Delta Risk Team Selected To Give Presentation On Cybersecurity Training At FISSEA
February 8, 2016
Noah Powers and Jeff Arsenault of Delta Risk have been selected to present at the Federal Information Systems Security Educators’ Association (FISSEA) Conference on March 15, 2016. The presentation, Gaining Confidence through Effective CyberSecurity Training, focuses on the increasing need for better cybersecurity training and the approaches needed to get there.
Federal Information Systems Security Educators’ Association 29th Annual Conference
March 15-16, 2016, NIST, Gaithersburg, MD
“The Quest for the Un-hackable Human: The Power of Cybersecurity Awareness and Training”
The quest to conduct effective and meaningful training in Information Security is nearly 20 years in the making, yet the results have come short of producing the required workforce our Nation requires. In 1997 the Government Accountability Office reported the following as factors of IT security as a high-risk area – “poorly designed and implemented security programs,” “shortage of personnel with the technical expertise needed to manage controls,” and “insufficient awareness and understanding of information security risks among senior (agency) officials.” Much the same is often said today in response to increasing cyber attacks and data breaches.
The gap between attacker’s knowledge and our own as defenders is increasing, and not in a good way. To counteract this, the focus must shift from technology to people as the way to gain the upper-hand back from the attackers. We believe an overabundance of security technologies has led to a false sense of security as formal training programs have failed to keep pace. Through trial and error we found the type of training and evaluation process matters as much as the content taught, and the best approaches to effective and meaningful training is through virtual live-fire training events. Security staff understanding the technology at their disposal, and how to use it is key. Combined with an effective evaluation program, organizations can get confident about their security processes and where they need to focus efforts. This talk presents the training and evaluative approaches we have found to be effective.