Re: Quick Poll Results Follow Up - Student Workers in SOC

["Koppel, Lorna" <Lorna.Koppel () TUFTS EDU>]

We use student workers and interns actively in our SOC too.  We have them go through an interview process, sign 
confidentiality agreements, and train/work with them to get a feel if we can trust them.  We spend a good amount of 
time up front discussing their responsibilities and confidentiality, and generally pretty quickly they get same access 
and duties as our full-time SOC folks.  We even give them small projects so they can ultimately have items to put on 
their resume.   We also bring in CS students to do our code development and integrations. In our case most of the SOC 
student workers/interns come from local community colleges.  The Tufts students prefer to do more development and 
coding work.

Like others have said, the key is we have procedures and workflows they are expected to follow. They start with smaller 
ops work and discuss with us as they go.  As we get more comfortable with their skills and judgment calls, we have them 
take on more and more.  If we have a super sensitive investigation, we don’t include the students to do the sticky 
analysis work but they might help out with some of the data gathering.

We look at this as a win-win:  Students get real-world experience and perspective; the security community gets more 
people who know/appreciate/or even LOVE InfoSec as a career; and we get cost-effective resources with different 
perspectives.


Lorna L. Koppel
Director of Information Security
Tufts University
169 Holland Street<x-apple-data-detectors://1/0>
Somerville, MA 02144<x-apple-data-detectors://1/0>
Phone: 617.627.0885
Email: lorna.koppel () tufts edu<mailto:lorna.koppel () tufts edu>

Information Security is Everyone’s Responsibility! Learn more<https://it.tufts.edu/ncsam>.
-----------------------------------------------------------------------------------------------
TTS will NEVER ask for passwords or other personal information via email.
-----------------------------------------------------------------------------------------------
For IT support, contact the TTS Service Desk at 617-627-3376 or it () tufts edu

From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Mac McGaughy
Sent: Thursday, June 4, 2020 2:52 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Quick Poll Results Follow Up - Student Workers in SOC

We have student workers that conduct security operations tasks.  The key is having well-documented procedures and 
workflows.  They need to know when an incident needs to be elevated, and separation of duties is very important.  
Student-workers provide a wealth of coding experience here at UNCC,  our cybersecurity academic program is very 
code-heavy.
---------------------------------------------------------------------------------------------------------------------------------------------------
Jessie McGaughy | CISSP-ISSAP<https://www.isc2.org/Certifications/CISSP>, 
CISSP,<https://www.isc2.org/Certifications/CISSP> CCSP<https://www.isc2.org/Certifications/CCSP>, 
PMP<https://www.pmi.org/certifications/types/project-management-pmp>, 
C|EH<https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/>, 
ITIL<https://www.axelos.com/best-practice-solutions/itil>
Chief Information Security Officer
UNC Charlotte | Kennedy Bldg 330B
9201 University City Blvd | Charlotte, NC 28223
jmcgaug1 () uncc edu<mailto:jbeauman () uncc edu> | Phone: 704-687-8548
itservices.uncc.edu<http://itservices.uncc.edu/>
---------------------------------------------------------------------------------------------------------------------------------------------------
If you are not the intended recipient of this transmission or a person responsible for delivering it to the intended 
recipient, any disclosure, copying, distribution, or other use of any of the information in this transmission is 
strictly prohibited. If you have received this transmission in error, please notify me immediately by reply e-mail or 
by telephone. Thank you.



On Thu, Jun 4, 2020 at 2:28 PM Kevin Wilcox <wilcoxkm () appstate edu<mailto:wilcoxkm () appstate edu>> wrote:
On Thu, Jun 4, 2020 at 2:05 PM Ronald Loneker <rloneker () cse edu<mailto:rloneker () cse edu>> wrote:

> I did notice the one comment at the end about a school using student workers in their SOC.
>
> I'm interested in hearing from any institution who is doing this and what duties/responsibilities you are assigning 
> to students.  I already use student workers in a non IT security area I manage so it might be another area to grow 
> for me if it can be helpful.

We just spun this up last academic year. They get read access to the
SIEM, they have the ability to quarantine/isolate systems via the EDR,
they get DLP access, can assign re-image tickets for compromised
hosts...our stance is that they are InfoSec employees so they're
treated like a staff hire.

The more interesting things they get to work on are scripting against
various cloud APIs and writing custom parsers/enrichment filters for
the SIEM.

It's been really nice.

kmw

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community