Modernizing Cybersecurity in Higher Ed: How Stevens IT Transformed User Risk Management
Vol. 1 No. 1 (2025), EdgeCon Autumn 2025 Articles
Vol. 1 No. 1 (2025)

Modernizing Cybersecurity in Higher Ed: How Stevens IT Transformed User Risk Management

EdgeCon Autumn 2025 Articles
Published 11/07/2025
Jeremy Livingston
Stevens Institute of Technology
Kaila Mathis
Dune Security
Grace Gately
Dune Security

Keywords

Cybersecurity awareness
User risk management
Behavioral analytics
Adaptive training
Higher education security

How to Cite

Livingston, J., Mathis, K., & Gately, G. (2025). Modernizing Cybersecurity in Higher Ed: How Stevens IT Transformed User Risk Management. EdgeCon Proceedings, 1(1). Retrieved from https://edgeconproceedings.net/index.php/ecprcdgs/article/view/820
ACM ACS APA ABNT Chicago Harvard IEEE MLA Turabian Vancouver

Download Citation

Endnote/Zotero/Mendeley (RIS) BibTeX

Abstract

Objective 
As AI-driven social engineering attacks continue to bypass traditional technical defenses, Stevens Institute of Technology replaced one-time annual training with a continuous, behavior-based model for managing user-level cybersecurity risk. The initiative reframes cybersecurity readiness as a measurable, data-informed process rather than a compliance exercise.

Context 
Higher education institutions continue to invest in firewalls, endpoint monitoring, and network controls, yet most breaches begin with users—faculty, staff, or students—who are manipulated into exposing credentials or sensitive data. Traditional awareness training fails because it measures completion, not behavior. Stevens sought a model that could surface real-time risk patterns, tailor interventions to individual users, and build a culture of shared accountability.

Key Insights 
Using Dune Security’s User Adaptive Risk Management platform, Stevens implemented a continuous testing and training model that:

  • Simulates real-world phishing and social engineering attacks across multiple channels
  • Scores behavioral risk at both the individual and departmental levels
  • Aligns real-time training to each user’s demonstrated risk profile
  • Integrates behavioral analytics with identity systems such as Workday and Okta
  • Eliminates legacy, one-size-fits-all compliance training without increasing administrative burden

Within one month of implementation, Stevens replaced its annual compliance course with role-based, adaptive learning and achieved full visibility into user-level risk patterns. The shift established a shared responsibility framework where cybersecurity readiness is measured rather than assumed.

Future Directions
Stevens plans to expand the model by incorporating longitudinal risk scoring, AI-generated attack simulations, and benchmarking across peer institutions. The case offers a replicable blueprint for universities seeking to transition from awareness to measurable resilience—demonstrating that cybersecurity maturity begins not with technology, but with people.