Past Events

To address the ever-evolving cybersecurity landscape and equip organizations with information and resources to more quickly and effectively manage cybersecurity risk and improve their cybersecurity posture, NIST published a significant update to the NIST Cybersecurity Framework in 2024—CSF 2.0—the first major update to the framework in 10 years. Throughout the last year, organizations of all sizes and sectors have spent time familiarizing themselves with the CSF 2.0 and many are in the process of upgrading their cybersecurity security posture informed by CSF 2.0. 

In the first episode of NIST’s new multi-part CSF 2.0 webinar series, we will provide an overview focused on implementing CSF 2.0, including:

• Why organizations would want to upgrade and how to foster bidirectional cybersecurity risk communications between leadership and practitioners. 
• Practical actions organizations can take to implement the CSF 2.0. 
• What resources are available to assist with implementation.

Time will be reserved at the end for audience questions. 

Speaker: Stephen Quinn, Senior Computer Scientist and CSF Project Lead, NIST

The Cybersecurity and Infrastructure Security Agency (CISA) is proud to offer the Incident Response Training event, Defending Internet Accessible Systems Cyber Range Training (SS204). The 200-level training events are open to government employees and contractors across federal, state, local, tribal, and territorial government, educational partners, and critical infrastructure partners. Please use your organization email address when registering.

This course is ideal for those working in cybersecurity roles who are interested in learning technical incident response skills and requires active engagement from all participants. The course assumes a mixed audience (e.g., from disparate teams and organizations) of mixed capability.

Participants will be introduced to tactics and strategies that enable them to protect their organizations from attacks against internet accessible system(s) (i.e., Internet Accessible System Attacks or IAS), through awareness of individual and organizational points of vulnerability.

Experience these benefits and more: 

• Practice in a realistic environment: Define IAS Vulnerabilities and their indicators. 

• Learn how to implement CISA guidance: Course exercises include implementation of the recommendations in BOD 19-02. 

• Identify and mitigate vulnerabilities in real time: Students will identify common methods of scanning for vulnerabilities, analyzing event logs, and modifying firewall rules.  

• Expert facilitation and peer discussion: Throughout the course, expert cybersecurity engineers will moderate discussion and conduct a recovery debrief for the exercises. Participants are also encouraged to help one another and offer relevant input to address peers' questions.

This exercise is a step-by-step, facilitated experience that uses a keyboard approach to understand these topics in a realistic technical environment.

Approved registrants must attend a mandatory student technical check the day before the training to establish a connection to the course content and lab environment.

Empower your small business with a deep dive into cybersecurity basics at our upcoming Introduction to Cybersecurity event. Discover practical strategies to protect your business online. Join us for insights tailored to small businesses, ensuring your digital assets are secure. Do not miss out on the chance to boost your digital security knowledge.

This event will take place online using Microsoft Teams, please register to obtain for the login information. Please note, if you are planning to use a mobile device to access this webinar, you must first download the Teams app to your device.

SBA programs and services are extended to the public on a nondiscriminatory basis. For reasonable accommodation request please send an email to [email protected](Link is external) at least 7 days in advance.

NIST will host a full-day hybrid workshop at the NCCoE to continue discussions related to a major update of NIST IR 8259. The day's activities will feature an overview of NIST's current status in updating NIST IR 8259 with extensive Q-and-A  and invited speakers to discuss current cybersecurity and IoT topics relevant to the NIST IR 8259 updates with both in-person and virtual attendees. In-Person participation is encouraged, but the full day workshop will be broadcast virtually to those who cannot attend at the NCCoE.

Explore advanced cybersecurity tactics to strengthen your business against ever-evolving threats. In this no-fee webinar, we will guide you beyond the Cybersecurity Basics trainings into a deeper exploration of essential topics for building cyber resilience.

Join us on Tuesday, February 11th, at 1:00 pm PST / 4:00 pm EST for this webinar hosted by the NorCal Small Business Development Center. Zack Barton will lead a discussion with renowned cybersecurity specialist, Jacob Blacksten, to highlight the importance of password management, multi-factor authentication, emergency response plans, and staff training within today's digital space.

Colleges and universities have long been a valuable resource for small businesses in their communities. Examples of support and outreach include running start-up incubators and accelerators, hosting small business development centers, providing a source of interns and entry-level workforce members, hosting legal and medical clinics, and much more. Recently, higher education, with support from industry and government, has been addressing two critical questions in cybersecurity through an emerging network of cybersecurity clinics: 

• How can we bolster the cybersecurity posture of small, under-resourced organizations in our community?
• How can we build a stronger cybersecurity workforce by providing students with valuable, hands-on learning experiences?

Through the clinics, multidisciplinary teams of students work with faculty providing no-cost  cybersecurity services to the region’s small, under-resourced organizations—providing valuable workforce development experiences to students and important cybersecurity support to those organizations who need it the most. 

This webinar will provide an overview of cybersecurity clinics, while also highlighting experiences of students and small businesses who have participated in the program. The panel discussion will run for 45 minutes, with 15 minutes reserved at the end of the hour for questions. 

Opening Remarks: 

• Rodney Petersen, Director, National Initiative for Cybersecurity Education (NICE), NIST

Panelists: 

• Mehdi Abid, Cyber Program Coordinator, Department of Computer Science, University of Nevada, Las Vegas
• Aisha Ali-Gombe, Ph.D., Associate Professor and Director, LSU Cybersecurity Clinic, Louisiana State University
• Gary Anderson, Partner, Cardinal Capital, LLC
• Keith Daniel Tan, Scholarship for Service(SFS) Student, University of Nevada, Las Vegas

Moderator: 

• Daniel Eliot, Lead for Small Business Engagement, NIST

Join the  UVI Information Services & Institutional Assessment staff team as they prepare USVI Small Businesses with the tools necessary to secure their data and electronic information. Learn common fallacies for small businesses regarding cybersecurity, the types of threats encountered, strategies for combating the threats, and how to get started. This interactive webinar is free of cost and includes a question-and-answer segment.

In this session, you will learn:

•            What is ransomware and how it works

•            Ransomware prevention

•            How to understand cyber threats and what to do about them

We will provide practical insights and actionable strategies to enhance your ability to effectively mitigate ransomware threats.

Join the UVI Information Services & Institutional Assessment team as they prepare USVI Small Businesses with the tools necessary to secure their data and electronic information. Learn common fallacies for small businesses regarding cybersecurity, the types of threats encountered, strategies for combating the threats, and how to get started. This interactive webinar is free of cost and includes a question-and-answer segment.

This session’s topics will explain:

•            What is phishing and how it works

•            Different types of phishing attacks

•            Red flags to watch out for in suspicious emails

•            Best practices for protecting sensitive information

•            How to report phishing attempts

In today's digital age, phishing attacks have become increasingly sophisticated and prevalent. These deceptive tactics target individuals and organizations alike, aiming to compromise sensitive information, financial resources, and even the reputation of companies. It is imperative that we equip ourselves with the knowledge and tools necessary to identify and work to prevent these threats.  Our goal is that you leave the session with a heightened awareness and the ability to confidently navigate through potential phishing and other email threats.

The Cybersecurity and Infrastructure Security Agency (CISA) is proud to present the Introduction to Log Management (IR210) Cyber Range Training event. The 200-level training events are open to government employees and contractors across federal, state, local, tribal, and territorial government, educational partners, and critical infrastructure partners. Please use your organization email address when registering.

This course is ideal for those working in cybersecurity roles who are interested in learning technical incident response skills and requires active engagement from all participants. The course assumes a mixed audience (e.g., from disparate teams and organizations) of mixed capability.

Log files provide the data that are the bread and butter of incident response, enabling network analysts and incident responders to investigate and diagnose issues and suspicious activity from network perimeter to epicenter. Participants will be introduced to basic principles of log management and configuration. Federal compliance regulations of log configuration and management including OMB Memo M-21-31 will also be introduced.

Experience these benefits and more: 

• Common attack methods: Understand the importance of the configuration, management, and analysis of logs for incident response and identify key processes of log management. 

• Practice in a realistic environment: Investigate and analyze log data for suspicious activity. Detect and correlate possible IOCs or malicious activity with threat intel. Exercises include configuring a DNS server, network device firewall, an operating system and more for propper logging.  

• Expert facilitation and peer discussion: Throughout the course, expert cybersecurity engineers will moderate discussions and conduct a recovery debrief for the exercises. Participants are also encouraged to help one another and offer relevant input to address peers' questions.

This exercise is a step-by-step, facilitated experience that uses a keyboard approach to understand these topics in a realistic technical environment.

Approved registrants must attend a mandatory student technical check the day before the training to establish a connection to the course content and lab environment.

The Cybersecurity and Infrastructure Security Agency (CISA) is proud to offer the Incident Response Training event, Preventing DNS Infrastructure Tampering Cyber Range Training (IR206). The 200-level training events are open to government employees and contractors across federal, state, local, tribal, and territorial government, educational partners, and critical infrastructure partners. Please use your organization email address when registering.

This course is ideal for those working in cybersecurity roles who are interested in learning technical incident response skills and requires active engagement from all participants. The course assumes a mixed audience (e.g., from disparate teams and organizations) of mixed capability.

DNS is one of the core foundations of the internet however, it continues to be one of the mechanisms attackers use to perform malicious activities across the globe. In this course participants will learn about various concepts associated with DNS, become familiar with DNS tools and mapping information, get introduced to common DNS tampering techniques, and gain an understanding of DNS mitigation strategies to enhance security.

Experience these benefits and more: 

• Practice in a realistic environment: Analyze network and host-based artifacts and implement remediation changes for the identified vulnerabilities.  

• Learn how to implement remediations: Course exercises include remediating vulnerabilities. 

• Identify and mitigate vulnerabilities in real time: Students will identify DNS infrastructure tampering techniques and mitigate them. 

• Expert facilitation and peer discussion: Throughout the course, expert cybersecurity engineers will moderate discussion and conduct a recovery debrief for the exercises. Participants are also encouraged to help one another and offer relevant input to address peers' questions.

This exercise is a step-by-step, facilitated experience that uses a keyboard approach to understand these topics in a realistic technical environment.

Approved registrants must attend a mandatory student technical check the day before the training to establish a connection to the course content and lab environment.