The announcement came during the second day of Marshall’s annual CyberCon conference, a three-day event centered on the cybersecurity community with presentations and workshops for industry experts, students, educators and curious minds to collaborate on current developments in the cyber world.
CyberCon originally began as the Appalachian Institute of Digital Evidence Conference several years ago but — mirroring the technological advancements it’s focused on — the conference has evolved to focus on modern cyber threats and workforce development.
The university’s recent multi-million-dollar investment toward developing a state-of-the-art cybersecurity facility has included plans for a centralized Security Operations Center for students to simulate real-world scenarios to problem solve, monitor and rectify invisible threats that are evolving just as fast — if not faster — than the technologies that made them possible.
PANELISTS: IT'S IMPERATIVE TO BE PREPARED FOR CYBER ATTACKS
Following the announcement from Intuit that will make the student-led center possible, industry experts led a panel-style discussion on what cybersecurity actually looks like in the real world.
When acting in cybersecurity, or in security operations centers, Hawkins said it’s imperative a security team understands the infrastructure of their company or business, their network and the information most vital to protect.
In addition to rectifying or minimizing cyber attacks as they occur, cybersecurity professionals have to be prepared before threat actors ever find those vulnerabilities while working alongside vendors, customers, partners or government agencies to recover or protect sensitive data.
Erick Lee, vice president of technical information with Intuit’s security organization, called that information “the crown jewels,” saying cybersecurity analysts should not only know where such information is, but also the importance of protecting it.
Hawkins said the profession is a lot of proactive work, including understanding the threat landscape to act with extreme speed and accuracy amid cyber attacks.
In line with the future security operations center on campus, Hawkins and Lee both emphasized the importance of students running “mock events” to understand if a network is truly ready in the event systems are overtaken by a bad actor.
For example, Lee said emphasis on protection and prevention are ideal in cybersecurity, but if those methods are overtaken, it’s important to understand the “signature of an attack,” — or, in layman’s terms, where the attack is coming from, such as if the data breach is due to a bad email link, an encrypted file or a network infiltration.
Once the type of attack is identified, Lee and Hawkins said that’s where the real-world training comes in to address the problem.
MULTI-FACTOR AUTHENTICATION IS NO LONGER ENOUGH TO KEEP DATA SECURE
As technology evolves, so do those threats. For example, Hawkins pointed to the rapid advancement of artificial intelligence as a growing challenge for the industry.
Hawkins said many businesses or online companies have used multi-factor verifications to determine if potentially sensitive information is about to be released to a “real” person.
However, with the quick evolution of artificial intelligence, Hawkins said that’s no longer enough to keep private data secure.
“Verification has been eradicated,” Hawkins said, explaining that a voice or video recording of an authentic person can now be digitally altered for threat actors to imitate an actual human.
“Faces have been breached. Voices are breached,” Hawkins said, “Identity no longer belongs to just humans.”
Hawkins said identity fraud is a huge portion of cybersecurity protection, as fake IDs like driver’s licenses and passports are “shockingly convincing.”
Due to those advancements, Hawkins said cybersecurity professionals are beginning to use behavior analysis to determine bot from human.
“Behavior is the one thing that makes us unique still,” Hawkins said, but some verification process still leave unanswered questions.
“Who validates that identity and decides what they can access,” Hawkins said, as some companies opt to use artificial intelligence to determine authenticity. Essentially creating good bot versus bad bot.
Hawkins compared the rapid evolution of artificial intelligence to the early days of the internet, as both created “an explosion of cybersecurity events,” but that’s not necessarily a negative, as Hawkins said that means there will be an explosion of demand in the cybersecurity profession.
As cybersecurity threats continue to grow in complexity, initiatives like Marshall’s student-led Security Operations Center aim to give students the practical experience needed to meet those challenges head-on.
“It’s really a cat and mouse game,” Hawkins said. “Threat actors are wicked smart, but so are we.”
WHAT YOU CAN DO TO PROTECT YOUR DATA
For those who don’t understand modern cybersecurity, Lee and Hawkins said there are methods the general public can implement before falling victim to a scam or bad actor.
For example, Hawkins said receiving a phone call from the IRS, Google or Apple are highly unlikely and are probably bad actors skimming for information to obtain identities or bank accounts.
Lee said to combat that issue, the public should pay attention to what a company or agency are asking for. If it’s urgent release of private data, it’s likely a scam.
When in doubt, Lee said to check official websites or to contact an agency directly before handing over any information.
© 2026 The Charleston Gazette (Charleston, W.Va.). Distributed by Tribune Content Agency, LLC.
