This blog post was generated by Gemini using the transcript from the podcast episode.

The cybersecurity industry is facing a persistent skills shortage, and universities often struggle to provide students with the real-world experience needed to land a job in the Cybersecurity industry. Bruce Johnson of TekStream recently discussed a solution that is simultaneously addressing both problems: the student-powered Security Operations Center (SOC).

In a conversation with me, Bruce detailed this innovative private-public partnership, its unique funding model, and how it’s cultivating not just cyber analysts, but well-rounded professionals.

A Private-Public Partnership for Workforce Development

TekStream's student-powered SOC program is a well-established solution designed to automate proactive threat detection and remediation while also serving as a crucial workforce development initiative. This is not a simple outsourcing model; it’s a three-way collaboration that includes the state, educational institutions, and TekStream.

TekStream emphasizes that their solution is an "investment solution," where the institutions own their SIEM environment licenses and retain all built assets, fostering collaborative value building instead of an outsourced expense.

Training the Analytical Detective

Johnson noted that many new graduates struggle to find jobs due to minimum experience requirements. The student-powered SOC addresses this by providing practical, real-world experience in a working SOC environment.

The program focuses on transforming curious individuals into professional analysts. The onboarding process has been compressed to just six weeks , and students are trained on tools, runbooks, and cybersecurity fundamentals through hands-on labs.

The biggest indicator of a student’s success is a proprietary critical thinking test that assesses logical reasoning and due diligence. Students are incrementally matured by starting with low-complexity threats (like IP reputation and brute force) and gradually increasing to advanced topics like TTPs (Tactics, Techniques, and Procedures), guided by a complexity scoring system.

The Value of the "Transcript" and Placement

The program provides immense reputational value to participating schools because it boasts a 100% placement rate for students. This outcome differentiates these institutions from those offering only academic backgrounds.

For the student, the program produces a highly valuable "transcript". This document details:

The specific use cases and threats the student tackled.
The level of complexity involved.
The student's productivity and quality metrics.

This transcript instills professionalism and serves as a practical skills record, giving students a significant leg up against other job candidates who only have academic backgrounds. Furthermore, the program incorporates integrated career counseling to review metrics and guide students toward roles like red teaming, forensics, or engineering.

AI Supervision: The Expert in the Loop

In a world where AI is automating level one (SA1) security tasks, students must transition from performing basic skills to supervising AI. Bruce Johnson acknowledged the concern that students might struggle with AI hallucinations or incorrect outputs due to their lack of industry experience.

TekStream’s answer is the "expert in the loop" approach. The program trains students in three areas:

Using AI in the context of incident response.
Supervising the AI.
Understanding AI more broadly.

The training environment requires students to second-guess the AI and understand the foundational work before they can effectively supervise. This approach emphasizes that trust in the technology is built incrementally over time.

An Investment in Future Talent

Beyond the immediate goal of cybersecurity, the student-powered SOC delivers an unexpected but profound benefit: the development of non-cybersecurity skills. Students gain critical life lessons and skills that help isolated individuals become more engaged, including: collaboration, accountability, professionalism, and general "adulting".

These detective and critical thinking skills are universally transferable to any industry. Ultimately, the program prepares students to handle complex threats and risk scenarios, teaching them that working in security is about developing a nuanced understanding of risk, not expecting "black-and-white answers." The demonstrated success—with students handling 50% of incident volume within a quarter of onboarding—proves this model is effectively bridging the skills gap and shaping the next generation of security professionals.

This blog post was generated by Gemini using the transcript from the podcast episode.

The API remains the "connective tissue of the modern world", but as Postman's Sam Chehab highlighted in a recent discussion with me, the State of the API report reveals that the landscape is rapidly evolving, driven by the rise of AI and persistent security challenges.

The Collaboration Crisis and the Security Connection

The annual Postman State of the API report, now in its seventh year , synthesizes data on how APIs are produced and consumed across industries. A major insight from this year's report focuses on the persistent struggle with collaboration. A shocking 93% of teams are struggling with API collaboration, which leads directly to a lot of duplicated work. From a security perspective, this fragmented collaboration means the "attack surface is getting wider". When developers find unofficial ways to share information—like Slack threads, wikis, or Confluence docs—it bypasses established security and governance processes.

However, there is a silver lining: documentation is on the rise. Fifty-eight percent of respondents cited documenting APIs as one of the most common activities they are undertaking to improve collaboration. While this is a step toward better practices, Sam Chehab notes it may be driven by the need for better collaboration or the demand for AI-ready APIs.

Shifting Left: Integrating Security into the Developer Workflow

Postman is primarily an engineering-first tool , used by 98% of the Fortune 500. The key to better security, according to Chehab, is working with the developer workflow, not against it.

The pathway to good security is a byproduct of good collaboration. This starts with the fundamentals: achieving an inventory of enterprise and software assets —the first two CIS controls—to kickstart the security journey. Postman enables developers to run security tests directly within their normal workflow using Postman collections. This drastically improves development velocity and moves security closer to the "shift left" ideal.

Furthermore, the platform's built-in load testing and performance capabilities help address the "Availability" component of the CIA triad, which security teams often historically ignore. Developers can trivially simulate denial-of-service attacks using their existing tests and Postman's features.

Preparing for the AI Agent Invasion

As AI agents increasingly consume APIs, they require a different approach to API design and documentation.

While developers often hate documentation, AI agents thrive on it. Tools can be leveraged to help write documentation about APIs that then other AIs can read. Humans may get away with a generic "error something broke" , but AI agents require rich, contextual error messages. These should specify the problem (e.g., "invalid parameter"), what was expected, and what was received so the AI can effectively process the issue.

AI also needs centralized information, clear metadata, and good descriptions around APIs to function effectively. This makes centralized platforms like Postman essential, replacing scattered wikis, portals, and Slack threads.

Top Security Concerns: Credentials and Amplification

One of the top security risks cited by 51% of developers in the report is unauthorized agent access.

This issue is primarily driven by the industry's failure to effectively solve secrets management , with API keys floating everywhere. Postman addresses this by providing tools for API key management, including forcing expiration, managing revocation policies, and having a "revoke all" option. Furthermore, Postman actively scans public repositories like GitHub for leaked Postman keys, auto-revoking them and notifying the administrator to minimize the blast radius of a leak.

Another risk is Credential Amplification. This refers to the risk that is exponential, not linear , where one credential grants access to one service, and that service then has access to another , allowing for lateral movement. This puts a name to what that sprawl looks like now.

The Emergence of Model Context Protocol (MCP)

A new concept discussed was the Model Context Protocol (MCP) , which is an emerging standard for AI interaction.

MCP acts as an abstraction layer. It sits on top of a restful-like protocol and allows you to abstract yourself away from the endpoint that you're communicating with. It enables the use of natural language to interact with a scoped-down number of APIs , making interaction with different services more agnostic (e.g., interacting with a Jira instance without hardwiring to it).

MCP, however, introduces a new supply chain risk. Security practitioners must validate which MCP servers they are using. Chehab cited the first benign "MCP hack" in the wild, where a malicious server added a BCC to an email every time an action was performed.

The Wrap Up

Chehab's final advice echoes his security philosophy: go back to basics. Secure your APIs by focusing on the fundamentals:

Gain Leadership Buy-in: Security efforts will be fleeting without support from management.
Document and Test: Focus on how you are documenting, sharing, and testing your APIs.
Ensure Consistency: Validate that your design-time plan maps to what you build and what you deploy in runtime.

By solving collaboration and basic security problems first—and using AI to help automate those basic tasks —teams can successfully secure their systems before chasing new, complex AI threats.