As the number of interconnected digital devices grows exponentially, and since computer infrastructure has come to underlie almost every organizational, business, and government function, the complexity of maintaining cybersecurity in all corners of society has become staggering. Protecting digital data requires constant innovation, iteration, vigilance, monitoring, and stakeholder input and feedback.
But does it require something more? Obviously, practical and theoretical knowledge of computer science, math, and engineering are necessary to develop cybersecurity systems. And solutions for issues within these systems that have either been anticipated or encountered but unanticipated must be wisely structured to hold up under all kinds of pressure over time. Otherwise, they are doomed to be ineffective. Yet, to design systems that produce maximally consistent cybersecurity compliance with minimal backsliding by all involved requires keen social intelligence and a good understanding of human behavior. The conclusion? Effective cybersecurity emerges from the strategic intersection of emotion-driven human behavior and hierarchical computational logic.
In The Future Cybersecurity Workforce: Going Beyond Technical Skills for Successful Cyber Performance (Frontiers in Psychology, June 12, 2018), authors Jessica Dawson and Robert Thomson outline their research into the traits of successful cybersecurity professionals. Starting with a DoD Cybersecurity Workforce Framework, they detected a pattern of technical skill requirements across more than 1,000 types of knowledge, skills, and abilities. However, they were surprised to find that the social traits associated with successful work in this field were rarely mentioned. To discover just what these traits were, they took a deeper dive, which revealed:
Six critical requirements for the cyber workforce of the future
- System Thinkers think system-wide. They are skilled at analyzing and optimizing the interactions of the physical world of hardware and equipment, the digital world of software and data, and the social world of users and developers of these tools. They skip no steps and overlook no stakeholders when they design solutions.
- Team Players synergize their collaborative efforts to arrive at optimal solutions. This finding is not surprising, given the immense complexity of the cyber domain, so its professionals work in teams. Communication and trust among team members and across teams smooth the road to achieving common goals.
- Technical and Social Skills are critical for effective stakeholder engagement. To recognize threats and vulnerabilities to cybersecurity, workers must understand its underlying technology. To develop solutions, they must be able to communicate with both technical and non-technical people.
- Civic Duty to country and company: To best protect the company they work for, individuals must generally agree with its values, and their contracts will be worded to protect the organization. To best ensure the security of their country, they must be loyal to the values they believe such a larger entity holds. Civic duty deserves a deeper discussion so it will be covered in a future article.
- Continual Learning: the impetus to excel and progress drives the constant march of technological advancement. Constant change demands continual learning to keep up. So the best employees will be those who love to learn anew and take on challenges, and the next best will be those who are at least patient with endless iteration and new issues at frequent turns.
- Communication, clear and informative, supports cybersecurity across the Org. If cyber teams are to be successful, they must be able to explain how systems work and why they matter. If they do so clearly, they can motivate the entire organization to actively, even proactively, participate in cybersecurity preventive measures and comply with policies and regulations.
Dawson and Thomson argue for the recognition and inclusion of human-centric components in cybersecurity systems if those systems are to be sustainable. Effective solution design requires a framework for identifying the ideal qualities workers should have. It follows then, to select new employees who appear to have those ideal qualities, and retain current ones who display them. For effective cybersecurity in our ever-changing technical environment, choosing the right people means choosing the ones with the right qualities. And if you can’t change personnel, you can cultivate the right qualities they need to cope, and even thrive.
For more information about how to differentiate your tasks and problems, explore embedded-knowledge.com
Originally posted at Forbes.