From Training to Readiness: What NCPC Learned About Cyber Preparedness in FY25
Cybersecurity in the public sector reached an inflection point in FY25. Cyber incidents, from credential compromises and ransomware attacks to supply‑chain intrusions and zero‑day exploitation, continued to demonstrate that cyber risk is no longer confined to IT departments. It is a governance, operational and community resilience challenge affecting every level of government and nearly every sector. Against this backdrop, the National Cybersecurity Preparedness Consortium (NCPC) spent FY25 helping state, local, tribal and territorial (SLTT) organizations translate cybersecurity training into real‑world readiness.
Funded by the Department of Homeland Security and administered through FEMA’s National Training and Education Division, NCPC delivers no‑cost, DHS‑certified cybersecurity training aligned with the National Preparedness System, Presidential Policy Directive‑8 and Executive Order 14028. Its mission is straightforward but ambitious: equip communities with the knowledge and skills needed to prevent, detect, respond to and recover from cyber incidents.
Training at National Scale
By the end of FY25, the NCPC had trained 159,988 participants nationwide, reaching all 50 states and U.S. territories. That reach is the result of a diversified delivery model that combines instructor‑led and web‑based training designed specifically for public‑sector constraints, such as limited staff, tight budgets and geographic dispersion.
Web‑based training continued to play a central role in expanding access. Participation grew steadily year over year, with especially strong engagement in FY24 and FY25, reflecting both rising cyber awareness and the value of flexible, asynchronous learning models for busy professionals. For many jurisdictions, web-based training became the entry point into more advanced or role‑specific cybersecurity training.
What the Data Says People Need
FY25 participation data tells a clear story about where public‑sector cyber priorities are headed. High‑completion web‑based courses focused on cybersecurity maturity models, Internet of Things (IoT) risk, fundamentals of cybersecurity, advanced persistent threats, and mobile device security. This mix reflects a shift away from narrow technical skills toward broader enterprise risk awareness.
For cybersecurity professionals, this trend underscores an important lesson: public‑sector readiness increasingly depends on connecting governance, technology and operations. Training demand is no longer just about “how to secure a system,” but about understanding how cyber risk affects continuity of operations, emergency management, public trust, and service delivery.
Training Designed for Application, Not Just Awareness
The NCPC structures its curriculum across three levels: Awareness, Performance, and Management and Planning. This ensures training outcomes map directly to real responsibilities. Awareness courses establish foundational cybersecurity concepts, helping develop understanding and context that support the growth of cybersecurity knowledge, skills and abilities. Performance courses emphasize hands‑on, role‑specific skills using engaging activities that reinforce cybersecurity concepts and support stronger retention and real-world application. Management and Planning courses emphasize policy, governance, coordination and decision‑making, supporting effective and coordinated cybersecurity decisions across organizational stakeholders.
In FY25, participant assessments showed measurable increases in knowledge, skills and abilities, validating the NCPC’s emphasis on applied learning. Simulation‑based courses in particular helped leaders experience cyber incidents as resource, communication and prioritization challenges, not just technical events. For many organizations, these experiences helped establish a shared language between IT teams, executives and emergency managers.
Lessons from Sector‑Specific Gaps
Training participation and feedback in FY25 also revealed recurring readiness gaps across sectors:
- Local and rural governments often face foundational challenges, including limited cybersecurity staffing, unclear governance structures, and competing operational priorities. Training demand here emphasized baseline awareness and maturity modeling to support strategic planning.
- Public safety and emergency services organizations highlighted gaps in integrating cyber incidents into all‑hazards emergency operations. Dispatch systems, records management, and communications infrastructures remain particularly vulnerable.
- Utilities and critical infrastructure operators showed growing concern around IoT, operational technology and third‑party risk, driving interest in courses focused on advanced threats and networked device security.
- Tribal and territorial partners consistently emphasized accessibility and relevance, reinforcing the importance of flexible delivery models and content that respects local context while aligning with national frameworks.
These findings align closely with FEMA preparedness doctrine: cyber readiness must be scalable, inclusive and adaptable while remaining anchored to shared national risk management principles.
Collaboration as a Preparedness Accelerator
The NCPC’s impact in FY25 was amplified by its consortium model, which brings together five partner institutions with complementary expertise. Throughout the year, these partners worked collaboratively to assess the evolving needs of state, local, tribal and territorial (SLTT) communities to refresh course content, develop new offerings, and coordinate delivery across regions and sectors.
This coordinated approach enabled the NCPC to efficiently design and deliver timely, high-quality training focused on emerging cybersecurity threats while maintaining consistency, relevance and alignment with federal policy. For public‑sector professionals, this model ensured access to trusted, standardized training tailored to the operational realities and capacity needs of SLTT organizations.
Looking Ahead
FY25 reinforced an essential truth for the cybersecurity community: training alone is not preparedness. Preparedness comes from training that changes behavior, informs decisions, and strengthens coordination across roles and sectors. By focusing on applied learning, inclusive access and national alignment, the NCPC continues to help public‑sector organizations move from awareness to actionable readiness.
As cyber threats continue to evolve, the lessons of FY25 provide a roadmap for strengthening resilience, one community, one organization, and one trained professional at a time.
By Natalie Sjelin, Chair of the NCPC and Executive Director of the Center for Infrastructure Assurance and Security
and Rebecca Tate, Director at the Texas A&M Engineering Extension Service National Emergency Response and Recovery Training Center
Instructor Spotlight: Monique Leija (CIAS)
What inspired you to want to be an NCPC instructor? What’s your background?
I’ve always had a love for teaching and sharing knowledge, especially in the field of cybersecurity. What inspired me to pursue becoming an NCPC instructor was the opportunity to not only educate others but also contribute to strengthening individual and community cyber awareness. I also value continuous learning and enjoy engaging with others to exchange ideas and learn from new perspectives!
As for my background, I bring over six years of instructional experience in cybersecurity, networking and healthcare-cyber education. I currently teach evening cybersecurity and networking courses at multiple colleges, in addition to my full-time role at the CIAS. My background also includes program and project management roles, where I developed cybersecurity camps, led teams, and helped design an integrated healthcare and cybersecurity degree program. I also have experience in web development, which supports my ability to design engaging and accessible learning environments. In addition, I am also in the final year of my PhD program, and earned both my undergraduate and master’s degrees from UTSA. I have also earned my Security+ certification. All of this experience helps me to bring real-world experiences and knowledge into the training courses I teach and have the research skills needed to develop training courses at a higher level.
How do you tailor your instruction to meet the needs of diverse audiences, such as technical or non-technical personnel?
I tailor my instruction by first assessing the audience’s baseline knowledge and then adjusting both the language and delivery method accordingly. For more technical audiences, I tend to incorporate deeper technical explanations, and for non-technical personnel, I focus on simplifying complex concepts, using analogies, and emphasizing practical relevance to their roles and organizations.
One experience I had, where I had to adjust the delivery for a training session, was when we hosted one of our more technical classes. I noticed that some participants were having trouble with some of the lab steps, so I shifted my approach by breaking concepts down further into simpler terms and guided them through the steps more thoroughly in the areas where they were struggling. I also incorporated additional, deeper-dive discussions to include the more advanced participants. This allowed me to keep everyone engaged without losing either group, and the feedback from the session was very positive.
How do you see NCPC training contributing to national cybersecurity resilience and community preparedness?
I believe that the courses that the NCPC offers play a critical role in strengthening national cybersecurity resilience by building awareness, capability, and confidence at the individual and community level. Cybersecurity is not just a technical issue; it’s a human one, so equipping people with the knowledge to recognize and respond to threats is essential.
The NCPC contributes to community preparedness by making cybersecurity accessible and actionable for diverse audiences, including non-technical personnel. When individuals understand how their actions impact security, it reduces overall risk and helps create a more resilient workforce and community.
What feedback have you received from participants that highlights the value or effectiveness of NCPC courses? Do you have any examples you could share?
We’ve received very positive feedback from participants that highlights both the accessibility and practical value of NCPC courses, especially for non-technical audiences. For example, during a pilot of our PER-342 Identifying, Prioritizing, and Assessing High Value Assets course, one participant shared: “As someone who is not in the IT field and doesn’t have one at their organization, this course helped identify ways we can improve the security of our organization and data.” This kind of feedback is especially meaningful because it demonstrates that the training is not only effective for technical professionals but also empowers non-technical individuals to take actionable steps in improving cybersecurity within their organizations. It reinforces the importance of making cybersecurity education accessible and relevant to a broad audience.
What do you find most rewarding about teaching cybersecurity preparedness through NCPC?
What I find most rewarding about teaching training courses through the NCPC is seeing the shift in confidence and awareness in learners. Many individuals can initially feel overwhelmed or intimidated by cybersecurity, but through training, they begin to realize that they can understand and apply these concepts in their daily roles. I also find it especially rewarding to know that the training has a real-world impact. When participants leave with practical skills, such as knowing how to recognize certain threats or learning how to use security tools, it directly contributes to reducing risk for an organization and also in the community.
Looking ahead, what are your hopes for the future of the NCPC and its role in strengthening national cybersecurity preparedness?
Looking ahead, I see the NCPC continuing to play a critical role in strengthening national cybersecurity preparedness by equipping individuals and organizations with practical, actionable skills, not just awareness alone. As cyber threats continue to evolve, training will also evolve as well to address changing needs.
I also see a strong opportunity for the NCPC to expand the use of interactive, scenario-based, and gamified learning approaches. These methods can help learners actively engage with realistic situations, improve retention, and build confidence in decision-making.
What is your favorite NCPC course? Would you share why it’s your favorite?
My favorite NCPC course is the MGT-301 Community Cybersecurity Preparedness Simulation. What makes this course stand out to me is its use of a gamified, tabletop simulation to teach cybersecurity in a very engaging and practical way. The course allows participants to experience how a cyber incident can create cascading impacts across an entire community, not just within a single organization. It really highlights the importance of collaboration, planning, and having a strong community-wide cybersecurity program. I really like how interactive it is, because it helps learners connect concepts to real-world decision-making. Participants are not just learning about cybersecurity; they are actively working through scenarios, which makes the lessons more impactful and memorable.
How does the NCPC prepare participants for real-world cybersecurity concerns?
The NCPC prepares participants for real-world cybersecurity concerns by incorporating real-world scenarios and examples based on real attacks or incidents into the training. This helps learners understand how threats occur and how they can impact both organizations and individuals.
Many courses also include practical tools and exercises that participants can directly apply in their jobs and daily lives, which strengthens their ability to respond to real situations. In addition, many trainings provide takeaway resources that participants can bring back to their organizations to support continued learning and implementation. Additionally, NCPC training courses also address both technical and non-technical audiences, ensuring that participants at different levels can learn applicable skills and have the right resources for themselves and their organization.
Monique Leija is an Information Security Instructor II with the Center for Infrastructure Assurance and Security at The University of Texas at San Antonio.
Elevate Your IT Career: The High Impact Value of No-Cost NCPC Training
In IT and cybersecurity, the field moves — whether you do, or not. Threats change, technologies shift, and the skills that got you here, may not be the same skills that will get you where you want to go next. Most professionals know they need to keep learning — the problem is usually time and money.
The National Cybersecurity Preparedness Consortium offers a powerful, no-cost solution through its certified training courses. Funded by the DHS-FEMA National Training and Education Division, these courses are designed specifically to help the State, Local, Tribal, and Territorial (SLTT) workforce and the broader IT community strengthen their current positions and prepare for advanced, higher-paying roles.
Getting Better at the Job You Already Have
Many IT professionals end up in roles where they’re heads-down on technical work, rarely looking up at the bigger picture. That’s understandable, but it’s also a ceiling. Modern cybersecurity doesn’t live in a single department or one person’s hands. It touches governance, operations, leadership and culture.
NCPC courses help you grow in the role you’re in right now. Courses, like AWR-138-W Network Assurance and AWR-178-W Secure Software, give you practical experience with firewalls, intrusion detection and secure programming.
But the training doesn’t stop at the technical layer. You’ll also build fluency in governance and risk management, which is what separates someone who can fix the problem, from someone who can prevent it and explain it to leadership. With specialized training in the NCPC’s Cyber Incident Response and Recovery course category, you shift from reacting to incidents to anticipating them, understanding not just what happened, but what it means for the rest of the organization.
Moving Into Leadership
At some point, career growth stops being about what you can do with your hands, and starts being about what you can do with a room. NCPC’s curriculum is built with that transition in mind.
The MGT-328 Critical Thinking and Risk Management in a Cyber-Converged World course teaches you how to quantify and communicate risk, using frameworks like FAIR and OCTAVE FORTE. These are the skills that security consultants and CISOs rely on daily.
The AWR-353-W Using the Community Cyber Security Maturity Model (CCSMM) to Develop a Cybersecurity Program course goes a step further, giving you the tools to assess and guide entire organizations toward a stronger security posture. And throughout the curriculum, there’s a consistent emphasis on plain language and audience awareness — because a leader who can explain a complex threat to an elected official or a skeptical CFO, is worth far more than one who can’t.
The Financial and Professional Payoff
These courses cost you nothing, but the value you get out of them is anything but small. In IT, certifications are among the most reliable ways to advance and earn more. Certified professionals typically out-earn their non-certified peers by 8% to 20%, and if you specialize in something like cybersecurity, entry-level roles often start above $92,000, with senior positions pushing well past $120,000.
Promotions happen faster, too. Employers trust certified candidates because the credential does some of the convincing for them. It signals that you take your development seriously, which is exactly what managers want to see before handing someone more responsibility.
And when you finish a course, you walk away with a certificate that holds weight, both with the humans reviewing your resume, and the AI tools increasingly doing the first round of screening.
Learning That Fits Around a Real Job
Courses are available as self-paced, web-based training or as live instructor-led sessions, both virtual and in-person. If your schedule is unpredictable, the web-based options let you move at your own speed. If you learn better with direct access to an instructor and other professionals in the room, the live sessions are built for that. Either way, you’re not choosing between your job and your development.
Where Do You Go From Here?
Nobody stumbles into a great IT career. They build it, one deliberate choice at a time. The NCPC exists to make sure cost isn’t what holds you back. Whether you’re trying to lock down your current network or gunning for a seat at the strategic table, these courses give you credentials that actually mean something to hiring managers and leadership.
The threats aren’t slowing down, and neither should you. This is how you show your organization and yourself that you’re serious about staying ahead.
Ready to get started? Browse the full catalog and sign up for your first no-cost course right here on the NCPC website.
Recommended Courses for Your Upskill Journey
For those just beginning to transition from general IT into a focused cybersecurity path, these two web-based, self-paced courses offer an excellent foundation:
AWR-173-W: Information Security Basics. This is the perfect starting point. It covers the essential terminology and concepts of information security, ensuring you have a solid grasp of the “CIA Triad” (Confidentiality, Integrity, and Availability) before moving into more technical configurations.
AWR-177-W: Information Risk Management. While the title is specific, it teaches you how to identify vulnerabilities and implement low-cost, high-impact security measures—skills that are directly transferable to any SLTT or small-business environment.
Shawn Lane is an instructor and course developer with Norwich University Applied Research Institutes (NUARI). He delivers instruction in cyber incident response and information warfare to military, academic and civilian audiences, emphasizing practical, real-world preparedness.
He holds multiple professional certifications in cybersecurity, digital and computer forensics, incident response, and information operations, and uses an applied, scenario-driven approach focused on awareness, critical thinking and resilience.
Instructor Spotlight: Germil Ware (CfIA)
What makes NCPC’s training approach unique compared to other cybersecurity programs you’ve encountered?
NCPC’s training stands out because it brings together people from every level of government and the private sector, providing practical skills that can be used immediately. The courses are congressionally-funded, which ensures our training aligns with national priorities while remaining accessible to state, local, tribal and territorial communities.
How do you tailor your instruction to meet the needs of diverse audiences?
I tailor the instruction by developing course materials with consideration of both technical depth and accessibility, mapping industry frameworks to common language that anyone, ranging from the common first-time learner to experienced industry professionals, can understand. I scale the complexity as the course progresses, ensuring no one is left behind while technical participants gain deeper expertise.
During a live course session, I noticed learners were uncertain about the real-world severity of cyber risks to critical infrastructure, so I shifted to discussing simple scenarios such as phishing attacks, where someone pretends to be leadership to obtain passwords from unsuspecting personnel. When learners realized how these basic tactics from threat actors could impact and disrupt critical Distributed Energy Resources and Operational Technology systems, they were intrigued and curious that these vulnerabilities existed at the level they do, which generated deeper engagement and questions than the original lesson plan.
How do you see NCPC training contributing to national cybersecurity resilience and community preparedness?
NCPC training directly supports Presidential Policy Directive 21 and Presidential Policy Directive 8 by helping state, local, tribal, and territorial communities build the capability to protect essential services people depend on every day. By training emergency managers, utility operators, public safety personnel and everyday citizens together, we create shared understanding across all levels that prepares communities to recognize threats, respond effectively, and recover faster when cyber incidents occur.
What feedback have you received from participants that highlights the value or effectiveness of NCPC courses?
After delivering a course, a service member of the US Armed Services told me the course changed their perspective on critical infrastructure vulnerabilities, helping them understand how cyberattacks on Operational Technology could impact mission readiness and base operations. This led them to initiate coordination with installation security teams they had not previously engaged with on cyber issues.
What do you find most rewarding about teaching cybersecurity preparedness through NCPC?
Helping individuals with curiosity is most rewarding because I see the course’s positive impact on their professional development and confidence. Watching learners connect technical concepts to their real-world responsibilities and realize they can make their community more secure shows that cybersecurity preparedness empowers people at every level to take meaningful action.
How do you stay current with evolving cyber threats and integrate that knowledge into your instruction?
I stay current by continuing my personal educational development as well as maintaining open communication to informational channels such as journals, government advisories, and industry publications. When I encounter new information, I make adjustments to integrate relevant examples and refine scenarios to reflect current risks participants face today.
How does the NCPC prepare participants for real-world cybersecurity concerns?
The NCPC bridges the gap with critical information learners may not be aware of in their current role, helping them consider alternative angles and aspects of cybersecurity risk. The combination of foundational web modules and live instructor-led sessions ensures participants leave not just informed, but prepared to recognize vulnerabilities and respond effectively when incidents occur.
Germil Ware is the lead course developer at The University of Memphis Center for Information Assurance.
Instructor Spotlight: Jon Robertson (TEEX)
What inspired you to become an NCPC instructor? What experience do you bring to the courses you teach?
I began my career supporting the technology needs of educators, and eventually I became an educator myself, teaching programming and math at Rudder High School in Bryan, TX. In my youth, I was a performer at Renaissance festivals, and I often found myself on the stage. With the NCPC, I have the rare opportunity to combine my love of performing and educating. In my role as a cyber paradigm-shifter, my storytelling and humor are great tools for imparting lasting lessons to my course participants. In my classroom, if they aren’t laughing, they aren’t learning!
What makes NCPC’s training approach unique compared to other cybersecurity programs you’ve encountered?
Most of our course participants have only seen cyber training in the form of mandated yearly awareness videos. By flying out to meet our participants, NCPC instructors can impart our knowledge and best practices as well as the stories and advice we learn from each class. In a world of AI, we put the human touch on educating and preparing the nation to respond to and recover from cyber incidents.
What feedback have you received from participants that highlights the value or effectiveness of NCPC courses?
From a participant in Lubbock, Texas, for AWR-421, “The entire course was incredibly valuable. This was the most entertaining, knowledgeable, and mind-stimulating training I’ve had in many years. I loved this course!”
How do you stay current with evolving cyber threats and integrate that knowledge into your instruction?
I spend a lot of my free time watching cyber news and pursuing certificates to stay relevant. When I see a great video that illuminates a cyber topic in a punchy, fun way, I find the best place in my courses to show it off to my participants. Sometimes my course participants are visual learners, and I want to use the time I have with them most effectively. Even better still are the opportunities I have to create and lead engaging, hands-on activities that my participants will remember for years to come.
Looking ahead, what are your hopes for the future of NCPC and its role in strengthening national cybersecurity preparedness?
I hope the members of the NCPC are empowered to continue educating every corner of the nation with no-cost cyber training. What we do is so impactful. Every time I see a student have that “Ah-ha” moment in my course, I know that’s a lesson they will take home, that’s a positive change that might manifest in their policies or procedures, that’s a cyber crime I may have helped to stop.
What is your favorite NCPC course?
My favorite NCPC course is AWR-421 (soon to become PER-421), Demystifying Cyber Attacks. It is a very approachable one-day course in which we help participants understand cybercrime from the perspective of the hacker. This course begins with the foundations of cybersecurity, and then we spend the rest of the day performing a cyber magic show. Participants really enjoy seeing cyberattacks performed live, and they each leave with a new understanding of how they are at risk and how they can better leverage their resources to protect themselves.
How does the NCPC prepare participants for real-world cybersecurity concerns?
I think the best way we, at TEEX, help prepare participants through the NCPC is with our flagship course, PER-371 Cybersecurity Incident Response and Management. In this course, we simulate a municipal network and have participants respond to live cyber attacks from multiple vectors. We turn up the heat by simulating internal and external stakeholders, the mayor, the news, the Incident Command System, and more. Participants leave this course with a new appreciation for the demands and pressures of a real cyber incident and get practice staying cool, working as a team, and documenting.
Jon Robertson is a cybersecurity and compliance instructor with the Texas A&M Engineering Extension Service (TEEX) National Emergency Response and Recovery Training Center (NERRTC).
Cybersecurity is an Education Leadership Issue, Not Just an IT Problem
Cyber incidents in the education sector are no longer isolated technical failures quietly handled by IT teams behind the scenes. They are operational, financial and reputational events that directly affect students, faculty, families and communities. As digital systems increasingly underpin teaching, learning, administration and safety, cybersecurity has become a core leadership responsibility for educational institutions of all sizes.
School districts, colleges and universities are uniquely attractive targets. They manage vast amounts of sensitive data (student records, financial information, research and personal identifiers), often with limited resources and legacy systems. According to recent industry and government reports, higher education institutions experience average breach costs in the millions of dollars. At the same time, K-12 districts routinely face recovery costs ranging from tens of thousands to well over a million dollars per incident. These costs rarely reflect only ransom payments; they also include system downtime, legal fees, regulatory notifications, increases in cyber insurance premiums, and long-term reputational damage.
The Real Impact Goes Beyond Technology
When a cyber incident occurs, the disruption reaches far beyond servers and networks. Instructional time is lost. Payroll and financial aid may be delayed. Student grades and transcripts can be compromised. Trust, once broken, can take years to rebuild. In many cases, leadership attention is pulled away from strategic priorities and redirected toward crisis response, public communication, and regulatory scrutiny.
A recent example illustrates this clearly. In late 2024, a large U.S. school district experienced a ransomware attack that forced the shutdown of its student information system for weeks. While media coverage focused on the ransom demand, the deeper consequences were more damaging: parent confidence eroded, substitute teachers could not be paid on time, special education services were delayed, and the district faced potential compliance violations related to student privacy laws. Even after systems were restored, the district continued to absorb costs related to audits, cyber insurance reassessments, and staff burnout.
These outcomes underscore a critical reality: cybersecurity incidents are leadership crises, not just technical events.
Why Educational Leaders Need Cybersecurity Fluency
Many educational leaders did not come up through technical career paths; yet they are accountable for decisions that shape cyber risk every day (budget priorities, vendor relationships, staffing models and policy enforcement). Cybersecurity readiness requires leaders to ask informed questions, understand tradeoffs, and align security investments with institutional mission and risk tolerance.
Importantly, cybersecurity is not solely about tools. Research consistently shows that human behavior and third-party relationships play a significant role in breaches. Phishing attacks, credential misuse, and vendor vulnerabilities remain among the most common entry points. Leadership sets the tone for how seriously cybersecurity awareness, training, and accountability are taken across the organization.
A leadership-level understanding of cybersecurity also strengthens collaboration. Superintendents, principals, presidents and board members who share a common vocabulary around cyber risk are better positioned to work effectively with IT staff, legal counsel, emergency managers and external partners. This shared understanding enables faster decision-making during incidents and more strategic planning before one occurs.
Moving from Awareness to Preparedness
Effective cyber preparedness in education does not require leaders to become technical experts. It does require them to understand the landscape well enough to guide priorities, support risk-based decision-making, and ensure that cybersecurity is integrated into broader organizational planning.
Frameworks, such as the NIST Cybersecurity Framework, provide a structured way for leaders to think about governance, risk identification, protection, detection, response and recovery. When applied at the leadership level, these concepts help institutions move from reactive problem-solving to proactive resilience, anticipating incidents and minimizing their impact when they occur.
A Call to Action for Educational Leaders
Cyber threats facing the education sector are persistent, evolving and unlikely to diminish. Leadership engagement is no longer optional; it is foundational to protecting students, staff and institutional missions. For educational leaders seeking a deeper understanding of how cyber incidents affect their organizations and how to guide preparedness efforts without needing a technical background, targeted education is essential.
The Cybersecurity for Educational Leaders (AWR-301) course was developed to address this exact need, providing leaders with practical context, shared language, and strategic insight to better manage cyber risk within their institutions. For those ready to strengthen their leadership perspective on cybersecurity, the course offers a focused opportunity to build that capability in an increasingly complex threat environment.
By Steven Washkowiak, cybersecurity projects coordinator with the Criminal Justice Institute – University of Arkansas System
Instructor Spotlight: Filipp Khosh
What inspired you to become an NCPC instructor? What experience do you bring to the courses you teach?
Throughout my career, I have consistently held roles that involved teaching and training, particularly in military and law enforcement environments where instruction is one of the core responsibilities. I genuinely enjoy teaching and sharing practical knowledge drawn from real operational experience, rather than purely theoretical material.
My four years as an adjunct instructor at John Jay College of Criminal Justice further reinforced this interest, as teaching civilian students required translating professional experience into accessible and meaningful learning. When the opportunity to become an NCPC instructor arose, it provided a natural way to continue doing what I enjoy most—teaching, mentoring and sharing the experience that I have personally gained.
What makes NCPC’s training approach unique compared to other cybersecurity programs you’ve encountered?
Prior to working with NCPC training, my exposure to cybersecurity education was primarily through academic coursework while completing a post-baccalaureate certificate in Computer Science for Digital Forensics. Those studies were largely IT-centric and offered limited coverage of the non-technical dimensions of cybersecurity, such as policy, governance, compliance and organizational awareness.
NCPC’s training approach is distinct in that it is intentionally designed for what FEMA describes as the Whole Community, not just IT professionals. It effectively bridges the gap between technical cybersecurity concepts and the operational, policy and leadership responsibilities that support a mature security posture. By using plain language and role-based relevance, NCPC training helps reduce the common fear of “cyber” by reframing it as a shared, achievable responsibility rather than an exclusively technical discipline.
How do you tailor your instruction to meet the needs of diverse audiences?
My professional background spans military, law enforcement, academic and emergency response environments, which have required me to work with and instruct highly diverse audiences. This experience allows me to quickly assess what content is most relevant and appropriate for a given group, whether the audience is technical or non-technical. I focus on aligning cybersecurity concepts to each audience’s operational reality, mission priorities and level of technical dependence.
One example involved teaching the same cybersecurity course to two very different police departments. A large, well-funded agency relied heavily on IT systems and digital infrastructure, so the instruction emphasized protecting availability, integrity and operational continuity. In contrast, a small-town department with mostly analog processes required a different approach, focusing on how cybersecurity awareness and basic hygiene should be established early, before increased digital dependence occurs. Adjusting the message in real time ensured the material remained relevant, practical, and meaningful for both audiences.
How do you see NCPC training contributing to national cybersecurity resilience and community preparedness?
NCPC training contributes to national cybersecurity resilience by reducing the fear and misunderstanding often associated with the term “cyber,” particularly among non-technical personnel. By clearly demonstrating that cybersecurity extends beyond IT functions, the training makes the topic accessible and relevant to a broader range of roles within an organization.
This shared understanding helps bridge the gap between technical and non-technical staff by clarifying each group’s priorities and responsibilities. As a result, organizations are better positioned to communicate, coordinate, and make informed decisions during cyber incidents or broader crises, strengthening overall community preparedness and operational resilience.
What feedback have you received from participants?
Participant feedback has consistently highlighted the value of NCPC courses in helping individuals better understand perspectives outside their own roles. Both verbal feedback and post-course surveys frequently indicate that the training helped participants “see the other side,” particularly across technical, non-technical and leadership roles.
Students have noted that the training clarified what they should reasonably expect from leadership, as well as what leadership should reasonably expect from them. Likewise, participants in leadership roles reported gaining a clearer understanding of staff capabilities, limitations and responsibilities. This shared understanding has been cited as a key factor in improving communication, alignment and effectiveness across organizations.
What do you find most rewarding about teaching cybersecurity preparedness?
What I find most rewarding about teaching cybersecurity preparedness through NCPC is the opportunity to work with highly diverse audiences across different geographic regions and professional sectors. Many of these fields are outside my own prior experience, which makes each course both engaging and intellectually rewarding.
I consistently learn from my students, their operational realities and perspectives, and this exchange makes every course I deliver a valuable learning experience for me as well as for the participants.
What is your favorite NCPC course, and why?
My favorite NCPC course is AWR-432 Integrating Hazard Response into Exercise Planning. The course provides an excellent opportunity to build a bridge of understanding between technical and non-technical personnel by highlighting how their roles and responsibilities are interconnected during planning and response activities.
As an added benefit, the course allows me to introduce participants to the HSEEP exercise development process and demonstrate how to plan and conduct exercises in a way that delivers maximum value to both the organization and the training audience.
How does the NCPC prepare participants for real-world cybersecurity concerns?
NCPC prepares participants for real-world cybersecurity concerns by grounding instruction in practical, role-based relevance rather than purely technical theory. The training helps participants understand how cybersecurity affects their daily responsibilities, decision-making processes and organizational missions, regardless of whether they hold technical roles. By emphasizing shared responsibility, plain language and operational context, the NCPC ensures participants can apply what they learn in realistic settings.
The courses also strengthen preparedness by improving cross-functional understanding and communication between technical staff, non-technical personnel and leadership. This alignment helps organizations coordinate more effectively during incidents, set realistic expectations across roles, and integrate cybersecurity considerations into broader preparedness, response and exercise planning efforts.
Filipp Khosh is an Exercise Planner & Course Developer at Norwich University Applied Research Institutes (NUARI) in Northfield, Vt.
Building Cyber Readiness the Smart Way
Cybersecurity continues to be a top concern for organizations in every sector, and for good reasons[1]. Cyber threats continue to evolve quickly, and the impact a cyber incident can have cannot only cause disruptions to operations and compromise sensitive data, but it can also create long-term impacts and challenges to recovery. Building cyber readiness can oftentimes feel like a complex task, but it doesn’t have to start with major investments or technical overhauls. One of the most effective first steps in cyber readiness begins with training.[2] Training can be an essential tool to cyber readiness, especially when it is offered in a flexible, self-paced format designed to fit into a busy schedule.
The National Cybersecurity Preparedness Consortium (NCPC) offers self-paced web courses to support organizations in many different areas. From improving cybersecurity awareness and organizational readiness to and risk management. These courses provide practical knowledge that can be applied across all areas of an organization, from leadership to operational staff, and more!
Start with the Foundation: Cybersecurity Policies
A strong cybersecurity posture begins with more than just the technical tools; it begins with setting clear expectations and consistent guidance. This is where cybersecurity policies play an essential role. Policies establish what is required, what is acceptable, and what actions should be taken to protect systems and information. Policies often provide a framework for consistency, accountability and continuity.
One course that directly supports this foundational work is MGT-333-W Organizational Cybersecurity Policy Essentials. This self-paced course focuses on building an understanding of cybersecurity policy development and implementation. It also highlights why policy is critical to overall organizational cybersecurity readiness. Learners are introduced to what belongs in a cybersecurity policy, what the anatomy of a policy looks like, and how policy impacts organizational behavior and compliance, in addition to what challenges organizations may face when creating or maintaining cybersecurity policies.
Building Awareness
Once policies are established, the next step is ensuring staff understand cybersecurity risks and how everyday actions can impact organizational security. Cybersecurity awareness is not limited to just the IT department; it is a shared responsibility across the entire organization. Effective training helps employees and leaders recognize threats, reduce vulnerabilities, and support secure behaviors consistently.
A course that supports this effort is AWR-397-W: Cybersecurity for Everyone. This course provides an accessible overview of cybersecurity concepts and helps learners understand common risks, safe practices, and how connected devices can introduce vulnerabilities. It is a great option for organizations that want to provide cybersecurity awareness to a broad audience.
Strengthen Response Readiness & Incident Management
Training is also essential for preparing organizations to respond effectively when incidents occur. Even with strong policies and awareness training, organizations must plan for the possibility of a cyber event and ensure personnel understand the steps required to manage incidents appropriately.
The course AWR-169-W: Introduction to Cyber Incident Management supports organizations by introducing key concepts in cyber incident management, including how incidents are identified, analyzed, prioritized and addressed. This type of training helps organizations strengthen response processes and supports continuity by ensuring leaders understand what actions are needed during a cyber incident and why timely decision-making is critical.
Addressing Emerging Threats
Many organizations are also facing increasing cybersecurity risks due to the expansion of connected devices and networks. Internet of Things (IoT) devices are widely used nowadays and can introduce vulnerabilities if not properly secured. As organizations expand and introduce new types of technologies to the organization, having a baseline understanding of IoT-related risks becomes increasingly important.
The course AWR-402-W: Introduction to Internet of Things can assist learners in understanding how IoT devices function, what makes them vulnerable, and what best practices can be put into place to reduce risk. It also connects IoT security to policy and organizational responsibility, which aligns with the foundational concepts introduced in MGT-333-W.
Moving Forward
Cybersecurity preparedness is not a one-time effort; it is an ongoing process that requires various parts, such as planning, training and organizational-wide commitment. The good news is that organizations can take meaningful steps forward by building knowledge and capabilities over time, starting with foundational topics and then moving on to more advanced ones.
If you are looking for a course to begin strengthening cyber readiness within your organization, MGT-333-W is a great course to begin with. As always, more training courses can be found through the NCPC catalog. 
By Monique Leija, information security instructor at the Center for Infrastructure Assurance and Security with The University of Texas at San Antonio.
References:
- Jones, D. (2025). Cyber disruptions remain top business risk concern in US, globally. Cybersecurity Dive.
- Center for Internet Security. (n.d.). CIS Critical Security Control 14: Security awareness and skills training.
Empowering a Cyber-Safe Workforce: The Urgent Need for Foundational Training in a Digital World
In today’s interconnected society, where smartphones have become a necessity and kitchen appliances are linked to the internet, cybersecurity is no longer a concern reserved for IT departments. It is a shared responsibility essential for professionals, municipalities, organizations and individuals alike. As cyber threats grow more sophisticated and remote work becomes more common, practical and accessible cybersecurity education is more critical than ever.
To meet this growing need, the National Cybersecurity Preparedness Consortium (NCPC) offers FEMA/DHS-funded, web-based training courses designed for all users… technical or not! In other words, these courses are available at no cost to participants! These self-paced, web-based modules target core vulnerabilities in our everyday work and personal tech use, and they aim to reduce risk across entire communities. The following are a few introductory courses designed to help increase cyber resiliency at every level:
AWR-300-W: End-User Security and Privacy, focuses on practical digital hygiene. It equips participants with the knowledge to identify phishing attempts, manage secure passwords, and understand data privacy concerns. Designed for everyone who touches a keyboard, from educators to administrative staff, this course builds the foundation for a security-aware culture across organizations.
AWR-385-W: Mobile Device Security and Privacy, dives into best practices for smartphone and tablet usage. As mobile devices increasingly serve as both personal and professional lifelines, protecting them from malicious apps, unsecured networks, and unauthorized access is essential. This course is ideal for field employees, small business owners, and remote workers whose mobile habits directly impact organizational security.
AWR-431-W: Remote/Home-Office Cybersecurity Preparedness, is particularly timely in the post-pandemic shift toward remote and hybrid work environments. Participants learn how to secure home Wi-Fi networks, identify common threats when working outside of secured corporate systems, and implement key technical practices such as VPN use and device hardening. This course is well-suited for city and county employees, telehealth providers, non-profit teams, and anyone whose office is now just a few steps from their kitchen.
From individual user behavior to organizational policy, these courses are perfect for large-scale implementation within public institutions, school districts, city governments, small businesses and non-profit networks. Participants receive a certificate upon completion, offering a tangible credential that can enhance grant/career competitiveness and professional development portfolios.
Enrollment is fast, free and open to all. With cybercrime growing exponentially and the human factor remaining the weakest link in many breaches, taking proactive steps like these courses is more than a best practice, it is a critical investment in digital safety and operational continuity.
To explore these and other NCPC offerings, visit our courses page today! 
Francis Smith is an assistant course developer at the Center for Information Assurance at The University of Memphis.
Strengthening Cyber Preparedness Through Web-Based Training: The Case for Learning Before You Arrive
In today’s cyber landscape, organizations face rising threats, limited staffing, and constant pressure to stay ahead of evolving risks. As a result, the demand for accessible, flexible training has never been greater. Web-based cybersecurity courses have become a critical part of meeting that need.
There is a common misconception that asynchronous web-based learning is inherently easier or lighter weight simply because it is remote. In reality, well-designed web-based courses often require a higher degree of individual engagement, discipline, and critical thinking. Without the structure of a traditional classroom, learners must absorb complex concepts, navigate interactive scenarios, and apply judgment on their own. While online learning is often viewed as a convenient alternative, its value and rigor extend far beyond accessibility.
For many professionals, engaging in online coursework before in-person training creates a stronger foundation, accelerates learning, and leads to better long-term performance.
Intentional Design
At TEEX, we have seen firsthand how preparing through web-based modules can transform the in-person experience. Our cybersecurity programs, including those designed for technical operators, managers and decision-makers, increasingly rely on web-based components to establish a baseline of knowledge. These courses are intentionally structured to introduce essential terminology, concepts, and real-world scenarios in a format that learners can complete at their own pace. Arriving with that shared foundation not only enhances comprehension but also elevates the level of engagement during hands-on or instructor-led sessions.
One of the most commonly reported benefits is the confidence that learners bring into the classroom. Cybersecurity can be a fast-moving field, and not everyone comes in with the same background. Training available online helps level the playing field. Participants can revisit lessons, pause content for clarity, or work through examples without the pressure of keeping pace with a live room. By the time they attend in-person training, they are familiar with the core principles and better positioned to ask deeper, more applied questions that strengthen the collective learning environment.
From an instructional standpoint, online preparation allows instructors to devote classroom time to dynamic activities that cannot be replicated in a digital format. Instead of spending extended time reviewing foundational material, the in-person sessions can fully focus on practical application. For technical courses, this means hands-on labs, simulations, and collaborative problem-solving. For management or performance-based courses, it means scenario-driven discussions, decision-making exercises, and applied planning. Learners arrive ready to participate, rather than simply absorb information.
This blended approach also reflects the realities of the cybersecurity profession. Much of the work in this field requires independent learning, quick adaptation, and the ability to process information digitally. Completing web-based courses before arriving for in-person instruction mirrors how cybersecurity professionals operate day-to-day. It reinforces the skills of self-direction, critical thinking, and rapid knowledge acquisition, which are all competencies that are essential in a field where threats evolve far more quickly than traditional training cycles.
Blended Learning for Cyber Resilience
For agencies and organizations balancing workloads with workforce development, web-based courses also open the door to more consistent and efficient training pipelines. Personnel can complete the web-based material during slower operational periods, reducing the total time they need to be away for on-site training. This approach minimizes disruption while ensuring that staff arrive prepared and ready to maximize the value of the in-person experience. In many cases, this leads to higher completion rates, improved retention, and more meaningful learning outcomes.
Ultimately, the combination of online preparation and in-person training creates a stronger, more resilient learning model. Web-based courses build the framework, and in-person sessions bring the material to life. Learners walk away not only with knowledge but with the ability to apply that knowledge in real situations, whether responding to incidents, implementing new policies, or guiding organizational cyber strategy.
As cyber threats continue to expand in scale and complexity, the need for adaptable, effective training will only grow. Web-based learning is not just a supplement. It is an essential component of modern cybersecurity education, and when paired with hands-on instruction, it equips professionals with the readiness, confidence, and skillset needed to strengthen the security posture of their organizations.
As a member of the NCPC, TEEX is proud to support this blended approach and remains committed to delivering high-quality, accessible web-based courses that prepare learners for success long before they walk into the classroom.
Dr. Bart Taylor is with the Business & Cyber Solutions Division at Texas A&M Engineering Extension Service.
Expanding Cybersecurity Awareness Through Web-based Learning
As an instructor for the National Cybersecurity Preparedness Consortium (NCPC), I’ve seen firsthand how vital it is to make cybersecurity education accessible, relevant and impactful. While we traditionally favor face-to-face instruction for its effectiveness in conveying complex ideas, we recognize the value of web-based learning, especially for short courses that introduce foundational concepts. These courses allow learners to engage with material at their own pace, making cybersecurity education more inclusive and equitable.
Our web-based course development process is deeply collaborative. We work closely with stakeholders and rely on pilot programs to refine content based on student feedback. This iterative approach ensures that our courses are not only informative but also practical and responsive to learners’ needs.
Cybersecurity is a cornerstone of national preparedness and resilience. The Department of Homeland Security and Federal Emergency Management Agency certify the NCPC courses, so their rigorous standards guide our curriculum, requiring us to clearly define goals and objectives that align with broader national security priorities. Every course provided is built on the principle that strengthening cybersecurity at all levels contributes to the safety of millions of people and the integrity of countless systems.
Online access is key to broadening participation in cybersecurity learning. Anyone with a computer and an internet connection can begin learning, regardless of their background or location. This option empowers self-directed learners to pursue further training and demonstrate initiative to employers, often opening doors to more advanced opportunities in the field.
Our long-term mission is clear: enhance the cybersecurity posture of our nation’s critical infrastructure. There’s no one-size-fits-all solution, but by reaching as many individuals as possible, we can foster a culture of awareness and responsibility.
The NCPC has tailored three introductory courses, which were developed by Norwich University Applied Research Institutes, specifically for police, fire, EMS and municipal agencies.
Introductory Courses
AWR-388-W Cyber Security Awareness for Municipal, Police, Fire and EMS IT Personnel focuses on cyber awareness, emphasizing that public safety agencies must prioritize cybersecurity alongside their core missions. AWR-389-W Incident Response for Municipal, Police, Fire and EMS Information Technology Personnel targets IT support personnel in emergency services, highlighting the importance of applying incident response principles to cyber threats. AWR-398-W Introduction to Information Sharing and Analysis Organizations introduces novices to Information Sharing and Analysis Organizations (ISAOs) and guides them toward further resources. These courses emphasize that cybersecurity is everyone’s responsibility, starting with basic awareness.
Cybersecurity is not just a technical challenge; it’s a shared responsibility. Through thoughtful course design and accessible delivery, NCPC is helping build a more resilient and prepared nation.
There are many web-based courses for your consideration, whether you’re looking for an introductory point into cybersecurity or want a deeper dive into specific topics, as an end-user, technical personnel or manager. Visit the NCPC website courses page to learn about your options!
Thomas Paulger is the director of course development for Norwich University Applied Research Institutes and has been an NCPC Instructor since 2014. He holds numerous IT certifications, including CISSP, SANS Forensic Analyst, Penetration Tester, Intrusion Analyst, and Industrial Cyber Security Professional.