ArticlePDF AvailableLiterature Review

The Future Cybersecurity Workforce: Going Beyond Technical Skills for Successful Cyber Performance

Authors:

Abstract and Figures

One of the challenges in writing an article reviewing the current state of cyber education and workforce development is that there is a paucity of quantitative assessment regarding the cognitive aptitudes, work roles, or team organization required by cybersecurity professionals to be successful. In this review, we argue that the people who operate within the cyber domain need a combination of technical skills, domain specific knowledge, and social intelligence to be successful. They, like the networks they operate, must also be reliable, trustworthy, and resilient. Defining the knowledge, skills, attributes, and other characteristics is not as simple as defining a group of technical skills that people can be trained on; the complexity of the cyber domain makes this a unique challenge. There has been little research devoted to exactly what attributes individuals in the cyber domain need. What research does exist places an emphasis on technical and engineering skills while discounting the important social and organizational influences that dictate success or failure in everyday settings. This paper reviews the literature on cyber expertise and cyber workforce development to identify gaps and then argues for the important contribution of social fit in the highly complex and heterogenous cyber workforce. We then identify six assumptions for the future of cybersecurity workforce development, including the requirement for systemic thinkers, team players, a love for continued learning, strong communication ability, a sense of civic duty, and a blend of technical and social skill. Finally, we make recommendations for social and cognitive metrics which may be indicative of future performance in cyber work roles to provide a roadmap for future scholars.
Content may be subject to copyright.
A preview of the PDF is not available
... Studies analyzing job advertisements have agreed that employers value professional competencies, as well as social, personal, and methodological competencies [13,87,92,93]. In addition, a recent review of the cybersecurity workforce's future has argued that the skill set of cybersecurity experts must consist of more than just technical skills [27]. However, social, methodological, and personal competencies are not only underemphasized in number but are also completely missing from many competency models. ...
... Indeed, if security professionals lack personal and social competencies, they may not be successful at work. As discussed by [27], lifelong learning is a valuable personal competency, and the absence of a commitment toward lifelong learning could render a security professional useless as the technology and threat landscape changes. Similarly, an inability to communicate complex security issues to nontechnical personnel and a lack of team playing skills reduce job performance [27]. ...
... As discussed by [27], lifelong learning is a valuable personal competency, and the absence of a commitment toward lifelong learning could render a security professional useless as the technology and threat landscape changes. Similarly, an inability to communicate complex security issues to nontechnical personnel and a lack of team playing skills reduce job performance [27]. Therefore, most of the analyzed competency models are only partially suitable for curriculum and workforce development, as they miss essential competency dimensions. ...
Article
Full-text available
Competency models are widely adopted frameworks that are used to improve human resource functions and education. However, the characteristics of competency models related to the information security and cybersecurity domains are not well understood. To bridge this gap, this study investigates the current state of competency models related to the security domain through qualitative content analysis. Additionally, based on the competency model analysis, an evidence-based competency model is proposed. Examining the content of 27 models, we found that the models can benefit target groups in many different ways, ranging from policymaking to performance management. Owing to their many uses, competency models can arguably help to narrow the skills gap from which the profession is suffering. Nonetheless, the models have their shortcomings. First, the models do not cover all of the topics specified by the Cybersecurity Body of Knowledge (i.e., no model is complete). Second, by omitting social, personal, and methodological competencies, many models reduce the competency profile of a security expert to professional competencies. Addressing the limitations of previous work, the proposed competency model provides a holistic view of the competencies required by security professionals for job achievement and can potentially benefit both the education system and the labor market. To conclude, the implications of the competency model analysis and use cases of the proposed model are discussed.
... The cyber domain is a multifaceted sector, considering how it has amalgamated different professions and is relevant in almost every industry, since it involves various aspects such as the process of connecting online devices and creating a platform that gives people the opportunity to interact with these devices, thus revealing how these devices have influenced different components of their lives [120]. Therefore, it is worth mentioning that the cyber paradigm is crucial, as it has managed to influence almost every aspect of contemporary life, such as healthcare, powering homes, transportation, and multiple other actions that people perform in their daily lives [121]. ...
... Sensors 2023,23,120 ...
Article
Full-text available
Cities have grown in development and sophistication throughout human history. Smart cities are the current incarnation of this process, with increased complexity and social importance. This complexity has come to involve significant digital components and has thus come to raise the associated cybersecurity concerns. Major security relevant events can cascade into the connected systems making up a smart city, causing significant disruption of function and economic damage. The present paper aims to survey the landscape of scientific publication related to cybersecurity-related issues in relation to smart cities. Relevant papers were selected based on the number of citations and the quality of the publishing journal as a proxy indicator for scientific relevance. Cybersecurity will be shown to be reflected in the selected literature as an extremely relevant concern in the operation of smart cities. Generally, cybersecurity is implemented in actual cities through the concerted application of both mature existing technologies and emerging new approaches.
... While there are many benefits to remote/telework, one downside is the increased difficulty of observant co-workers to impede, interrupt, or deter potential insider threats (p.44). Countering this effect requires biotechnology engineering and healthcare organizations to increase their ethical training and standards for their cybersecurity workforce since a skilled cybersecurity professional is usually in a high-trust position and could take advantage of their employer's lack of understanding in how they work and what they do (Dawson, 2018). In addition, with more insiders from different companies being let in, it becomes harder for biotechnology engineering and healthcare organizations to know what their contracted and sub-contracted companies hiring standards are, how they screen for mental health issues, and what internal reporting practices they use to notify the parent organization of their employees CWBs. ...
Article
This article explores the nature of cybersecurity professionals being insider threats to their own organization, as well as the general increase in harder-to-detect threats coming from an ever-widening acceptance of third-party insiders, which organizations, biotechnology engineering, and other healthcare organizations rely on. After examining the current and emerging literature on how individuals are motivated to engage in problematic workplace behaviors as a means of gaining their specific goal or need, the paper articulates malicious cybersecurity insider threat indicators, then provides best practices for reducing the risk of these threats in healthcare and biotechnology engineering organizations.
... The current approach to cybersecurity tends to consider this issue as an IT problem and consequently to manage it technically, while it is now imperative to go beyond technical skills for creating a future cybersecurity workforce that is really effective (Dawson & Thomson, 2018). In this perspective, given the increasingly digitized world and the growing importance of digital skills, digital citizenship education is central to lead individuals to manage digital technologies effectively (Choi, 2016;Meghan et al., 2019). ...
Article
This paper will discuss the future of cybersecurity workforce development. Cybersecurity is a field that is increasingly becoming important in today's workplaces. Considering the rapid growth of technology, it is expected that the field of cybersecurity will change significantly in the future. As such, preparedness is needed to ensure that the future cybersecurity workforce is not hindered by a lack of training, resources, or technical expertise. The personality traits of a cybersecurity professional should be evaluated before the assumption of a given occupation to ensure that this professional is the best fit and possesses all skills, values, and values required for that post. Teamwork should be integral in future workforce development because, according to the current trend in different industries, being a team player is essential. Lastly, cybersecurity professionals should be trained to observe ethics and civic duty by being loyal to their employers. They should also prioritize continued learning because the cyber domain is ever-changing and requires flexibility and adjustment. This paper will first explore the cyber environment and highlight some of the challenges currently facing the area. Next, the most fundamental skills needed for the furtherance of this field will be covered. One area that will be the paper's focus will be the importance of social skills. The article will finally provide an overview of some of the anticipated changes that will take place in the area of cybersecurity workforce development.
Article
Full-text available
The problem is the lack of social consensus in Bosnia and Herzegovina (hereinafter B&H), as a plural society (hereinafter PS), which is why it is directed with its segments to the only sustainable joint activity of the segments-the market, and related economic activities. The subject are the characteristics of alternative development solutions-Green Agenda (hereinafter GA), green and circular economy (hereinafter GE, CE) and green consumerism (hereinafter GC), which are in the function of PS. We accept the hypothesis that the unsolved pre-political (cultural) issues of B&H even in the 21 st century condition the application of alternative development solutions-GA, GE, CE and GC, which are in the function of PS and its energy security (hereinafter ES). The scientific goals are: 1) description of the peculiarities of PS in B&H, 2) understanding the importance of GA for the Western Balkans and the differences between the linear economic model and GE and CE, and between shallow and deep GC, and 3) explanation of functionality of GA, GE, CE and GC for PS and its ES. Analytical-deductive and comparative methods are used, along with the case study of B&H. The main result is the discovery of the functionality of GA, GE, CE and GC for the functionality of PS in B&H and its ES. PLURAL SOCIETY; GREEN AGENDA; GREEN AND CIRCULAR ECONOMY; GREEN CONSUMERISM; ENERGY SECURITY
Conference Paper
Full-text available
Abstract: The problem is the lack of social consensus in Bosnia and Herzegovina (hereinafter B&H), as a plural society (hereinafter PS), which is why it is directed with its segments to the only sustainable joint activity of the segments - the market, and related economic activities. The subject are the characteristics of alternative development solutions - Green Agenda (hereinafter GA), green and circular economy (hereinafter GE, CE) and green consumerism (hereinafter GC), which are in the function of PS. We accept the hypothesis that the unsolved pre-political (cultural) issues of B&H even in the 21st century condition the application of alternative development solutions - GA, GE, CE and GC, which are in the function of PS and its energy security (hereinafter ES). The scientific goals are: 1) description of the peculiarities of PS in B&H, 2) understanding the importance of GA for the Western Balkans and the differences between the linear economic model and GE and CE, and between shallow and deep GC, and 3) explanation of functionality of GA, GE, CE and GC for PS and its ES. Analytical-deductive and comparative methods are used, along with the case study of B&H. The main result is the discovery of the functionality of GA, GE, CE and GC for the functionality of PS in B&H and its ES. Keywords: PLURAL SOCIETY; GREEN AGENDA; GREEN AND CIRCULAR ECONOMY; GREEN CONSUMERISM, ENERGY SECURITY
Article
Insider threats are a pernicious threat to modern organizations that involve individuals intentionally or unintentionally engaging in behaviors that undermine or abuse information security. Previous research has established that personality factors are an important determinant of the likelihood that an individual will engage in insider threat behaviors. The present article asserts that dark personality traits, non-clinical personality characteristics that are typically associated with patterns of anti-social and otherwise noxious interpersonal behaviors, may be particularly useful for understanding and predicting insider threat behaviors. Although some relationships between insider threats and dark traits have been documented, most attention has been devoted to a limited subset of dark traits. To address this issue, we critically review contemporary models of dark traits and their potential value for understanding both malicious and non-malicious insider threats, supplemented by discussions of subject matter expert ratings concerning the relevance of dark traits for both insider threat behaviors and cybersecurity personnel job performance. We then review potential assessment issues and provide evidence of possible moderators for the relationships under investigation. Finally, we develop avenues for future research, an agenda for improving the measurement of dark traits, and guidance for how organizations may implement the assessment of dark traits in their organizational processes.
Article
Full-text available
Purpose The purpose of this study is to identify factors that determine computer and security expertise in end users. They can be significant determinants of human behaviour and interactions in the security and privacy context. Standardized, externally valid instruments for measuring end-user security expertise are non-existent. Design/methodology/approach A questionnaire encompassing skills and knowledge-based questions was developed to identify critical factors that constitute expertise in end users. Exploratory factor analysis was applied on the results from 898 participants from a wide range of populations. Cluster analysis was applied to characterize the relationship between computer and security expertise. Ordered logistic regression models were applied to measure efficacy of the proposed security and computing factors in predicting user comprehension of security concepts: phishing and certificates. Findings There are levels to peoples’ computer and security expertise that could be reasonably measured and operationalized. Four factors that constitute computer security-related skills and knowledge are, namely, basic computer skills, advanced computer skills, security knowledge and advanced security skills, and these are identified as determinants of computer expertise. Practical implications Findings from this work can be used to guide the design of security interfaces such that it caters to people with different expertise levels and does not force users to exercise more cognitive processes than required. Originality/value This work identified four factors that constitute security expertise in end users. Findings from this work were integrated to propose a framework called Security SRK for guiding further research on security expertise. This work posits that security expertise instrument for end user should measure three cognitive dimensions: security skills, rules and knowledge.
Article
Full-text available
This paper describes and advocates for the experiences of engaging undergraduate students in collaborative faculty mentored scholarly research in cybersecurity. The benefits of engaging these students in discipline related research early in their undergraduate studies include: developing teamwork skills, improving creative problem solving abilities, creating a better understanding of career options within computing, and fostering an enthusiasm for the subject material that should improve retention of computing majors. BACKGROUND
Article
Objective: Incident correlation is a vital step in the cybersecurity threat detection process. This article presents research on the effect of group-level information-pooling bias on collaborative incident correlation analysis in a synthetic task environment. Background: Past research has shown that uneven information distribution biases people to share information that is known to most team members and prevents them from sharing any unique information available with them. The effect of such biases on security team collaborations are largely unknown. Method: Thirty 3-person teams performed two threat detection missions involving information sharing and correlating security incidents. Incidents were predistributed to each person in the team based on the hidden profile paradigm. Participant teams, randomly assigned to three experimental groups, used different collaboration aids during Mission 2. Results: Communication analysis revealed that participant teams were 3 times more likely to discuss security incidents commonly known to the majority. Unaided team collaboration was inefficient in finding associations between security incidents uniquely available to each member of the team. Visualizations that augment perceptual processing and recognition memory were found to mitigate the bias. Conclusion: The data suggest that (a) security analyst teams, when conducting collaborative correlation analysis, could be inefficient in pooling unique information from their peers; (b) employing off-the-shelf collaboration tools in cybersecurity defense environments is inadequate; and (c) collaborative security visualization tools developed considering the human cognitive limitations of security analysts is necessary. Application: Potential applications of this research include development of team training procedures and collaboration tool development for security analysts.
Today, when a security incident happens, the top three questions a cyber operation center would ask are: What has happened? Why did it happen? What should I do? Answers to the first two questions form the core of Cyber Situation Awareness (SA). Whether the last question can be satisfactorily addressed is largely dependent upon the cyber situation awareness capability of an enterprise. The goal of this book is to present a summary of recent research advances in the development of highly desirable Cyber Situation Awareness capabilities. The 8 invited full papers presented in this volume are organized around the following topics: computer-aided human centric cyber situation awareness; computer and information science aspects of the recent advances in cyber situation awareness; learning and decision making aspects of the recent advances in cyber situation awareness; cognitive science aspects of the recent advances in cyber situation awareness
Conference Paper
Cyber security is a dynamic knowledge environment, where attracting talented people is paramount. However, current initiatives do not always use mechanisms able to search for suited individuals. Approaching cyber security as an organisation can help to manage capabilities and improve domain-oriented talent discovery. This paper presents an ontological approach to support talent discovery as a means of improving allocation of expertise for cyber security projects. A case study is conducted among experts in a cyber security community. Our method is capable of selecting, ranking and evaluating experts given a set of criteria specified in a project profile. The approach combines values of quantitative and qualitative nature provided by the profile owner and derived from external appraisals. Further, the ontology model delivers a systematic integration of talent practices, which embeds a feedback loop that favours ongoing continuous improvement. The model was successfully experimented and further appraised in terms of acceptance by a board of experts.
Article
While some aspects of information assurance can be traced back to the earliest implementations of cryptography, the field of cybersecurity is relatively new, and thus, pedagogical "best practices" have not been adequately investigated. The tremendous growth within the field over the past two decades has resulted in a substantial number of organizations (academic, governmental and commercial) implementing a wide variety of educational approaches in an attempt to meet the growing demand for graduates and employees possessing skills in cybersecurity. This growth has been so rapid that no one has taken the time to ask the question: are we doing this the right way? In order for us to identify and promote instructional best practices within cybersecurity courses, an instrument capable of measuring these values is needed. This paper contains the results of the initial phase in our development of such an instrument. This work is a longitudinal and cross-sectional study of students enrolled in an introductory cybersecurity course. The purpose of the study is to identify course components and instructional approaches that affect both students' success in the classroom and the likelihood that they will continue to pursue cybersecurity both in the classroom and as part of their career. Given the variation in the content being presented in such courses, we focus this effort on student characteristics that have been shown to lead towards success in the classroom and influence student career selection. These characteristics include self-efficacy in relation to cybersecurity, student interest in further coursework, and research or jobs that involve cybersecurity concepts3,12. By interviewing students enrolled in a cybersecurity course, at multiple points during the semester, we are able to identify student interests and perceptions of cybersecurity and document changes in student self-efficacy and interest that occur as the semester progresses. Furthermore, we identify pedagogical practices which students found most useful through this semester-long investigation. The results from this study will be used to construct a Likert-type scale survey that will allow cybersecurity educators to evaluate student outcomes consistently between various teaching approaches. This will allow for systematic, informed pedagogical changes to improve outcomes in the cybersecurity classroom.
Conference Paper
As global threats to information systems continue to increase, the value of effective cybersecurity research has never been greater. There is a pressing need to educate future researchers about the research process itself, which is increasingly unpredictable, multi-disciplinary, multi-organizational, and team-oriented. In addition, there is a growing demand for cybersecurity research that can produce fast, authoritative, and actionable results. In short, speed matters. Organizations conducting cyber defense can benefit from the knowledge and experience of the best minds in order to make effective decisions in difficult and fast moving situations. The Agile Research process is a new approach to provide such rapid, authoritative, applied research. It is designed to be fast, transparent, and iterative, with each iteration producing results that can be applied quickly. Purdue University is employing Agile Research as a teaching vehicle in an innovative, multi-university graduate program with government sponsor participation, as described in this paper. Because it simulates real-world operations and processes, this program is equipping students to become effective contributors to cybersecurity research. © IFIP International Federation for Information Processing 2015.