skip to main content

Attention:

The NSF Public Access Repository (PAR) system and access will be unavailable from 11:00 PM ET on Friday, December 13 until 2:00 AM ET on Saturday, December 14 due to maintenance. We apologize for the inconvenience.


Title: Identifying a Psychometric Profile for Vulnerability Assessment Professionals: Talent Identification to Support Career Assessment
An inter-collegiate research team completed initial research analysis of 166 professional cybersecurity workers from government and industry to identify talent profiles aligned four roles within the Protect and Defend (PD) NICE Workforce Framework: Cybersecurity Defense Analyst, Cybersecurity Defense Infrastructure Responder, Cybersecurity Incident Responder and Cybersecurity Vulnerability Assessment Analyst. Anonymized data collected from multiple teams with performance assessments to build a statistically validated profiles of high potential PD cybersecurity candidates. The World of Work Inventory (WOWI) a multi-dimensional on-line career tool, assesses career training potential, job satisfaction indicators and career interests. Anonymized, aggregated ranked data described profiles of existing high performing candidates working in the field. Utilization of a statistically validated methodology to identify cybersecurity talent at different phases of an individual’s career life cycle supports recruitment of high potential talent from diverse backgrounds to increase the numbers of candidates entering cybersecurity education and training programs.  more » « less
Award ID(s):
1662487
PAR ID:
10127209
Author(s) / Creator(s):
Date Published:
Journal Name:
South Dakota law review
Volume:
Vol.65
Issue:
III
ISSN:
0038-3325
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. As the volume and sophistication of cyber-attacks grow, cybersecurity researchers, engineers and practitioners rely on advanced cyberinfrastructure (CI) techniques like big data and machine learning, as well as advanced CI platforms, e.g., cloud and high-performance computing (HPC) to assess cyber risks, identify and mitigate threats, and achieve defense in depth. There is a training gap where current cybersecurity curricula at many universities do not introduce advanced CI techniques to future cybersecurity workforce. At Old Dominion University (ODU), we are bridging this gap through an innovative training program named DeapSECURE (Data-Enabled Advanced Training Program for Cyber Security Research and Education). We developed six non-degree training modules to expose cybersecurity students to advanced CI platforms and techniques rooted in big data, machine learning, neural networks, and high-performance programming. Each workshop includes a lecture providing the motivation and context for a CI technique, which is then examined during a hands-on session. The modules are delivered through (1) monthly workshops for ODU students, and (2) summer institutes for students from other universities and Research Experiences for Undergraduates participants. Future plan for the training program includes an online continuous learning community as an extension to the workshops, and all learning materials available as open educational resources, which will facilitate widespread adoption, adaptations, and contributions. The project leverages existing partnerships to ensure broad participation and adoption of advanced CI techniques in the cybersecurity community. We employ a rigorous evaluation plan rooted in diverse metrics of success to improve the curriculum and demonstrate its effectiveness. 
    more » « less
  2. Suppose L simultaneous independent stochastic systems generate observations, where the observations from each system depend on the underlying parameter of that system. The observations are unlabeled (anonymized), in the sense that an analyst does not know which observation came from which stochastic system. How can the analyst estimate the underlying parameters of the L systems? Since the anonymized observations at each time are an unordered set of L measurements (rather than a vector), classical stochastic gradient algorithms cannot be directly used. By using symmetric polynomials, we formulate a symmetric measurement equation that maps the observation set to a unique vector. We then construct an adaptive filtering algorithm that yields a statistically consistent estimate of the underlying parameters. 
    more » « less
  3. Abstract Data breaches have become a formidable challenge for business operations in the twenty-first century. The emergence of big data in the ever-growing digital economy has created the necessity to secure critical organizational information. The lack of cybersecurity awareness exposes organizations to potential cyber threats. Thus, this research aims to identify the various dimensions of cybersecurity awareness capabilities. Drawing on the dynamic capabilities framework, the findings of the study show personnel (knowledge, attitude and learning), management (training, culture and strategic orientation) and infrastructure capabilities (technology and data governance) as thematic dimensions to tackle cybersecurity awareness challenges. 
    more » « less
  4. We discuss the NICE Cybersecurity Workforce Framework (NCWF), and its role in aligning cybersecurity jobs with candidates. As a workforce development tool, the NCWF can contribute to better retention, reduced new hire training, and cybersecurity education development. The effectiveness of the NCWF, however, requires discretion from hiring managers, academics, and job seekers. Through skills mapping and calibration, the NCWF helps to identify and resolve skill deficiencies; as a framework of core competencies for cybersecurity jobs, the NCWF helps employers to write job descriptions understood by applicants. We first review the NCWF, and then explain how it may enable mapping between jobs and qualifications. We also discuss the effects of job mapping on organizations and candidates, and its long-term benefits. 
    more » « less
  5. Cyber-defense systems are being developed to automatically ingest Cyber Threat Intelligence (CTI) that contains semi-structured data and/or text to populate knowledge graphs. A potential risk is that fake CTI can be generated and spread through Open-Source Intelligence (OSINT) communities or on the Web to effect a data poisoning attack on these systems. Adversaries can use fake CTI examples as training input to subvert cyber defense systems, forcing the model to learn incorrect inputs to serve their malicious needs. In this paper, we automatically generate fake CTI text descriptions using transformers. We show that given an initial prompt sentence, a public language model like GPT-2 with fine-tuning, can generate plausible CTI text with the ability of corrupting cyber-defense systems. We utilize the generated fake CTI text to perform a data poisoning attack on a Cybersecurity Knowledge Graph (CKG) and a cybersecurity corpus. The poisoning attack introduced adverse impacts such as returning incorrect reasoning outputs, representation poisoning, and corruption of other dependent AI-based cyber defense systems. We evaluate with traditional approaches and conduct a human evaluation study with cybersecurity professionals and threat hunters. Based on the study, professional threat hunters were equally likely to consider our fake generated CTI as true. 
    more » « less