Chapter 3
Advancing
Cybersecurity and
Career-Readiness in
Academic Institutions
By Bill Britton
Cybersecurity is a daily battle and one that is ever-changing. With large user populations and expansive attack opportunities, universities are prime targets for cybercriminals and malicious cyberactivity. There are tons of new academic programs emerging for cybersecurity every year, but the California Polytechnic State University (Cal Poly) in San Luis Obispo was designed to give students real hands-on experience with an on-campus Learning Security Operations Center (Learning SOC).
The Cal Poly Information Security Office established the Learning SOC with a two-fold mission: protect the campus from cyberthreats and train the future cybersecurity workforce. Like most universities, Cal Poly’s cybersecurity landscape is truly complex, and the university’s cybersecurity posture is critical to all operations. The Learning SOC leads real-time incident response and drives ongoing security improvements to protect the university from cyberthreats. The Learning SOC provides real-world cybersecurity protection methodologies.
01
Learn by Doing
Each student is personally mentored and contributes via an individualized professional development plan (e.g., data analysis, programming, statistical modeling). A team of five to eight students works on real-world campus security problems through a robust summer internship program. The focus is to improve campus security and daily operations, both academic and administrative.
Student professional development is recognized via a structured Learning SOC analyst badging program achieved by meeting four defined core competencies: security incident and event management; process and procedures; monitoring and alerting; and collaborate, communicate, and critical thinking.
02
A Day in the Life of a Learning SOC
Cal Poly’s Learning SOC is tasked with providing around-the-clock protection from cyberthreats, which is made possible by an analyst team of two to four students each quarter. “It’s the students who provide the first, tier-one incident response,” said Doug Lomsdalen, Chief Information Security Officer for Cal Poly.
Many Learning SOC student staff first grew their skills at Cal Poly's California Cybersecurity Institute (CCI). At CCI, students focus on developing their cyber understanding and application management skills while working on educational programs, such as the game-based Space Grand Challenge cyber training platform. CCI helps address the serious workforce development problem and California's growing cybersecurity defense challenges. Students then take the knowledge gained from their hands-on experience at CCI and apply it to the demanding environment of the Learning SOC.
The onslaught of security alerts is a huge part of the job. Flagging alerts include tricky false positives and anomalies that require human review and interaction.
Overarching daily Learning SOC analyst responsibilities include:
Monitoring and analyzing the network traffic of Cal Poly community members for malicious activity.
01
Responding to emails and phone calls from Cal Poly community members regarding MS-ISAC/EI-ISAC notifications and any cyber incidents they may be experiencing.
02
Adding, removing, or updating IP addresses and domains provided by members interested in passive monitoring services.
03
Collaborating with the Intelligence team and the Computer Emergency Response team to ensure awareness of any cyber trends that could impact Cal Poly community members.
04
Monitoring open-source resources for nefarious postings that include any data from Cal Poly community members.
05
Cal Poly thwarts more than 1 million threats each day and takes less than five minutes to respond to incidents thanks to programmatic alerts that provide 24/7 visibility. Security monitoring and data-driven decisions are paramount and drive how the Learning SOC operates.
02
Ready for Day One of Employment
The Learning SOC prepares students to be ready on day one for employment in a rapidly changing cybersecurity industry. The skills required to work as an analyst in a SOC are demanding, and attention to detail is significant. SOC teams detect and respond to cybersecurity threats and vulnerabilities, and many concepts are needed to be an effective SOC analyst: host-based analysis, security policies and procedures, security monitoring, and information security research.
The Cal Poly Learning SOC works with state-of-the-art security tools. Students receive formal SIEM training, and then develop Cal Poly-specific modules to help secure the Cal Poly ecosystem. Other tools used in academia may include industry partnerships, academic research, collaborations with professional associations, industry certifications, and the campus cybersecurity curriculum.
With unparalleled training resources and tools, universities are uniquely positioned to stay ahead of the evolving cyberthreat landscape.
Along with preparing students for a career in cybersecurity, a Learning SOC model fosters cyber resilience in academic institutions and enables continuous service to campus, despite cyberattacks.
About the author
Bill Britton
Bill Britton is the Vice President of Information Technology and Chief Information Officer at Cal Poly. Contributors to the chapter include: Henry Danielson, Technical Advisor, California Cybersecurity Institute, and Doug Lomsdalen, Information Security Officer, Cal Poly Information Technology Services.
Website
Twitter
LinkedIn
Next Chapter
Break into Cybersecurity by Leveraging LinkedIn
Previous Chapter
The Hard and Soft Skills Needed to Crush a SOC Role
[ Learn by Doing ]
[ A Day in the Life of a Learning SOC ]
[ Ready for Day One of Employment ]
Chapter 3
Advancing
Cybersecurity and
Career-Readiness in
Academic Institutions
By Bill Britton
Cybersecurity is a daily battle and one that is ever-changing. With large user populations and expansive attack opportunities, universities are prime targets for cybercriminals and malicious cyberactivity. There are tons of new academic programs emerging for cybersecurity every year, but the California Polytechnic State University (Cal Poly) in San Luis Obispo was designed to give students real hands-on experience with an on-campus Learning Security Operations Center (Learning SOC).
The Cal Poly Information Security Office established the Learning SOC with a two-fold mission: protect the campus from cyberthreats and train the future cybersecurity workforce. Like most universities, Cal Poly’s cybersecurity landscape is truly complex, and the university’s cybersecurity posture is critical to all operations. The Learning SOC leads real-time incident response and drives ongoing security improvements to protect the university from cyberthreats. The Learning SOC provides real-world cybersecurity protection methodologies.
01
Learn by Doing
Each student is personally mentored and contributes via an individualized professional development plan (e.g., data analysis, programming, statistical modeling). A team of five to eight students works on real-world campus security problems through a robust summer internship program. The focus is to improve campus security and daily operations, both academic and administrative.
Student professional development is recognized via a structured Learning SOC analyst badging program achieved by meeting four defined core competencies: security incident and event management; process and procedures; monitoring and alerting; and collaborate, communicate, and critical thinking.
02
A Day in the Life of a Learning SOC
Cal Poly’s Learning SOC is tasked with providing around-the-clock protection from cyberthreats, which is made possible by an analyst team of two to four students each quarter. “It’s the students who provide the first, tier-one incident response,” said Doug Lomsdalen, Chief Information Security Officer for Cal Poly.
Many Learning SOC student staff first grew their skills at Cal Poly's California Cybersecurity Institute (CCI). At CCI, students focus on developing their cyber understanding and application management skills while working on educational programs, such as the game-based Space Grand Challenge cyber training platform. CCI helps address the serious workforce development problem and California's growing cybersecurity defense challenges. Students then take the knowledge gained from their hands-on experience at CCI and apply it to the demanding environment of the Learning SOC.
The onslaught of security alerts is a huge part of the job. Flagging alerts include tricky false positives and anomalies that require human review and interaction.
Overarching daily Learning SOC analyst responsibilities include:
Monitoring and analyzing the network traffic of Cal Poly community members for malicious activity.
01
Responding to emails and phone calls from Cal Poly community members regarding MS-ISAC/EI-ISAC notifications and any cyber incidents they may be experiencing.
02
Adding, removing, or updating IP addresses and domains provided by members interested in passive monitoring services.
03
Collaborating with the Intelligence team and the Computer Emergency Response team to ensure awareness of any cyber trends that could impact Cal Poly community members.
04
Monitoring open-source resources for nefarious postings that include any data from Cal Poly community members.
05
Cal Poly thwarts more than 1 million threats each day and takes less than five minutes to respond to incidents thanks to programmatic alerts that provide 24/7 visibility. Security monitoring and data-driven decisions are paramount and drive how the Learning SOC operates.
Ready for Day One of Employment
The Learning SOC prepares students to be ready on day one for employment in a rapidly changing cybersecurity industry. The skills required to work as an analyst in a SOC are demanding, and attention to detail is significant. SOC teams detect and respond to cybersecurity threats and vulnerabilities, and many concepts are needed to be an effective SOC analyst: host-based analysis, security policies and procedures, security monitoring, and information security research.
The Cal Poly Learning SOC works with state-of-the-art security tools. Students receive formal SIEM training, and then develop Cal Poly-specific modules to help secure the Cal Poly ecosystem. Other tools used in academia may include industry partnerships, academic research, collaborations with professional associations, industry certifications, and the campus cybersecurity curriculum.
With unparalleled training resources and tools, universities are uniquely positioned to stay ahead of the evolving cyberthreat landscape.
Along with preparing students for a career in cybersecurity, a Learning SOC model fosters cyber resilience in academic institutions and enables continuous service to campus, despite cyberattacks.
About the author
Bill Britton
Bill Britton is the Vice President of Information Technology and Chief Information Officer at Cal Poly. Contributors to the chapter include: Henry Danielson, Technical Advisor, California Cybersecurity Institute, and Doug Lomsdalen, Information Security Officer, Cal Poly Information Technology Services.
Website
Twitter
LinkedIn
Next Chapter
Break into Cybersecurity by Leveraging LinkedIn
Previous Chapter
The Hard and Soft Skills Needed to Crush a SOC Role
Chapters
01
So You Want to Be a
SOC Analyst
02
The Hard and Soft Skills Needed to Crush a SOC Role
03
Advancing Cybersecurity and Career-Readiness in Academic Institutions
04
Break into Cybersecurity by Leveraging LinkedIn
05
Navigating Your Cybersecurity Career as a SOC Analyst
06
Becoming a Security Researcher: 5 Questions Answered
07
Positioning Yourself for a SOC Leadership Role
08
Balancing Your Career and Wellness: A Hopeful Message for the SOC Community
09
Change, Challenges, and Priorities
Back to Home
Chapters
01
So You Want to Be a SOC analyst...
02
The Hard and Soft Skills Needed
to Crush a SOC Role
03
Advancing Cybersecurity and Career-Readiness in Academic Institutions
04
Break into Cybersecurity by Leveraging LinkedIn
05
Navigating Your Cybersecurity Career as a SOC Analyst
06
Becoming a Security Researcher:
5 Questions Answered
07
Positioning Yourself for a SOC Leadership Role
08
Balancing Your Career and Wellness: A Hopeful Message for the SOC Community
09
Change, Challenges, and Priorities
Back to Home