Jennifer Kleman

Cybersecurity has become a critical priority for organizations across public and private sectors. Recognizing this need, Cyber Florida has developed the Florida Cyber Risk Assessment (FCRA), a no-cost, confidential cybersecurity risk assessment aligned with NIST Cybersecurity Framework (CSF) 2.0. The FCRA is designed to assist critical infrastructure (CI) organizations in identifying and mitigating cybersecurity risks, complying with best practices outlined in the Florida Cyber Act (Statute 282.318), and building resilience against cyber threats.

What is the Florida Cyber Risk Assessment?

The FCRA is a Florida-specific adaptation of the Cyber Security Evaluation Tool (CSET®) developed by Idaho National Lab. It incorporates 106 NIST CSF questions and 48 Ransomware Readiness Assessment (RRA) questions, providing a structured approach for organizations to strengthen their cybersecurity frameworks. Participants can generate customized reports to enhance their cyber defense strategies and align with legal and regulatory requirements.

Addressing Gaps in Florida’s Critical Infrastructure Sectors

Recent FCRA assessments have revealed significant cybersecurity gaps within Florida’s CI sectors:

• Lack of Response and Recovery Plans: 50% of CI providers lack robust response and recovery plans.
• Weak Authentication Practices: Half of CI organizations do not use Multi-Factor Authentication (MFA).
• Inconsistent Partner Audits: While 39% conduct response planning with third-party providers, only 48% regularly audit these partners’ cybersecurity practices.
• Limited Training Programs: 49% lack formal cybersecurity training programs beyond basic awareness.
• Unclear Management Responsibilities: Nearly half of providers do not have assigned cyber-management responsibilities, with 49% lacking a Chief Information Security Officer (CISO).
• Infrequent Incident Response Exercises: Only 48% of organizations conduct biannual incident response tabletop exercises.
• Undefined Risk Tolerance: Just 53% of CI providers have clearly defined their risk tolerance, highlighting a critical gap in risk management strategies.

Enhancements and Tools to Support Cybersecurity

To address these challenges, Cyber Florida has implemented or is developing several tools and initiatives:

• Entry and Mid-Level Assessments:
  • A 20-question entry-level assessment evaluates organizations’ protections based on the top 20 areas of concern.
  • A 38-question mid-level assessment measures cybersecurity maturity against CISA Cybersecurity Performance Goals (CPGs).
• Maturity Modeling: A maturity index based on the Multi-State Information Sharing and Analysis Center (MS-ISAC) template helps organizations benchmark their cybersecurity practices.
• AI-Driven Resource Mapping Tool: In development, this innovative tool generates summaries from NIST 800-53 for all 106 CSF questions. Users will be able to efficiently create comprehensive cyber plans, including governance, incident response, and recovery plans.
• Workshops: A series of cybersecurity presentations aimed at raising awareness and educating CI organizations in both the public and private sectors.

New Tools and 2025 Initiatives

Cyber Florida continues to innovate and expand its efforts to enhance cybersecurity across the state. Notable initiatives include:

• Florida CI Mapping Pilot Project (Cyber-Bulls-I): A first-in-the-nation resource to help CI sectors address cyber risks, meet legal requirements, and build future compliance capacity. This tool provides risk reduction resources tailored to Florida’s sectors, risks, needs, and vulnerabilities.
• Enterprise Data Management Platform: A forthcoming platform designed to identify grant, research and development, and policy opportunities for Florida’s CI sectors.
• Visualization and Dashboard Tools: New tools for state leadership to monitor and address cybersecurity challenges effectively.
• Workforce Development Initiatives: These include a new mapping tool to support small business and defense industry growth.

The Path Forward

With its comprehensive approach and cutting-edge tools, the Florida Cyber Risk Assessment is paving the way for a stronger cybersecurity posture across Florida’s critical infrastructure sectors. Organizations adopting the FCRA’s recommendations and utilizing its resources will be better equipped to protect themselves against evolving cyber threats and ensure compliance with industry standards and legal mandates.

Cyber Florida remains committed to fostering a secure, resilient, and innovative cyber environment for Florida. For more information or to participate in the FCRA, visit https://cyberflorida.org/cip/ today.

Cyber Florida at USF’s Security Operations and Cybersecurity Apprenticeship Program (SOCAP) employs up to 10 students each semester, with opportunities for students to remain in the program for multiple terms. Through this innovative program, SOCAP interns gain hands-on experience addressing real cybersecurity issues for various clients, effectively extending the capabilities of client IT teams.

Managed by Ryan Irving and Duy Dao, SOCAP gives students valuable exposure to the day-to-day operations of a security operations center. Leveraging tools like Microsoft Defender, Crowdstrike, Stamus Networks, MS-ISAC Albert, Recorded Future, Magnet Forensics, Belkasoft Forensics, Volexity, and more, Irving assigns work tickets—real security alerts or issues—that need investigation. Each day, students select or are assigned tickets from the system, allowing them to work on current cybersecurity tasks and engage in practical problem-solving.

The University of South Florida (USF) Information Technology (IT) Department is among the clients benefiting significantly from SOCAP’s services. “The SOCAP partnership with USF IT is fantastic,” says Irving. “Students aren’t just performing real cybersecurity tasks; they’re actively improving the security of the university’s IT infrastructure while honing their skills in a real-world environment.”

In addition to ticket-based troubleshooting, SOCAP students take on proactive threat-hunting roles, scouring resources to detect potential indicators of compromise and preparing threat advisories for Cyber Florida’s threat room page on its website.

SOCAP students like Alessandro Lovadina, Erika Delvalle, and Ben Price bring diverse skills and interests, creating a collaborative team environment.

Lovadina is passionate about coding projects, like building web applications. “With AI, cybersecurity is crucial; all students should learn the basics of cybersecurity,” he notes.

Delvalle finds excitement in threat-hunting tickets. “It never gets boring,” she says. “You’re always learning something new.”

Price enjoys challenging issues that expand his research skills and expertise. “It’s fulfilling; it’s important,” he says.

SOCAP students have the freedom to conduct their own research and troubleshoot using open-source information and reliable online resources. The program’s hybrid format allows students to work both in-office and remotely, providing a dynamic environment that complements their class schedules. This flexibility gives SOCAP interns a comprehensive view of security operations and invaluable career experience.

Irving also incorporates regular training exercises in collaboration with the USF IT team. “Monthly simulated events allow students and staff to practice incident response skills together,” he says. “We invite USF IT to join these sessions, so that we can learn and improve our response capabilities as a team.”

Dennis Guillette, Director and Security Architect of USF IT, expressed his appreciation for SOCAP students’ contributions to the university’s cybersecurity efforts. “I would like to extend my deepest gratitude to the SOCAP students for their outstanding hard work and dedication. Their impressive technical knowledge and exceptional troubleshooting skills have been invaluable to our security posture. Their commitment to excellence and ability to tackle complex security challenges have significantly strengthened us. Thank you for setting a high standard of professionalism and expertise.”

Cyber Florida’s SOCAP internship program at USF continues to be a valuable resource for students and the university alike, advancing cybersecurity skills and bolstering the state’s defenses. It serves as a model for other schools.

Cyber Florida’s Critical Infrastructure Protection (CIP) Program Interns

At Cyber Florida, our mission extends beyond cybersecurity protection—we’re committed to developing the next generation of experts who will help safeguard our digital and physical infrastructure. In this post, we shine a spotlight on three talented interns who are making their mark: Amolika “Amy” Godse, Arpan Jaiswal, and Vikranth “Vikky” Dundra. These USF students are serving an instrumental role in helping to map trends across geographies and industries for our Critical Infrastructure Protection (CIP) program while pursuing master’s degrees.

Amolika “Amy” Godse: Turning Data into Stories

Amy, a second-year master’s student majoring in Business Analytics and Information Systems, is studying to become a data engineer. Her passion for technology and data-driven storytelling is what drives her aspirations. “I love the idea of turning raw data into stories that can help organizations make better decisions,” she shares. “I’m fascinated by technology and how it can solve real-world problems.”

Amy is making strides in her internship, working on a data collection project for Cyber Florida focused on critical infrastructure. “I’m learning how to gather data using Python, particularly through web scraping techniques,” she says. She’s also mastering popular libraries like Beautiful Soup and Scrapy, which allow her to extract valuable information from online sources. These hands-on experiences are equipping Amy with the skills needed to make an impact in the data engineering field, which she plans to pursue after her graduation in May 2025.

Amy enjoys experimenting in the kitchen and finds baking to be a therapeutic hobby. She’s also a fan of exploring new places and can be found relaxing with friends on the weekends.

Arpan Jaiswal: Driving Business Growth through Data

Arpan is also in his second year of the Business Analytics and Information Systems program, but his sights are set on becoming an SAP data analyst. “I aim to leverage my master’s program knowledge along with my past experience to help drive business growth,” says Arpan, who is eager to apply his skills in data analysis to business decision-making processes.

Through the CIP internship, Arpan is gaining firsthand experience in data collection and cleaning—crucial components of any data science project. “Given that 80% of a data science project involves data collection and cleaning, I am gaining valuable hands-on experience using Python libraries for web scraping and data cleaning,” he explains. These practical skills are giving him the tools to take on complex data challenges in the business world.

Arpan enjoys staying active, whether that’s hitting the gym or playing cricket. He is a member of the Tampa Bay Titans and competes in the Tampa Premier League and Tampa Cricket League.

Vikranth “Vikky” Dundra: Optimizing Performance through Data Analysis

Vikky, another second-year Business Analytics and Information Systems student, is on a mission to become a data analyst. His goal is to leverage data-driven insights to help organizations optimize their performance. “I aspire to work as a data analyst after graduation, utilizing data-driven insights and analytical tools to support decision-making processes,” says Vikky.

Vikky’s internship work aligns perfectly with his career goals. He is honing his skills in sophisticated data collection, web scraping, Python programming, and comprehensive data cleaning and analysis. By working on real-world projects, he’s developing the technical expertise needed to succeed in the fast-paced world of data analytics.

Vikky loves cooking, and often experiments in the kitchen. He’s also an avid cricket player, finding time to play the sport on weekends.

The Future of Data-Driven Cybersecurity

Cyber Florida’s CIP internship program is providing Amy, Arpan, and Vikky with invaluable real-world experience that will help shape their futures as data experts. Through their internships, they are gaining hands-on experience in skills that are essential in today’s data-driven world.

We can’t wait to see where their careers take them—and we’re proud to play a part in their journey.