Though Hank Kistler has worked in information technology at Duke for 34 years, he attended every session of last year’s “Virtual Security Academy” — and learned something new from each one.

In seven sessions of the “Virtual Security Academy,” Kistler, an IT manager in the Office of Academic Solutions and Information Systems (OASIS), brushed up on security policies and got exposed to updated information on topics such as identity and access management and vendor assessment and security.

“It’s just very informative, a low time commitment and a convenient way to meet people and learn new IT initiatives,” Kistler said. “It’s a wonderful experience.”Shelly Epps, top right corner, leads a session of Virtual Security Academy last year. Photo courtesy of Virtual Security Academy.

After success with a small, invited group of participants last year, organizers of the academy opened this year’s sessions to all faculty, staff and students across Duke. Hosted by the joint Duke IT Security Offices, the series of cybersecurity workshops will help staff and faculty learn how to take small actions to live a more secure online life by discussing current events through a cybersecurity lens.

The free sessions, hosted on Zoom from 3 to 4:30 p.m. every third Thursday of the month through April 2022, cover topics such as deepfakes, healthcare ransomware attacks and social media. The workshops include a mix of presentations, real-world storytelling, panel discussions and interactive activities. All sessions are recorded and available for view later.

“We’re trying to drive a security culture Change,” said Shelly Epps, director of Security Program Management at Duke Health. “We want to make sure that everybody at Duke understands their obligations, and what tools are available to them around security.”

The goal is to raise awareness among community members at various levels of technology expertise. According to “Americans and Privacy: Concerned, Confused and Feeling Lack of Control Over Their Personal Information,” a June 2019 survey from the Pew Research Center, a majority of American adults feel their personal data is less secure than it was in the past. 59 percent also say they understand very little to nothing about the data companies collect on them.Participants from the first Virtual Security Academy of 2021 learned about teens, vulnerable populations and technology on Aug. 19. Photo courtesy of Virtual Security Academy.

With this situation in mind, each Virtual Security Academy session is designed to reach all who attend — whether they are deeply familiar with security or not.

“Security is something that we can all do, whether it’s taking little steps or we’re taking big steps to do that,” said Angela Madden, the lead on security awareness and training programs at Duke. “And these talks, I think they’re going to be awesome to show what little things you can do to make yourself more secure.”

The next session on Sept. 16 covers “Critical Fails: Healthcare Ransomware.” Presented by Craig Barber, an IT consultant with the Duke Computer Security Incident Response Team, Barber will teach participants about the defense systems Duke uses to keep information safe and how ransomware can affect healthcare.

Ransomware is a form of malware that encrypts files on devices, making them unusable until a ransom is paid to unlock it. Ransomware typically infects machines through phishing emails, users clicking on malicious links or by viewing an advertisement containing malware.

According to the Center for Internet Security, in recent years, ransomware attacks have targeted healthcare information systems, bringing important life-saving operations to a halt in the process. A 2021 U.S. Department of Health and Human Services survey reports that 34 percent of healthcare organizations were hit with ransomware in the last year. This includes Asheville-based Allergy Partners, which was breached in February. Hackers demanded a $1.75 million payment to restore its access to data, according to the Asheville Citizen-Times.

“This is not new, but what we’re going to do is really show how, in the last few years, there have been healthcare organizations that have been really taken offline by massive ransomware attacks and the real-world impact,” Epps said.

For more information about Virtual Security Academy, a schedule of topics and how to join the Zoom, visit

Send story ideas, shout-outs and photographs through our story idea form or write [email protected].