Students shield Coloradoans from thousands of cyberattacks
The hackers are winning, and it’s not even close.
The global cost of cybercrime is expected by research company Cybersecurity Ventures to reach $9.5 trillion this year, up $1.5 trillion since 2023.
Understandably, this is making smaller organizations and civic institutions especially nervous. Without the deep pockets of the federal government and major corporations to fund online protection, they are like lambs in a lions den, the easiest of pickings for sophisticated hackers.
That’s why so many Coloradan organizations last year welcomed an innovative initiative from the Cybersecurity Center at Metropolitan State University of Denver. The PISCES (Public Infrastructure Security Cyber Education System) program paired smaller community partners lacking digital protection with Cybersecurity students seeking antihacking experience in a live working environment.
Richard Mac Namee, director of the Cybersecurity Center at MSU Denver, said the initiative has had a major impact.
“The students’ critical support has bolstered the networks and digital systems of dozens of organizations representing 447,000 Coloradans,” he said, “mitigating more than 500 potential incidents — and what’s more, they excelled in the role.”
RELATED: Cyber students help protect civic institutions vulnerable to hackers
They’ve done so well, in fact, that the Cybersecurity Center has expanded its program significantly, renaming it Centurion Secured. Colorado Attorney General Phil Weiser, whose office has provided funding for the program, will present awards next week recognizing the top-performing student analysts.
“Over the past year, our student analysts have helped run a fantastic monitoring service to protect a range of school districts, county governments and even a fire department,” Mac Namee said.
Expansion and enhancement
In recent months, the ambitious program took two giant steps that massively raised its game.
“The first big news is that we extended the program to include six other academic institutions, with MSU Denver acting as the lead,” Mac Namee said. “Collaboration across academia can be challenging, so getting seven different players on the same page is quite an achievement.”
The second piece of news is the rebranding of PISCES as Centurion Secured, in which the Cybersecurity team independently designed, built and deployed a new technology platform.
“The fact that our team created Centurion Secured totally in-house, using only their own brains and horsepower, speaks volumes about the talent at this University,” said Mac Namee. “I can’t think of another place that could build and then operate a whole bespoke system. It just doesn’t happen.”
The idea behind custom-designing the new tech was to help the team achieve more probing analysis and detailed investigation of potential data breaches.
“Where previously we could only tell a customer that they had been compromised, now we can say, ‘Here’s where you’ve been hit, and this is likely what’s been taken,’” Mac Namee explained. Providing such granular information really counts, he added, because it enables a much faster and more effective response.
RELATED: Cyber Heroes Prepare for Battle
Exceeding expectations
Last year, the Colorado Attorney General’s Office awarded the PISCES program $500,000 over two years, with the potential for another $250,000 in 2025.
Naturally, the award came with strict performance targets. And next week, Weiser will visit the Cybersecurity Center to see for himself how things have gone so far.
Mac Namee is not in the least bit nervous about the visit. “As a business-minded person, I’m sure the attorney general will quickly recognize, once he sees the raw numbers, that the program has far exceeded expectations and offers a great return on his office’s investment.”
The facts speak for themselves. Tasked with recruiting at least 85 analysts over this fiscal year, the program recruited 203 analysts in 10 months. Challenged to hold a training session each month, the team has facilitated weekly training sessions since last September due to overwhelming student demand.
And the results really seal the deal. Between last July and March, the program’s analysts spotted 1,682 potential security threats, almost double the projected target. And most notably, they identified and reported 556 viable threats and incidents to partner businesses.
“Make no mistake — every one of the reported incidents would otherwise have caught those businesses dead-handed, potentially causing untold damage both to them and, by default, to Colorado residents,” Mac Namee said.
During his visit, Weiser will present MSU Denver Centurion Secured Certificates of Achievement to 14 of the program’s student analysts, including Josh Gordon and James McColskey from MSU Denver, for their exceptional work ethic and savvy threat-detection skills.
RELATED: Program guides students with autism to cybersecurity careers
Gordon is optimistic about the potential of the recent improvements. “With its robust security measures and user-friendly design, the Centurion Secured program has built impressively on PISCES’ initial promise,” he said. “It should hopefully lead to a broader adoption of the service throughout Colorado and improved trust among users.”
While the program’s rate of growth is encouraging, the long-term plan is for the service to be self-supporting.
“We are planning to ultimately become self-sustainable,” Mac Namee said. “Adopting such an approach feels especially on-brand here at MSU Denver because it fits perfectly with President Janine Davidson’s ethos of encouraging our students to ‘earn and learn.’”
Career opportunities
Everything about the program’s steady rise over the past year — the major grant, the innovative rebrand, the high number of threats detected — points toward the high value of an MSU Denver degree in Cybersecurity.
“Most Cybersecurity degrees in the U.S. do not provide much hands-on experience,” Mac Namee said. “But our students are doing real work with real people and real data from the outset. It’s in a different class.”
And that counts. After graduation, employers can easily see who has had their head in a book for three years and who has been testing their mettle with real-world problems. That’s why the Cybersecurity program at MSU Denver is based on offering students work experience, internships and apprenticeships. And the students benefit from expert guidance.
“Getting direction from experienced analysts with a wealth of knowledge, as we do on a daily basis here, is fundamental to becoming a success at fighting cybercrime,” McColskey said.
Already a skilled cyberanalyst with great promise, McColskey is looking forward to two more years of invaluable live training before he completes his degree.
“By the time I graduate and finally walk into a security operations center as an employee, it will feel more like a lateral move than a new undertaking,” he said. “I will already feel at home in such an environment.”