Building an IT Security "Academy" (from the Ground Up)

Building on input from campus liaisons and peer universities, we moved our security awareness campaign in a different direction by developing an academy-style teaching program designed to empower campus “ambassadors.” Our first cohort of 20 included IT staff in different roles across campus entities (from server administrators and desktop support to DBAs). The curriculum provided a foundation in security fundamentals (SANS, CIS Critical Controls) with lab-style electives targeting technologies in use at Duke (for logging, endpoint configuration management, and vulnerability scanning, among others). We’ll share our lessons learned and strategies for our second year of the program. This is a general interest session.

Outcomes: Gain a basic framework for how to bootstrap a similar program at local institutions * Learn strategies for curriculum planning and fostering ongoing engagement * Participate in a sample class segment