四虎影视

By Paul Guzzo, University Communications and Marketing

The statistic is nearly as daunting as the job.

鈥淪urveys show about 70% of cybersecurity professionals in security operations centers are disgruntled or worn out,鈥� said Faayed Al Faisal, a doctoral student studying computer science at the 四虎影视.

That鈥檚 a serious concern as cyber threats keep growing.

Al Faisal is part of a 四虎影视 team testing how artificial intelligence can improve analysts鈥� work while easing the mental grind.

To do so, they鈥檙e embedded in 四虎影视鈥檚 Student Operations Center Apprenticeship Program 鈥� SOCAP 鈥� where students from any major train as industry-ready analysts, solving real security issues for the university and public-sector partners.

鈥淎I is something you can鈥檛 get away from in today鈥檚 world, right?鈥� Al Faisal said. 鈥淪o why not learn how to best implement it? This research is not looking for ways to replace workers, but for ways to enhance their work. You need to learn how to embrace AI or you may get left behind.鈥�

SOCAP: A Hands-On Training Ground

四虎影视鈥檚 SOCAP is a paid apprenticeship that trains students to detect and respond to real cyber threats. Participants work inside the Cyber Florida Security Operations Center (SOC) 鈥� a student-operated center that augments cybersecurity services for 四虎影视 and partners with other public sector organizations for cybersecurity services.

The students help protect 四虎影视 from cyberattacks, as well as entities within the off-campus public sector.

鈥淲e have MOUs with, and have worked with, the 12th Judicial Circuit of Pinellas County, the Orange County Comptroller and others,鈥� said SOCAP manager Ryan Irving. 鈥淥ur main goal is to hire students with little to no experience, really from any degree program, and give them practical, hands-on experience that bridges the gap between academia and industry. They accelerate their learning well past their peers, and the proof is in the pudding. We鈥檝e had students go on to work for the university all the way up to Google.鈥�

Guarding Against Burnout

Unlike other SOCs, Cyber Florida鈥檚 provides safeguards to prevent burnout, such as limited hours and workload.

鈥淚t鈥檚 a little softer here because it is still a learning environment,鈥� Irving said. 鈥淭here is a bit more leeway here.鈥�

That鈥檚 not always the case.

Burnout in SOCs isn鈥檛 just about workload, it鈥檚 also about monotony.

SOC work falls into two main categories: ticketing and triage, or incident response. The former can often be a steady stream of low-stakes alerts: a user clicks a suspicious link, a virus pings a firewall, or an automated scan flags an anomaly.

鈥淎 lot of times, you鈥檙e stuck at a desk all day, triaging alerts that take very little creativity,鈥� Al Faisal said. 鈥淭he tickets aren鈥檛 interesting.鈥�

Not only can this become mundane, but it prevents analysts from coming up with ways to address potential higher-level threats.

鈥淲hen one step becomes low-creativity, the brain checks out,鈥� said Simon Ou, a professor in the Bellini College of Artificial Intelligence, Cybersecurity and Computing. 鈥淪o, how can AI help?鈥�

Research Through Immersion

To answer that question, Ou challenged computer science doctoral students Al Faisal and Kritan Banstola with taking an anthropological approach.

鈥淭hey need to build a pathway to their research, and for them to do that efficiently, they need domain experience,鈥� said Duy Dao, SOCAP鈥檚 assistant manager. 鈥淭hey must understand what cybersecurity analysts are going through and they must understand the workflow. The only way to know that is to do that.鈥�

Beginning in June, Al Faisal and Banstola joined SOCAP鈥檚 21-student team, working 20 hours a week alongside the other interns as equals, not just researchers. They will remain embedded for as long as it takes.

But their intent is clear: Whatever AI options they consider must be used to enhance workflow and not just to produce publications.

鈥淚 don鈥檛 want AI to take over,鈥� Irving said. 鈥淲e don鈥檛 want people to say, 鈥榃ell, this is what AI said to do, so that must be right.鈥� AI is not always accurate or accurate enough. So instead, the tools should be used as a starting point that humans can validate or use to validate.鈥�

It鈥檚 hoped that the cybersecurity industry will then use this research as a blueprint for what to do next.

鈥淥ur research aims at discovering effective approaches of integrating AI into SOC operations,鈥� Ou said. 鈥淔indings from the research can inform industry where companies need scientifically verified guidance on how to build AI solutions for cybersecurity.鈥�

AI Findings

The research is still in its early stages, so the students do not yet have definitive answers, but their early analysis is leaning toward using AI to filter out irrelevant alerts before they hit an analyst鈥檚 queue and combining multiple related alerts into a single case file.

Then, instead of wading through 10 separate alerts about the same IP address, an analyst could get one neatly packaged report 鈥� freeing time for higher-level analysis.

鈥淟evel 1 triage is a good candidate for AI,鈥� Al Faisal said. 鈥淚t鈥檚 not about replacing the analyst 鈥� it鈥檚 about letting them focus on the work that matters.鈥�

AI would also improve upon current SOC software that is typically too bound by rules. Programs follow strict logic: if X, then Y. But threats evolve faster than static rules can keep up.

鈥淲ith traditional tools, you have to write very precise instructions,鈥� Ou said. 鈥淭hey become unwieldy and break easily. Hackers change tactics all the time, and your tool becomes stale.鈥�

AI, by contrast, learns from past data 鈥� how analysts handled previous alerts, what outcomes they followed, and what context matters.

鈥淚t can learn the nuances,鈥� Ou said. 鈥淥nce again, AI is not replacing analysts. It鈥檚 the opposite 鈥� AI needs the creativity of the human analysts in order to improve.鈥�

To learn more about Tampa Bay cybersecurity

Join the innovators shaping the future at CyberBay 2025, where technology, creativity and strategy converge on the cutting edge of cybersecurity.

Powered in part by the 四虎影视鈥檚 world-class research and talent pipeline, this event puts Tampa Bay at the forefront of cyber innovation.

Reserve a spot to connect with top minds, gain hands-on experience, and discover breakthrough solutions before they hit the mainstream.

For tickets, visit cyberbay.org.