Introduction to the Cybersecurity and Infrastructure Security Agency (CISA)

Introduction to the Cybersecurity and Infrastructure Security Agency (CISA)

Target Audience: This session is ideal for anyone currently working in or aspiring to work in the independent live entertainment industry, especially:

  • Venue owners and operators

  • Festival producers and staff

  • Independent promoters and talent buyers

  • Venue managers and event coordinators

  • Security, operations, and production teams

  • Technical directors and safety leads

  • Aspiring professionals seeking to move into venue, festival, or promoter roles

Whether you’re managing a venue today or planning your future in live events, this session offers actionable insights and free resources to help you build safer, more resilient spaces.

Session Description: As America’s Cyber Defense Agency and the National Coordinator for the Security and Resilience of U.S. Critical Infrastructure, CISA leads the national effort to understand, manage, and reduce risk to the cyber and physical infrastructure that Americans rely on every hour of every day. Our safety and security depend on the ability of critical infrastructure to prepare for and adapt to changing conditions and to withstand and recover rapidly from disruptions.

In this session, CISA representatives will discuss how they help reduce risks and build security capacity to withstand new threats and disruptions, whether from cyberattacks, natural hazards, or physical threats. You’ll also learn about free resources, assessments, and training opportunities available to independent venues, festivals, and promoters to help strengthen preparedness and resilience.

Instructed by: Ryan Lewis & Andrew Balter

ADDITIONAL RESOURCES

  • Workshop Presentation Deck

  • Staff or Team Discussion Questions:

    General Awareness

    1. Are we currently leveraging any CISA services or programs?

    Physical Security

    1. Do we have a designated security manager and up-to-date security and emergency plans in place for our venue or events?

    2. How might we assess our venue’s vulnerabilities using tools like the Security Assessment at First Entry (SAFE) or Infrastructure Survey Tool (IST)?

    Cybersecurity

    1. What is our current cybersecurity posture? Are we regularly conducting vulnerability scans or tabletop exercises?

    2. Which of the free cybersecurity services from CISA (e.g., CRR, RRA, CSET, KEV) could be useful for our team or venues?

    3. How prepared are we to respond to ransomware threats or insider cyber threats?

    Communication & Culture

    1. How can we improve our internal reporting culture around suspicious activity or vulnerabilities?

    2. Should we adopt and promote the “If You See Something, Say Something®” campaign across our venues?

    ✅ Next Steps

    1. Internal Risk Review

      • Schedule a team meeting to review current emergency preparedness, physical security plans, and cybersecurity protocols.

      • Assign a team member to evaluate SAFE and IST tools for potential use.

    2. Outreach

      • Contact CISA advisors to inquire about assessments or tabletop training specific to your needs.

      • Subscribe to CISA communications: Sign up link and select your region.

    3. Cybersecurity Improvements

      • Enroll in CISA’s vulnerability scanning services and review current vulnerabilities.

      • Assign IT staff to review the Cybersecurity Performance Goals (CPGs) and identify top priorities for your venue/organization.

    4. Training & Development

      • Explore relevant CISA and NICCS training for venue staff.

      • Integrate CISA resources where appropriate.

    5. Event Safety Planning

      • Review security protocols for any upcoming events, especially temporary or high-attendance ones.

      • Draft or update safety procedures for demonstrations, suspicious packages, or active shooter scenarios.