Norfolk, Va.-based Sentara Healthcare is detecting benefits from a Cyber Student Staffing Program it launched in February.
The program recruits students from across the region to work in Sentara's information office as junior cyberrisk analysts, junior cybersecurity analysts, and junior security development and operations analysts.
The students assigned to operations assist with Tier 1 and 2 event triage; identify and respond to malware callback events; and ensure that time-based compliance requirements are checked off. Those who work in risk analysis assist with inherent risk surveys, awareness and training programs.
“It's working out great,” says Dan Bowden, Sentara's chief information security officer. “My managers keep bringing more students in because they're getting more work done.”
Most participants are college students who work for Sentara part time, but the program also has drawn a few high school students who worked three- to four-week internships during the summer.
Ten students were on board in November, augmenting Sentara's 16 full-time cybersecurity staffers.
The part-time student staffers typically perform cyber maintenance tasks, while full-timers focus on highly detailed, risk-laden work, Bowden says.
The student staffers help to defend Sentara against phishing attacks.
“When one of our Sentara workforce forwards us a suspicious email, the response they get back about what's being done is from one of our junior cybersecurity student analysts,” Bowden says. “They will run it through our incident process and make sure we take the appropriate action to respond to that. Where needed, they escalate it to more experienced full-time staff.”
The program is cost-effective, Bowden says.
Bowden says the student training period continues “as long as they're with us and they continue to progress. The longer we keep the students, the more productive they become.”
Sentara recruits STEM (science, technology, engineering and mathematics) students for the program in conjunction with the Virginia Space Grant Consortium, a coalition of five Virginia colleges and universities; NASA; state educational agencies; Virginia’s Center for Innovative Technology; and other institutions involved in aerospace education and research.
Students can sign up through the Commonwealth STEM Industry Internship Program.
Bowden notes that cyberthreats against hospitals have been growing and evolving. Included are phishing attacks designed to deliver malware or ransomware and exfiltrate data.
And the increasing threats are occurring amid a shortage of cybersecurity experts, according to Bowden. “We need to develop more talent in cybersecurity and help kids find jobs,” he says.
Bowden says that to successfully replicate the program, organizations should bring students on as “continuous part-time staffers,” as opposed to limiting their stint to a certain time frame. The continuous status will encourage full-time staff members to view the students as individuals who can be developed into productive team members, he says.
Bowden says another key factor in making such programs succeed is having at least two or three full-time staffers engaged with training and mentoring the students. “That will make a huge difference,” he says.