Announcing the 2026 National Higher Education Boss of the SOC (BOTS) Winner

Industries Tom Smit

Key takeaways

  1. The 2026 Boss of the SOC competition brought together higher education cybersecurity teams to practice real-world threat detection and response using Splunk Security tools.
  2. Participants worked through hands-on challenges that tested their ability to investigate attacks, analyze data, and respond quickly under pressure.
  3. The event highlighted the importance of collaboration, skill-building, and community learning in strengthening cybersecurity across colleges and universities.

On April 15, 2026, teams of cyber defenders from across the country gathered for the annual Boss of the SOC (BOTS) competition — an event proudly sponsored by the North American Splunk‑sponsored Higher Education User Group. Designed specifically for the higher education community, this hands‑on event provided a collaborative forum for universities and research organizations to sharpen their security operations skills while learning alongside peers.

Boss of the SOC is a fast‑paced, blue‑team capture‑the‑flag competition that immerses participants in the role of a security operations center (SOC) analyst. Using the integrated power of Splunk Security, contestants raced against the clock to investigate alerts, analyze data, and respond to realistic security incidents drawn from massive, real‑world datasets—all within a safe, risk‑free environment.

Led by industry specialists and supported by the Higher Education User Group, the event emphasized practical learning, peer engagement, and shared best practices across the higher education security community. Participants tested their investigative instincts and tactical creativity while tackling challenges such as uncovering stealthy adversaries, pivoting across cloud and on‑prem data, and disrupting simulated threat actors like the infamous “Angry Alpaca” group.

Each year, the talent and determination on display continue to impress. The 2026 competition was no exception, showcasing the resilience, speed, and analytical skill of higher education cyber defenders working under pressure—skills that are critical to protecting today’s academic and research environments.

2026 Higher Education BOTS Winners:

Congratulations to our winners and to all participants who dedicated their time and expertise to this event. Your commitment to strengthening cybersecurity across higher education is exactly what the North American Splunk Higher Education User Group was created to support—community‑driven learning, collaboration, and skill development.

Interested in continuing your Boss of the SOC journey? You can play the original BOTS experience at bots.splunk.com, or join us at .conf26 for BOTS 11, debuting in September 2026.

Related Articles

The Certificate Decoding Illusion: How Blank Grabber Stealer Hides Its Loader
Security
15 Minute Read

The Certificate Decoding Illusion: How Blank Grabber Stealer Hides Its Loader

Analyze the BlankGrabber Trojan Stealer and learn how to detect its obfuscation, staging, and exfiltration techniques using Splunk security analytics.
Do Not Cross The 'RedLine' Stealer: Detections and Analysis
Security
11 Minute Read

Do Not Cross The 'RedLine' Stealer: Detections and Analysis

The Splunk Threat Research Team provides a deep dive analysis of the RedLine Stealer threat and shares valuable insights to help enable blue teamers to defend against and detect this malware variant.
Elevating Security: The Growing Importance of Open Cybersecurity Schema Framework (OCSF)
Security
8 Minute Read

Elevating Security: The Growing Importance of Open Cybersecurity Schema Framework (OCSF)

Splunker Paul Agbabian shares what's new in the Open Cybersecurity Schema Framework (OCSF) and how profiles can augment the natural structure of event classes and categories.