News

Cyber Florida’s phaseZERO: Incubation Innovator Seed Fund Awardee – StudySpaces

Receiving a seed fund grant from Cyber Florida at USF “has been a game-changer for StudySpaces,” says co-founder Axhens “Jesse” Mara. Along with co-founder Jamshidbek “Jam” Mirzakhalov, Mara launched StudySpaces with the goal of improving cybersecurity education through innovative, hands-on learning tools. The two met while studying at the University of South Florida, where they both earned their degrees and developed a shared passion for advancing cybersecurity training.

The funding has accelerated StudySpaces’ development, refined its platform, and brought its vision to life. This support has been transformative for a growing startup, allowing them to compete with larger industry players and expand their reach.

Looking ahead, the StudySpaces team plans to enhance its platform’s AI capabilities and expand its content engine to support more learning materials. They aim to equip more individuals with the cybersecurity skills needed to succeed by continually improving testing and training features.

For those looking to make an impact in cybersecurity education and research, the StudySpaces team emphasizes adaptability. “Focus on building tools that address real-world needs,” said Mara. “Listen to feedback, test your ideas continuously, and embrace new approaches. Practical, hands-on learning makes the biggest difference.”

Reflecting on the effect of Cyber Florida’s support, Mara shared, “The grant turned our vision into reality. StudySpaces is already helping people learn and gain skills more effectively by combining adaptive curriculum generation, testing, and tutoring. We are proud of what we’ve built and excited for the future as we continue to evolve and make a real impact.”

This is just the beginning for StudySpaces. With ongoing innovation and the support of programs like phaseZERO, the team is excited to refine their platform further and expand their influence on cybersecurity education.

By Rex Wilson, Cyber Florida Brand Manager

Jayson E. Street—the self-described hacker, helper, and human—is known for a lot of things. Not surprising for someone who robs banks for a living. (Legally, of course.) In his world, reputations tend to precede people. But among the many things Jayson is known for, one stands out: the awkward hug.

Before meeting him at Sunshine Cyber Con in 2024, I assumed an awkward hug was just a poorly executed embrace—one where both participants weren’t equally committed. That might be true in some circles, but not in Jayson’s world. When we finally met in person, he asked, “Do you want a little awkward or full throttle?” Like any self-respecting, socially awkward introvert, I went for full throttle. The result? The photo you see in this post—an unforgettable moment I’ll treasure for a long time.

But as much as I loved that interaction, it wasn’t even my most memorable Jayson moment of Sunshine 2024. That honor goes to a simple conversation we had between sessions.

While running around conducting interviews for a documentary, I kept noticing Jayson stationed at a table in a high-traffic area. Every time I passed by, he was engaged in conversation with different attendees—sometimes one-on-one, sometimes with three or four at once. Eventually, I caught a quiet moment with him and asked, Why park yourself in such a visible spot? Isn’t it exhausting to be ‘on’ all day?

“Yes,” he admitted. “But this might be the only chance some of these people have to connect with me in person, and I have to be there for them. Who knows what will come out of that conversation?”

That philosophy—being present, making space for connection—seems to define the way Jayson moves through life. And I admire it. Peopling can be hard, but the right conversations can be life-changing, soul-enriching.

This year, Jayson returns as our keynote speaker, and I couldn’t be more excited for his talk, How to Hack Like a Failure (Like Me!). But that wasn’t quite enough Jayson for us, so we also invited him to join our Do We Belong Here? podcast for a live recording—an epic combination in the making. And as the icing on the Sunshine cake, he’s bringing some of his hacker friends to launch our first-ever Hear from the Hackers track.

Want to experience all of this in person? Register for Sunshine Cyber Con today. It’s an awesome event—even if you’re not an awkward hugger.

Florida Statute 282.3185 outlines important cybersecurity requirements for local governments. The table below highlights key focus areas and provides valuable resources to support compliance efforts.

These resources are designed to make meeting the requirements straightforward and achievable. Cyber Florida’s expertise and tools can help you identify opportunities, develop strong practices, and ensure your cybersecurity goals are aligned with our state’s cybersecurity goals.

If you have any questions or need further support, please don’t hesitate to contact Cyber Florida at https://cyberflorida.org/connect/ or email [email protected].

Thank you for your ongoing efforts to strengthen cybersecurity!

Cybersecurity has become a critical priority for organizations across public and private sectors. Recognizing this need, Cyber Florida has developed the Florida Cyber Risk Assessment (FCRA), a no-cost, confidential cybersecurity risk assessment aligned with NIST Cybersecurity Framework (CSF) 2.0. The FCRA is designed to assist critical infrastructure (CI) organizations in identifying and mitigating cybersecurity risks, complying with best practices outlined in the Florida Cyber Act (Statute 282.318), and building resilience against cyber threats.

What is the Florida Cyber Risk Assessment?

The FCRA is a Florida-specific adaptation of the Cyber Security Evaluation Tool (CSET®) developed by Idaho National Lab. It incorporates 106 NIST CSF questions and 48 Ransomware Readiness Assessment (RRA) questions, providing a structured approach for organizations to strengthen their cybersecurity frameworks. Participants can generate customized reports to enhance their cyber defense strategies and align with legal and regulatory requirements.

Addressing Gaps in Florida’s Critical Infrastructure Sectors

Recent FCRA assessments have revealed significant cybersecurity gaps within Florida’s CI sectors:

• Lack of Response and Recovery Plans: 50% of CI providers lack robust response and recovery plans.
• Weak Authentication Practices: Half of CI organizations do not use Multi-Factor Authentication (MFA).
• Inconsistent Partner Audits: While 39% conduct response planning with third-party providers, only 48% regularly audit these partners’ cybersecurity practices.
• Limited Training Programs: 49% lack formal cybersecurity training programs beyond basic awareness.
• Unclear Management Responsibilities: Nearly half of providers do not have assigned cyber-management responsibilities, with 49% lacking a Chief Information Security Officer (CISO).
• Infrequent Incident Response Exercises: Only 48% of organizations conduct biannual incident response tabletop exercises.
• Undefined Risk Tolerance: Just 53% of CI providers have clearly defined their risk tolerance, highlighting a critical gap in risk management strategies.

Enhancements and Tools to Support Cybersecurity

To address these challenges, Cyber Florida has implemented or is developing several tools and initiatives:

• Entry and Mid-Level Assessments:
  • A 20-question entry-level assessment evaluates organizations’ protections based on the top 20 areas of concern.
  • A 38-question mid-level assessment measures cybersecurity maturity against CISA Cybersecurity Performance Goals (CPGs).
• Maturity Modeling: A maturity index based on the Multi-State Information Sharing and Analysis Center (MS-ISAC) template helps organizations benchmark their cybersecurity practices.
• AI-Driven Resource Mapping Tool: In development, this innovative tool generates summaries from NIST 800-53 for all 106 CSF questions. Users will be able to efficiently create comprehensive cyber plans, including governance, incident response, and recovery plans.
• Workshops: A series of cybersecurity presentations aimed at raising awareness and educating CI organizations in both the public and private sectors.

New Tools and 2025 Initiatives

Cyber Florida continues to innovate and expand its efforts to enhance cybersecurity across the state. Notable initiatives include:

• Florida CI Mapping Pilot Project (Cyber-Bulls-I): A first-in-the-nation resource to help CI sectors address cyber risks, meet legal requirements, and build future compliance capacity. This tool provides risk reduction resources tailored to Florida’s sectors, risks, needs, and vulnerabilities.
• Enterprise Data Management Platform: A forthcoming platform designed to identify grant, research and development, and policy opportunities for Florida’s CI sectors.
• Visualization and Dashboard Tools: New tools for state leadership to monitor and address cybersecurity challenges effectively.
• Workforce Development Initiatives: These include a new mapping tool to support small business and defense industry growth.

The Path Forward

With its comprehensive approach and cutting-edge tools, the Florida Cyber Risk Assessment is paving the way for a stronger cybersecurity posture across Florida’s critical infrastructure sectors. Organizations adopting the FCRA’s recommendations and utilizing its resources will be better equipped to protect themselves against evolving cyber threats and ensure compliance with industry standards and legal mandates.

Cyber Florida remains committed to fostering a secure, resilient, and innovative cyber environment for Florida. For more information or to participate in the FCRA, visit https://cyberflorida.org/cip/ today.

Cyber Florida at USF’s Security Operations and Cybersecurity Apprenticeship Program (SOCAP) employs up to 10 students each semester, with opportunities for students to remain in the program for multiple terms. Through this innovative program, SOCAP interns gain hands-on experience addressing real cybersecurity issues for various clients, effectively extending the capabilities of client IT teams.

Managed by Ryan Irving and Duy Dao, SOCAP gives students valuable exposure to the day-to-day operations of a security operations center. Leveraging tools like Microsoft Defender, Crowdstrike, Stamus Networks, MS-ISAC Albert, Recorded Future, Magnet Forensics, Belkasoft Forensics, Volexity, and more, Irving assigns work tickets—real security alerts or issues—that need investigation. Each day, students select or are assigned tickets from the system, allowing them to work on current cybersecurity tasks and engage in practical problem-solving.

The University of South Florida (USF) Information Technology (IT) Department is among the clients benefiting significantly from SOCAP’s services. “The SOCAP partnership with USF IT is fantastic,” says Irving. “Students aren’t just performing real cybersecurity tasks; they’re actively improving the security of the university’s IT infrastructure while honing their skills in a real-world environment.”

In addition to ticket-based troubleshooting, SOCAP students take on proactive threat-hunting roles, scouring resources to detect potential indicators of compromise and preparing threat advisories for Cyber Florida’s threat room page on its website.

SOCAP students like Alessandro Lovadina, Erika Delvalle, and Ben Price bring diverse skills and interests, creating a collaborative team environment.

Lovadina is passionate about coding projects, like building web applications. “With AI, cybersecurity is crucial; all students should learn the basics of cybersecurity,” he notes.

Delvalle finds excitement in threat-hunting tickets. “It never gets boring,” she says. “You’re always learning something new.”

Price enjoys challenging issues that expand his research skills and expertise. “It’s fulfilling; it’s important,” he says.

SOCAP students have the freedom to conduct their own research and troubleshoot using open-source information and reliable online resources. The program’s hybrid format allows students to work both in-office and remotely, providing a dynamic environment that complements their class schedules. This flexibility gives SOCAP interns a comprehensive view of security operations and invaluable career experience.

Irving also incorporates regular training exercises in collaboration with the USF IT team. “Monthly simulated events allow students and staff to practice incident response skills together,” he says. “We invite USF IT to join these sessions, so that we can learn and improve our response capabilities as a team.”

Dennis Guillette, Director and Security Architect of USF IT, expressed his appreciation for SOCAP students’ contributions to the university’s cybersecurity efforts. “I would like to extend my deepest gratitude to the SOCAP students for their outstanding hard work and dedication. Their impressive technical knowledge and exceptional troubleshooting skills have been invaluable to our security posture. Their commitment to excellence and ability to tackle complex security challenges have significantly strengthened us. Thank you for setting a high standard of professionalism and expertise.”

Cyber Florida’s SOCAP internship program at USF continues to be a valuable resource for students and the university alike, advancing cybersecurity skills and bolstering the state’s defenses. It serves as a model for other schools.