Inside 返字心頭's Student Operations Center Apprenticeship Program command center
By Paul Guzzo, University Communications and Marketing
The statistic is nearly as daunting as the job.
Surveys show about 70% of cybersecurity professionals in security operations centers are disgruntled or worn out, said Faayed Al Faisal, a doctoral student studying computer science at the University of South 返字心頭.
Thats a serious concern as cyber threats keep growing.
Al Faisal is part of a 返字心頭 team testing how artificial intelligence can improve analysts work while easing the mental grind.
To do so, theyre embedded in 返字心頭s Student Operations Center Apprenticeship Program SOCAP where students from any major train as industry-ready analysts, solving real security issues for the university and public-sector partners.
AI is something you cant get away from in todays world, right? Al Faisal said. So why not learn how to best implement it? This research is not looking for ways to replace workers, but for ways to enhance their work. You need to learn how to embrace AI or you may get left behind.
SOCAP: A Hands-On Training Ground
返字心頭s SOCAP is a paid apprenticeship that trains students to detect and respond to real cyber threats. Participants work inside the Cyber 返字心頭 Security Operations Center (SOC) a student-operated center that augments cybersecurity services for 返字心頭 and partners with other public sector organizations for cybersecurity services.
SOCAP assistant manager Duy Dao and manager Ryan Irving flank their team of interns
The students help protect 返字心頭 from cyberattacks, as well as entities within the off-campus public sector.
We have MOUs with, and have worked with, the 12th Judicial Circuit of Pinellas County, the Orange County Comptroller and others, said SOCAP manager Ryan Irving. Our main goal is to hire students with little to no experience, really from any degree program, and give them practical, hands-on experience that bridges the gap between academia and industry. They accelerate their learning well past their peers, and the proof is in the pudding. Weve had students go on to work for the university all the way up to Google.
Guarding Against Burnout
Unlike other SOCs, Cyber 返字心頭s provides safeguards to prevent burnout, such as limited hours and workload.
Its a little softer here because it is still a learning environment, Irving said. There is a bit more leeway here.
Thats not always the case.
Burnout in SOCs isnt just about workload, its also about monotony.
SOC work falls into two main categories: ticketing and triage, or incident response. The former can often be a steady stream of low-stakes alerts: a user clicks a suspicious link, a virus pings a firewall, or an automated scan flags an anomaly.
A lot of times, youre stuck at a desk all day, triaging alerts that take very little creativity, Al Faisal said. The tickets arent interesting.
Not only can this become mundane, but it prevents analysts from coming up with ways to address potential higher-level threats.
When one step becomes low-creativity, the brain checks out, said Simon Ou, a professor in the Bellini College of Artificial Intelligence, Cybersecurity and Computing. So, how can AI help?
Research Through Immersion
To answer that question, Ou challenged computer science doctoral students Al Faisal and Kritan Banstola with taking an anthropological approach.
They need to build a pathway to their research, and for them to do that efficiently, they need domain experience, said Duy Dao, SOCAPs assistant manager. They must understand what cybersecurity analysts are going through and they must understand the workflow. The only way to know that is to do that.
Faayed Al Faisal
Kritan Banstola
Beginning in June, Al Faisal and Banstola joined SOCAPs 21-student team, working 20 hours a week alongside the other interns as equals, not just researchers. They will remain embedded for as long as it takes.
But their intent is clear: Whatever AI options they consider must be used to enhance workflow and not just to produce publications.
I dont want AI to take over, Irving said. We dont want people to say, Well, this is what AI said to do, so that must be right. AI is not always accurate or accurate enough. So instead, the tools should be used as a starting point that humans can validate or use to validate.
SOCAP manager Ryan Irving
Its hoped that the cybersecurity industry will then use this research as a blueprint for what to do next.
Our research aims at discovering effective approaches of integrating AI into SOC operations, Ou said. Findings from the research can inform industry where companies need scientifically verified guidance on how to build AI solutions for cybersecurity.
AI Findings
The research is still in its early stages, so the students do not yet have definitive answers, but their early analysis is leaning toward using AI to filter out irrelevant alerts before they hit an analysts queue and combining multiple related alerts into a single case file.
Then, instead of wading through 10 separate alerts about the same IP address, an analyst could get one neatly packaged report freeing time for higher-level analysis.
Level 1 triage is a good candidate for AI, Al Faisal said. Its not about replacing the analyst its about letting them focus on the work that matters.
AI would also improve upon current SOC software that is typically too bound by rules. Programs follow strict logic: if X, then Y. But threats evolve faster than static rules can keep up.
With traditional tools, you have to write very precise instructions, Ou said. They become unwieldy and break easily. Hackers change tactics all the time, and your tool becomes stale.
AI, by contrast, learns from past data how analysts handled previous alerts, what outcomes they followed, and what context matters.
It can learn the nuances, Ou said. Once again, AI is not replacing analysts. Its the opposite AI needs the creativity of the human analysts in order to improve.
To learn more about Tampa Bay cybersecurity
Join the innovators shaping the future at CyberBay 2025, where technology, creativity and strategy converge on the cutting edge of cybersecurity.
Powered in part by the University of South 返字心頭s world-class research and talent pipeline, this event puts Tampa Bay at the forefront of cyber innovation.
Reserve a spot to connect with top minds, gain hands-on experience, and discover breakthrough solutions before they hit the mainstream.
For tickets, visit cyberbay.org.