Re: Quick Poll Results Follow Up - Student Workers in SOC

[Kevin Wilcox <wilcoxkm () APPSTATE EDU>]

On Thu, Jun 4, 2020 at 2:05 PM Ronald Loneker <rloneker () cse edu> wrote:

> I did notice the one comment at the end about a school using student workers in their SOC.
>
> I'm interested in hearing from any institution who is doing this and what duties/responsibilities you are assigning 
> to students.  I already use student workers in a non IT security area I manage so it might be another area to grow 
> for me if it can be helpful.

We just spun this up last academic year. They get read access to the
SIEM, they have the ability to quarantine/isolate systems via the EDR,
they get DLP access, can assign re-image tickets for compromised
hosts...our stance is that they are InfoSec employees so they're
treated like a staff hire.

The more interesting things they get to work on are scripting against
various cloud APIs and writing custom parsers/enrichment filters for
the SIEM.

It's been really nice.

kmw

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community