Announcing the 2026 National Higher Education Boss of the SOC (BOTS) Winner

Industries Tom Smit

Key takeaways

  1. The 2026 Boss of the SOC competition brought together higher education cybersecurity teams to practice real-world threat detection and response using Splunk Security tools.
  2. Participants worked through hands-on challenges that tested their ability to investigate attacks, analyze data, and respond quickly under pressure.
  3. The event highlighted the importance of collaboration, skill-building, and community learning in strengthening cybersecurity across colleges and universities.

On April 15, 2026, teams of cyber defenders from across the country gathered for the annual Boss of the SOC (BOTS) competition — an event proudly sponsored by the North American Splunk‑sponsored Higher Education User Group. Designed specifically for the higher education community, this hands‑on event provided a collaborative forum for universities and research organizations to sharpen their security operations skills while learning alongside peers.

Boss of the SOC is a fast‑paced, blue‑team capture‑the‑flag competition that immerses participants in the role of a security operations center (SOC) analyst. Using the integrated power of Splunk Security, contestants raced against the clock to investigate alerts, analyze data, and respond to realistic security incidents drawn from massive, real‑world datasets—all within a safe, risk‑free environment.

Led by industry specialists and supported by the Higher Education User Group, the event emphasized practical learning, peer engagement, and shared best practices across the higher education security community. Participants tested their investigative instincts and tactical creativity while tackling challenges such as uncovering stealthy adversaries, pivoting across cloud and on‑prem data, and disrupting simulated threat actors like the infamous “Angry Alpaca” group.

Each year, the talent and determination on display continue to impress. The 2026 competition was no exception, showcasing the resilience, speed, and analytical skill of higher education cyber defenders working under pressure—skills that are critical to protecting today’s academic and research environments.

2026 Higher Education BOTS Winners:

Congratulations to our winners and to all participants who dedicated their time and expertise to this event. Your commitment to strengthening cybersecurity across higher education is exactly what the North American Splunk Higher Education User Group was created to support—community‑driven learning, collaboration, and skill development.

Interested in continuing your Boss of the SOC journey? You can play the original BOTS experience at bots.splunk.com, or join us at .conf26 for BOTS 11, debuting in September 2026.

/en_us/blog/fragments/the-student-powered-soc-handbook
style
two-column

Related Articles

Splunk Gets the Hat Trick!
Security
2 Minute Read

Splunk Gets the Hat Trick!

Splunk Enterprise Security was named a leader in SIEM and security analytics by three analyst firms - Forrester, IDC and a third analyst firm. In fact, Splunk is the only SIEM provider to be named a “Leader” in SIEM by all three top analyst reports.
The New & Improved Splunk Guide to Risk-Based Alerting
Security
3 Minute Read

The New & Improved Splunk Guide to Risk-Based Alerting

Splunker Haylee Mills shares a brand new version of the step-by-step guide to success with the risk-based alerting framework.
Bringing Data-Centric Security to RSAC 2022
Security
3 Minute Read

Bringing Data-Centric Security to RSAC 2022

Check out what Splunk has in store at RSA Conference 2022, including theater sessions, demos and a keynote presentation from Splunk CEO Gary Steele.
/en_us/blog/fragments/about-splunk
/en_us/blog/fragments/perspectives-promo