Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
The presentation slides are available here.
Download the Continuing Education Units form.
Provide event feedback here.
The FISSEA Forums are quarterly meetings to provide opportunities for policy and programmatic updates, the exchange of best practices, and discussion and engagement among members of the Federal Information Security Educators (FISSEA) community.
Theme: Refining Cybersecurity Culture: WIIFM*
Agenda:
1:00 - 1:05pm
Welcoming Remarks
Marian Merritt, FISSEA Lead, NICE Deputy Director, National Institute of Standards and Technology
Brooke Crisp, IT Cybersecurity Specialist, FISSEA Co-Chair, Social Security Administration
1:05 - 1:25pm
Cyber Esports: Training High Performing Teams
Jessica Gulick, CEO and Founder, Katzcy and PlayCyber
Cyber games and esports can unlock tremendous value for Federal employees: a safe place to practice key cyber skills, an immersive experience to learn from peers, a fun team training experience, and the ability to track skill-level proficiency progression for performance evaluations. We will discuss the platforms and formats currently available for all budgets.
1:25 - 1:55pm
Beyond Compliance: Where Digital Badges Work Better
Daniel Hickey, Professor and Program Coordinator, Indiana University
Learn how to use evidence-rich web-enabled digital badges to recognize proficiency and excellence in your organization from a cybersecurity education expert with extensive experience with badges.
1:55 - 2:25pm
Making Sense of Cyber Risk Metrics – Communicating to the Board and Committee(s)
Carol Sterino, Director, Technology Risk Management, Depository Trust & Clearing Corporation (DTCC)
Many organizations struggle with providing the Board and varying levels of senior management/ committees an overall indicator of how well their organization is managing their cybersecurity and technology risk. This presentation covers the fundamentals of metrics and reporting that provides a strategic lens into a current view of cybersecurity and technology risk.
2:25 - 2:55pm
CMMI: A Practical End User Implementation of Process Improvement in Security Awareness Training
Dr. Natalie Foster Johnson, Founder and Researcher, CyberMINDS Research Institute
Dr. Alexis Perdereaux-Weekes, Co-Founder and Sr. Managing Partner, CyberMINDS Research Institute
The presentation outlines applying the Capability Maturity Model Integration (CMMI) framework principles to enhance security awareness training within organizations. The goal is to further emphasize that security awareness training is crucial for mitigating human-related security risks; however, retooling the approach on CMMI principles can improve overall cybersecurity resilience.
2:55 - 3:05pm
Break
3:05 - 3:30pm
Metrics Measuring Beyond Compliance Requirements
Tayo O. Olagunju, Federal Aviation Administration, Air Traffic Organization Cybersecurity Group
Measuring the effectiveness of a cybersecurity culture goes beyond mere compliance with regulations and standards. To truly refine and strengthen cybersecurity culture, organizations need to track specific metrics that provide deeper insights into the behaviors, attitudes, and effectiveness of security measures within the organization.
3:30 - 3:45pm
Demo of Cybersecurity and Infrastructure Security Agency (CISA) Videos
Anastacia “Staci” Webster, Academic Programs Lead, Cybersecurity and Infrastructure Security Agency (CISA)
3:45 - 4:10pm
Fireside Chat and Cybersecurity Awareness Month Preparation
Laura Edwards, Cybersecurity and Infrastructure Security Agency (CISA)
Jennifer Cook, National Cybersecurity Alliance
4:10 - 4:15pm
Closing Remarks
Frauke Steinmeier, FISSEA Co-Chair, Cybersecurity and Infrastructure Security Agency (CISA)
*“What’s In It For Me”