Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications by: Jody Jacobs (Fed)

Search Title, Abstract, Conference, Citation, Keyword or Author
Displaying 1 - 25 of 30

NIST Phish Scale User Guide

November 15, 2023
Author(s)
Shanee Dawkins, Jody Jacobs
The phishing cyber threat exploits vulnerabilities in the U.S. and around the world across private and public sectors. Embedded phishing awareness training programs, where simulated phishing emails are sent to employees, are designed to prepare employees

Can you Spot a Phish?

September 26, 2023
Author(s)
Jody Jacobs, Shanee Dawkins
This talk will cover findings from over 4 years of NIST phishing training data, highlighting user context as the key to phishing susceptibility. We will discuss the NIST Phish Scale, our research on why users click, and how it can help users spot a phish.

Phishing for User Context: Understanding the NIST Phish Scale

August 23, 2023
Author(s)
Shanee Dawkins, Jody Jacobs
The NIST Phish Scale is a method for measuring human phishing detection difficulty, providing a metric – a phishing email detection difficulty rating – for phishing training implementers to gain a better understanding of the variability in click rates

How to Scale a Phish: An Investigation into the Use of the NIST Phish Scale

August 7, 2023
Author(s)
Shanee Dawkins, Jody Jacobs
Organizations around the world are using the NIST Phish Scale (NPS) in their phishing awareness training programs. As a new metric for measuring human phish-ing detection difficulty of phishing emails, the use of the NPS by phishing training implementers

Peering into the Phish Bowl: An Analysis of Real-World Phishing Cues

August 7, 2023
Author(s)
Lorenzo Neil, Shanee Dawkins, Jody Jacobs, Julia Sharp
Organizations use simulated phishing awareness train-ing exercises to help users identify, detect, and defend against the ever-changing phishing threat landscape. Realistic phishing emails are used to test users' ability to spot a phish from visible cues

Phishing With a Net: The NIST Phish Scale and Cybersecurity Awareness

April 25, 2023
Author(s)
Shanee Dawkins, Jody Jacobs
Orienting an entire organization toward sound security practices is an important, but non-trivial undertaking. A starting point for many organizations is to build a robust security awareness program, training employees to recognize and respond to security

Can You Spot a Phish

October 19, 2022
Author(s)
Shanee Dawkins, Jody Jacobs
This talk will cover findings from over 4 years of NIST phishing training data, highlighting user context as the key to phishing susceptibility. We will discuss the NIST Phish Scale, our research on why users click, and how it can help users spot a phish.

NIST Cybersecurity Role-based Training Study Presentation

May 20, 2022
Author(s)
Jody Jacobs, Julie Haney, Susanne M. Furman
This presentation is for the May 17, 2022 Federal Information Security Educators (FISSEA) Spring Forum hosted by NIST. This presentation will present our preliminary findings from our Role-Based Training Study.

Approaches and Challenges of Federal Cybersecurity Awareness Programs

March 25, 2022
Author(s)
Julie Haney, Jody Jacobs, Susanne M. Furman
Organizational security awareness programs may experience a number of challenges, including lack of resources, difficulty measuring the impact of the program, and perceptions among the workforce that training is a boring, "check-the-box" activity. While

Federal Cybersecurity Awareness Programs A Mixed Methods Research Study

March 25, 2022
Author(s)
Julie Haney, Jody Jacobs, Susanne M. Furman
Prior industry surveys and research studies have revealed that organizational security awareness programs may face a number of challenges, including lack of: leadership support; resources; and staff with sufficient background and skills to implement an

NIST Security Awareness Study

October 25, 2021
Author(s)
Jody Jacobs, Julie Haney, Susanne M. Furman
This is a presentation for the September 28, 2021 FISSEA conference. This presentation is on the NIST Security Awareness Study. The goal of the study is to better understand the needs, challenges, practices, and professional competencies of federal

Exploring Government Security Awareness Programs: A Mixed-Methods Approach

August 3, 2021
Author(s)
Jody Jacobs, Julie Haney, Susanne M. Furman, Fernando Barrientos
Organizational security awareness programs are often underfunded and rely on part-time security awareness professionals who may lack sufficient background, skills, or resources necessary to manage an effective and engaging program. U.S. government

Cybersecurity Advocates: Force Multipliers in Security Behavior Change

July 5, 2021
Author(s)
Julie Haney, Wayne Lutters, Jody Jacobs
Cybersecurity advocates motivate individuals and organizations to adopt positive security behaviors. Based on our research, we describe qualities of successful advocates. Our findings have practical implications for expanding the cybersecurity workforce by