Funding security awareness training with grants: A practical guide for educators and governments

Security habits are the cornerstone of cybersecurity, with nearly seven out of 10 security incidents involving the human element. Teacher, student and employee security awareness training is crucial as rising cybersecurity incidents pose unique challenges for educational institutions and local governments. 

An estimated five cybersecurity incidents hit K-12 schools each week. In one school district in Arizona, the percentage of ransomware attacks has risen by 393% over the last few years. When Las Cruces Public Schools in New Mexico suffered a ransomware attack, the district was forced to pay thousands of hours of IT staff time and tens of thousands for new computers. Recovery took months. (For more on ransomware, download our free Ransomware paper.) 

Miami University's Joseph Nwankpa notes that when experts test how often people from different industries click on phishing emails, those in higher ed communities rank near the bottom.  

Joseph Nwankpa talks about security issues in higher education in this episode of the Cyber Work Podcast. 

Government agencies face similar challenges. Security awareness is often far below acceptable levels, making it easier for hackers to access sensitive information and systems.  

The good news is that funding is available for school and government security awareness training. This guide will introduce you to funding sources and encourage you to take the important first step — contacting your grant office.  

An educated workforce is a powerful frontline defense against attackers, making everyone in your community safer. 

See Infosec IQ in action

From gamified security awareness to award-winning training, phishing simulations, culture assessments and more, we want to show you what makes Infosec IQ an industry leader.

Demo Now

The challenge of funding security awareness programs 

Limited funding is a tough challenge for many schools and government agencies. School systems have to navigate a difficult balancing act. Employees need cost of living increases. Facilities need repair. Operational costs soar.  

This results in a budgetary whirlwind and cybersecurity awareness often gets lost in the commotion. Unfortunately, this leaves many schools vulnerable to costly cyber threats. 

This episode of Hacker Headlines, a training series on the Infosec IQ platform, covers back-to-school cybersecurity. 

A solution to funding cybersecurity: Grants 

Your school or government agency can use grants to fund a range of workforce development programs, including cybersecurity awareness. For instance: 

• The Cybersecurity and Infrastructure Security Agency (CISA) offers funding primarily through the Cybersecurity Education and Training Assistance Program (CETAP), which funds cybersecurity curriculum and training to educate students about cyber risks and best practices. 
• Organizations may also benefit from the E-Rate Cybersecurity Pilot Program, which the Federal Communications Commission (FCC) sponsors to bolster the defense of school and library networks. 
• The State and Local Cybersecurity Grant Program (SLCGP) and the Tribal Cybersecurity Grant Program (TCGP) have teamed up with the Department of Homeland Security (DHS) to support state, local and territorial governments throughout the U.S. The SLCGP and TCGP have already committed to making $1 billion available over the next four years. 

These are just a few examples. To explore more options, reach out to your local grant office or speak to someone at Infosec Institute. 

How to best work with your grant office 

The key to landing a grant is to reach out to your grant office and tell them about the cybersecurity measures for which you need funding. Here are some key points to keep at the top of your mind while doing so. 

When in doubt, reach out 

Don't underestimate the potential funding you can get from grant programs for your cybersecurity awareness initiatives. Many IT folks presume that grants are more geared towards social services, such as veteran therapy and educational opportunities for underrepresented demographics. 

But those kinds of programs are only a slice of the pie. Grant-issuing agencies are eager to improve the cybersecurity of schools and government offices, not just because it helps your organization thrive but also because it creates a safer cyber environment for the country's citizens. 

So, when in doubt, reach out to learn about the possibilities. 

Align your concerns with those of the grant issuer 

You don't want to try to stuff a round peg in a square hole as you discuss how you'll use grant funds. 

For example, suppose you want to apply for a grant sponsored by the Cybersecurity Education and Training Assistance Program (CETAP). You have a cybersecurity course in mind that would only be available to honors students on a computer science track. Your aim is to use grant funds to hire an instructor to teach cybersecurity. 

While this grant may get approved, you may stand a better chance if you: 

• Weave cybersecurity throughout a range of curricula, not just a single class for honors students 
• Use funds to teach educators more about cybersecurity awareness, as well as support staff 
• Incorporate CETAP's Cyber Career Cards into the homeroom curriculum, making students more aware of potential cybersecurity career paths 

Why throw these into the mix? These initiatives align with CETAP's mission, which focuses on providing cybersecurity education to a wide range of students and educators, not just small, niche groups. 

See Infosec IQ in action

From gamified security awareness to award-winning training, phishing simulations, culture assessments and more, we want to show you what makes Infosec IQ an industry leader.

Demo Now

Make a system to improve your chances 

Every grant is different, so you have to take the time to understand exactly what each program wants to see. Here's a systematic way of doing so. 

1. Be proactive 

You need to take the first, second, and third steps to land the grant you need. Christy Brammer, Sr. Grant Specialist at Cengage Learning, says your path of least resistance involves open discussion with your grant offices. “Simply walking to the other building, sitting down and having an open conversation can help everyone understand what you do and how they may be able to help you,” says Brammer. This may be the quickest way to understand which grant programs align best with your security awareness goals. 

2. Align your timing 

Most state and federal funding gets released once a year. Your grant office can help you understand how to time your grants. 

Often, grant periods begin at the beginning of the following year, with the notice of funding opportunity (NOFO) statement released in the fall of the current year. For instance, DHS's State and Local Cybersecurity Grant Program has a start date of Feb. 1, 2025, and an end date of Jan. 31, 2029. 

By identifying the grants, you want to apply for and timing your application according to deadlines, you put yourself in the best position to land the funding you need. 

3. Have a plan 

Your plan needs to outline: 

• The current gap you're looking to address around the lack of awareness of phishing, ransomware and other common threats. 
• Quantifiable metrics, such as the number of students or educators taught or even a drop in the frequency of certain kinds of cyber incidents. 
• The benefit of your cybersecurity program to those in your institution's community. Focus on how it benefits people, not just your school's or government agency's prestige or effectiveness. 

4. Identify partnerships 

Many grants require you to partner with a community organization, government entity or a certain kind of employer. You want to identify these partners early on in the process, especially because this may be a mandatory facet of your grant application. 

By figuring out your partnership requirements early, you give yourself enough time to find a natural fit. You don't want it to seem like you're slipping a partnership into your application just to fulfill the requirement. There should be organic synergy between your organization and the one you partner with. 

Common components in grants 

Even though their purposes may vary considerably, grants tend to have similar structures. At a high level, many grants include: 

• Strict eligibility standards. For example, some can only be used by educational institutions or government agencies. Even if a private company's mission aligns with the grant provider's, it wouldn't qualify. 
• Detailed application requirements. For example, you may have to provide a detailed budgetary breakdown explaining how much money you need and how you intend to spend it. 
• Impact statement requirements. You must quantify and explain the impact you'll have on a community because of getting your funds. 
• Mandatory reporting practices. For example, you may have to report on how you have used funds periodically, such as once a quarter or a year. 

Sources for finding grants 

Your grant office is a great starting point as you investigate potential opportunities. At the same time, you may find some of the following ideas give you a good launch point for your grant mission: 

• Grants.gov: This is your home base for federal funding opportunities. You can search the site to find cybersecurity-specific grants and Notice of Funding Opportunity (NOFOs). 
• Corporate funding: Many corporations have foundations designed to support schools. Some schools have already received donations from a corporate partner. If that's your case, you can ask for additional funds. 

Your corporate funding options may be broader than you realize. Verizon, Google, Microsoft, Apple and the George Kaiser Family Foundation all provide grant funds, to name a few. 

Brammer further explains that one easy way to identify corporate grant opportunities is to "Google '990' and the name of the foundation" you think may provide a grant. Organizations must publicly post grant data. While the data may be a little dated, it still gives you an idea of the funding the organization provides. 

See Infosec IQ in action

From gamified security awareness to award-winning training, phishing simulations, culture assessments and more, we want to show you what makes Infosec IQ an industry leader.

Demo Now

Funding your security awareness program: Key takeaways 

Here are some points to keep in mind as you start looking for grants: 

• Be assertive and reach out for grant opportunities 
• Ensure your mission aligns with the grants at the top of your list 
• Investigate a range of corporate grant opportunities because there's a wide variety of options 

Contact your grant office to start sifting through your options. And book a meeting with Infosec for further guidance on working with your grant office. 

Want more free resources? 

• Download our free Security Awareness Toolkit for Educators for a program you can easily integrate into an academic calendar 
• Explore FREE cybersecurity training resources to keep your staff and students cyber-safe 
• Learn about K-12 Digital Citizenship, a K-12 security awareness series from Infosec and Common Sense Media