Jennifer Kleman

Tabletop Exercises Strengthen Election Infrastructure Security Across Florida

From Jacksonville to Panama City Beach, Cyber Florida’s FirstLine Summer 2025 “Road Trip” brought mission-critical cybersecurity training directly to election teams and public sector leaders across the state. Conducted in partnership with the Norwich University Applied Research Institutes (NUARI) and the Florida Division of Emergency Management (FDEM), this six-stop Tabletop Exercise (TTX) series was designed to simulate real-world election infrastructure incident scenarios and help strengthen interagency coordination, communication, and planning.

This program was funded through a Fortifying Florida grant provided by the Florida Division of Emergency Management and the Federal Emergency Management Agency (FEMA).

The TTX series, held in June and July 2025 in Jacksonville, Gainesville, Orlando, Sarasota, Panama City Beach, and Tallahassee, convened 129 participants from 40 counties. These no-cost events provided a safe, realistic environment for election officials, IT personnel, law enforcement, and emergency managers to test and refine their response to evolving threats against Florida’s election infrastructure.

“I attended this TTX as an intern to gain hands-on experience with real-world
cyber incidents. This was my first TTX, and I was looking to
gain new perspectives and also network.”

Building Readiness Through Realistic Scenarios

Each TTX presented participants with a simulated cyber or physical security incident involving election systems. The exercises required participants to respond under pressure, think across organizational boundaries, and prioritize coordinated actions and communication.

Attendees consistently praised the scenarios’ realism and relevance, with 100% of survey respondents affirming their applicability to real-world operations.

“The discussion between IT and office users during the exercises provided
a good exchange for each other’s perspectives.”

A Distinguished Turnout in Tallahassee

The final stop on the road trip in Tallahassee underscored the importance of the TTX series, drawing senior state leaders and cybersecurity experts, including:

• Kristen Pederson, Vice President, NUARI
• Melinda Miguel, Chief Inspector General for the State of Florida
• James Taylor, CEO, Florida Technology Council
• Yolanda Williams, Cybersecurity State Coordinator/Advisor, CISA
• Ashley Grover, Cyber Navigator Program Manager, Florida Department of State
• Travis Hart, President, Florida Supervisors of Elections
• David Crain, Senior Crime Intelligence Analyst Supervisor, Florida Department of Law Enforcement (FDLE)

Their presence demonstrated broad support for advancing cyber resilience in election infrastructure and affirmed the value of FirstLine’s targeted, tactical approach.

Key Takeaways: Preparedness Starts with Planning

Participants walked away from the TTXs with strengthened confidence, actionable insights, and renewed urgency around preparation. Common lessons included:

• The critical need for a written Incident Response Plan (IRP)
• The role of cross-agency communication during a crisis
• The importance of involving all stakeholders, not just IT

“1. Be prepared before an emergency happens. It is not a matter of if but of when.
2. Cybersecurity is not only for IT— the whole organization should be included.”

“Communication is key.”

“Go back and have discussions with my staff on where we currently stand regarding
preparation, readiness, and knowledge.”

The FirstLine Mission

FirstLine, Cyber Florida’s no-cost cybersecurity education and training program for Florida’s public sector, is designed to meet agencies where they are—literally. By delivering certified, scenario-based tabletop exercises across the state, FirstLine ensures that even the most resource-limited agencies can train, collaborate, and build resilience together.

The Summer 2025 TTX Road Trip exemplifies that mission in action: a practical, inclusive, and high-impact initiative supported by FEMA and FDEM through the Fortifying Florida program. As threats evolve, so will FirstLine, ensuring that Florida’s election infrastructure systems and public institutions remain a model of readiness and coordinated defense.

To learn more about FirstLine or request training for your agency, visit cyberflorida.org/training.

How One Apprentice Found His Footing in Offensive Security

When Yousef Blassy steps off the packed New York City subway each morning and walks into Google’s Manhattan offices, he’s stepping into a dream that started with curiosity, a willingness to take risks, and a foundational cybersecurity training program called SOCAP.

Today, Yousef works as an offensive security consultant at Google, placing him squarely on the front lines of one of the world’s most sophisticated tech environments. But a short time ago, he was a student in Cyber Florida’s SOCAP (Security Operations Center Apprentice Program), learning the ropes of a rapidly evolving field.

A Day in the Life at Google

As part of Google’s security consulting team, Yousef dives into complex client environments, actively hunting for vulnerabilities, testing system defenses, and identifying potential weak points before malicious actors do. When he’s not in the thick of an engagement, he’s contributing to team projects, conducting research, or sharpening his skills through continuous learning.

The work is fast-paced and mentally demanding, but Yousef is exactly where he wants to be. He credits SOCAP for helping him get there.

The SOCAP Experience: More Than Just Training

“Penetration test reports can be long and time-consuming,” he explained. “The technical writing I did in SOCAP—writing detailed tickets and documentation—directly prepared me for the type of communication required in my current role.”

Beyond writing skills, SOCAP provided a crucial launching pad for his red-teaming ambitions. While others might gravitate toward blue team roles, Yousef knew early on he was drawn to the offensive side of security. SOCAP didn’t just allow him to explore that interest; it actively supported it, even providing a voucher for the Practical Junior Penetration Tester (PJPT) certification.

Passing the PJPT wasn’t just a personal milestone; it proved to be a key differentiator during his interview process with Google.

From Apprentice to Consultant: Navigating the Transition

Still, the shift from a learning environment to full-time consulting wasn’t without its challenges. “The biggest adjustment,” Yousef says, “was the need for on-the-spot learning and problem-solving.”

As an apprentice, support was always close at hand. But in the world of security consulting, especially on solo engagements, the expectations are different. “There’s less handholding,” he explains. “You’re expected to deliver tangible results by the end of your engagement, even if the findings are minimal.”

That kind of independence requires technical chops, confidence, adaptability, and the mindset to treat every challenge as an opportunity to grow.

Advice for the Next Generation

Yousef doesn’t mince words when advising current SOCAP students: “Don’t be shy and actively seek out work you might feel unprepared for.”

He knows firsthand that some of the best learning happens outside your comfort zone. “It’s often all in your head. You are capable. And if you hit a wall, remember—whatever issue you’re facing, someone online has likely already solved it.”

Looking back, he wishes he had taken more initiative during the program. Whether it was participating in free Capture the Flag (CTF) competitions or attending local cybersecurity conferences, he sees now that those moments outside the classroom are just as vital to growth as the formal curriculum.

Looking Ahead

Yousef isn’t slowing down anytime soon. He sees his future rooted in cloud security, with a focus on becoming an increasingly skilled and impactful consultant. Next on his horizon? The Offensive Security Certified Professional (OSCP) certification is a notoriously challenging credential that he hopes to complete by the end of the year.

He’s also keen to give back. You can follow his journey or connect with him on LinkedIn, where he shares updates, thoughts, and resources for fellow cybersecurity professionals and students.

Beyond the Code

Of course, life at Google isn’t all about firewalls and exploits. Sometimes, it’s about grabbing a $1.50 slice of pizza to get through a long shift. And sometimes, it’s about a deeper lesson that has nothing to do with security tools or certifications.

For Yousef, that unexpected insight came in the form of spiritual clarity: “Have trust in God’s plan, for He is the best of planners.”

Yousef’s story is proof that cybersecurity careers aren’t born—they’re built, step by step, with curiosity, hard work, and the courage to take on what you think you’re not ready for. From SOCAP to Google, he’s forged a path that many aspire to—and he’s just getting started.

How Cyber Florida’s SOCAP Helped Erika Delvalle Launch Her Cybersecurity Career

When Erika Delvalle crossed the stage to receive her diploma from the University of South Florida in December, she wasn’t just closing a chapter; she was already deep into the next one. Now a full-time cybersecurity advisor at Rapid7, Erika helps organizations strengthen their security postures using tools like InsightIDR and InsightVM. However, she credits much of her early success to the experience and exposure she gained through Cyber Florida’s SOCAP (Security Operations Center Apprenticeship Program).

Real-World Skills, Real-World Confidence

SOCAP gave Erika more than just a preview of what life in cybersecurity could look like; it gave her a running start. During her time in the program, Erika helped write and distribute monthly threat hunting reports to government agencies, gaining valuable experience in technical analysis and professional communication.

“That experience gave me the confidence to write full reports and share them with external partners,” she recalled. “That was the moment I felt ready for the real world. It showed me I could handle the technical side and clearly explain what I found.”

She also became familiar with industry-standard tools like Splunk, CrowdStrike, and Recorded Future—knowledge that has translated directly into her current role.

“Much of what I do now is rooted in what I learned in SOCAP. The hands-on practice helped me hit the ground running.”

A Day in the Life at Rapid7

In her new role at Rapid7, no two days are the same. Erika works closely with clients to ensure they understand how to get the most out of their security tools while staying on top of constant product updates and industry developments.

“I spend a lot of time answering questions, helping clients troubleshoot, and collaborating with our SOC team to resolve any concerns,” she said. “There’s also a lot of learning—our tools evolve quickly, and I’ve had to develop strategies to keep up.”

Erika said she uses many methods to stay current, including watching videos, reading documentation, asking coworkers, and simply following her curiosity.

Building a Strong Foundation

While many of the incidents she deals with—such as phishing attempts or user authentication issues—may seem routine, Erika knows how critical the fundamentals are.

“Most challenges I see are about getting the basics right,” she said. “Things like user awareness, multi-factor authentication, and general security hygiene go a long way. My job is to help clients improve those areas and get more out of the tools they’re using.”

SOCAP’s emphasis on foundational skills made that transition smoother.

“If there’s one thing I wish I had done differently,” she reflected, “it’s diving deeper into the tools we had access to. There’s so much more under the surface, and those extra layers of understanding would be even more useful now.”

Advice for the Next Generation

To current SOCAP students and aspiring cybersecurity professionals, Erika offers practical advice: keep an open mind.

“Say yes to new opportunities even if they aren’t your dream job right away,” she said. “Everything teaches you something. Use outside resources like CTFs, certifications, or conferences to determine what you enjoy.”

And don’t underestimate the human side of the job.

“One thing that surprised me was how important it is to build personal connections. Before we dive into technical problems, we always check in and ask how the client’s day is going. It sets the tone.”

Looking Ahead

Erika sees herself continuing to grow within the blue team, focused on defense, incident response, and helping others understand the value of strong security practices. She’s also eyeing certifications from CISA and SANS as part of her professional development.

“I feel good about where I’m at, but there’s always room to grow,” she said. “I’d like to eventually move into a more technical SOC or support role and keep impacting that way.”

Life Outside the SOC

When she’s not helping organizations defend against cyber threats, Erika finds a different kind of freedom on two wheels.

“I got into motorcycles last summer after seeing a bunch of videos in my feed,” she said with a laugh. “It’s such a fun and relaxing way to take a break from work. Plus, it’s a great excuse to explore Florida and find new food spots.”

Erika Delvalle’s journey—from SOCAP apprentice to trusted cybersecurity advisor—is a testament to the power of experiential learning and the importance of mentorship, tools, and real-world practice. Her story is a shining example of how Cyber Florida’s mission to develop a skilled cyber workforce is making a tangible difference, one career at a time.

Sustainable, Hands-on and Multi-disciplinary Cybersecurity Skills Training to Meet Workforce Needs of Critical Infrastructure Sectors in Florida

A Report of Project Progress by Cyber Florida at USF

In Spring 2024, Cyber Florida was awarded a two-year, $200,000 grant from National Institute of Standards and Technology for their project – “Sustainable, Hands-on and Multi-disciplinary Cybersecurity Skills Training to Meet Workforce Needs of Critical Infrastructure Sectors in Florida” as part of their Regional Alliances and Multistakeholder Partnerships to Stimulate (RAMPS) Cybersecurity Education and Workforce Development (RAMPS Program).

The overall goals of the project are a) solicit core cybersecurity workforce needs both within and across various critical infrastructure (CI) sectors in Florida; b) analyze and summarize findings across entry level workforce needs; c) design a semester-level and practical/ hands-on cybersecurity training program for students that is to meet entry-level CI workforce needs; d) connect the first cohort of trained students to critical infrastructure sectors via interns and full-time positions; e) evaluate outcomes across multiple metrics including student self-assessment, industry expert assessment, program sustainability and scalability across institutions and CI sectors in FL.

Based on survey responses, we identified tangible gaps in entry level workforce needs across CI sectors in Florida in a broad sense, and started designing a 14 weeks hands on training program for students. The program was also designed keeping in mind the components of the Workforce Framework for Cybersecurity (NICE Framework) published on March 5, 2024 by NIST. The framework is publicly available at and contains Task, Knowledge, and Skill (TKS) Statements; Work Role Categories and Work Roles; and Competency Areas in the realm of cybersecurity workforce. The framework is available at https://www.nist.gov/itl/applied-cybersecurity/nice/nice-framework-resource-center.

We recruited our first cohort of five students for this semester-level program from the newly formed Bellini College of AI, Cybersecurity and Computing (CAICC) at the University of South Florida in January 2025. The five students went through our 14 week program centered on three foundational pillars – a) Basic Security Blue Team Level 1 (BTL1) Training for one month; b) Industrial Control Systems Foundational Course via the Aligned Realistic Cyberattack Simulation (ARCS) platform offered by SimSpace for one month; and c) ICS/SCADA Security Essentials course offered by the SANS institute. Students are eligible for a BTL1 certificate, and a Global Industrial Cyber Security Professional Certification (GICSP) in Industrial Control Systems upon completing a) and c). In addition, throughout the program, students are exposed to backdoors and breaches exercises, participate in mock security operations center (SOC) intelligence briefs, and also read state of the art research papers and trends in cyber centered critical infrastructure protection.

Multiple critical infrastructure entities in Florida participated in student engagement activities in Spring 2025. These include Tampa Airport, Tampa General Hospital, Talquin Coop and Seminole Electric. We have our next cohort of students starting in Fall 2025, and you are welcome to engage with Cyber Florida/ our students in the program. Post training, we expect our students to meet internship and entry-level workforce requirements in cybersecurity for critical infrastructure sectors in Florida.

CI Mapping

Cyber Florida has employed geospatial analytics and cybersecurity assessments to improve visibility into Florida’s vital infrastructure, enabling more effective coordination, risk mitigation, and rapid response efforts across state agencies.

Leveraging advanced technology to identify critical infrastructures significantly improves state leadership’s situational awareness and decision-making in all-hazards planning and preparedness.

Critical Infrastructure Protection Program Timeline