SOComm a success during pilot intern training program

10/17/2024 Dominic Saebeler

Written by Dominic Saebeler

The Information Trust Institute (ITI), a University of Illinois Urbana-Champaign, Grainger College of Engineering research institute, in partnership with the University’s Research Park, successfully completed a new pilot intern training program this summer. Since 2004, ITI has been a pioneer and lead research institute (in partnership with federal government, research universities, national labs and multiple industry partners) to evaluate, assess, design and discover solutions to emerging cyber threats and the trustworthiness of operational technology. Emphasis has been placed on research focused on securing critical infrastructure, the electric grid, secure manufacturing, aeronautics, and other industries with converging operational and information technology systems.

The summer program was named SOComm as it focused on the intersection of how a Security Operations Center (SOC) functions and the impact and interactions it has within the business entity it supports as they communicate and deal with active risk identification and mitigation. How security challenges impact business decisions and how each business might respond, through a formal SOC structure, was a common theme throughout the summer.

The summer SOComm program spanned 8 weeks from early June until late July. A group of a dozen interns representing different organizations, each with a presence in Illinois’ Research Park, met once a week for a full day of lectures, discussions, and hands-on activities. Each intern was given the opportunity to learn how a SOC is designed and might function, as well as what tools they typically use and what challenges they face in protecting an organization’s physical and digital assets. Interns were given the chance to solve problems, work through case studies, and make final presentations about what they learned and how this might be applied in future roles.

A group of people sit at desks during a lesson

A research team from ITI developed the program concept, designed the content, recruited speakers and worked closely with the leadership team at the University of Illinois’ Research Park to identify space and present the pilot concept to most of the companies who have a presence in Research Park and hire U of I interns for their summer programs. Several of those companies signed up for the program and made one or more interns available to participate. The company-selected interns represented with a broad range of skill sets and majors, ranging from Computer Science and Computer Engineering to Accounting. On the final day of the program, each intern shared what they took away from the program and each made a compelling argument for the value of the program and how it will inform their thinking as they move forward in their studies and career ambitions.

Dominic Saebeler, Senior Associate Director for ITI was asked what the goal was for the program, “Through multiple conversations with organizations that continue to be challenged with staffing their SOC’s with the right mix of talented individuals who are able to fully grasp the complexity of navigating tactical security risks and fully understanding the impact on the overall organization, we decided to explore the topic in depth and created a broader understanding of how these challenges are identified, responded to and how they are most effectively communicated and mitigated across an organization.”

“Ideally, organizations would staff a SOC with a mix of talent that includes those highly specialized in direct technical response to organizational cyber threat(s) and also include individuals that bring a broader organizational risk perspective to the discussion.” As threats are identified and mitigation strategies implemented, the impact to a business will continuously need to be assessed. Having individuals in the room that understand both the critical aspects of the organizational mission and the jargon of cybersecurity is becoming essential. Business leaders want to know that the SOC is working effectively and that the SOC personnel understand how certain actions may disrupt business operations and what the tradeoffs are when deciding when to take certain actions. For example, if an organization is hit with a ransomware attack, will it pay or refuse to pay and how each decision would impact the bottom line.

Two of the more popular sessions were ones where ITI explored the tech stack of a SOC with live demos of various tools used for threat analysis and interpretation. Another popular day was the one where we focused on business impact including discussions with those responsible for vendor cyber supply chain assessments, event impact to businesses and a discussion with U of I’s Chief Digital Risk Officer on strategic planning and how cyber risk is discussed at a board level. We also had a lot of interest in the hands on portions of the program where interns we given the chance to problem solve in real time and work through various business impacting scenarios as well as various aspects of crisis response planning.

Casey O’Brien, Associate Director, Cyber Defense Education and Training for ITI was asked what his biggest take-away was, “I was thrilled to hear many of the students express a new appreciation and understanding that the organization’s business goals and drivers are equally important, if not more, than the technology itself.”

Share this story

This story was published October 17, 2024.