Clemson CyberSecurity Operations Center

Carlos Piza-Palma, Office of Information Security
June 3, 2019

Clemson University is like a small city with a diverse community of people and technology. While this environment brings many benefits, opportunities, and notoriety, it also brings many challenges.

The University faces many cyber threats from around the world on a daily basis, but thanks to preventative and detective measures, the majority of those threats are blocked without user intervention. However, that still leaves some threats that must be addressed in order to keep our users and resources safe.

That’s where the CyberSecurity Operations Center (CSOC) comes into play. Since February of 2016, the Clemson University CyberSecurity Operations Center has been helping protect Clemson’s network and users as well as providing a valuable learning opportunity. The CSOC focuses on keeping users safe through four overarching domains.

• Endpoint Domain which encompasses user’s personal technology and their accounts. Tools such as antivirus and two-factor authentication are leveraged not only for automatic prevention of threats but also as a way to mitigate and track down threats that bypass these defenses.
• Intrusion Detection and Monitoring Domain uses active and passive monitoring tools to keep watch over network and user activity. This helps determine if there are any anomalies that pose a threat or are indicative of a new or unknown vulnerability that is actively being exploited.
• Incident Response and Forensics Domain is used when an anomaly that poses a threat is detected. A set of tools are used to contain, eradicate, and remediate the threat, and use the information gathered as a way to prevent similar threats from reaching Clemson.
• Vulnerability and Penetration Testing Domain is used because monitoring our systems is not enough to ensure that everything is safe. The CSOC looks to see if there are any potential gaps through which threats could gain access to our systems. The CSOC reviews potential vulnerabilities and conduct tests where they actively try to gain access to systems as if they were an attacker.

These domains not only help to ensure that Clemson University is protected from multiple points, but also gives student interns who work at the CSOC the ability to take the theory they learned in class and apply it in real world situations. This opportunity gives them hands-on experience with professional tools used in the field of cybersecurity. Additionally, the interns get to work side by side with security professionals who pass on their knowledge while encouraging them to branch out on their own and pursue what interests them. This mentorship is part of the mission of the CSOC and there have been many tools and processes that have been developed by the interns which were then adopted by the CSOC to become more efficient and effective.

While technical knowledge is a necessity to work in cybersecurity, the CSOC emphasizes the importance of soft skills to develop interns into well-rounded individuals. Cybersecurity is not a job that can be done alone. Developing teamwork, communication, and leadership qualities is something that interns take advantage of while working in the CSOC. To date, of the 17 CSOC student interns that have graduated from Clemson University, 12 of them are now working in cybersecurity-related jobs.

The CyberSecurity Operations Center mission statement is: “To prevent and detect breaches that impact the confidentiality, integrity, and availability of Clemson University’s IT infrastructure while educating and preparing students for careers in cybersecurity.”