U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Human-Centered Cybersecurity

Cybersecurity Adoption, Awareness, & Training

People and organizations often fail to adopt and effectively use cybersecurity best practices and technologies for a variety of reasons, including poor awareness, lack of knowledge/skill, and personal biases. Those professionals tasked with educating others may likewise face a number of challenges, including lack of resources, support, and skills needed to be effective security communicators.

We conduct research to better understand the approaches and challenges with cybersecurity awareness and role-based training through the eyes of training professionals within the U.S. government. In the recent past, we also explored cybersecurity adoption factors and the role of cybersecurity advocates (security professionals who promote and educate people about security best practices) in facilitating adoption.

 

Publications


Papers

Cybersecurity Advocates: Force Multipliers in Security Behavior Change paper icon - Julie Haney, Wayne Lutters, & Jody Jacobs. IEEE Security and Privacy (2021).

Cybersecurity Advocates: Discovering the Characteristics and Skills for an Emergent Role report icon - Julie M. Haney & Wayne Lutters. Information and Computer Security (2021).

Motivating Cybersecurity Advocates: Implications for Recruitment and Retention paper icon - Julie M. Haney & Wayne G. Lutters.  ACM SIGMIS Computers & Personnel Research (2019)

Presentations

"It's Scary...It's Confusing...It's Dull": How Cybersecurity Advocates Overcome Negative Perceptions of Security (Presentation) presentation icon - Julie Haney. Presented at FISSEA Conference (June 27, 2019)

Podcasts

Hacker Valley Studios Podcast: Cybersecurity Advocates (2022)

 

Papers

From Compliance to Impact: Tracing the Transformation of an Organizational Security Awareness Program paper icon - Julie Haney & Wayne Lutters. arxiv (2023).

Measuring the Effectiveness of U.S. Government Security Awareness Programs: A Mixed-Methods Study (Full Paper) paper icon - Jody Jacobs, Julie Haney, & Susanne Furman. International Conference on HCI for Business, Government, and Organizations affiliated conference at HCI International (2023).

Measuring the Effectiveness of U.S. Government Security Awareness Programs: A Mixed-Methods Study (Short Paper) paper icon - Jody L. Jacobs, Julie M. Haney, & Susanne M. Furman. Workshop on Security Information Workers (2022).

NISTIR 8420 “Federal Cybersecurity Awareness Programs: A Mixed Methods Research Study” paper icon - Julie Haney, Jody Jacobs, Susanne Furman, & Fernando Barrientos (2022)

NISTIR 8420A “Approaches and Challenges of Federal Cybersecurity Awareness Programs” paper icon - Julie Haney, Jody Jacobs, Susanne Furman, & Fernando Barrientos (2022)

Lessons Learned and Suitability of Focus Groups in Security Information Workers Research paper icon - Julie M. Haney, Jody L. Jacobs, Fernando Barrientos, & Susanne M. Furman. Proceedings of the HCI for Cybersecurity, Privacy and Trust affiliated conference at HCI International (2022).

Exploring Government Security Awareness Programs: A Mixed Methods Approach paper icon - Jody L. Jacobs, Julie M. Haney, Susanne M. Furman, & Fern Barrientos. Workshop on Security Information Workers and poster session at Symposium on Usable Privacy and Security (2021). 

Security Awareness Training for the Workforce: Moving Beyond "Check-the-box" Compliance paper icon - Julie M. Haney & Wayne Lutters. Computer (2020).

Security Awareness in Action: A Case Study [extended abstract] paper icon- Julie M. Haney & Wayne G. Lutters. 5th Workshop on Security Information Workers (WSIW) at the Symposium on Usable Privacy and Security (SOUPS) (2019).

Presentations

NIST Security Awareness Study  presentation icon Recorded presentation video icon - Jody Jacobs, Julie Haney, & Susanne Furman. Presented at the Federal Information Security Educators' (FISSEA) Fall Forum (2021).

Blogs

Security Awareness Training for the Workforce - Julie Haney and Wayne Lutters. University of Maryland Human-Computer Interaction Lab Symposium (2021)

Podcasts

Behave Podcast: Security awareness is falling short w/Dr. Julie Haney (2023)

Papers

NIST SP 1288 Federal Cybersecurity Role-Based Training Approaches, Successes, and Challenges  paper icon - Julie Haney, Jody Jacobs, & Susanne Furman (2023).

Presentations

NIST Cybersecurity Role-based Training Study Presentation presentation icon Recorded presentation  video icon - Jody Jacobs, Julie Haney, & Susanne Furman. Presented at the Federal Information Security Educators' (FISSEA) Spring Forum (2022).

Papers

An Investigation of Roles, Backgrounds, Knowledge, and Skills of U.S. Government Security Awareness Professionals  paper icon- Julie M. Haney, Jody L. Jacobs, & Susanne M. Furman. ACM SIGMIS Computers and People Research Conference (2022).

NISTIR 8420B “The Federal Cybersecurity Awareness Workforce: Professional Backgrounds, Knowledge, Skills, and Development Activities” paper icon - Julie Haney, Jody Jacobs, Susanne Furman, & Fernando Barrientos (2022)

 

Created November 17, 2016, Updated September 29, 2023