The ‘mutual benefit’ of student-run cyber centers on campus

Sean Anthony Eddy via Getty Images

By Stephanie Kanowitz,
Contributor, Route Fifty

| April 8, 2025

A number of universities are opening security operations centers to deal with cybersecurity incidents and monitoring, and have students help run them alongside full-time staff.

To ensure robust cybersecurity amid times of uncertain budgets and growing threats, public universities are turning to a readily available resource for help: their students.

Several schools have stood up student-run security operations centers known as SOCs. They are organizations that monitor, detect, analyze, respond to and report on cybersecurity incidents.

“We have smart and capable students who are eager to learn, who want to increase their experience, and get hands-on experience with these things,” said Vito Rocco, chief information security officer at the University of Nevada at Las Vegas and one of three panelists to speak on the topic during a recent Splunk webinar. “We’re able to scale up our security visibility and response, while at the same time building out that workforce development pipeline so our students get real experience, and it’s a cost savings for us as well.”

UNLV launched its SOC in 2022 and has a 100% job placement rate for graduates, according to Splunk. Now, the university is working with Nevada’s chief information officer and the Office of Cyber Defense Coordination on building a statewide model that would let UNLV support smaller communities, counties and towns that don’t have the resources to have their own SOCs, Rocco said.

That’s in line with work that Louisiana State University has been doing since 2023, when state lawmakers allocated $7.5 million to expand the school’s student-run SOC to protect all the higher education institutions statewide.

“When we designed this program, we had multiple goals,” said Craig Woolley, LSU’s CIO. “First and foremost, it was increasing the cybersecurity protection at LSU, but then right away, we knew we wanted to do this at scale.”

No other school in Louisiana had a SOC on par with LSU’s. In 2023, the National Security Administration designated the university as a Center of Excellence for Cybersecurity, the only university to receive the honor in Cyber Operations.

Universities have two choices, Woolley said. They can open their own student-run SOC with support from LSU through what he calls a franchise model.

“Their students will be trained in the same way we train our students,” he said, adding that two schools participate this way: LSU’s campus in Shreveport and Louisiana Tech University. “What we've called this is a neighborhood watch program, where the intelligence that is gathered by any school protection is shared amongst all the schools almost instantaneously, which makes us all stronger together and collectively,” Woolley added.

If schools opt not to open a SOC, they “will come under the LSU umbrella,” Woolley said. Currently, LSU’s SOC serves about 25 schools and plans to add 13 more by the end of this year or early next.

The University of Cincinnati has long employed students in various roles so when it set up a SOC a few years ago, several students began supporting full-time employees, said Matthew Williams, the university’s deputy CISO and executive director of information security.

“We don’t have an unlimited budget, so it’s a mutual benefit for us to employ and provide experience for students,” Williams said. “Students are much cheaper than full-time staff. Every alert that they process in lieu of a full-time staff member taking it, there is cost savings. … At the same time, we’re augmenting the full-time employees on Tier 2 and Tier 3 SOC issues.”

The experience has been so successful that the SOC is moving to a larger facility, which will enable it to increase the number of student employees from four to 10. It’s not without its challenges, however.

“Many of our graduate IT students are international students, and like many other state institutions, we have a lot of regulations that we have to be in compliance with,” Williams said. “That limits those that can be around certain types of data to U.S. citizens or green card holders…. One of the things that we were able to do is create a segmented area of our SOC where we are only providing certain data indices to those students.”

For other universities looking to save money while maintaining robust cybersecurity by training and hiring students, “don’t try to re-create the wheel,” Woolley said. “One great thing about higher ed that I love is the collaboration, and we can learn from each other, and not have to build a program from scratch, which can be costly,” he added. Rocco recommended diving in.

“Start doing something,” he said. “With the possible federal funding cuts coming, none of us know exactly what’s going to happen. I think this model is sustainable. We can continue to use that student talent there, and I think cyber resilience isn't just always about throwing more money at the problem. It's about looking at how you use your resources a little differently.”

NEXT STORY: After RIBridges breach, R.I. state agencies share high tech wish lists at budget hearing

This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. / Do Not Sell My Personal Information

Accept Cookies