Skip to main content

Perspectives Home / CISO CIRCLE

A Tale of Two SOCs: How Student-Powered Security Operations Centers Are Addressing the Cyber Talent Shortage

Universities with student SOC programs are giving their students the opportunity to develop useful skillsets and receive real-world training in cybersecurity.

If there’s one thing that institutions of higher learning can do well, it’s finding creative ways to solve some of the world’s toughest problems. And lately, colleges and universities across the country are facing a big one: alarming shortages of cybersecurity talent.

Like many U.S. industries, the public sector faces a shrinking cybersecurity workforce. Across the country, more than 570,000 cybersecurity jobs remain open, according to data from CyberSeek. But with only 69 trained workers available for every 100 jobs, many of those positions won’t be filled, especially in a sector that struggles to compete with the eye-popping salaries of technology, financial services, and other industries. 

Complicating the matter is that higher education is increasingly a cybercrime target. The sector experienced the highest number of cyberattacks in the first quarter of 2023, averaging 2,507 attempts per college or university per week, a 15% increase compared to the first quarter of 2022. Meanwhile, colleges and universities around the country are struggling to fill IT staffing shortages, with nearly three-quarters (74%) of campus leaders saying that hiring IT employees is a "moderate" or "severe" challenge.

If there is a silver lining, however, it’s that some of the country’s best institutions of higher learning are stepping up to solve the problem with on-campus, student-powered security operations centers (SOCs). The following article illuminates the paths of student SOCs in two universities — both in different stages of their initiatives — and the various ways the students are impacting their own futures and the universities they attend. 

Louisiana State University: Building a SOC

Louisiana State University (LSU) already had a reputation for being one of the state's leading cybersecurity education centers. In fact, its commitment to cybersecurity was so strong that in 2023, the National Security Administration recognized the university, designating LSU as a Center of Excellence for Cybersecurity — the only university to receive the honor in Cyber Operations.

The previous year, LSU President William Tate had announced that he wanted the university to become a leader in cybersecurity. The additional resources from their NSA designation and dedicated state funding meant that they could not only put more funding into student cybersecurity education, but could also provide hands-on training that would give the students real-world experience. By fall 2023, the university stood up its first student-powered SOC, in partnership with Splunk and managed service provider TekStream, to protect its networks and other Louisiana colleges and universities from cyberattacks. 

“One of the most compelling aspects of the SOC is that it will be open to all students, since talent for cyber isn’t only about being good at computer science, but also understanding logic and human behavior,” said Craig Woolley, chief information officer at LSU, in a press release. “We’re deeply appreciative that TekStream was open to our idea of working together on both the defense and educational aspects of our model, enabling the ability to scale to other schools with LSU going first.”

News of LSU’s new student SOC circulated throughout the student population by word of mouth. Although it was never officially advertised, more than 100 students applied for 16 roles. The university hired its first SOC “class” in the fall of 2023, with the aim of teaching valuable skills such as tier one incident response, threat detection, and remediation. 

During their SOC experience, students work hand-in-hand with TekStream analysts on investigations within the Splunk SOAR platform while also learning critical problem-solving skills, such as how to determine if an incident requires automated remediation or falls outside the scope of automated response. 

While its overall impact remains to be determined, LSU’s initiative has already sparked a ripple effect, serving as a franchise template currently being replicated in other universities throughout the state wanting to join the program. Statewide, two more schools have started student SOC programs, with two to three more potentially in the works. And little by little, more are jumping on board. 

A cyber state of emergency

LSU’s student-powered SOC is indisputably a major asset to both students and the university. It also answers, at least in part, the glaring cybersecurity talent shortage and skills gaps that have plagued the university system, state and local government, and other public sector organizations for years. 

While Louisiana’s strong college and university curriculum in cybersecurity had given rise to a robust security workforce, a limited job market was driving away many young cybersecurity workers. The ongoing talent turnover left Louisiana school systems vulnerable to a series of cybersecurity attacks in 2019, prompting Governor John Bel Edwards to issue the state’s first-ever cybersecurity state of emergency — a directive that remains in effect to this day. With the state of emergency in place, the government was able to bring state-wide coordination to address the problem, channeling resources to fund cyber response teams to municipalities and school boards throughout the state. But while the measure provided temporary relief to schools and public sector organizations, more was needed for a sustainable, long-term solution. 

Currently, numerous industries, both private and public, are still in great need of cyber professionals with hands-on experience. With the LSU student SOC, and other student SOCs around the state, the hope is that they will provide a much-needed antidote to talent shortages by exposing more and different types of students from broader educational backgrounds and majors to cyber roles — and then funneling that talent into local workforces, along with incentives for them to remain in-state. 

And the potential for future full-time job placement at LSU and elsewhere throughout the university system also gives students one more reason to stay closer to home.

California Polytechnic State University: Having an impact

One might think that as home to some of the world’s largest technology organizations, California higher education institutions wouldn’t face a growing talent shortage within the state. But, as in other states, much of the top talent is pulled into the private sector early, leaving many public sector organizations scrambling. 

Fueled by its “Learn by Doing” founding philosophy, California Polytechnic State University (Cal Poly) stepped up in 2019 to address critical cyber talent shortages with its own student-powered SOC. Under the guidance and supervision of senior staff engineers, students on teams of three to six per quarter receive live training on numerous aspects of the university’s security posture and operations — including designing, building, and monitoring Splunk dashboards that track destructive threats and system disruptions. 

Students are trained via Splunk courses and with hands-on tier one response activities. Some SOC operations include identifying potentially compromised account Slack automation, vulnerability management, data analysis, and reporting, and risk-based alerting for endpoints in Splunk. By the time they leave the program, students will have proficiency in key competencies such as SIEM, monitoring systems, and developing and planning procedures, as well as collaboration, communication, and critical thinking skills. 

“We do lots of over-the-shoulder training with them,” said Doug Lomsdalen, Cal Poly CISO, according to eCampus News. “We walk them through how to address specific alerts and emails, and then we give them the keyboard and go from there. They’re always being monitored by full-time staff — our students are never working by themselves.”

Since the SOC’s implementation, the students have already had an impact: In 2022, student teams addressed more than 2,000 tier one security events and successfully reduced phishing attacks by 16% year-over-year. 

Backed by past success and strong momentum, coordinators want to expand the program. That effort is bolstered by researchers from Splunk SURGe, who excite future generations by visiting campus and talking about promising career possibilities in the world of cybersecurity. 

Opening doors to the future

Many of these student SOC programs are a work in progress, representing just one way to tackle complex, ongoing issues that lack simple solutions. But by leaning on their own source of homegrown talent, these universities offer students the opportunity to develop skillsets they can carry with them throughout their careers, while receiving real-world training that will set them up for future success. In addition to gaining skills and possibly a new career path, students have the opportunity to protect an institution that’s meaningful to them and their communities.

These initiatives create a win-win situation for everyone. They’re already opening new doors for students, invigorating them to consider cybersecurity as a promising career. 

We look forward to seeing what these future generations will achieve. 

To learn more about the many ways Splunk can support public-sector industries, please visit our Public Sector industry page

And for more perspectives from public sector thought leaders delivered straight to your inbox, sign up for our monthly newsletter.

Read more Perspectives by Splunk

MARCH 18, 2024 • 4 minute read

Power to the People: How AI and 5G Will Democratize Cyberwar

How generative AI will be used for ill in 2024.

MARCH 4, 2024 • 4 minute read

On Road Maps, Strong Board Relationships and Passionate Security Teams: A Q&A with Soriana CISO Sergio Gonzalez

The Chief Information Security Officer of one of Mexico’s largest grocery chains weighs in on the key ingredient for a successful security team, managing risk and more.

FEBRUARY 9, 2024 • 4 minute read

5 Ingredients for a Robust Cybersecurity Culture

What it takes to help every part of your organization understand the function and value of security.

Get more perspectives from security, IT and engineering leaders delivered straight to your inbox.