Reducing Cybersecurity Risk: Tactics and Strategies

EnergySec’s Reducing Cybersecurity Risk: Tactics and Strategies course is designed to provide participants with the cybersecurity, framework, and communication theory required to get a grip on cyber security risk management and reduction. Rather than walk you through the same tired old risk management principles, this class will decompose the causes, sources, and nature of the problem and teach approaches and techniques which can be, together, applied to this difficult (and still poorly understood) problem. While utilizing existing tools and models, the class will go far beyond them and focus on fundamentally missing or underrepresented topics. Some of these include:

  • The Essentials of Cyber Security (How it is important and Why it is so difficult)
  • Framework Skills Development (How can we build and use focused, practical frameworks)
  • “Cyber” Management Skills Development (Concepts such as metrics and organizational behavior that are necessary to get a grip on your environment
  • Filling out the NISTCSF and C2M2 gaps
  • Understanding and applying Risk Management practices

This course is offered in two formats as explained below. For more information, contact us at info@energysec.org.

Class Format

The class format is curriculum-based and priced per attendee. This class is offered at public events, but can also be delivered onsite at a single entity.

We all use frameworks in our lives and we all struggle with cyber security, but it can often be tough for us to implement existing cyber security frameworks without added context. In this class, aimed at all levels of the organization (including executives), we will learn how to effectively use frameworks to help reduce cyber risk by working through the 11 steps necessary to utilize two common frameworks (NIST CSF and C2M2) to best effect.

On the first day of the class key elements of framework theory will be introduced and explained. On the second day, additional foundational knowledge will be provided, then the class will work through examples of the 11 steps to successfully implement the NIST CSF or the C2M2.

Workshop Format

The workshop format is designed for custom, onsite events. It is delivered at a fixed price to encourage maximum participation within the organization.

EnergySec’s Reducing Cybersecurity Risk: Tactics and Strategies course is designed to provide participants with the cybersecurity, framework, and communication theory required to get a grip on cyber security risk management and reduction. Rather than walk you through the same tired old risk management principles, this class will decompose the causes, sources, and nature of the problem and teach approaches and techniques which can be, together, applied to this difficult (and still poorly understood) problem. While utilizing existing tools and models, the class will go far beyond them and focus on fundamentally missing or underrepresented topics. Some of these include:

  • The Essentials of Cyber Security (How it is important and Why it is so difficult)
  • Framework Skills Development (How can we build and use focused, practical frameworks)
  • “Cyber” Management Skills Development (Concepts such as metrics and organizational behavior that are necessary to get a grip on your environment
  • Filling out the NISTCSF and C2M2 gaps
  • Understanding and applying Risk Management practices

Phoenix, AZ – January 25-26, 2017
Atlanta, GA – April 17-18
Kansas City, MO – June 12-13

Jack Whitsitt

Jack Whitsitt
Security Strategist, EnergySec

Jack Whitsitt, recently identified by Tripwire as one of the top 10 Rising Stars and Hidden Gems in security education, and winner of TSA’s “Honorary Award” – the highest award given by the agency – brings a breadth of cyber security knowledge and thought leadership to any project he is involved with. Currently a Principal Analyst for Energysec, his unusual combination of hard technical, public/private partnership development, facilitation, and national risk management experience allow him to provide particular insight into and leadership of strategic organizational, sector, and national cyber security initiatives and educational endeavors.

A participant in the national critical infrastructure protection dialogue for seven years, Jack has provided regular advice, insight, and thought leadership to all levels of government and industry and has been responsible for several successful sector-level initiatives. His background includes facilitation, cutting-edge technical research & development, national control systems cyber incident response (as a member of ICS-CERT via Idaho National Lab at the NCCIC), community building, large scale data analysis, Sector Specific Agency program development & execution (as a GS-14 at TSA), sales & marketing, and more.

Further, Mr. Whitsitt’s experience and skill at developing and providing targeted training and education opportunities to a variety of audiences allows him to effectively communicate his knowledge and to positively affect behavior, culture, and outcomes within organizations.

Recently, Mr. Whitsitt was also cited as an author in a NATO-sponsored report to develop Cybersecurity Confidence Building Measures intended to help nations avoid unintentional conflict escalation in cyberspace and was invited by name to a related MIT-sponsored “Cyber Norms Workshop 3.0” discussing sources of instability in cyberspace, cyberwar, deterrence, and related topics.