Dr. Tom Pendergast, MediaPro’s chief strategist for security, privacy, and compliance, will present on the challenges inherit in building a truly adaptive security awareness program at a federal security educators’ conference next week.
Dr. Pendergast will speak at the 29th annual Federal Information Systems Security Educators’ Association (FISSEA) on Wednesday, March 16 in Gaithersburg, Maryland. This year’s conference theme is The Quest for the Un-hackable Human: The Power of Cybersecurity Awareness and Training. The mission of FISSEA, run by and for information systems security professionals, is to assist federal agencies in meeting their information systems security awareness, training, education, and certification responsibilities.
“I’m really thrilled to be speaking with my colleagues in the federal government,” Dr. Pendergast said. “They’re trying to solve the same problems faced by well-funded private companies, but often with far fewer resources.”
One of the most provocative elements of the NIST Cybersecurity Framework for awareness professionals is the challenge to develop a Tier 4: Adaptive program. For security professionals with constrained budgets and limited personnel, building an awareness program that incorporates continuous improvement and “actively adapts” to changing threats can seem impossible.
But it doesn’t have to be that difficult. By leveraging free or inexpensive resources, security professionals can deploy measurements to help understand their risk posture, plan a sophisticated program, and deploy flexible (and often inexpensive) training and reinforcement communications to address their most pressing issues, creating a more risk-aware culture along the way.
Dr. Pendergast’s presentation will offer a conceptual model for increasing the flexibility and the visibility of a security awareness program, while focusing on some practical things that can be dome within a limited budget, all while driving toward a Tier 4 standard.
Dr. Pendergast is the chief architect of MediaPro’s Adaptive Awareness Framework approach to plan, train, reinforce, and analyze workforce learning and awareness in the subjects of information security, privacy, and corporate compliance. He has a Ph.D. in American Studies from Purdue University and is the author or editor of 26 books and reference collections.