While higher-ed IT pros face a new class of cyber threats every semester, an on-campus practitioner, if they’re lucky, has help that tech pros in other sectors often lack: eager undergrads.
Some schools have turned to students to monitor event dashboards and perform early remediation steps to campus cyber threats. Security pros from Louisiana State University (LSU), University of Nevada-Las Vegas (UNLV), and the University of Cincinnati (UC) recently shared what they see as benefits of the arrangement of having students in the security operations center: more help for IT and more real-world job experience for students.
“The threat landscape keeps growing and becoming more complex. Where we’re unique in higher ed is that we do have this amazing resource in our students. We have smart, capable students who are eager to learn, and who want to get hands-on experience,” Vito Rocco, CISO at UNLV, said, during a March 25 presentation, set up by Splunk, a monitoring platform also used by the other two security pros. (IT Brew attended a similar event two years ago.)
Back to school. Microsoft recently claimed that education is the third-most targeted sector in Q2 2024, “with the United States seeing the greatest cyber threat activity.” Telemetry from its Microsoft Defender product revealed 15,000 daily emails targeting users with malicious QR codes.
“Education is essentially an ‘industry of industries,’ with K–12 and higher education enterprises handling data that could include health records, financial data, and other regulated information,” the post from Microsoft Threat Intelligence began.
In session. Ellen Hoffman, a graduating senior and industrial engineering major, provides support in LSU’s security operations center—an on-campus facility that allows university IT members to spot and address cyber events.
Hoffman investigates incidents like password sprays, brute-force attacks, or suspicious network traffic like login attempts indicating “impossible travel.”
Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
“It’s fun to be able to say, ‘I stopped someone from hacking into LSU,’” Hoffman said.
Following a partnership with managed detection and response provider TekStream and Splunk, LSU opened its SOC to students in March 2024, with an annual $7.5 million in legislative funding to support the center and its expansion.
According to LSU’s CIO Craig Woolley, the campus SOC employs about 25 to 30 students, 10 or so working each shift, earning “$15, $17 an hour,” he said on the call.
To-do list. Matthew Williams, CISO at UC, tasks four full-time students with handling “Tier 1” incidents coming through a variety of university platforms like Microsoft 365, Splunk, Duo, and CrowdStrike.
Both Williams and Rocco see the student-in-the-SOC arrangement as essential to freeing up team members for more strategic threat-hunting research.
And there’s another technology with potential to free up employees, but not in a way that boots students from the SOC, Rocco told us in a follow-up email: AI. He sees AI taking on Tier 1 tasks like alert triage, log correlation, and phishing analysis. “What that means for our student analysts is that the bar is shifting. They’re no longer just ‘monitoring dashboards’—they’re learning how to validate AI outputs, investigate edge cases, and make judgment calls AI can’t,” Rocco wrote.
Getting the job done. On the March 26 call, LSU’s Woolley said three students graduated from the SOC in the fall and all have been placed with jobs at TekStream.
Hoffman told attendees on the call that she’s been “applying to jobs left and right, everything from industrial engineering to cybersecurity, and everything in between.”
“The LSU SOC is really giving me a good two years of experience that I can put on my résumé and hopefully stand out against other candidates for that entry-level job,” Hoffman said.