Not every institution has a CISO. Not every institution has a dedicated security budget. But every institution has cyber risk, and the regulatory environment (GLBA, FERPA, state privacy laws, potential CMMC requirements for research institutions) is only getting more demanding. This hands-on, half-day workshop is designed specifically for small and midsized colleges and universities that are building or rebuilding a cybersecurity program with limited resources. Led by a practitioner who has helped institutions of all sizes stand up security operations from vulnerability management and patching programs to incident response plans, this workshop guides participants through a structured, phased approach to building a cybersecurity program that is achievable, sustainable, and aligned with institutional risk tolerance. Participants will work through four modules: (1) Assessing your current state using a lightweight cybersecurity domains framework; (2) Prioritizing investments using an ERM-informed risk matrix; (3) Building a 12-month implementation roadmap with realistic milestones; and (4) Making the business case to leadership using language that resonates with presidents and boards. Each module includes hands-on exercises, peer discussion, and templates that participants take home.
Outcomes of this workshop:
Note: Participants who successfully complete this preconference workshop will be eligible to receive an EDUCAUSE microcredential. To earn this digital badge, you must complete a brief workshop evaluation and share two key learning outcomes from your experience. All registered participants will receive an email on October 5 with instructions for completing these steps. Completion of both is required. To learn how to accept and make the most of your microcredential, visit the EDUCAUSE Microcredential website.
