[ad_1]
To people who don’t work in the computer technology field, cybersecurity can look extraordinary — it’s a given that more work goes on behind the scenes in the IT department than the average person knows.
That may be especially true at College of the Canyons, where the California Community Colleges Chancellor’s Office planted hosting duties for the California Community Colleges Security Center — along with a $40 million grant — this past summer.
The CCC Security Center is a cybersecurity support center that serves the statewide, 116-member community college system.
Besides keeping those colleges consistently informed about threats to their digital infrastructure, the center is also responsible for a paid internship program for recruits interested in careers in the field, a program that’s already put participants in lucrative IT jobs.
At eight months under the security center’s COC leadership, Hsiawen Hull, the center’s chief information security officer, gave COC’s governing board a rundown of the program’s regular duties, what it’s done for its interns and what it takes to become a working cybersecurity expert at the college’s regular joint meeting with Associated Student Government last week on March 25.
“Pretty much everything that you can think of with regards to improving security technology throughout the system … lands on pretty much this team that you’re seeing in front of you,” Hull said, showing a slide displaying the security center’s seven current security operations center analysts — all former COC students.
Hull was joined at the Wednesday meeting by the team’s two lead security operations center analysts, Brittany Hasen and Cameron Wichman.
As far as ongoing services to the state’s community college system go, Wichman broke down two major services CCC Security Center provides that help colleges protect their digital systems: send notifications about potential threats and write vulnerability reports.
The security center handles two different types of notifications: California community college system-wide and specific to vulnerable districts as needed.
“An example (of system-wide notifications) is with Microsoft products, where they have specific vulnerabilities that we focus on,” Wichman said. “We also have bespoke notifications that target more specific districts from specific security events … we focus on how this specific security event affects districts, whether it be the entire system or specific districts, and we focus on their impact.”
Vulnerability reports, on the other hand, are typically written for specific districts, put together using data on the vulnerabilities throughout the “entire attack surface” of their digital infrastructure, Wichman said.
“We compile all this information, all this data that we research over months, even more than months, and we compile it all into an easy-to-read format for districts to go through and triage,” Wichman said.
Hull added that these services could run a community college district like COC $100,000 — but with the CCC Security Center, those services are free.
Many of the cybersecurity trainees who provide those services are recruited through the college’s technology programs to spend a semester in the college’s work experience program before being recruited into the Services Center.
The $40 million grant allowed Hull to build out the paid internship program through the Security Center, giving students from the work experience program the chance to do even more – and of course, be paid.
“About two years ago, I started a process … it was an unpaid internship process that we went through the work experience program,” Hull said. “It was advertised to all students in any technology field … part of what happened was, when the grant came, it represented an opportunity for us to hire some of these students that were exceptional.”
Those trainees do daily research into current events that affect the world’s cybersecurity, and how the state’s community college IT infrastructure protects itself in vulnerable situations.
“All of those different things that just kind of blow past the headlines, we talk about stuff … that’s involved with, whether it’s the war in Iran, the war with Ukraine, all of those things — how they impact our world, and also, more specifically, cybersecurity,” Hull said. “What’s been great, too, is as a part of this research, we teach the students to say, ‘Hey, that’s a solution that we use within the system.’”
Taha Saiyed, ASG’s vice president of advocacy, was impressed at the level of expertise trainees have been able to gain within a relatively short period of time — with a roughly six-month onboarding process, Hull said — and asked Hasen what that process was like.
“For me personally, a big passion of mine is being able to connect with my dad on all this. My dad has been in IT for over 25 years,” Hasen said. “I feel like I just genuinely have a big willingness to learn.”
Hull added that a major part of the work of becoming versed in the cybersecurity world is “demystifying” its terminology. Once trainees begin to decode the field’s endless acronyms, IT systems — and IT workers — tend to look a little less magical.
The results of that training have already sent center employees blazing into the IT field, such as the program’s first security operations center analyst lead, who’s since taken a cybersecurity job with Disney.
“The goal of this whole program … is to get these students out as quickly as we possibly can,” Hull said.
[ad_2]
