Educause Security Discussion mailing list archives
Re: Quick Poll Results Follow Up - Student Workers in SOC
From: "Koppel, Lorna" <Lorna.Koppel () TUFTS EDU>
Date: Thu, 4 Jun 2020 21:21:58 +0000
We use student workers and interns actively in our SOC too. We have them go through an interview process, sign confidentiality agreements, and train/work with them to get a feel if we can trust them. We spend a good amount of time up front discussing their responsibilities and confidentiality, and generally pretty quickly they get same access and duties as our full-time SOC folks. We even give them small projects so they can ultimately have items to put on their resume. We also bring in CS students to do our code development and integrations. In our case most of the SOC student workers/interns come from local community colleges. The Tufts students prefer to do more development and coding work. Like others have said, the key is we have procedures and workflows they are expected to follow. They start with smaller ops work and discuss with us as they go. As we get more comfortable with their skills and judgment calls, we have them take on more and more. If we have a super sensitive investigation, we don’t include the students to do the sticky analysis work but they might help out with some of the data gathering. We look at this as a win-win: Students get real-world experience and perspective; the security community gets more people who know/appreciate/or even LOVE InfoSec as a career; and we get cost-effective resources with different perspectives. Lorna L. Koppel Director of Information Security Tufts University 169 Holland Street<x-apple-data-detectors://1/0> Somerville, MA 02144<x-apple-data-detectors://1/0> Phone: 617.627.0885 Email: lorna.koppel () tufts edu<mailto:lorna.koppel () tufts edu> Information Security is Everyone’s Responsibility! Learn more<https://it.tufts.edu/ncsam>. ----------------------------------------------------------------------------------------------- TTS will NEVER ask for passwords or other personal information via email. ----------------------------------------------------------------------------------------------- For IT support, contact the TTS Service Desk at 617-627-3376 or it () tufts edu From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Mac McGaughy Sent: Thursday, June 4, 2020 2:52 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Quick Poll Results Follow Up - Student Workers in SOC We have student workers that conduct security operations tasks. The key is having well-documented procedures and workflows. They need to know when an incident needs to be elevated, and separation of duties is very important. Student-workers provide a wealth of coding experience here at UNCC, our cybersecurity academic program is very code-heavy. --------------------------------------------------------------------------------------------------------------------------------------------------- Jessie McGaughy | CISSP-ISSAP<https://www.isc2.org/Certifications/CISSP>, CISSP,<https://www.isc2.org/Certifications/CISSP> CCSP<https://www.isc2.org/Certifications/CCSP>, PMP<https://www.pmi.org/certifications/types/project-management-pmp>, C|EH<https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/>, ITIL<https://www.axelos.com/best-practice-solutions/itil> Chief Information Security Officer UNC Charlotte | Kennedy Bldg 330B 9201 University City Blvd | Charlotte, NC 28223 jmcgaug1 () uncc edu<mailto:jbeauman () uncc edu> | Phone: 704-687-8548 itservices.uncc.edu<http://itservices.uncc.edu/> --------------------------------------------------------------------------------------------------------------------------------------------------- If you are not the intended recipient of this transmission or a person responsible for delivering it to the intended recipient, any disclosure, copying, distribution, or other use of any of the information in this transmission is strictly prohibited. If you have received this transmission in error, please notify me immediately by reply e-mail or by telephone. Thank you. On Thu, Jun 4, 2020 at 2:28 PM Kevin Wilcox <wilcoxkm () appstate edu<mailto:wilcoxkm () appstate edu>> wrote: On Thu, Jun 4, 2020 at 2:05 PM Ronald Loneker <rloneker () cse edu<mailto:rloneker () cse edu>> wrote:
I did notice the one comment at the end about a school using student workers in their SOC. I'm interested in hearing from any institution who is doing this and what duties/responsibilities you are assigning to students. I already use student workers in a non IT security area I manage so it might be another area to grow for me if it can be helpful.
We just spun this up last academic year. They get read access to the SIEM, they have the ability to quarantine/isolate systems via the EDR, they get DLP access, can assign re-image tickets for compromised hosts...our stance is that they are InfoSec employees so they're treated like a staff hire. The more interesting things they get to work on are scripting against various cloud APIs and writing custom parsers/enrichment filters for the SIEM. It's been really nice. kmw ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- Quick Poll Results Follow Up - Student Workers in SOC Ronald Loneker (Jun 04)
- Re: Quick Poll Results Follow Up - Student Workers in SOC Rick Haugerud (Jun 04)
- Re: Quick Poll Results Follow Up - Student Workers in SOC Kevin Wilcox (Jun 04)
- Re: Quick Poll Results Follow Up - Student Workers in SOC Mac McGaughy (Jun 04)
- Re: Quick Poll Results Follow Up - Student Workers in SOC Koppel, Lorna (Jun 04)
- Re: Quick Poll Results Follow Up - Student Workers in SOC Mac McGaughy (Jun 04)
- Re: Quick Poll Results Follow Up - Student Workers in SOC Douglas R. Lomsdalen (Jun 04)
- Re: Quick Poll Results Follow Up - Student Workers in SOC Grundig, Thomas J (Jun 04)
- Re: Quick Poll Results Follow Up - Student Workers in SOC Gregory A Jackson (Jun 04)