Representatives from the Oregon Cybersecurity Center of Excellence told the Joint Committee on Information Management and Technology on May 30 that university‑run "teaching" security operations centers (SOC) are providing hands‑on cybersecurity training to students while delivering monitoring and incident response services to small and mid‑sized public clients across the state.

The update matters because committee members said the programs address a statewide workforce shortage and provide free or low‑cost cybersecurity services to local governments and schools that otherwise lack skilled staff.

Rakesh Baba, faculty in the cybersecurity group at Oregon State University and associate director for the Center of Excellence, described Artsakh (the OSU teaching SOC) as a clinical‑style program that integrates classroom credit with on‑the‑job rotations. He said OSU has invested about $3,000,000 since 2020 and is seeking a two‑year scale‑up request of $2,500,000. "Workforce development is the key focus for this effort," Baba said, describing rotations in network monitoring, incident response, security engineering and threat hunting.

Baba said Artsakh currently serves about 13 organizations — including small cities, a county government and education service districts — and that the system's sensors have collected roughly 2,000,000,000,000 events to date. He reported roughly 480 security events were flagged for investigation, and that 204 of those were assessed as serious incidents; some were early‑detected ransomware attempts. Baba said about 90 students have completed the practicum over the program's first 2½ years and that enrollment and demand are growing.

Reza Rejai, head of the computer science department at the University of Oregon and a TSOC lead, described the UO plan to operate a teaching SOC that pairs student operators with vendor‑provided SOC machinery. He said UO selected a hybrid model that relies on commercial vendor platforms for core tooling while students operate services under professional supervision. Rejai said the university will test vendor offerings this summer, select initial clients to pilot services and offer the first TSOC course this fall in coordination with degree programs.

Both presenters emphasized experiential learning as central to sustaining a cybersecurity pipeline. Committee members praised the programs as workforce development and community protection tools. Several members and presenters noted the programs currently rely on university seed funding, federal scholarships and industry donations and that long‑term scaling will require continued support from university leadership and state funding mechanisms.

Committee members asked about gender diversity, client fees and sustainability. Baba said OSU's summer outreach has improved gender balance in camps but that overall enrollment reflects historical gender ratios in computer science. Rejai said UO intends to scale quickly and to coordinate vendor training with K‑12 outreach and community training when feasible.

No formal committee action or appropriations were made during the informational update.