Dr Julie Haney
Computer Scientist and Usable Security Researcher
Compliance or impact?
Insights into how U.S. government organizations determine the effectiveness of security awareness programs
Julie Haney is a computer scientist and Usable Cybersecurity program lead at the U.S. National Institute of Standards and Technology (NIST). She conducts research about the human element of cybersecurity, including the usability and adoption of security solutions, work practices of security professionals, and people’s perceptions of privacy and security.
Previously, Julie spent over 20 years working in the U.S. Department of Defense as a cybersecurity professional and technical director. She has a PhD in Human-Centered Computing and an M.S. and B.S. in Computer Science.
The goal of security awareness programs is to positively influence employee security behaviors. However, organizations in compliance-focused sectors may struggle to determine program effectiveness, often relying on training completion rates rather than measuring actual impact.
This presentation will discuss the results of a research study that, in part, sought to discover approaches and challenges to measuring security awareness program effectiveness within the U.S. Government. The results can aid security awareness professionals inside and outside the U.S. Government in considering impact-based indicators of success.