Oregon State University’s solution to a cybersecurity dilemma

Three students discussing cyber threat map

As cyber and ransomware attacks become more prolific, demand for cybersecurity professionals continues to grow, but there is a dire shortage of people with the required skills. There are about 4,000 unfilled cybersecurity jobs in Oregon alone, and more than 460,000 nationwide, according to Cyberseek.

In 2017, Rakesh Bobba, associate professor of computer science at Oregon State University, began mulling how the university could address this need. Dave Nevin, who was then chief information security officer for Oregon State, was experiencing the supply and demand problem firsthand: He would recruit new graduates to work in the university’s security office, only to see them leave soon after for more lucrative jobs.

At the same time, the Oregon State Legislature was creating Senate Bill 90 to improve cybersecurity for all Oregonians. Bobba and Nevin attended meetings to help craft the bill, coming up with a solution to help solve the workforce problem and incorporating the goals of the senate bill as well.

A collaboration between the colleges of Engineering and Business and OSU Information Technology, the School of Electrical Engineering and Computer Science’s Oregon Research and Teaching Security Operations Center, or ORTSOC, will be a cybersecurity training ground for Oregon State students, help underserved organizations, and serve as a research facility for faculty and industry partners.

Borrowing from health profession models, ORTSOC will be a “teaching hospital” in a working security operations center. Mentored by industry professionals, students in their fourth year of study will participate in rotations that concentrate on different areas of security each quarter.

Toward Senate Bill 90’s goal of improving cybersecurity for all Oregonians, ORTSOC’s clients are organizations that typically cannot afford to staff or contract out security services, such as K-12 schools, rural governments, and other nonprofits.

“We feel this is a very important part of the 21st century land grant mission,” said Nevin, who now serves as ORTSOC’s director. “We’re providing this service to those who wouldn’t be able to access them otherwise.”

As a research university, ORTSOC will become a living lab for faculty and industry partners to conduct high impact research. Because the center works with actual clients, researchers will have access to data that isn’t available elsewhere.

“This is a great opportunity to research new enterprise security techniques, monitoring techniques, or detection techniques,” Bobba said. “Companies would also be able to test some of their ideas or equipment in a real environment.”

Recognizing the importance of diversity — especially in the STEM fields — inclusivity is a major component of ORTSOC by design.

“In most cases we’re trying to figure out how to do that with existing centers or programs that have been around for a while,” said Tom Weller, EECS school head. “It’s exciting that we’re going to be able to ensure that an inclusive focus in the center is part of its structure from the ground up.”

Triple win

Charlie Kawasaki, chief technology officer of PacStar, has been a key partner in forming ORTSOC and is excited about this unique concept for cybersecurity education and service.

“The core of it is the experiential learning, and what we’re doing is making new college grads better candidates for the large proportion of the jobs,” Kawasaki said. “When you talk about research, it naturally builds a facility that can be used with broader access to data, which is really important in the cybersecurity field.

“And it’s a triple win because we’re able to help underserved organizations. It’s a perfect project that deserves growth and expansion.”

Looking forward

Along with an initial industry partner, Oregon State has already committed nearly $1 million for ORTSOC. The physical space is being renovated and equipped, and Nevin was hired as the center’s director. The center will also have an advisory board of stakeholders to help refine the university’s cybersecurity curriculum and further shape ORTSOC operations.

An incubation year begins this fall and the center begins its pilot phase in 2022-23. The potential pipeline for graduates in the field is large. Oregon State graduates the most computer science students in the nation, according to the American Society for Engineering Education, and was recently named one of the top universities for computer science talent. When ORTSOC is fully functional, it will be able to train about 200 students each year.

The distinctiveness of the program is expected to attract more talented students to the university. The university’s cybersecurity program has been growing over the past several years, both in the number of students interested in the field and faculty who specialize in cybersecurity research.

With construction green-lit, the ORTSOC team is now turning their attention to curriculum development and recruiting cybersecurity professionals to serve as instructors and mentors. A key value of ORTSOC is the plan to supervise and instruct students using experienced professionals, and the emerging interest from the private sector to support ORTSOC is a strong sign this plan will work. Interested experts should reach out to the ORTSOC team.

“Speaking as vice chair of the Oregon Cybersecurity Advisory Council, we combed the state for the most promising programs,” Kawasaki said. “ORTSOC embodies the best of everything that we would hope for in a program.”


Aug. 20, 2021