Key points:
- The chance to operate in a real-world environment is rare at the student level
- How universities are tapping students and AI to fight growing cybercrime
- In higher-ed IT, balancing innovation with cyber risk
- For more news on SOCs, visit eCN’s Cybersecurity hub
Cybersecurity is a lot like wrestling. The moment your feet touch the mat, you’re sizing up your opponents, looking for openings in their defenses, and trying to anticipate their next move to secure the win. Those same principles apply when scanning your threat surface to identify and mitigate potential threats.
But like wrestling, cybersecurity is also about discipline, resilience, and rigor. Like training for an upcoming wrestling match, working in a student-powered Security Operations Center (SOC) allowed me to sharpen my analytical skills while learning to prioritize threats effectively under pressure.
These skills will serve me well when I graduate and enter the workforce this spring.
Yet my journey into cybersecurity doesn’t start here. When I took an intro to cybersecurity course with Professor Darrel Miller at Louisiana State University (LSU), I began to think that maybe I had a future in cybersecurity.
From software development to cybersecurity
My wrestling background gave me an appreciation for structure and systems. You need to know how to successfully transition between holds, paying attention to ensure your moves are legal while optimizing for control and points.
Because of the structured nature of wrestling–practice, weigh-in, match prep–I felt that a degree in software development at LSU was a natural fit. Parallels between the two can be found in how understanding the required ‘move set’ of tools and languages is vital to executing code strategically.
Structure, order, and timing are also key in software development if you want to write clean and scalable code. And debugging–well, it’s almost like countering an opponent’s move. Resolving bugs requires understanding their root cause and anticipating the next break.
Hearing about the SOC program during Professor Miller’s course piqued my interest. Andy and Sumit of the Frey Computing Services Center came and gave a presentation about working alongside TekStream as cybersecurity analysts. But it wasn’t until I was working on development projects that I had a realization.
No matter how well-built the software is, vulnerabilities will always exist.
At this point, I decided that my true calling lay beyond just building systems. Ultimately, my real strength is in defending them.
Getting hands-on in the SOC
Onboarding into the student-powered SOC was an experience. It was structured yet fast-paced, providing just enough training to feel equipped while encouraging hands-on learning. I expected to shadow others for a while. Instead, we were given real-world analyst work early in the process.
Receiving vast amounts of data to review and understand in a short time is overwhelming, yet essential. It provided me with the groundwork to familiarize myself with the client’s environment, making it easier to detect when a particular activity was out of place.
Harking back to my days on the mat, I treated my SOC training like wrestling practice–showing up consistently, managing my time rigorously, and keeping priorities clear. As I honed my pattern recognition and threat detection skills, I felt my confidence working in the SOC increase tremendously.
The LSU and TekStream team didn’t treat us as students. Rather, they viewed us as trusted colleagues capable of executing valuable and meaningful work. The chance to operate in a real-world environment is rare at the student level, and the access to the program’s top-tier mentorship has been instrumental for me.
500 events mitigated in one year
No two days are the same when you’re working in a co-managed SOC. The threat landscape is always shifting. You have to be on high alert to determine when and where the next attack will come, similar to grappling with an opponent and trying to drag them to the ground before they do the same to you.
This hypervigilance enabled me to address more than 500 events, identify 11 confirmed threats and maintain an audit score of 4.9/5.0. My most notable experience involved detecting a malware event connected to an active ransom campaign initiated by a known threat group.
The feeling? Exhilarating.
I used what I learned from the team to thwart a potentially devastating breach that could have cost LSU millions. It’s a great reminder of what’s at stake, especially in the public sector, which has seen an increasing number of cyberattacks.
My hands-on experience in this unique public-private partnership between LSU and TekStream has equipped me with extensive knowledge. I’m now proficient in SIEM platforms like Splunk, alert triage, networking fundamentals, tenant communications and incident response protocols.
It also doesn’t hurt that I’ve learned from the best team in the industry with the credentials to back it up. Since the launch of this SOC model, TekStream has been:
- Named a representative vendor in Gartner’s Market Guide for Co-Managed Security Services
- Honored as the Cybersecurity Team of the Year for the LONI SOC at LSU, including three Cybersecurity Excellence Awards
- Recognized as an elite Splunk partner again in 2024, garnering awards for Social Impact and Public Sector Technology Innovation, among others
The pin on student-powered SOCs?
The growing influence of AI and the trend of entry-level roles being replaced by it is well known. So, working in a student-powered SOC program that connects classroom learning to industry expectations and best practices is a huge advantage for students like me.
We can graduate from this experience with skills equivalent to those of a mid-level cybersecurity analyst, giving us a foot in the door for real, actionable cybersecurity work. With my CompTIA A+ and Network+ certifications, I’m excited to enter a full-time SOC analyst role.
Students considering a student-led SOC program should take the leap. There was never a time in the SOC when we weren’t treated with the utmost respect by a team that wanted the best for our future careers. Don’t be afraid to jump in and ask questions. The team you work with is your greatest resource.
TekStream’s Michael Fazely and Jacob Tipping truly set the standard for what a healthy and learning-forward environment should look like in a cybersecurity setting. For universities interested in the value of this model, this is a great way to prepare the future workforce for success while protecting your digital future.
As I close this chapter of my SOC journey, I look forward to my next match-up as I enter the workforce.
Garrett Keaton is a Software Engineering graduate from Louisiana State University with five years of IT experience and a year in the university’s student-led SOC. A former high school wrestling coach turned cybersecurity analyst, Garrett has triaged over 500 events and helped stop a live ransomware attack. He holds CompTIA A+ and Network+ certifications and aims to grow into a SOC engineering role, blending his software skills with cyber defense.