Management

Higher Ed, State Government Collaborate on Security Operations Centers

Efforts like these could help fill the IT skills gap while offering hands-on cybersecurity experience to students.

Tony Sivore

Tony Sivore is director of state and local government sales for CDW•G.

Andy Viano

Twitter

Andy Viano is a journalist and editor at EdTech: Focus on Higher Education.

In 2015, students at Purdue University were presented with a golden opportunity to learn firsthand about one of the most in-demand jobs in technology.

As Indiana began establishing a security operations center, it turned to Purdue, one of the state’s preeminent public universities, in search of a partner. The two were already working together through the Indiana Information Sharing and Analysis Center, so Purdue was a natural fit to host the new SOC, which would share threat information and develop strategies for cybersecurity response.

The SOC monitors the state’s government network in real time and also provides vulnerability identification and threat warnings, according to the university. It’s co-staffed by state employees and Purdue students, with the students placed as part of the Purdue Pathmaker Internship Program.

With this model, Purdue students — often computer science majors — are given entry-level positions at the Purdue Research Park where the SOC is housed. The students help tackle low-level issues, according to the university, and work under the direction of state employee managers. The state employees, who work for the Indiana Office of Technology, deal with high-priority alerts and sensitive information.

Click the banner below for exclusive content about cybersecurity in higher ed.

Working in the SOC — even at entry-level tasks — provides invaluable hands-on experience to the students, preparing them for a career in cybersecurity, where demand for skilled workers remains extremely high. The state is rewarded with access to a reliable pool of young employees to fill out its SOC staff and can tap Purdue’s resident brainpower.

It’s the sort of partnership that goes a long way toward fortifying cybersecurity, while granting important experience to the next generation of security professionals. Experts across the industry agree that it is a powerful tactic.

How Governments and Higher Ed Can Address the IT Skills Gap

The Center for Digital Government recently determined that state and local governments must overcome obstacles to carry out their cybersecurity strategies. In a CDG survey of state and local officials, 46 percent named a lack of a skilled cybersecurity workforce as their top challenge. Forty percent identified challenges with integrating security tools, and 36 percent said they were unable to rapidly respond to threats.

The National Governors Association is well aware of an IT skills gap among state governments. In 2021, the NGA stood up its latest cybersecurity policy academy, tapping Montana to host sessions on cybersecurity workforce development, which concluded in January.

“The opportunity to collaborate with other states to implement best practices and enhancements to advance our cybersecurity workforce will pay dividends by creating a job pipeline while assuring Montanans their data is protected,” Montana Director of Administration Misty Ann Giles said in a press release.

Meanwhile, college students are finding opportunities through on-campus cybersecurity training programs and being steered toward mentorship programs as a way to gain firsthand experience and prepare for entering the cybersecurity workforce. Those opportunities are helping to create a robust next generation of cybersecurity workers.

The Role of Collaboration in Government Cybersecurity

The National Association of State Chief Information Officers recommends greater collaboration between states and public institutions of higher learning to improve government cybersecurity.

In 2020, NASCIO reported that only 24 percent of state colleges and universities collaborate extensively with state governments on cybersecurity; 63 percent reported limited collaboration. Similarly, 27 percent of community colleges reported no collaboration.

In the 2020 report, NASCIO updated a call for states to team with higher education. “CISOs should consider leveraging public-private partnerships and collaborations with local colleges and universities to provide a pipeline of new talent,” NASCIO says in the report. State CISOs should turn to colleges and universities to build this pipeline through internships, co-ops and apprentice programs. They also should work together to improve digital services across states.

LEARN MORE: Artificial intelligence and the future of storm forecasting.

How Hands-On Experience Can Strengthen Cybersecurity

In April, the Texas Department of Information Resources said it would set up a regional SOC in partnership with Angelo State University. The SOC will provide real-time network security monitoring in an initiative to detect and respond to network incursions. The regional SOC, or RSOC, will be available to help local counties, municipalities, utilities and other public sector entities with cybersecurity operations.

As Government Technology reports, “While not specifically mentioned in the enacting statute, Senate Bill 475, a crucial element of the RSOC is engaging students to participate in providing RSOC services, giving them valuable hands-on experience while offsetting staffing costs.”

“The RSOC will also offer network security infrastructure that local governments can utilize and give university students hands-on experience to strengthen the cybersecurity workforce of tomorrow,” Angelo State said in a press release.

If successful, Texas will duplicate the RSOC structure across 11 additional districts. It’s a model for every state government to consider.

A version of this story first appeared as part of StateTech magazine’s CITizen blog series.

2d illustrations and photos/Getty Images