Higher education is a prime target for cybercriminals. Universities store vast amounts of sensitive data, must manage massive device networks with minimal visibility and often don’t have the IT resources to enable greater protection. Still, they do have one resource other organizations may not — students.
Turning to the student body for help overcoming persistent cyber threats is an increasingly popular strategy for today’s universities. It can also be a great way to expand cybersecurity awareness and action within the local community. Here’s a closer look at how students are teaming up with campus IT teams to bolster their schools’ security.
1. Staffing SOCs
Many schools have turned to students earning security degrees to fill roles within their security operations centers (SOCs). SOCs are the beating heart of an institution’s cybersecurity, but finding enough qualified workers to keep them running efficiently is challenging.
A worrying 67% of security teams say they faced staffing shortages in the past year, and 37% face budget cuts that could make hiring difficult. Students are an ideal solution. SOCs can hire students through part-time or work-study programs to grow their cybersecurity workforce at rates far below industry standards. That way, they ensure quick responses despite constrained budgets and a competitive labor market.
This arrangement benefits students, too. Participants in SOCs can gain real-world experience that will grow their skills and help them secure a full-time security position after college.
2. Running Security Clinics
Other institutions use student volunteers to staff cybersecurity clinics for peers, faculty, staff and even local businesses. Free, volunteer-run clinics are common in the medical industry to expand care and give learners experience, and similar benefits apply to the cybersecurity space.
Everyone needs good cybersecurity, but many don’t understand that need or know how to resolve it. As a result, 13% of the world’s data lacks necessary protections. Student-run clinics can help close the gap by having those earning their IT security degrees share their knowledge and experience with other users who may be less familiar with best practices.
Clinics can teach users how to spot phishing attempts, educate people about good credential management or even offer case-specific advice for improving a user’s or business’s cybersecurity. Talking with people about real-world security issues gives students more experience, and those visiting the clinic can get needed help without higher IT spending.
3. Hackathons
Another approach is to host hackathons where students can showcase their skills as they compete to overcome current security challenges. White-hat hacking is a big industry — it’s a growing $4 billion market in the U.S. — and getting students into it can be a great way to solve pressing needs without disrupting normal IT daily work.
Hackathons can take many forms, but they typically give participants a limited time to devise the best solution to a given software problem. Applying this formula to real cybersecurity issues a school is dealing with has several advantages.
The competition format brings in a greater diversity of ideas, potentially leading to novel solutions that IT teams may not have thought of otherwise. It also makes it more engaging for students eager to showcase their skills, driving participation and effort.
Best Practices for Running Student Cybersecurity Programs
All three of these approaches can be valuable ways for students to help the universities they study at. Still, higher ed institutions should keep a few things in mind when recruiting the help of less experienced and knowledgeable students for an issue as pressing as cybersecurity.
While students can fill a significant gap many universities have in their IT teams, their relative lack of experience deserves consideration. Human error causes 95% of all data breaches, and a group still learning how to be a cybersecurity professional may be more prone to these mistakes. This doesn’t mean student-run SOCs or clinics are inherently less reliable, but it does raise the need to double-check all contributions or suggestions before implementing them.
These programs should also be an extension of students’ education, not just a part-time job. As such, IT managers must explain their roles carefully and take the time to train all participants. Besides onboarding before letting students work in SOCs or clinics, universities can offer personalized feedback to help participants learn and grow. This will also improve security outcomes, as it addresses human error and leads to ongoing improvements.
Schools can also take advantage of publicly available resources to set up these programs. Some tech companies, like Microsoft, offer services to help establish student SOCs. Hackathon organizations, like Major League Hacking, do the same for coding competitions. Capitalizing on these opportunities will make it easier to get a student-driven security project up and running.
Student-Driven Cybersecurity Benefits All Involved
Universities and their communities need help improving their cybersecurity posture. IT students need experience to compete in the job market. Programs involving students in security efforts address both of these demands.
A student SOC, clinic or hackathon may not be a perfect solution, but all options are a substantial improvement over many schools’ current cybersecurity stance. Starting such a project today can equip both the institution and its student body for a better future.
