Cybersecurity Frameworks

EnergySec’s Cybersecurity Frameworks: Theory and Application course is designed to provide participants with the cybersecurity, framework, and communication theory required to make practical improvements to their cybersecurity environments. It is based largely on the NIST Cyber Security Framework (NIST CSF) and the Electric Sector Cybersecurity Capability Maturity Model (ES-C2M2).

Topics covered will include:

  • The Essentials of Cyber Security (How it is important and Why it is so difficult)
  • Framework Skills Development (How can we build and use focused, practical frameworks)
  • Cyber Management Skills Development (Concepts such as metrics and organizational behavior that are necessary to manage risk effectively)
  • “Implementing NIST CSF and C2M2 in 11 steps” (Tying everything together)

This course is offered in two formats as explained below. For more information, contact us at

Class Format

The class format is curriculum-based and priced per attendee. This class is offered at public events, but can also be delivered onsite at a single entity.

We all use frameworks in our lives and we all struggle with cyber security, but it can often be tough for us to implement existing cyber security frameworks without added context. In this class, aimed at all levels of the organization (including executives), we will learn how to effectively use frameworks to help reduce cyber risk by working through the 11 steps necessary to utilize two common frameworks (NIST CSF and C2M2) to best effect.

On the first day of the class key elements of framework theory will be introduced and explained. On the second day, additional foundational knowledge will be provided, then the class will work through examples of the 11 steps to successfully implement the NIST CSF or the C2M2.

Workshop Format

The workshop format is designed for custom, onsite events. It is delivered at a fixed price to encourage maximum participation within the organization.

We all work in organizations that are struggling with cyber security to one degree or another, but it can often be tough for us to find paths forward. In this onsite, facilitated workshop aimed at all levels of the organization (including executives), we will work through specific strategic and tactical cyber security problems faced by your organization using a combination of existing frameworks and a customized set of 11 steps necessary to utilize two common frameworks (NIST CSF and C2M2) to best effect.

The first day will provide a foundation of knowledge to provide context for working sessions on day 2. In the day 2 working sessions, the organization’s concerns will be overplayed into the theory and roadmaps for forward progress will be developed.

Overview:  This 2-day class – one of several throughout the U.S. in 2016 and 2017 – is intended for those leaders, decisions makers, and technologists who feel that they are lacking a usable bridge between the technology and business aspects of cybersecurity and wish to do more than simply build a standard security program and hope for the best.

Value: The instructor will use two common security frameworks (NIST and C2M2) alongside custom material (developed over 9 years and unavailable elsewhere) to provide students with the necessary cybersecurity, framework, and communication theory required to make practical improvements to their cybersecurity environments, including, potentially:

  • More effective management of the organizational behaviors outside of the CISO shop that lead to increased cybersecurity risk
  • Enhancement of the functioning and efficacy of security-specific programs and organizations
  • Development of appropriate, actionable metrics for all organizational levels, including the executive
  • Increased assurance that critical business success criteria are met despite ongoing cyber risk
  • More comprehensive plans to defend against specific external threats
  • Improved management of Perception, Communication, Scale, and Uncertainty risks associated with cybersecurity
  • Improved partnership and collaboration within and across organizations, public and private
  • Reduced gap between “Compliance” and “Security”
  • Easier, more effective development of custom formal and informal frameworks to bridge gaps between disciplines

Audience: The target audience for this class includes executives, security leaders, technology practitioners, architects, policymakers, lawyers, and other individuals interested in moving beyond industry and media hype to develop a broader understanding of both the problem space and discipline of “Cybersecurity” as it applies to their specific roles.

Class will be tailored, within the constraints of the topic areas, to the backgrounds and needs of attendees.

The first day will focus on theory presentation and the second day will apply that theory to practical problems – some as requested by students – in a workshop environment.

Students should also be aware that, despite some use of jargon, no technical experience or security expertise is assumed and each class will be tailored to the experience levels of those in attendance wherever possible.

Phoenix, AZ – January 25-26, 2017

Jack Whitsitt

Jack Whitsitt
Security Strategist, EnergySec

Jack Whitsitt, recently identified by Tripwire as one of the top 10 Rising Stars and Hidden Gems in security education, and winner of TSA’s “Honorary Award” – the highest award given by the agency – brings a breadth of cyber security knowledge and thought leadership to any project he is involved with. Currently a Principal Analyst for Energysec, his unusual combination of hard technical, public/private partnership development, facilitation, and national risk management experience allow him to provide particular insight into and leadership of strategic organizational, sector, and national cyber security initiatives and educational endeavors.

A participant in the national critical infrastructure protection dialogue for seven years, Jack has provided regular advice, insight, and thought leadership to all levels of government and industry and has been responsible for several successful sector-level initiatives. His background includes facilitation, cutting-edge technical research & development, national control systems cyber incident response (as a member of ICS-CERT via Idaho National Lab at the NCCIC), community building, large scale data analysis, Sector Specific Agency program development & execution (as a GS-14 at TSA), sales & marketing, and more.

Further, Mr. Whitsitt’s experience and skill at developing and providing targeted training and education opportunities to a variety of audiences allows him to effectively communicate his knowledge and to positively affect behavior, culture, and outcomes within organizations.

Recently, Mr. Whitsitt was also cited as an author in a NATO-sponsored report to develop Cybersecurity Confidence Building Measures intended to help nations avoid unintentional conflict escalation in cyberspace and was invited by name to a related MIT-sponsored “Cyber Norms Workshop 3.0” discussing sources of instability in cyberspace, cyberwar, deterrence, and related topics.