Building the Cybersecurity Workforce: A SOC Lab Experience at CU–Bloomsburg

Commonwealth University – Bloomsburg Center for Digital Forensics and Cybersecurity, within the Department of Mathematics, Computer Science, and Digital Forensics, began providing Security Operations Center (SOC) lab experience to students. Under the supervision of Professor Dr. Atdhe Buja, the SOC lab has been built and operated since Fall 2025, where students simulate high-demand roles, such as SOC Analyst (Tiers 1, 2, 3), Incident Responder, and Threat Analyst.

Students hands-on experience

The team designed a networked SOC lab infrastructure inside the Ben Franklin building at Commonwealth University–Bloomsburg. Within this environment, undergraduate students gain practical experience detecting and responding to simulated cyber incidents using tools and workflows like those used in modern security operations centers. Students analyze alerts, investigate suspicious activity, and develop incident reports while performing tasks such as threat intelligence enrichment, event correlation, and endpoint forensic analysis. Through these exercises, students complete a full SOC workflow from detection → enrichment → correlation → investigation → reporting, allowing them to understand how cybersecurity teams monitor, analyze, and respond to threats in real operational environments.

Vision 

The vision of the Security Operations Center (SOC) Lab at Commonwealth University – Bloomsburg is to become a regional hub for applied cybersecurity operations training, preparing the next generation of SOC analysts, incident responders, and digital forensics professionals. The initiative also aims to create a structured bridge between university cybersecurity education and industry workforce needs by preparing students for entry-level cybersecurity operations roles and facilitating engagement with cybersecurity organizations.

Framework alignment

The SOC lab infrastructure was designed in alignment with the Workforce Framework for Cybersecurity (NICE Framework) incident handling guidance described in NIST Special Publication 800-61 Revision 2. By incorporating these standards, the lab environment reflects operational practices used by cybersecurity teams in industry and government. The infrastructure supports virtualization environments, backend log analysis, controlled attack simulation scenarios, and endpoint forensic investigations, allowing students to experience multiple stages of cybersecurity operations within a structured training environment.

Looking ahead, the SOC Lab initiative will expand through the development of the SOC Talent Bridge Program, an effort designed to strengthen the connection between university cybersecurity education and workforce opportunities in the cybersecurity industry. The program aims to further enhance experiential learning by engaging students in advanced cybersecurity operations scenarios, collaborative projects, and industry-oriented activities. Through this initiative, the SOC Lab seeks to support the preparation of job-ready graduates equipped with practical skills in security operations, incident response, and digital forensics, helping address the growing demand for cybersecurity professionals.

Future growth

As the SOC Lab continues to evolve, the environment is continuously refined to better reflect the rapidly changing cybersecurity landscape. The initiative seeks to expand its capabilities through improved infrastructure, enhanced computing resources, and collaborative engagement with cybersecurity organizations. Long-term development plans include strengthening industry collaboration, expanding training scenarios, and exploring opportunities for external partnerships that can support the growth of the SOC Lab as a regional training environment for cybersecurity operations.

For more information on CU's Digital Forensics and Cybersecurity program and the Center for Digital Forensics and Cybersecurity.