Re: InfoSec Grants

[AIS <ais () REINHARDT EDU>]

I am aware of Grants for SOC, MFA, and GDPR.

Connect with me off-list if anyone is interested in these Grants.

Ajit Singh
CIO
Reinhardt University

From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Von Welch (Work)
Sent: Friday, February 21, 2020 2:47 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] InfoSec Grants

Michael,

Does anyone know of any infosec grants that we could use to grow our internal (non-academic) security operations?  We 
do utilize students as interns, so an academic grant may help a bit, but I’m looking to grow our full time security ops.

I’m not aware of any grants with such intent at the Federal level. As others have mentioned, most grants seek to 
further a mission of the granting organization and what you need to look for is some alignment between that mission and 
what you are looking to accomplish. I also suggest thinking creatively and considering if a grant could cover some 
other work that could allow for an internal shift of funds.

Nick’s suggestion of the NSF CC* program is a good one and worth considering. NSF also has the CICI program, but I 
understand that is on hiatus this year. The NSF SaTC program is very research oriented, not aligned well with 
operations typically, and I don’t suggest it without a strong faculty/research collaborator. I would put DARPA and 
IARPA in the same bin as SaTC. I’m not familar with state DHS grants; at the federal level DHS seems to be diminishing, 
if not ending, their cybersecurity grants.

And yes, grants are almost all short term, which make them challenging for FTE. A suggested tactic is to think of them 
as start up funds to allow you to prove the value of something and then make a stronger internal argument for ongoing 
funding. Or if you feel you are in a particularly strong situation, ask for a management commitment of ongoing funding 
contingent on receiving a grant.

If you do go after federal grants and its your first time, expect a new world of nomenclature and challenging 
processes. Besides socializing the idea to your management ahead of time, I suggest making friends with at least one 
person, typically a faculty member, at your institution who has done a grant before as well as someone in your research 
administration office, particularly if you are in part of the organization that doesn’t do a lot of grants.

Finally, for operational endeavors, grants may not be the answer. With no further information, I would encourage you to 
explore all internal managerial and budgetting options first, including making sure you are expressing your proposed 
work in the strongest alignment with your organization’s mission and current initiiatives and have built as much 
political support as possible. Yes, this is challenging, but for operations it is more likely to be successful in my 
experience.

None of the above is meant to disssaude you. I was incredibly fortunate to learn the ins and outs of grant writing 
early in my career and it has opened many possibilities for me.

Good luck,

Von

--
Von Welch
Director, Center for Applied Cybersecurity Research / cacr.iu.edu<http://cacr.iu.edu>
Executive Director Cybersecurity Innovation / Indiana University
Associate Director, Pervasive Technology Institute / pti.iu.edu<http://pti.iu.edu>
vwelch () iu edu<mailto:vwelch () iu edu> / (812) 856-0363




On Feb 20, 2020, at 4:14 PM, Menne, Michael S <michael.menne () MNSU EDU<mailto:michael.menne () MNSU EDU>> wrote:

Does anyone know of any infosec grants that we could use to grow our internal (non-academic) security operations?  We 
do utilize students as interns, so an academic grant may help a bit, but I’m looking to grow our full time security ops.

Thanks

Michael Menne, CISSP
Chief Information Security Officer
IT Solutions Information Security
Minnesota State University, Mankato
Phone:  (507) 389-5705
mnsu.edu/cyberaware<https://mnsu.edu/cyberaware>

<image001.png>

Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended 
recipient(s) and may contain confidential and privileged information.  Any unauthorized review, use, disclosure or 
distribution is prohibited.  If you are not the intended recipient, please contact the sender by reply e-mail and 
destroy all copies of the original message.

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community


**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community