Summary:

Timothy De Block speaks with Bruce Johnson of TekStream about a truly innovative solution to the cybersecurity skills shortage: the Student-Powered Security Operations Center (SOC). Bruce outlines how this three-way public-private partnership not only provides 24-hour threat detection and remediation serves as a robust workforce development program for university students. The conversation dives into the program's unique structure, its 100% placement rate for students, the challenges of AI "hallucinations", and how the program teaches crucial life skills like accountability and critical thinking.

The Student-Powered SOC Model

• Workforce Development: The program tackles the cybersecurity skills shortage by providing students with practical, real-world experience and helps bridge the gap where new graduates struggle to find jobs due to minimum experience requirements.

• Funding Structure: The program is built on a three-way private-public partnership involving the state, educational institutions, and Techstream. The funding for the SOC platform is often separate from the academic funding for student talent building.

• "Investment Solution": The model is positioned as an investment rather than an outsourced expense. Institutions own the licenses for their SIM environments and retain built assets, fostering collaborative value building.

• Reputational Value: The program provides significant reputational value to schools, boasting a 100% placement rate for students and differentiating them from institutions that only offer academic backgrounds.

• Cost Savings: It serves as a cost-saving measure for CISOs, as students are paid an hourly rate to perform security analyst work.

Student Training and Impact

• Onboarding and Assessment: The formal onboarding process, which includes training on tools, runbooks, and hands-on labs, has been shortened to six weeks. The biggest indicator of a student's success is their critical thinking test, which assesses logical reasoning rather than rote knowledge.

• Progression and Mentorship: Students are incrementally matured by starting with low-complexity threats (like IP reputation) and gradually advancing to higher-difficulty topics, including TTPs (Tactics, Techniques, and Procedures), utilizing a complexity scoring system. Integrated career counseling meets regularly with students to review their metrics and guide their career planning.

• Metrics and Productivity: The program has proven successful, with students handling 50% of incident volume within a quarter of onboarding, including medium to high complexity threats.

• Beyond Cybersecurity: Students gain valuable, transferable life skills, such as collaboration, accountability, professionalism, and "adulting", which helps isolated students become more engaged.

AI and the "Expert in the Loop"

• Techstream’s Overkill AI: Techstream uses its product, Overkill, for 24-hour threat detection and remediation, automating analysis, prioritization, and the creation of new detections to go "from zero to hero in 24 hours".

• Expert Supervision: Their approach is "expert in the loop" , meaning humans (students and analysts) are involved in supervising the AI, with automation being adopted incrementally as trust is built.

• The Hallucination Challenge: Timothy De Block raised concern about students lacking the experience to discern incorrect information or "hallucinations" from AI output. Bruce Johnson affirmed that the program trains students in three areas: using AI, supervising AI, and understanding AI broadly.

• Training Necessity: Students must learn how to do the traditional level one work before they can effectively supervise an AI, as experience is needed to detect when the AI makes a bad assumption.

Support the Podcast:

Enjoyed this episode? Leave us a review and share it with your network! Subscribe for more insightful discussions on information security and privacy.

Contact Information:

Leave a comment below or reach out via the contact form on the site, email timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

Social Media Links:

[RSS Feed] [iTunes] [LinkedIn][YouTube]

<form autocomplete="on" class="newsletter-form" method="POST">

Subscribe

Sign up with your email address to receive news and updates.

<label class="newsletter-form-field-label title" for="email-yui_3_17_2_1_1704234756218_68248-field">Email Address</label>
<input autocomplete="email" class="newsletter-form-field-element field-element" id="email-yui_3_17_2_1_1704234756218_68248-field" name="email" type="email" />







<button class="
newsletter-form-button
sqs-system-button
sqs-editable-button-layout
sqs-editable-button-style
sqs-editable-button-shape
sqs-button-element--primary
" type="submit" value="Sign Up">

Sign Up

</button>

We respect your privacy.

Thank you!

</form>