Building an IT Security "Academy" (from the Ground Up)

Tuesday, May 02 | 8:00AM–9:00AM | Colorado Ballroom GH, Lower Level 2
Session Type: Breakout Session
Delivery Format: Concurrent Session
Building on input from campus liaisons and peer universities, we moved our security awareness campaign in a different direction by developing an academy-style teaching program designed to empower campus “ambassadors.” Our first cohort of 20 included IT staff in different roles across campus entities (from server administrators and desktop support to DBAs). The curriculum provided a foundation in security fundamentals (SANS, CIS Critical Controls) with lab-style electives targeting technologies in use at Duke (for logging, endpoint configuration management, and vulnerability scanning, among others). We’ll share our lessons learned and strategies for our second year of the program. This is a general interest session.

Outcomes: Gain a basic framework for how to bootstrap a similar program at local institutions * Learn strategies for curriculum planning and fostering ongoing engagement * Participate in a sample class segment


  • Phillip Batton

    Sr Security Analyst, Duke University
  • Cara Bonnett

    Technology Risk Assurance Manager, Duke University

Resources & Downloads

  • Building an IT Security Academy_slides

    1 MB, pdf - Updated on 5/9/2017