Cyber analysis is a complex task that requires the coordination of a large sociotechnical system of human analysts working together with technology. Adequate situation awareness of such a complex system requires more than aggregate situation awareness of individuals. Teamwork in the form of commun
Current education systems must respond to meet the increasing need for cyber security and information technology (IT) professionals. However, little research has been conducted on understanding the development of expertise in cyber security and IT, the efficacy of current systems designed to accelerate expertise and/or train cyber security and IT professionals, and the perceived efficacy of these systems rated by the professionals themselves. Moreover, virtually no research exists with respect to the benefit of traditional (classroom-based) formal education compared to informal (self-taught) learning in these complex settings. This paper attempts to address these questions through the use of an online survey of professionals and a follow-up interview with professionals examining this question.
Situation awareness (SA) in the cyber security domain is particularly relevant to teams of security analysts who are responsible for detecting cyber threats by perusing continual floods of data such as intrusion alerts and network logs. The challenges that analysts face are matched by those of researchers attempting to understand, measure, and impact SA in the cyber arena. The ground truth is not available except in simulated cyber situations. In this paper we outline a cognitive task analysis (CTA) focused on teams of analysts and the subsequent preliminary study conducted using a cyber defense simulation environment, CyberCog, built based on the CTA findings. Results from the CTA suggest three areas of fundamental challenge surrounding security analysts: team structure, communication, and information overload. These challenges could be associated to maladies such as cognitive tunneling and increased false alarms. These results are mirrored in the CyberCog pilot simulation study.
Effective team process is critical for the performance of cyber security teams. To examine this, we observed two comparably skilled cyber security teams participating in the International Capture the Flag (iCTF) competition held in December 2011. At the conclusion of the competition, we followed up with a focus group discussion with six members from the two teams. In this paper, we present our findings from the focus group interviews, on the relationship between team level factors and team performance. Findings from the focus group discussion indicate that team level factors such as team communication, coordination, team structure, and leadership play important roles in team performance.
'%3e%3cpath fill='%23012169' d='M0 0v30h60V0z'/%3e%3cpath stroke='%23fff' stroke-width='6' d='m0 0 60 30m0-30L0 30'/%3e%3cpath stroke='%23C8102E' stroke-width='4' d='m0 0 60 30m0-30L0 30' clip-path='url(%23b)'/%3e%3cpath stroke='%23fff' stroke-width='10' d='M30 0v30M0 15h60'/%3e%3cpath stroke='%23C8102E' stroke-width='6' d='M30 0v30M0 15h60'/%3e%3c/g%3e%3c/svg%3e)