Cybersecurity Education

We have consolidated Cybersecurity for You (C4U) and security awareness web pages to this location under the name of "Cybersecurity Education." As a result, cybersecurity events, educational opportunities, Security Coordinator resources, Security Community agendas, and more are available in one place.

You can request time to schedule Security Coordinator onboarding sessions, role-based training, or general security training by sending an email to securityawareness@osu.edu.

Security Community Agendas

Request in invitation by sending an email to securityawareness@osu.edu.

Next Security Community meeting: February 19, 2026

Agenda coming soon

Past Agendas

January 15, 2026

Digital Security and Trust Updates
- Google’s Data Protection
- Duo Certificate Authority Change
Test your AI Security Smarts: Quiz Winners
December Phish Simulation Results
2026 IDP Training

IT16 Training Options

IT16 ensures users are aware of security threats and behavior that makes them vulnerable, and capable of performing information security-related roles. Please review the following control requirements for training specifics:

IT16.1.1 Information security and privacy awareness - all users of university networks or institutional data participate in a minimum of one hour of university-approved information security and privacy awareness activities annually.
IT16.1.4 Regulated information security and privacy awareness - all users of regulated data participate in university-approved information security and privacy awareness activities, according to the specific requirements of the regulation.
IT16.2.2 Role-based information security and privacy training - Organizations must provide role-based information security and privacy training to users with assigned information security and privacy roles and responsibilities. Users with access to Controlled Unclassified Information (CUI) data must complete training before gaining access to the system or CUI. Users must participate in information security and privacy training annually, based upon assigned information security and privacy roles and responsibilities. Six hours of training is preferred; a minimum of two hours of training is required.
IT16.2.3 Regulation control-based information security and privacy training - Organizations must provide regulation control-based information security and privacy training to users with access to Controlled Unclassified Information (CUI) data. Before gaining access to CUI data, all roles with access must complete Institutional Data Policy training. Additionally, all roles with access to CUI data will be required to take a minimum of two hours of security and privacy related training associated with their role annually.
IT16.2.4 Regulation control-based information security and privacy training related to Insider Threat(s) - Organizations must provide regulation control-based information security and privacy training to users with access to Controlled Unclassified Information (CUI) data. All project and IT staff with access to CUI data must be verified that they have completed university-approved training that will be provided for all project faculty, staff, and students, before being permitted to access to the data.

IDP Annual Training

IT16.2.1 Institutional data training - all users of S4 (restricted) institutional data participate in university-approved institutional data training. Users of S4 (restricted) institutional data must participate in training before they are granted access to S4 (restricted) institutional data. Additionally, users must participate in any regulation-specific training before they are granted access to regulated data. Users must participate in one university-approved institutional data training annually.

The "Resources" tab below provides training resources to assist in meeting the training requirements in IT16.

Resources

IDP Annual Training (BuckeyeLearn) - Required for those who have access to S4 (Restricted) information
Security and Awareness Training (update coming...more to follow soon)
1. View the Curriculum page from your browser: (new link soon)
2. Click “Register”
3. Enjoy the training courses together, or individual, as conveniently as your time permits
4. When all courses are complete, return to your transcript. The course should show as “complete”
LinkedIn Learning - Ohio State faculty and staff have 24/7 free unlimited access to LinkedIn Learning which allows you to learn at your own pace. There are 30-70 new courses added weekly which are relevant to your current role.
Security Community meetings - held monthly, these events discuss developments across the security landscape, work being done to protect the university, and general security discussions. Send an email to securityawareness@osu.edu to request an invitation.

Security Coordinator Resources

The Ohio State IT Security Policy specifies the requirement for establishing security representatives from colleges, units, and campuses. The security representative, known as the Security Coordinator, serves as the unit liaison with Digital Security and Trust (DST) for security-related matters and activities, and is responsible for the execution of security activities in their college or unit.

Security Coordinator resources:

Cybersecurity Events

Cybersecurity Days

This section details our collaboration with the BIG10 Academic Alliance (BTAA) to celebrate October as National Cybersecurity Awareness Month. Check back closer to October 2026 for updated events.

Contact cybersecuritydays@osu.edu if you have questions or want to provide feedback.

Past Agendas

2025

Join the Cybersecurity Gameshow

Wednesday, Oct. 1, 2025 - 1:30-2:30 p.m.

All users cam benefit from good cyber skills and we’re here to put your mind through the motions! Join us for a turbocharged game show in a friendly competition with other Big Ten colleges. Power up with essential info and practical techniques to safeguard your digital life.

BTAA CISO Panel: Securing the Mission: Building Awareness and Resilience in Higher Ed

Thursday, Oct. 9, 2025 - 2-3 p.m.

IT professionals know that higher education institutions face security challenges that demand thoughtful, coordinated responses across many of our distributed environments. Addressing these challenges effectively requires not only structure and leadership but also a shared understanding of the complexity that underpins our work, all the while meeting the mission of teaching, learning and research. Our panelists will cover topics related to risk within our organizations, how to build and deliver a strong security awareness program and culture, and where they see the security space evolving to further educate and promote security in the higher education space.

Scary Cyber Tales: Don’t Let Your Data Go Bump in the Night

Wednesday, Oct. 22, 2025 - 2-3 p.m.

All users can benefit from this event, which is a spine-chilling journey into the real-life dangers of the digital world. We’ll share real-world stories of cyberattacks, data breaches, and online scams that will make you think twice about your digital security. Learn about the most common threats, from phishing and ransomware to malware and social engineering, and get practical tips on how to protect yourself. Join our team of cybersecurity experts for an hour of spooky tales and essential security lessons to ensure your digital life doesn’t turn into a scary cyber tale!

Rachel Tobac: Exploiting Trust - The Human Element of Security

Wednesday, Oct. 29, 2025 - noon -1 p.m.

IT professionals know that it only takes 1 email, a 30 second call, or 1 social media DM for her to hack you and gain access to your money, data, and systems. Meet Rachel Tobac, who executes these social engineering attacks for a living and uses her real-life ethical hacking stories to keep organizations up to date on the methods criminals are using to trick people. She’ll break down recent cyber attacks in the news, and how to defend against the latest hacking methods, even when criminals are using AI. Her tales from the field and live hacking demonstrations throughout the presentation are sure to keep you and your team “politely paranoid” to catch the next human hacker in the act.

2024

Application Security (DevSecOps) - May 22, 2024

With the goal of expanding role-based cybersecurity education, Cybersecurity Days is presenting a virtual, three-hour Microsoft Teams webinar focused on application security.

Agenda

8:30am: Webinar opens to attendees

9:00 - 9:15am: Agenda overview

DevSec

9:15 - 10:00am: Code Confidence – Marc Archuleta

DevSecOps best practices
Application scanning
Automation in the pipeline
Static and dynamic vulnerability scanners
LIVE DEMO

10:00 - 10:15am: Questions and answers

10:15 - 10:30am: Break

SecOps

10:30 - 11:00am: Container Services – Jeff McDonald

Why containers?
Kubernetes
Zero trust networking
Continuous deployment
Never deal with passwords again
LIVE DEMO

11:00 - 11:30am: Choose your own adventure discussion

11:30am - 12:00pm: University-provided tools, services and documentation

This session will be interactive. We aim to introduce tools and services that you and your team can use to improve the security of your products. At the discretion of your manager or unit, this session could be used to comply with ISCR IT7.10.1-2.

2023