The September 2025 MAD Security Town Hall tackled one of the most pressing challenges in the maritime sector today: meeting the U.S. Coast Guard’s new cybersecurity training mandate.
Hosted by Cliff Neve, MAD Security VP and former Acting Deputy Commander of Coast Guard Cyber Command, alongside Scott Dickerson, CEO of CISO LLC, the session delivered critical guidance for CySOs, port authorities, and DoD-aligned maritime operators.
With a fast-approaching January 12, 2026, compliance deadline, the Town Hall focused on the implementation hurdles, workforce complexities, and compliance strategies needed to deliver meaningful training across highly dynamic port environments.
This session reinforced MAD Security’s leadership in cybersecurity compliance for the defense and maritime sectors, helping contractors and facility operators understand not just the rule, — but how to operationalize it in the real world.
|
Training is Now a Regulatory Requirement and Not Just for Full-Time StaffUnder the new Coast Guard rule: All personnel with access to vessel, facility, IT, or OT systems must complete cybersecurity training New hires must be trained within 60 days of cybersecurity plan approval or 5 days of system access Annual retraining is required thereafter Role-based training is mandated for key cyber personnel, including CySOs and OT specialists This applies even to temporary, vendor, or unionized workers making documentation and enforcement far more complex than typical corporate training mandates. |
|
Traditional Training Delivery Models Will Fall ShortMany maritime facilities rely on contractors or rotating staff who may lack user credentials or LMS access. The Town Hall highlighted several practical alternatives: Training binders or kiosks for last-minute onboarding Digital certificates for portable proof of training Group sessions led by vessel or facility officers Web-based modules accessible on demand As Scott Dickerson emphasized, “Context matters. A crane operator and finance manager don’t need the same cyber threat training but they both need something relevant.” |
|
The CySO Is the Focal Point for Justifying Compliance DecisionsThe Coast Guard allows flexibility in how facilities implement training, but the burden of proof lies with the CySO. You must be able to explain: Who was trained, and why What delivery method was used How records were maintained How training aligns with your facility’s risk profile Failure to do so could result in audit failures or operational delays during inspections. |
|
Training Must Be Tailored to the Operational EnvironmentEffective cybersecurity training under the new rule must: Cover threat detection, reporting, and incident response Include real-world examples (e.g., MITRE ATT&CK tactics) Be adapted to physical roles (e.g., OT technicians vs. admin staff) Reinforce cultural behaviors (e.g., slowing down to avoid phishing clicks) |
As MAD Security's phishing simulations show, 78% of users who process emails quickly are more likely to click on phishing links showing that technical awareness must be paired with behavioral triggers.
MAD Security is uniquely positioned to support organizations navigating these complex compliance requirements:
| Proven experience with multiple shipping companies, ports, cruise lines, the Maritime Administration (MARAD), and offshore continental shelf facilities | |
| Experts in the Coast Guard Final Rule on Cyber in the MTS, NIST CSF 2.0, ISA 62443, DFARS 252.204-7012, NIST 800-171, and CMMC 2.0 | |
| Full-spectrum IT/OT services: GRC, SOCaaS, MDR, Pen Testing, VCM, Risk Assessments | |
| U.S.-based 24/7 SOC operated by credentialed citizens in Huntsville, AL | |
| Named a Top 250 MSSP globally for 4 consecutive years | |
| CMMC Level 2 Certified MSSP with a perfect SPRS score of 110 | |
| Cyber-AB Registered Practitioner Organization (RPO) | |
| No “rip and replace;” we integrate with your existing security stack | |
| Service-Disabled Veteran-Owned Small Business (SDVOSB) |
With the January 12, 2026, training deadline fast approaching, organizations that delay action face:
| Noncompliance during Coast Guard inspections | |
| Contract loss for failing to meet cyber-readiness obligations | |
| Costly remediation if training records are incomplete or inconsistent | |
| Operational bottlenecks for vendor access or rotating staff |
Early action ensures smoother audits, higher maturity, and stronger security culture. It also allows time to test and tailor training methods before enforcement begins.
MAD Security offers several free tools to help you align with new maritime training mandates:
| Free Consultation with an expert in Maritime Cybersecurity | |
| Checklist/roadmap for achieving the January 2026 deadline | |
| CMMC Master Bundle |
Whether you are building your first cybersecurity plan or refining an existing one, these resources are designed for DIB and maritime compliance leaders.
The Coast Guard’s training requirement may seem simple on paper, but its real-world implementation challenges underscore the complexity of maritime cybersecurity. With the right support, facilities can go beyond check-the-box compliance and create real behavioral change.
Cybersecurity isn’t a one-time task. It’s a culture. A commitment. A competitive advantage.
Let MAD Security help you get it right!
Original Publish Date: October 07, 2025
By: Maritime MAD Security