As a first-generation student from Fannin County, Dr. Bryson Payne knows the impact higher education can have on a person.

"I graduated high school with 103 people, and I made it through to earn a Ph.D.," Payne said. "I've always said if a university opened in Blue Ridge, I would move back and teach there someday. Now that UNG is there, I think by the time that I'm ready to retire, I will get to teach computer classes to students on the new campus in Fannin County."

The professor of computer science in the Mike Cottrell College of Business at the University of North Georgia (UNG) has already made strides toward that goal, as he begins his 23rd year teaching computer science and cybersecurity courses in the state. Since 2016, he has taught high school students from across the country in the GenCyber Warrior Academy. In summer 2019, two grants allowed Payne to expand cyber instruction to include high school students in Ellijay, Georgia, and Gainesville, Georgia.

Upward Bound is a federally funded program designed to help promising low-income, first-generation high school students be successful in college. GenCyber Warrior Academy exposes students to the evolving technological industry with varied employment opportunities.

"In rural areas, we need students to see what cybersecurity is and to know they have what it takes," Payne said. "Plus, it is a fun college major and excellent way to make a living."

Payne is an ideal cybersecurity educator. Along with his position as coordinator of student cyber programs at UNG, Payne has real-world programming experience and certifications.

In fall 2019, Payne earned the Global Information Assurance Certification (GIAC) in Reverse Engineering Malware (GREM). Only 4,360 cyber professionals in the world hold this certification. He also holds the GIAC Certified Penetration Tester (GPEN) certification, and about 9,031 professionals have it.

"The hands-on training has helped me educate our future cyber leaders and prepare our Cyber Operations competition teams for contests like the NSA Codebreaker Challenge, NSA Cyber Exercise (NCX), and other capture-the-flag events," Payne said.

He is especially proud of UNG’s first-place finish in the 2019 NSA Codebreaker Challenge, beating 531 other college teams for the top spot in the nation.

In February 2020, Payne was honored for preparing cadets for cybersecurity careers when he was inducted into the Order of Thor. The honor recognizes excellence in and special contributions to the American military cyber community.

Payne also shared his computer science insights with parents and their young children in his book, "Teach Your Kids to Code." He also has a new book for future cyber heroes coming out this fall, “Hacking for Kids.”

Learn Actionable Steps to Mature Your Security Awareness Programs and Compare Your Program Against Global Benchmarks

BETHESDA, Md., June 29, 2022 /PRNewswire/ -- With an unprecedented number of employees now working in hybrid or fully remote environments, compounded by an increase in cyber threats and a more overwhelmed, COVID-19 information fatigued workforce, there has never been a more critical time to effectively create and maintain a cyber-secure workforce and an engaged security culture.

SANS 2022 Security Awareness Report: Human Risk Remains the Biggest Threat to Your Organization's Cybersecurity

"People have become the primary attack vector for cyber-attackers around the world," said Lance Spitzner, SANS Security Awareness Director and co-author of the report. "Humans rather than technology represent the greatest risk to organizations and the professionals who oversee security awareness programs are the key to effectively managing that risk."

After analyzing the data of more than 1,000 security awareness professionals worldwide, SANS Security Awareness, the global leader in providing security awareness training, has released its seventh annual SANS Security Awareness Report. The 2022 report establishes updated global benchmarks for how organizations manage their human risk and provides actionable steps to making improvements with key metrics in the Security Awareness Maturity Model Indicators Matrix to measure progress.

"Awareness programs enable security teams to effectively manage their human risk by changing how people think about cybersecurity and help them exhibit secure behaviors, from the Board of Directors on down," said  Spitzner. "This report enables security awareness professionals to make data-driven decisions on how to best secure their workforce and speak to leadership about risk in a compelling way that demonstrates value and support for their strategic priorities."

Key Findings:

• Workforce: More than 69% of security awareness professionals are spending less than half their time on security awareness. The data shows that security awareness responsibilities are very commonly assigned to staff with highly technical backgrounds who may lack the skills needed to effectively engage their workforce in simple-to-understand terms.
• US Compensation: The average salary reported was $110,309 USD for security training professionals, an increase from 2021. However, those dedicated full-time to awareness were paid on average only $86,626, while those who are part-time averaged $117,584 – $30,000 difference.  This difference is because people dedicated part-time to security awareness have their compensation based on their other responsibilities, which are usually more technically focused.
• Global Compensation: Security awareness professionals in Australia/New Zealand had the highest average annual compensation ($121,236), while South America had the lowest ($56,960). In North America, the higher the maturity level of an organization's security awareness program, the higher the salary for the awareness professionals who work there.
• Top Reported Challenges: The three top reported challenges for building a mature awareness program were all related to a lack of time: specifically Lack of time for project management, limits on training time to engage employees, and a lack of staffing.
• Pandemic Impacts: The top two reported impacts were the challenge of a more distracted and overwhelmed workforce and a working environment where human-based cyber-attacks have become more frequent and effective.
• Program Maturity by Region: Consistent across all global regions is that current programs' most common maturity levels are compliance-focused and awareness/behavior change.
• Successful Program Indicators: Strong leadership support, increased team size, and a higher training frequency topped the charts as key enablers to program success.

Key Action Items to Increase Program Success:

• Action Items to Increase Leadership Support: One of the top ways to increase leadership support is speaking in terms of managing risk, not compliance, and explaining WHY you are doing something, not WHAT you are doing. Additionally, creating a sense of urgency by utilizing data and communicating value by demonstrating alignment with leadership's priorities.
• Action Items to Increase Team Size: Documenting and contrasting how many people on the security team are focused on technology versus how many on the team are focused on human risk, creating a document to explain personnel needs fully, and developing partnerships with key departments that can help develop ways to communicate the program's value were recommended.
• Action Items to Increase Training Frequency: It is recommended that organizations communicate to, interact with, or train their workforce at least once a month. Keeping training simple and easy to follow was the key to increasing your opportunities to engage and train your workforce.

"The most mature security awareness programs not only change their workforce's behavior and culture but also measure and demonstrate their value to leadership via a metrics framework," continued Spitzner. "Organizations can no longer justify an annual training to check the compliance box, and it remains critical for organizations to dedicate enough personnel, resources, and tools to manage their human risk effectively."

For a more detailed analysis, get the 2022 SANS Security Awareness Report is available for get here.

About SANS Institute
The SANS Institute was established in 1989 as a cooperative research and education organization. Today, SANS is the most trusted and, by far, the largest provider of cybersecurity training and certification to professionals in government and commercial institutions world-wide. Renowned SANS instructors teach more than 60 courses at in-person and virtual cybersecurity events and on demand. GIAC, an affiliate of the SANS Institute, validates practitioner skills through more than 35 hands-on, technical certifications in cybersecurity. The SANS Technology Institute, a regionally accredited independent subsidiary, offers master's and bachelor's degrees, graduate certificates, and an undergraduate certificate in cybersecurity. SANS Security Awareness, a division of SANS, provides organizations with a complete and comprehensive security awareness solution, enabling them to manage their "human" cybersecurity risk easily and effectively. SANS also delivers a wide variety of free resources to the InfoSec community including consensus projects, research reports, webcasts, podcasts, and newsletters; it also operates the Internet's early warning system–the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to support and educate the global information security community. www.sans.org

View original content:https://www.prnewswire.com/news-releases/sans-2022-security-awareness-report-human-risk-remains-the-biggest-threat-to-your-organizations-cybersecurity-301577241.html

SOURCE SANS Institute

Moon, T., Abegaz, T., Payne, B., & Salimi, A. (2020). MalAware Defensive: A Game to Train Users to Combat Malware. Journal of Cybersecurity Education, Research and Practice (JCERP).

Abegaz T.T., Spence D.J. (2019) Impact of Compiler’s Feedback on Coding Performance. In: Yamamoto S., Mori H. (eds) Human Interface and the Management of Information. Visual Information and Knowledge Management.

Abegaz, T., Smatt, C. Oakley. R, Freeman, M (2019). Win or Lose: A Study on the Effects of Video Game Violence, Quarterly Review of Business Disciplines, Journal of International Academy of Business Disciplines 6(1), 79-93. iabdnet.org/QRBD

Sanfilippo, J., Abegaz, T., Payne, B., & Salimi, A. (2019). STRIDE-Based Threat Modeling for MySQL Databases. In Proceedings of the Future Technologies Conference (pp. 368-378). Springer, Cham.

Abegaz, T (2018). Students’ self-report for assessing the perceptions and usage of agile software development practices in academic settings, International Academy of Business Disciplines annual conference, April 2018 *Best Paper Award

Abegaz, T, Payne, B. R. (2018). Securing the Cyber Pipeline: Toward National Strategies for Cyber Workforce Development, International Academy of Business Disciplines annual conference, April 2018

Payne, B.R., Abegaz, T.T., (2018). GenCyberScrum: Improving Cybersecurity Education Outcomes with the Scrum Framework, Journal of Computing Science in Colleges (JCSC). Submitted October 2017.

Payne, B.R., Mazuran, L.I., and Abegaz, T.T. (2018). Voice Hacking: Using Smartphones to Spread Ransomware to Traditional PCs. Journal of Cybersecurity Education Research and Practice (JCERP).

Payne, B., Abegaz, T., Antonia, K. (2016). Building and Implementing a Successful NSA-NSF GenCyber Summer Cyber Academy, Journal of Cybersecurity Education, Research and Practice (JCERP), 1 (2). (ISSN: 2472-2707) *Nominated for Best Paper Award.

Abegaz, T., Dillon Jr, E. C., & Gilbert, J. E. (2015). Investigating Perceived Usability and Choice Satisfaction of Alternative Search Engine's Presentation for Older Adults, Proceedings of the Human Factors and Ergonomics Society 59th Annual Meeting, October 2015

Abegaz, T., Dillon Jr, E. C., & Gilbert, J. E. (2015). Exploring affective reaction during user interaction with colors and shapes, 6th International Conference on Applied Human Factors and Ergonomics (AHFE), August 2015