Call for Proposals

Cybersecurity and privacy awareness, training, education, and communications are critical to successful information security and privacy programs. The Awareness, Education, and Human Factors track is a specialized segment within the Cybersecurity and Privacy Professionals Conference that delves deep into the strategies, tactics, and methodologies necessary for creating and managing cybersecurity and privacy awareness programs. The learning outcomes of this track will focus on:

• Understand the Role of Human Behavior in Cybersecurity and Privacy: Learn how human factors, such as decision-making, risk perception, and behavior patterns, contribute to the vulnerabilities in cybersecurity and privacy practices. 

• Design Effective Awareness Programs: Gain practical skills in designing and implementing cybersecurity and privacy awareness programs tailored to diverse audiences, including faculty, staff, and students, for institutions of any size.

• Promote a Security-Aware Culture: Discover strategies for fostering a culture of cybersecurity and privacy awareness across the institution, ensuring that security best practices are embedded into everyday actions.

• Develop Targeted Training and Education Initiatives: Learn how to develop effective, engaging training materials and courses that address key cybersecurity risks, privacy protection, and compliance requirements.

• Measure the Impact of Awareness Programs: Explore methods for assessing the effectiveness of awareness and education initiatives, including evaluating behavioral changes, knowledge retention, tangible decline in IT risk, and overall program success.

• Understand the Ethical Implications of Cybersecurity and Privacy: Examine the ethical issues surrounding data protection, privacy rights, and the role of individuals in safeguarding sensitive information.

• Address Specific Human Vulnerabilities: Identify common human errors and vulnerabilities, such as phishing attacks, weak passwords, and social engineering, and learn how to mitigate these risks through education and awareness.

• Leverage Behavioral Science for Improved Security: Gain insights from behavioral science to design programs that influence security behavior positively, such as creating incentives for safe practices or reducing barriers to compliance.

• Engage Stakeholders Effectively: Learn how to engage all stakeholders—faculty, staff, students, and leadership—in ongoing cybersecurity and privacy education, ensuring buy-in and participation across the institution.

• Adapt Training for Evolving Threats: Understand how to keep awareness and training programs dynamic and up-to-date in response to emerging cybersecurity threats, new technologies, and changing privacy and cybersecurity legislation.

Attendees will be equipped with the tools and knowledge to create, implement, and assess effective cybersecurity and privacy education programs, helping reduce human risk factors and strengthen the overall security posture of their institutions.

The Governance track focuses on the critical role of governance in shaping the future of higher education. Sessions will address topics such as shared governance models, data-informed policy decision-making methods, risk management, regulatory compliance, financial stewardship, and strategic planning. Participants will gain insights into effective engagement, leadership accountability, crisis response, and the importance of governance in fostering a culture of equity and innovation. The learning outcomes of this track will focus on:

• Understand the Role of Governance in Cybersecurity and Privacy: Gain a clear understanding of how effective governance frameworks influence cybersecurity and privacy outcomes, ensuring that institutional policies, procedures, and practices align with legal and regulatory requirements.

• Develop Strategic Governance Frameworks: Learn how to create and implement governance structures that prioritize cybersecurity and privacy, ensuring that decision-making processes support institutional resilience and risk management.

• Foster Engagement: Explore strategies for engaging senior and executive leadership in cybersecurity and privacy governance, emphasizing the importance of top-down commitment and accountability in managing risk.

• Align Cybersecurity and Privacy with Institutional Goals: Learn how to integrate cybersecurity and privacy into broader institutional strategies, aligning risk management efforts with organizational values, mission, and long-term objectives.

• Implement Risk Management and Compliance Processes: Gain practical knowledge on developing and enforcing effective risk management strategies that support compliance with cybersecurity regulations, standards, and frameworks (e.g., NIST, GDPR, HIPAA).

• Strengthen Accountability and Transparency in Governance: Explore methods for establishing clear roles, responsibilities, and accountability mechanisms within the governance structure to enhance transparency and decision-making effectiveness.

• Navigate Legal and Regulatory Compliance: Understand the complex landscape of cybersecurity and privacy regulations, and learn how to establish governance practices that ensure ongoing compliance with relevant laws and standards.

• Create a Culture of Security and Privacy: Learn how governance can play a pivotal role in cultivating a culture of security and privacy throughout the organization, ensuring that policies are not just compliance-driven but embedded in everyday practices. Understand the contrast and relationship of security and privacy and why it is unique in the higher education environment.

• Respond to Crisis and Emerging Threats: Develop strategies for crisis management and effective governance responses to cybersecurity incidents and emerging privacy challenges, ensuring resilience and institutional continuity.

• Evaluate and Improve Governance Structures: Gain insights into ongoing evaluation of governance structures, identifying areas for improvement and adapting to changes in the cybersecurity and privacy landscape.

Attendees will leave with actionable strategies to strengthen governance structures and enhance institutional effectiveness in an increasingly complex landscape. Attendees will be equipped with the knowledge and strategies to strengthen governance in cybersecurity and privacy, ensuring that their institutions not only comply with regulations but also foster a secure and resilient environment for all stakeholders.

The Transformational Leadership track explores how cybersecurity and privacy leaders can effectively transform policy into practice and awareness into action within higher education institutions, regardless of institutional size. This track examines how leaders navigate the complex journey from strategic planning to operational execution, building the bridges necessary to convert security frameworks into living programs that respond to real-world challenges. Programs will focus on the unique challenges faced by CISOs and security directors in higher education as they work to create responsive, resilient security cultures while influencing key stakeholders and managing limited resources. The learning outcomes of this track will focus on:

• Developing Future Leaders: Examine innovative approaches to cultivating cybersecurity and privacy leadership skills, including strategies for workforce development, building talent pipelines, and fostering leadership across diverse teams and institutions.

• Leading Change and Organizational Influence: Analyze effective strategies for driving cybersecurity and privacy transformation within higher education institutions. This includes influencing stakeholders, aligning with institutional strategic plans, building consensus, securing resources, and overcoming resistance to change.

• Bridging the Gap Between Policy and Action: Explore how to translate cybersecurity and privacy policies into effective action and transform awareness into proactive cultural behaviors across all levels of an institution, regardless of its size. Developing governance structures that enable action and transparency. 

• Crisis Leadership and Incident Response: Navigate teams through incidents, organizational and budget changes, and evolving threat landscapes.

• Cross-Institution Collaboration and Partnerships: Establish effective cybersecurity and privacy partnerships (internal, external), building consortiums and networks, sharing resources and expertise, and developing shared service models.

This track encourages diverse perspectives from leaders of all levels who are passionate about shaping the future of cybersecurity and/or privacy in higher education.

The Navigating Compliance with Confidence track addresses the unique regulatory landscape of higher education, where institutions of all sizes must protect sensitive information while complying with diverse laws and standards such as FERPA, HIPAA, GDPR, and CCPA. This track explores the latest strategies for meeting regulatory obligations, managing risk, and fostering a culture of accountability and responsibility within higher education. Attendees will gain insights into building robust compliance programs that ensure data privacy, security, and institutional resilience. Practical guidance will be offered on auditing practices, breach notification requirements, and managing compliance across increasingly complex digital infrastructures. The learning outcomes of this track will focus on:

• Understand Key Cybersecurity and Privacy Regulations: Gain a comprehensive understanding of major regulations impacting higher education, such as GDPR, CCPA, FERPA, HIPAA, and emerging laws and their implications for institutional compliance.

• Implement Compliance Frameworks: Learn to apply frameworks such as NIST, ISO 27001, and CIS Controls to build robust, compliant cybersecurity and privacy programs that align with regulatory requirements.

• Develop Risk Assessment and Management Skills: Acquire skills to conduct thorough risk assessments, identify areas of noncompliance, and implement mitigation strategies to protect institutional data and privacy.

• Navigate Data Protection Requirements: Understand best practices for data lifecycle including handling, storing, processing, and deprovisioning data in ways that protect privacy, prevent unauthorized access, and maintain compliance with data protection regulations.

• Conduct Compliance Audits and Assessments: Learn methodologies for internal and external compliance audits, understand how to evaluate security controls, and improve compliance posture based on audit findings.

• Establish Incident Response and Reporting Protocols: Understand and develop protocols for the regulatory requirements surrounding incident response, breach notification, and reporting, ensuring timely and compliant responses to security incidents.

• Train and Educate Stakeholders on Compliance: Develop strategies for educating staff, faculty, and students on compliance responsibilities, fostering a culture of accountability and awareness throughout the institution. 

• Prepare for Regulatory Changes and Future Compliance Needs: Learn how to anticipate, adapt to, and prepare for future compliance challenges as privacy and cybersecurity legislation evolves.

• Balance Compliance with Institutional Goals: Gain strategies for maintaining compliance without sacrificing institutional agility, innovation, or academic freedom, achieving a balance that supports organizational goals.

• Establish a Culture of Compliance and Privacy: Develop initiatives that foster a culture of privacy and compliance institution-wide, empowering all staff to take ownership of data protection and security. Focus on embedding these principles into the institution's core values.

Attendees of sessions in this track will glean the skills and knowledge necessary to build, maintain, and scale effective cybersecurity and privacy compliance programs, ensuring institutional integrity and resilience in an evolving regulatory landscape. Attendees will be equipped with actionable tools to support compliance while advancing the mission of higher education in a responsible, secure, and ethically sound manner.

The Evolving Technologies and Practices track delves into the latest advancements and strategies that are reshaping operational excellence and training practices in higher education. As institutions navigate an increasingly complex environment of digital transformation, evolving student needs, and demands for operational efficiency, this track explores how technology and optimized practices can drive institutional success and enrich the educational experience. The learning outcomes of this track will focus on:

• Understand Key Technologies: Gain knowledge of current and emerging technologies, such as artificial intelligence, machine learning, and Zero Trust architectures, and their applications in protecting sensitive institutional data and personal or controlled unclassified information.

• Implement Effective Practices: Learn best practices for safeguarding information across digital environments, focusing on data minimization, secure data storage, and their relation to regulatory compliance.

• Enhance Security Operations and Incident Response: Develop skills in setting up and managing robust security operations, including threat monitoring, risk assessment, and incident response procedures.

• Apply Risk Management and Compliance Strategies: Explore strategies for identifying, assessing, and mitigating cybersecurity and privacy risks while ensuring compliance with regulatory requirements and institutional policies.

• Address Human Factors in Cybersecurity and Privacy: Understand the role of human behavior in cybersecurity and privacy vulnerabilities and learn methods for fostering a security- and privacy-aware culture among staff, faculty, and students.

• Design Scalable Programs: Gain insights into creating scalable and adaptable security and privacy programs tailored to institutional size, budget, and risk profile.

• Assess Cybersecurity Resilience and Recovery: Learn techniques for evaluating an institution’s cybersecurity resilience and implementing recovery protocols to minimize downtime and data loss during a cyber incident.

• Leverage Data Analytics and Automation: Understand the role of data analytics and automation in enhancing cybersecurity operations, from threat detection to compliance reporting. Learn about privacy-enhancing technologies that preserve privacy of individuals across large integrated data systems.  

• Develop a Proactive Strategy: Leave with actionable insights for building proactive cybersecurity and privacy strategies that align with institutional goals, ensuring long-term protection and resilience.

Through this track, attendees will be equipped with practical skills and knowledge to strengthen their institutions' cybersecurity and privacy practices, fostering a safer and more resilient digital environment.

This type of session works best if your primary objective is to offer a tour or provide an overview of an innovative product or service. Select this delivery format if you want to showcase a product or service you implemented, built, or created. This is a great way to tell your “it worked for us” story. These will be either 20-minute or 45-minute sessions. You may have a maximum of two presenters for this session type.

Discussion sessions are opportunities for event attendees to share campus challenges and solutions through conversational exchange. By actively engaging audience participants in dialogue about hot topics or broad issues, presenters of these sessions will rely on the collective community experience among session attendees. There is no room for "sage on the stage" in a facilitated discussion session; this is a chance to have organic, topically relevant, peer-to-peer learning experiences at the conference. These will be 45-minute sessions. You may have a maximum of two facilitators for this session type.

These sessions are opportunities to share topics of interest, lessons learned, foresight, or evidence of impact related to a conference theme. Presenters, whether one person or a group, should include ways to actively engage the audience in the session. If you are proposing a panel, it should represent two or more opposing viewpoints for a lively group discussion. The best panels and group presentations have diversity in perspective, opinion, and representation and the most interesting sessions are often ones that offer many different perspectives. These will be either 20-minute or 45-minute sessions. You may have a maximum of four presenters/panelists for this session type.

Posters give participants and presenters the opportunity to share and examine problems, issues, and solutions in a casual, personal environment. Poster presenters are expected to engage with individuals, either one-on-one or in small groups, for short periods of time throughout the time slot allocated. Presenters will use a physical poster display to visually present their topics. There will be multiple poster sessions happening at the same time, allowing for attendees to visit many posters and peruse the various topics. These will be 45-minutes. You may have a maximum of two presenters for this session type.