How can organizations obtain more expertise with little to no investment? In Washington state, a non-profit believes that it can assist.
A new program enables small public-sector organizations to obtain network monitoring services and threat detection capabilities. The program is known as The Public Infrastructure Security Cyber Education System, or Pisces.
Pisces works with universities and colleges to leverage students’ learning for the purpose of cyber threat detection; identifying cyber breach attempts and intrusions. The Department of Homeland Security and the Pacific Northwest National Laboratory have backed the initiative.
In recent years, public sector organizations have endured a high number of cyber security threats. In 2018, the US government lost as much as $13.7 billion due to cyber crime. Threats have only increased since then. Local governments, schools, libraries and courts have all come forward as attack victims.
Without access to the Pisces program, local government organizations may not have adequate resources to fully fend off threats. “To a large extent, local governments are buying firewalls and calling it good. It’s not good. You’ve got to watch the network,” says Mike Hamilton, a co-founder of the Pisces program, and the CISO of an independent firm.
This program is not without precedent. Around 10 years ago, a similar program existed. It had focused on network monitoring in the Puget Sound area.
Network monitoring for your organization?
For institutions with more than 150 employees, the Pisces program is 100% free of charge. The idea here is that an organization of such size provides plenty of data for students to work with, but they also remain unlikely to rely on security appliances that may not integrate with Pisces’ tools.
Emerging security professionals
The students gain hands-on experience using authentic data from real ecosystems. For example, students may discover indicators of active campaigns or cyber security anomalies that must be reported to authorities.
For the most part, the data that students work with is subject to public disclosure rules. It does not contain any business-sensitive information.
Says participant Lexi Cozart, “I knew before that I wanted to do something in cybersecurity, I was thinking more along the lines of compliance consulting or penetration testing. But now I’m really leaning towards network monitoring, network traffic monitoring and analysis”.
The institutions taking part in the program include multiple public universities in Washington state, Spokane Falls Community College and Green River College. More than 125 enrolled students currently participate. While the program may branch out at a later point in time, its operators note that finding local governments willing to trust non-local experts and students has been a challenge.
Although the non-profit cannot provide comprehensive services that meet all needs of client organizations, it can offer some cyber security monitoring relief. Nonetheless, coverage gaps may occur during winter break or spring break. It’s not a 24/7 commercial-grade monitoring service.
Closing the talent gap
Searching for new cyber security talent? The students who participate in the Pisces program emerge with distinct marketable skills. At least one organization has hired more than six analysts though this program. “You’re still an entry-level hire, but you got a leg up on everybody that’s just coming out with the book-learning and test-taking,” says Hamilton.
For more on the Pisces program and cyber threat detection, visit the Wall Street Journal.