Published: June 20, 2019
Author(s)
Julie Haney (NIST), Wayne Lutters (University of Maryland)
Conference
Name: 55th ACM Conference on Computers and People Research (SIGMIS-CPR '19)
Dates: June 20-22, 2019
Location: Nashville, Tennessee, United States
Citation: SIGMIS-CPR '19: Proceedings of the 55th ACM Conference on Computers and People Research, pp. 109-117
Given modern society's dependence on technological infrastructure vulnerable to cyber-attacks, the need to expedite cybersecurity adoption is paramount. Cybersecurity advocates are a subset of security professionals who promote, educate about, and motivate adoption of security best practices and technologies as a major component of their jobs. Successfully recruiting and retaining advocates is of utmost importance. Accomplishing this requires an understanding of advocates' motivations and incentives and how these may differ from other cybersecurity professionals. As the first study of its kind, we interviewed 28 cybersecurity advocates to learn about their work motivations. Findings revealed several drivers for cybersecurity advocacy work, most of which were intrinsic motivators. Motivations included interest in the field, sense of duty, self-efficacy, evidence of impact, comradery, and, to a lesser degree, awards and monetary compensation. We leverage these insights for recommendations on how to frame cybersecurity advocacy as a profession that fuels these motivations and how to maintain this across advocates' careers.
Given modern society's dependence on technological infrastructure vulnerable to cyber-attacks, the need to expedite cybersecurity adoption is paramount. Cybersecurity advocates are a subset of security professionals who promote, educate about, and motivate adoption of security best practices and...
See full abstract
Given modern society's dependence on technological infrastructure vulnerable to cyber-attacks, the need to expedite cybersecurity adoption is paramount. Cybersecurity advocates are a subset of security professionals who promote, educate about, and motivate adoption of security best practices and technologies as a major component of their jobs. Successfully recruiting and retaining advocates is of utmost importance. Accomplishing this requires an understanding of advocates' motivations and incentives and how these may differ from other cybersecurity professionals. As the first study of its kind, we interviewed 28 cybersecurity advocates to learn about their work motivations. Findings revealed several drivers for cybersecurity advocacy work, most of which were intrinsic motivators. Motivations included interest in the field, sense of duty, self-efficacy, evidence of impact, comradery, and, to a lesser degree, awards and monetary compensation. We leverage these insights for recommendations on how to frame cybersecurity advocacy as a profession that fuels these motivations and how to maintain this across advocates' careers.
Hide full abstract
Keywords
cybersecurity; advocacy; motivations; recruitment; retention
Control Families
None selected