The Future Cybersecurity Workforce: Going Beyond Technical Skills for Successful Cyber Performance

One of the challenges in writing an article reviewing the current state of cyber education and workforce development is that there is a paucity of quantitative assessment regarding the cognitive aptitudes, work roles, or team organization required by cybersecurity professionals to be successful. In this review, we argue that the people who operate within the cyber domain need a combination of technical skills, domain specific knowledge, and social intelligence to be successful. They, like the networks they operate, must also be reliable, trustworthy, and resilient. Defining the knowledge, skills, attributes, and other characteristics is not as simple as defining a group of technical skills that people can be trained on; the complexity of the cyber domain makes this a unique challenge. There has been little research devoted to exactly what attributes individuals in the cyber domain need. What research does exist places an emphasis on technical and engineering skills while discounting the important social and organizational influences that dictate success or failure in everyday settings. This paper reviews the literature on cyber expertise and cyber workforce development to identify gaps and then argues for the important contribution of social fit in the highly complex and heterogenous cyber workforce. We then identify six assumptions for the future of cybersecurity workforce development, including the requirement for systemic thinkers, team players, a love for continued learning, strong communication ability, a sense of civic duty, and a blend of technical and social skill. Finally, we make recommendations for social and cognitive metrics which may be indicative of future performance in cyber work roles to provide a roadmap for future scholars.

[1]  Shan Bai,et al.  Agent based model , 2020 .

[2]  Nancy J. Cooke,et al.  Information-Pooling Bias in Collaborative Security Incident Correlation Analysis , 2018, Hum. Factors.

[3]  L. Jean Camp,et al.  Factors in an end user security expertise instrument , 2017, Inf. Comput. Secur..

[4]  Sushil Jajodia,et al.  Theory and Models for Cyber Situation Awareness , 2017, Lecture Notes in Computer Science.

[5]  Charles E. Frank,et al.  Early undergraduate cybersecurity research , 2016 .

[6]  Bruce D. Caulkins,et al.  Cyber workforce development using a behavioral cybersecurity paradigm , 2016, 2016 International Conference on Cyber Conflict (CyCon U.S.).

[7]  Lily Sun,et al.  Knowledge management of cyber security expertise: an ontological approach to talent discovery , 2016, 2016 International Conference On Cyber Security And Protection Of Digital Services (Cyber Security).

[8]  L. Gilson,et al.  Virtual Teams Research , 2015 .

[9]  Cleotilde Gonzalez,et al.  Effects of cyber security knowledge on attack detection , 2015, Comput. Hum. Behav..

[10]  Robert LaRose,et al.  Online safety begins with you and me: Convincing Internet users to protect themselves , 2015, Comput. Hum. Behav..

[11]  Giri Kumar Tayi,et al.  Allocation of resources to cyber-security: The effect of misalignment of interest between managers and investors , 2015, Decis. Support Syst..

[12]  Yuhyung Shin,et al.  Person-Group Fit , 2015 .

[13]  Melissa Dark,et al.  Realism in Teaching Cybersecurity Research: The Agile Research Process , 2015, World Conference on Information Security Education.

[14]  Gyunyoung Heo,et al.  Development of a cyber security risk model using Bayesian networks , 2015, Reliab. Eng. Syst. Saf..

[15]  Ulrik Franke,et al.  Cyber situational awareness - A systematic review of the literature , 2014, Comput. Secur..

[16]  Nancy J. Cooke,et al.  Using Cognitive Task Analysis to Investigate the Contribution of Informal Education to Developing Cyber Security Expertise , 2014 .

[17]  D. Paulhus,et al.  Trolls just want to have fun , 2014 .

[18]  Timothy A. Judge,et al.  The Person–Situation Debate Revisited: Effect of Situation Strength and Trait Activation on the Validity of the Big Five Personality Traits in Predicting Job Performance , 2014 .

[19]  Eugene Y. Vasserman,et al.  A Longitudinal Study of Students in an Introductory Cybersecurity Course , 2014 .

[20]  Michael Cook Cyber Acquisition Professionals Need Expertise (But They Don't Necessarily Need to Be Experts) , 2014 .

[21]  S. Hannah,et al.  Duty orientation: Theoretical development and preliminary construct testing , 2014 .

[22]  Salamah Salamah,et al.  Roadmap for Graduating Students with Expertise in the Analysis and Development of Secure Cyber- Systems , 2014 .

[23]  P. Rajivan,et al.  Information Pooling Bias in Collaborative Cyber Forensics , 2014 .

[24]  Nancy J. Cooke,et al.  Agent-Based Model of a Cyber Security Defense Analyst Team , 2013 .

[25]  Nancy J. Cooke,et al.  Effects of Teamwork versus Group Work on Signal Detection in Cyber Defense Teams , 2013, HCI.

[26]  Klaus Julisch Understanding and overcoming cyber security anti-patterns , 2013, Comput. Networks.

[27]  Bhavani M. Thuraisingham,et al.  Measuring expertise and bias in cyber security using cognitive and neuroscience approaches , 2013, 2013 IEEE International Conference on Intelligence and Security Informatics.

[28]  Cleotilde Gonzalez,et al.  Cyber Situation Awareness , 2013, Hum. Factors.

[29]  Steve Love,et al.  A game design framework for avoiding phishing attacks , 2013, Comput. Hum. Behav..

[30]  David A. Garvin,et al.  Google's Project Oxygen: Do Managers Matter? , 2013 .

[31]  Eldad Davidov,et al.  Refining the theory of basic individual values. , 2012, Journal of personality and social psychology.

[32]  Shari Lawrence Pfleeger,et al.  Leveraging behavioral science to mitigate cyber security risk , 2012, Comput. Secur..

[33]  M. A. Champion,et al.  Team-based cyber defense analysis , 2012, 2012 IEEE International Multi-Disciplinary Conference on Cognitive Methods in Situation Awareness and Decision Support.

[34]  Cyril Onwubiko,et al.  Situational Awareness in Computer Network Defense: Principles, Methods and Applications , 2012 .

[35]  Li-Chiou Chen,et al.  Enhancing the Interdisciplinary Curriculum in Cybersecurity by Engaging High-Impact Educational Practices , 2012 .

[36]  G. Conti,et al.  When Good Ninjas Turn Bad: Preventing Your Students from Becoming the Threat , 2012 .

[37]  M. Jaber Theory and Models , 2011 .

[38]  Elizabeth E. Umphress,et al.  When Employees Do Bad Things for Good Reasons: Examining Unethical Pro-Organizational Behaviors , 2011, Organ. Sci..

[39]  D. Sachau,et al.  Cognitive Ability, Emotional Intelligence, and the Big Five Personality Dimensions as Predictors of Criminal Investigator Performance , 2011 .

[40]  Kim-Kwang Raymond Choo,et al.  The cyber threat landscape: Challenges and future research directions , 2011, Comput. Secur..

[41]  Emilie M. Roth,et al.  A Cognitive Task Analysis for Cyber Situational Awareness , 2010 .

[42]  H. Greve,et al.  Organizations Gone Wild: The Causes, Processes, and Consequences of Organizational Misconduct , 2010 .

[43]  Omar Lizardo,et al.  Skills, toolkits, contexts and institutions: Clarifying the relationship between different approaches to cognition in cultural sociology , 2010 .

[44]  R. Dalal,et al.  A Review and Synthesis of Situational Strength in the Organizational Sciences , 2010 .

[45]  Sushil Jajodia,et al.  Cyber Situational Awareness - Issues and Research , 2009, Cyber Situational Awareness.

[46]  J. Klomp,et al.  A review and synthesis , 2010 .

[47]  Wayne G. Lutters,et al.  Developing expertise for network intrusion detection , 2009, Inf. Technol. People.

[48]  Marc Jegers,et al.  Person–organization fit: Testing socialization and attraction–selection–attrition hypotheses , 2009 .

[49]  L. Jean Camp,et al.  Mental Models of Security Risks , 2007, Financial Cryptography.

[50]  Ronald C. Dodge,et al.  Phishing for user security awareness , 2007, Comput. Secur..

[51]  Anita D. D'Amico,et al.  The Real Work of Computer Network Defense Analysts , 2007, VizSEC.

[52]  L. Jean Camp,et al.  Mental Models of Computer Security Risks , 2007, WEIS.

[53]  Amy C. Edmondson,et al.  When values backfire: Leadership, attribution, and disenchantment in a values-driven organization , 2006 .

[54]  Daniel R. Tesone,et al.  Achieving Cyber Defense Situational Awareness: A Cognitive Task Analysis of Information Assurance Analysts , 2005 .

[55]  A. Kristof-brown,et al.  CONSEQUENCES OF INDIVIDUALS' FIT AT WORK: A META-ANALYSIS OF PERSON-JOB, PERSON-ORGANIZATION, PERSON-GROUP, AND PERSON-SUPERVISOR FIT , 2005 .

[56]  Lilach Sagiv,et al.  Values and work environment: Mapping 32 occupations , 2004 .

[57]  Shalom H. Schwartz,et al.  Values and Behavior: Strength and Structure of Relations , 2003, Personality & social psychology bulletin.

[58]  Murray R. Barrick,et al.  META‐ANALYSIS OF THE RELATIONSHIP BETWEEN THE FIVE‐FACTOR MODEL OF PERSONALITY AND HOLLAND'S OCCUPATIONAL TYPES , 2003 .

[59]  Daniel M. Cable,et al.  SOCIALIZATION TACTICS AND PERSON‐ORGANIZATION FIT , 2001 .

[60]  J. Mathieu,et al.  The influence of shared mental models on team process and performance. , 2000, The Journal of applied psychology.

[61]  Michael J. Lovaglia,et al.  Status Processes and Mental Ability Test Scores , 1998, American Journal of Sociology.

[62]  John L. Holland,et al.  Exploring careers with a typology: What we have learned and some new directions. , 1996 .

[63]  A. Caspi,et al.  When Do Individual Differences Matter? A Paradoxical Theory of Personality Coherence , 1993 .

[64]  Rand J. Spiro,et al.  Cognitive flexibility theory : advanced knowledge acquisition in ill-structured domains , 1988 .

[65]  C. Mills,et al.  The Theory of Social and Economic Organization , 1948 .

[66]  E. Durkheim FROM THE ELEMENTARY FORMS OF THE RELIGIOUS LIFE , 1996, The New Economic Sociology.