32nd Annual Conference
Innovations in Cybersecurity Awareness and Training:
A 360 Degree Perspective
FISSEA is a forum for Federal Information Security Educators to share information, effective practices, and solutions regarding cybersecurity awareness, training, and industry-recognized certifications for the federal cybersecurity workforce.
The 32nd Annual Conference was held on June 27th and 28th, 2019 at the National Institute of Standards and Technology (NIST) in Gaithersburg, Maryland. The Conference theme is Innovations in Cybersecurity Awareness and Training: A 360 Degree Perspective.
FISSEA attendees gained insight into:
- Driving cultural change through innovative strategies in awareness and training;
- Strengthening your workforce’s knowledge, skills, and/or abilities through training and how that improves the risk posture of the organization;
- Developing awareness programs based on best practices, that are compliant, and promote safe security behaviors;
- Creating a cybersecurity training and education baseline that establishes minimum practices to reduce vulnerabilities.
- Adapting training to address a multi-generational workforce and improving learning outcomes;
- Creating effective, meaningful, and impactful security training using available resources.
Description:
With the continued increase of threats to our networking environments, cybersecurity awareness and training are critical to building and maintaining safe environments. Protecting information assets is everyone’s responsibility not just cybersecurity/IT specialists and those with privileged access. We live in an ever-growing digital and communications centric world. Being a part of the “Internet of Things” is a way of life, making understanding of risk and mitigation critical to providing effective security. Each one of us is a key contributor to ensuring the security of our digital economy and preventing damage from malicious or unintentional attacks. The FISSEA conference brings together visionaries, experts, and novices from industry, academia, and government to discuss and share leading practices on improving Cybersecurity through Awareness and Training. This two-day conference provides:
- Recognition of those who are building innovative and effective security awareness and training programs;
- Presentations showcasing best practices and innovative ideas; and
- The opportunity to connect, learn, share, and network with other security professionals and thought leaders in industry, academia, and government.
2018 FISSEA Educator of the Year Presented to
Earl “Fred” Bisel Jr.
Mike Petock, 2017 FISSEA Educator of the Year, presented the 2018 FISSEA Educator of the Year award to Earl “Fred” Bisel Jr, Cybersecurity Education and Certification Readiness Facilities (CERF) Manager, on June 27th, 2019. The FISSEA Educator of the Year award recognizes an individual who has made significant contributions in education and training programs for information systems security.
His nomination letter stated in part, Mr. Bisel combines practicality with ingenuity to ensure the CERF provides fast-paced, practical, in-house training on networks and operating systems for job enhancement and to prepare NIWC Atlantic employees for various information technology (IT) certification exams. Internal and external instructors are experienced, certified, and use vendor-developed curricula. The CERF non-networked training lab contains laptops and monitors, racks of servers, routers, switches and cables for a maximum of 14 students per course. Each student has direct access to equipment needed throughout the course. Many courses also include use of Netlab, a simulation tool available on the Research Development Testing and Evaluation (RDT&E) network.
Please see the complete nomination letter here.
Contest Winners for 2019:
Gretchen Morris, Contest Coordinator, reported there were 30 entries in 2019:
8 Posters, 4 Websites, 4 Motivational Items, 5 Newsletters, 2 Training Scenarios, and 7 Videos.
Winners (selected by impartial judging committee prior to conference):
- Poster: US Postal Service, Corporate Information Security Office (CISO)
- Website: Indian Health Service OIT DIS Policy and Security Awareness Team
- Motivational Item: US Postal Service, Corporate Information Security Office (CISO)
- Newsletter: Indian Health Service OIT DIS Policy and Security Awareness Team
- Security Training Scenarios: Delaware SBDC – Data Assured Program
- Video: US Postal Service, Corporate Information Security Office (CISO)
During the June conference, attendees select their Peer’s Choice. Some decisions were the same as the judging committee, some were different. Congratulations to all.
Peer’s Choice:
- Poster: US Postal Service, Corporate Information Security Office (CISO)
- Website: Jordan Robinson: Department of State
- Motivational Item: US Postal Service, Corporate Information Security Office (CISO)
- Newsletter: Robert Cunningham, Department of Veterans Affairs
- Security Training Scenarios: CMS/OIT Information Security & Privacy Group (ISPG)
- Video: TIE US Postal Service, Corporate Information Security Office (CISO) and Indian Health Service OIT DIS Policy and Security Awareness Team
FISSEA 2019 Presentations
Keynotes:
Featured:
FISSEA Ignite!
Track 1: Building Innovative Approaches to Awareness Programs
How do you build an effective cybersecurity awareness program? Now is the time to provide specifics -- what exactly is an innovative awareness program? We are looking for presentations on how your organization’s cybersecurity culture changed; institutionalizing information security into the organization’s mindset through a comprehensive awareness program (not an hour a year) – come tell us what innovations you are doing to champion and lead this transformation. In this track, we are looking for presentations that raise the bar for cybersecurity awareness programs, products, events, and activities.
- The Three Most Important Factors in Security Awareness - Russell J. Mumford, Visible Statement/Greenidea, Inc.
- Security Awareness: Mary Poppins Knows Her Stuff - Matt Beland, Smooth Sailing Solutions
- Fish, Guerrilla, and Other Marketing Tactics to Drive Awareness - Tomm Larson, Idaho National Lab
- I’m still waiting for my $10 million! How about you?? - Dale Zabriskie, Proofpoint Security Awareness Training
- Phishing with Friends and Frenemies - Brian Pope, Kevin Nicholl, CME Group
- The Evolution of a Security Awareness Program - Andrea Grable, Shelley Shomper, American Electric Power
- How to Pull off an Edgy Awareness Campaign - Lisa Plaggemier, Infosec
- Stop Talking About Cybersecurity…and Start Doing It: Using the Free GCA Cybersecurity Toolkits for Awareness Programs - Adnan Baykal, Global Cyber Alliance
- Anti-Phishing Panel
Track 2: Developing Skills through Innovative Role-Based Training
How do you address individual training requirements when individuals perform multiple roles? Is it the content, the instructor, the student interaction, the delivery medium, or the location that has the most influence on training acceptance? What factors make the most difference in learner acceptance and transference? In this track, share your innovations with the FISSEA community and make a difference in shaping the behaviors of the federal cybersecurity workforce.
- Training through Real World Discovery - Steven Lackey, Cyber Defense Technologies
- Developing Cybersecurity Skills through an AI-Assisted Scenario Based Training - Dr. Jim Chen, Lt. Col. Gregory Clay, LaShawntay Marshall, DoD NDU
- It's Midnight. Do you know where your data is? - Iliana Peters, Polsinelli, P.C.
- Cybersecurity Training for the DoD Workforce with a Limited Budget - Fred Bisel, Naval Information Warfare Center (NIWC)
- Who are the very attacked people in your neighborhood? - Dale Zabriskie, Proofpoint Security Awareness Training
- Strategy for Developing Cybersecurity Workforce in CSTEC: a Link between Lab-based Training Courses and a Live-Fire Competition - Hanjin Park, and Soonjwa Hong,Cybersecurity Training and Exercise Center (CSTEC)
- Teaching Cyber Security to Lawyers - Scott Aurnou, The Security Advocate
- Using Frequent Clickers to Strengthen Your Phishing Awareness Program - Mark Alexander, and Heather Smee, Westfield
Track 3: Implementing Comprehensive Awareness and Training Programs
How are you using awareness and training to engage all employees at your organization? How have you built a comprehensive awareness and training program that includes managers, executives, technical, nontechnical staff? How do you ensure employees know their cybersecurity responsibilities and how they contribute to risk reduction? How do you measure performance and demonstrate benefits? In this track, we are looking for presentations that help to answer and address these questions.
- How to Measure the Effectiveness of Cybersecurity Training and Awareness Program - Michael Adams, NuCrest
- Certifications Enable Transitioning Service Members to "Show What They Know" - Christopher Bloor, Pearson VUE, Jeff Felice, President, CertNexus
- It's Scary…It's Confusing…It's Dull: How Cybersecurity Advocates Overcome Negative Perceptions of Security. - Julie Haney, NIST
- Watch Your Behavior Don’t Become The Target - Babur Kohy, Adjunct Professor, Cyber Northern Virginia Community College (NVCC) and Warren Holston, Author, Beware The Predator
- Objective Placement in Cybersecurity Learning Paths for Optimum Role Performance - Richard Spires, Learning Tree International
- CMS CyberPower: Training One Superhero at a Time - Kimberly Hemby, HHS CMS Office of Information Technology (OIT) Information Security & Privacy Group (ISPG)
- Human Factor is Critical to Digital Transformation Success - Tony Rudolf, Junglemap and Markus Darby, Integrated Technologies Group Reseller
- Looking Towards Your Cybersecurity Training Horizon - Zia Anderson, DHS Cybersecurity and Infrastructure Security Agency (CISA), Cybersecurity Education & Awareness Branch
2019 Conference Photos
) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)
