Abstract
Abstract The world is facing a cybersecurity skills gap as cybercrime and cyberwarfare grow in importance. One often-discussed quality that is potentially relevant to cybersecurity recruitment and education is the so-called “security mindset”: a way of thinking characteristic of some security professionals that they believe to be especially advantageous in their work. Although some employers express a desire to hire people with a security mindset, and initiatives to cultivate the security mindset are being implemented, it has no common definition and little is known about its characteristics, its development, and its consequences. We interviewed 21 cybersecurity professionals who strongly identified as having a security mindset based on a minimal description drawn from existing literature. Thematic analysis of the interview data suggests that the security mindset can be conceptualized as consisting of three interconnected aspects—“monitoring” for potential security anomalies, “investigating” anomalies more deeply to identify security flaws, and “evaluating” the relevance of those flaws in a larger context. These three aspects develop in different ways and have different personal and professional consequences. Participants mostly spoke positively of the security mindset, but they also mentioned several disadvantages not mentioned by existing security-mindset literature, such as mental health pressures, workplace tensions, and negative effects on personal relationships. We discuss the implications of these findings for future study of the security mindset and suggest practical implications for cybersecurity management, education, and recruitment.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.