? Believe it or not, you can say the same about cybersecurity. Because protecting your tech from data breaches and malware is a long, exhausting voyage—and you’ll need a map.

CIS SecureSuite is here to help. They’ll show you how to create a plan of action by combining an assessment of current capabilities and gaps with a short- to long-term vision for integrating security practices.

CIS SecureSuite’s road map is built on these four steps:

• Know your needs.
• Align to a framework.
• Implement your road map.
• Review, revise, and repeat.

And through April 30, you can get up to a 20% discount on a new CIS SecureSuite Membership using promo code CYBER2023.

Prepare for the journey.

Storage device manufacturer Western Digital (WD) experienced a breach that knocked out its My Cloud digital service, locking users out of their files for days—and the hackers now claim to have reams of internal and customer data.

On April 3, WD issued a statement disclosing it had identified a “network security incident” on March 26, resulting in an “unauthorized third party” gaining access to company systems. The company added it had begun shutting down services and systems as part of a proactive security measure.

“Upon discovery of the incident, the Company implemented incident response efforts and initiated an investigation with the assistance of leading outside security and forensic experts,” WD wrote in the statement. “The Company believes the unauthorized party obtained certain data from its systems and is working to understand the nature and scope of that data,” the statement continued.

WD did not include further details about the nature of the security incident in the statement. However, TechCrunch reported being contacted by hackers who claimed to have lifted 10 terabytes of data from the manufacturer, and who also provided “a file that was digitally signed with Western Digital’s code-signing certificate,” demonstrating their ability to impersonate the company.

The hackers told TechCrunch they had stolen data from Western Digital’s SAP Backoffice—an e-commerce platform—as well as other files, including internal communications, files from storage instances, and information on executives and customers. They are demanding a “minimum 8 figures” ransom, according to TechCrunch.

Western Digital PR rep Charlie Smalling declined to comment beyond the company’s original statement.

Keep reading here.—TM

Do you work in IT or have information about your IT department you want to share? Email [email protected]. Want to go encrypted? Ask Tom for his Signal.

SMS-based phishing attacks, aka “smishing,” is quickly on the rise, compromising not only personal data but also company data and assets.

Learn from an expert from Computer Forensic Services how companies and IT departments can educate employees on smishing defense and the necessary steps to protect themselves and company assets.

Find the handy guide to smishing here.

Today’s top IT reads.

Stat: 21.7%. That’s how much global cloud spend will grow in 2023, according to Gartner projections. (ComputerWorld)

Quote: “We don’t need to give all of that value to some of the largest companies in the world for free.”—Reddit CEO Steve Huffman, on the company’s plans to begin charging for API access (the New York Times)

Read: Microsoft’s proposed taxonomy for threat actor names is based on meteorological events, like “Cyclone” or “Sleet.” (Microsoft)

Your next step: automation. With progressive deployment patterns that use feature flagging, you can selectively release features to your customers for safer, faster deployments. Learn how to leverage the right patterns for your projects at this AWS webinar.*

^{*This is sponsored advertising content.}