This is a potential security issue, you are being redirected to https://csrc.nist.gov.
People and organizations often fail to adopt and effectively use cybersecurity best practices and technologies for a variety of reasons, including poor awareness, lack of knowledge/skill, and personal biases. Those professionals tasked with educating others may likewise face a number of challenges, including lack of resources, support, and skills needed to be effective security communicators.
We conduct research to better understand the approaches and challenges with cybersecurity awareness and role-based training through the eyes of training professionals within the U.S. government. In the recent past, we also explored cybersecurity adoption factors and the role of cybersecurity advocates (security professionals who promote and educate people about security best practices) in facilitating adoption.
Cybersecurity Advocates: Force Multipliers in Security Behavior Change - Julie Haney, Wayne Lutters, & Jody Jacobs. IEEE Security and Privacy (2021).
Cybersecurity Advocates: Discovering the Characteristics and Skills for an Emergent Role - Julie M. Haney & Wayne Lutters. Information and Computer Security (2021).
Motivating Cybersecurity Advocates: Implications for Recruitment and Retention - Julie M. Haney & Wayne G. Lutters. ACM SIGMIS Computers & Personnel Research (2019)
"It's Scary...It's Confusing...It's Dull": How Cybersecurity Advocates Overcome Negative Perceptions of Security (Presentation) - Julie Haney. Presented at FISSEA Conference (June 27, 2019)
From Compliance to Impact: Tracing the Transformation of an Organizational Security Awareness Program - Julie Haney & Wayne Lutters. arxiv (2023).
Measuring the Effectiveness of U.S. Government Security Awareness Programs: A Mixed-Methods Study (Full Paper) - Jody Jacobs, Julie Haney, & Susanne Furman. International Conference on HCI for Business, Government, and Organizations affiliated conference at HCI International (2023).
Measuring the Effectiveness of U.S. Government Security Awareness Programs: A Mixed-Methods Study (Short Paper) - Jody L. Jacobs, Julie M. Haney, & Susanne M. Furman. Workshop on Security Information Workers (2022).
NISTIR 8420 “Federal Cybersecurity Awareness Programs: A Mixed Methods Research Study” - Julie Haney, Jody Jacobs, Susanne Furman, & Fernando Barrientos (2022)
NISTIR 8420A “Approaches and Challenges of Federal Cybersecurity Awareness Programs” - Julie Haney, Jody Jacobs, Susanne Furman, & Fernando Barrientos (2022)
Lessons Learned and Suitability of Focus Groups in Security Information Workers Research - Julie M. Haney, Jody L. Jacobs, Fernando Barrientos, & Susanne M. Furman. Proceedings of the HCI for Cybersecurity, Privacy and Trust affiliated conference at HCI International (2022).
Exploring Government Security Awareness Programs: A Mixed Methods Approach - Jody L. Jacobs, Julie M. Haney, Susanne M. Furman, & Fern Barrientos. Workshop on Security Information Workers and poster session at Symposium on Usable Privacy and Security (2021).
Security Awareness Training for the Workforce: Moving Beyond "Check-the-box" Compliance - Julie M. Haney & Wayne Lutters. Computer (2020).
Security Awareness in Action: A Case Study [extended abstract] - Julie M. Haney & Wayne G. Lutters. 5th Workshop on Security Information Workers (WSIW) at the Symposium on Usable Privacy and Security (SOUPS) (2019).
Security Awareness Training for the Workforce - Julie Haney and Wayne Lutters. University of Maryland Human-Computer Interaction Lab Symposium (2021)
NIST SP 1288 Federal Cybersecurity Role-Based Training Approaches, Successes, and Challenges - Julie Haney, Jody Jacobs, & Susanne Furman (2023).
NIST Cybersecurity Role-based Training Study Presentation Recorded presentation - Jody Jacobs, Julie Haney, & Susanne Furman. Presented at the Federal Information Security Educators' (FISSEA) Spring Forum (2022).
An Investigation of Roles, Backgrounds, Knowledge, and Skills of U.S. Government Security Awareness Professionals - Julie M. Haney, Jody L. Jacobs, & Susanne M. Furman. ACM SIGMIS Computers and People Research Conference (2022).
NISTIR 8420B “The Federal Cybersecurity Awareness Workforce: Professional Backgrounds, Knowledge, Skills, and Development Activities” - Julie Haney, Jody Jacobs, Susanne Furman, & Fernando Barrientos (2022)