The Evolution of Cybersecurity Training

From Checkbox to Catalyst: How the C-Suite is Reframing Cybersecurity Training

For years, many organizations treated cybersecurity training as a mere compliance requirement. But today’s executive teams are taking a radically different approach. They’re recasting cyber-readiness from a perfunctory task into a strategic lever for business resilience and growth.

What was once a compliance task is now an enterprise priority. CEOs, CFOs, and board members are taking an active role alongside CISOs in shaping how organizations prepare for and respond to digital threats. Leaders who have faced cyber incidents firsthand understand how these events impact operational processes, revenue, brand reputation, and corporate culture. As cyber threats have evolved, traditional prevention models have proven insufficient, prompting a necessary shift.

From Quantum to AI Risks: Preparing for Cybersecurity's Future

As 2026 begins, the cybersecurity industry faces a pivotal moment, grappling with persistent threats and emerging challenges. The year brings renewed focus on critical goals as discussed in the latest edition of Reporter's Notebook, with Alex Culafi, senior news writer at Dark Reading, joined by Phil Sweeney of TechTarget Search Security and Eric Geller of Cybersecurity Dive. As seasoned reporters immersed in the field, the trio offers unique insights into what cybersecurity professionals should start doing, stop doing, and focus on as 2026 begins. Their conversation highlights pressing issues, emerging trends, and actionable advice for those in the industry.

AI Risk Meets Cyber Governance: NIST’s Draft Cyber AI Profile

On December 16, 2025, the National Institute of Standards and Technology (“NIST”), a non-regulatory federal agency within the U.S. Department of Commerce that promotes innovation through technical standards setting, released a preliminary draft of its forthcoming Cyber AI Profile. The Cyber AI Profile aims to help organizations bolster artificial intelligence (“AI”) governance leveraging NIST’s Cybersecurity Framework 2.0 (the “CSF”) as a guide to the cybersecurity of AI systems and the use of AI to support cybersecurity. Like the CSF, the Cyber AI Profile is voluntary for most organizations; however, organizations that align their risk management practices to these resources tend to be viewed by customers, investors, and regulators as more secure, resilient, and responsible.

The US needs a cybersecurity roadmap

A fundamental approach of the Trump administration is ensuring and enhancing the defense of the United States homeland. Border security has accordingly been prioritized, and a “Golden Dome” missile defense has been proposed. But equivalent to the challenges of the border and of missile defense is the defense of the information and operational technology systems upon which the national security, economy, and public safety of the United States depend. This report focuses on operations and its companion report focuses on technology and architectures; together they identify the challenges facing the United States and describe a proposed national cybersecurity strategy that encompasses key roles for government and for the private sector.

A national cybersecurity strategy will require an operational road map for offensive and defensive campaigning and significantly enhanced resilience for key critical infrastructures built upon the development and adoption of safe coding and the implementation of zero trust architectures. Establishment of such capabilities will provide the president and the national leadership with the necessary capabilities to deter and defeat nation-state and criminal activities in cyberspace.

VIEWPOINT: Contractors Racking Up Big Fines for Cybersecurity Violations

Over the past year, the new administration has strongly signaled that it has every intention of continuing to scrutinize federal contractors’ cybersecurity practices and to continue the fight against new and emerging cyber threats to the security of sensitive government information and critical systems.

On the rulemaking front, the Pentagon recently amended the Defense Federal Acquisition Regulation Supplement to incorporate the standards of the Cybersecurity Maturity Model Certification program. The final rule took effect on Nov. 10 but has a phased implementation over the next few years and mandates that contractors achieve a specific CMMC level before contract award.

…

With this increased focus on contractors’ cybersecurity practices, the four most recent settlements provide valuable guidance for federal contractors looking to avoid government scrutiny.

U.S. Coast Guard releases Cybersecurity Training Verification Job Aid

The U.S. Coast Guard’s Office of Maritime Cybersecurity Policy released a new guide, Work Instruction 001- Cybersecurity Training Verification Job Aid, to provide a clear and standardized framework for Coast Guard Vessel and Facility inspectors.

This new tool is designed to assist those inspectors in verifying that all U.S.-flagged vessels, facilities, and Outer Continental Shelf facilities have implemented the required cybersecurity training under 33 Code of Federal Regulations Part 101, Subpart F. With these verification procedures now part of routine inspections, operators should be prepared to demonstrate that they have a compliant training program in place, maintain accessible training records, and have a formal process for managing system access for untrained personnel.

This job aid serves as guidance for all routine inspections. The Coast Guard will continually review guidance and policy, and will provide new or updated resources as deemed necessary. While this guide is not a new regulation, it is a critical tool for ensuring operations are in compliance with existing regulations.