IDENTIFYING A PSYCHOMETRIC PROFILE FOR VULNERABILITY ASSESSMENT PROFESSIONALS: TALENT IDENTIFICATION TO SUPPORT CAREER ASSESSMENT.

Date22 September 2020
AuthorCrosby, Martha
  1. INTRODUCTION

    Early projections in "A Human Capital Crisis in Cybersecurity" [ 1 ] are overshadowed by current projections of national [2] and global demands [3] [4] for cybersecurity workers at over one million people in the national cybersecurity workforce by 2024 [5][6]. Societies reliant on the Internet of Things are vulnerable to cyber attacks on critical infrastructures and the internet-based economies. Sufficient quantity of quality cybersecurity talent is a national and global concern [7]. Discussions in academic and government circles include professionalization of the field leading to career occupations. Perhaps one day professional licensing, based upon education, training and continuing education will be the standard [8]. The question remains: How do we identify top talent, candidates suited to specific cybersecurity roles?

    Multiple factors play into selection of a cybersecurity talent search process. Is it a question of candidates with innate talent or can individuals be nurtured into the field? Secondary factors of this approach require candidates to have an intense personal interest, open to coaching and mentoring, and nurtured by a well-structured pedagogical process [9]. Strategies to fill cybersecurity talent pipelines acknowledge competitions "attract those already committed to the profession than interesting and developing those still exploring their interest" [10]. Pipelines to cybersecurity professions traditionally rely on computer science, IT, engineering departments to educate students, and do not have capacity to address the short and long term demands for cybersecurity professionals. US initiatives, NICE/NIST and DHS/NSA partner to increase awareness of cybersecurity and represent a cultural shift to promote entry into an emergent career field. Gaps exist in assessing the qualifications and potential of candidates including and beyond the technical skills generally associated with computer science/engineers. Cybersecurity requires professionals with strong communication and team skills to work across departments and disciplines, [11] through identification and career guidance for potential cybersecurity talent.

    Benchmarking cybersecurity to medicine is a recurring theme within the cybersecurity research community. In 1910, Abraham Flcxner, funded by Carnegie Melon, transformed American medical education [12], ultimately leading to the standardization of curriculum [13] professionalization of occupations within medicine. Initiatives led by National Initiative Cybersecurity Education [14] NIST and the Centers of Academic Excellence network [15] guided by NSA and DHS parallel Flexner's work in the early twentieth century. Educational institutions and systems, collaborating with NSA/DHS curriculum standards, grapple with identifying a curricular system reflective of licensed occupations which was addressed by the medical profession [16]. Stephanie Keith, the Director of Cyber Workforce Management in the Department of Veteran Affairs, compared the current state of cybersecurity to where the American medical field was in the early twentieth century during her panel presentation at the NSA Executive Leadership Forum in 2019.

    The 2010 study "Psychological Profile of Surgeons and Surgical Residents" [17] methodology informed our research team when selecting NICE job roles, Cybersecurity Defense Analyst, Cybersecurity Defense Infrastructure Responder, Cybersecurity Incident Responder and Cybersecurity Vulnerability Assessment Analyst, within the Protect and Defend NICE Workforce Framework. The original methodology used two of the three components, Job Satisfaction Indicators ("JSI") and Career Interests Activities ("CIA") to build a profile for surgical burn residents. Acknowledging rigors of medical school, internship, and residency programs, as well as the highly competitive vetting process to become a candidate for a surgical residency, administering the Career Training Potential ("CTP") was deemed unnecessary. Surgeons and residents ranked by leadership and a performance profile, based upon two of the three WOWI scales ensued. All three scales are described in Methods.

  2. METHODS

    Cybersecurity worker participants were from seven organizations located in the US Pacific Northwest. They spanned government: federal and state agencies, a national laboratory, and a military unit. The non-government entities included retail, telecommunications, and transportation corporations. While twenty organizations were contacted and understood their contribution would impact the professionalization and development of quality cybersecurity talent, the seven participating organizations had the management support, organizational culture, and desire to participate. The final data set was aggregated from 119 cybcrsecurity professionals.

    On-site, online administration of the World of Work Inventory ("WOWI") occurred on computers in proctored conference rooms. In addition to the anonymized assessment, human resource departments provided job descriptions and additional information on the individual's performance ranking within the organization's team, their years in the job role and years within the organization were obtained through different methods depending upon the size and culture of the organization. In compliance with the UW...

To continue reading

Request your trial

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT