Teaching Psychological Principles to Cybersecurity Students

This paper will discuss our observations gained from teaching psychological principles and methods to undergraduate and postgraduate cybersecurity students. We will draw on and extend our previous work encouraging the teaching of psychology in computing and cybersecurity education. We pay special attention to the consideration of characteristics of cybersecurity students in terms of teaching psychology in a way that will be accessible and engaging. We then discuss the development and use of an online training tool which draws on psychology to help educators and companies to raise awareness of cybersecurity risks in students and employees. Finally, we offer some practical suggestions to incorporate psychology into the cybersecurity curriculum

Establishing Human Factors Programs to Mitigate Blind Spots in Cybersecurity

Most business organizations lack a human factors program and remain inattentive to human-centric issues and human-related problems that are leading to cybersecurity incidents, significant financial losses, reputational damage, and lost production. Other industries such as aviation, nuclear power, healthcare, and industrial safety leverage human factors problems as platforms to reduce human errors. The underappreciation and under-exploration of human factors in cybersecurity threatens the existence of every business. Cybersecurity operations are becoming increasingly abstruse and technologically sophisticated resulting in heightened opportunities for human errors. A human factors program can provide the foundation to address and mitigate human-centric issues, properly train the workforce, and integrate psychology-based professionals as stakeholders to remediate human factors-based problems

Introducing Psychological Concepts and Methods to Cybersecurity Students

This chapter will begin with a brief review of the literature that highlights what psychology research and practice can offer to cybersecurity education. The authors draw on their wide-ranging inter-disciplinary teaching experience and in this chapter they discuss their observations gained from teaching psychological principles and methods to undergraduate and postgraduate cybersecurity students. The authors pay special attention to the consideration of the characteristics of cybersecurity students, so that psychology is taught in a way that is accessible and engaging. Finally, the authors offer some practical suggestions for academics to help them incorporate psychology into the cybersecurity curriculum

Faculty and Advisor Advice for Cybersecurity Students: Liberal Arts, Interdisciplinarity, Experience, Lifelong Learning, Technical Skills, and Hard Work

The value of academic advising has been increasingly emphasized in higher education. In this study, attention is given to the most significant types of advice that a sample of cybersecurity faculty and advisors from the Commonwealth of Virginia recommend giving to cybersecurity students. The results show that faculty and advisors recommended that students be aware of six different aspects of cybersecurity education including the value of experience, the need for lifelong learning, the importance of hard work, the need to develop technical skills, the interdisciplinary nature of cybersecurity, and the need to develop liberal arts or professional/soft skills. Implications of the findings include the need to embrace the advising of cybersecurity students, the importance of helping cybersecurity faculty and advisors deliver effective advising, and recognition that good advising is more than simply telling students which classes to take

Hackers gonna hack: investigating the effect of group processes and social identities within online hacking communities.

Hacking is an ethically and legally ambiguous area, often associated with cybercrime and cyberattacks. This investigation examines the human side of hacking and the merits of understanding this community. This includes group processes regarding: the identification and adoption of a social identity within hacking, and the variations this may cause in behaviour; trust within in the social identity group; the impact of breaches of trust within the community. It is believed that this research could lead to constructive developments for cybersecurity practices and individuals involved with hacking communities by identifying significant or influencing elements of the social identity and group process within these communities. For cybersecurity, the positive influence on individual security approaches after the hacker social identity adoption, and the subsequent in-group or out-group behaviours, could be adapted to improve security in the work place context. For individuals involved in the communities, an increase in the awareness of the potential influences from their adopted social identities and from other members could help those otherwise vulnerable to manipulation, such as new or younger members. Further discussion on such information, as well as historical examples, will lead to informed behaviour by these communities. Whilst this may not cause the group behaviour to change, it would ensure there would be understanding and acceptance of consequences to unethical or illegal actions, which is hoped to discourage cybercriminal behaviour. The research employed a mixed methods approach, with online questionnaires and individual participant interviews. This approach primarily utilised the netnographic approach (Kozinets, 2015), with the results providing more qualitative information than originally anticipated. Informal data collection for this research included observation of relevant websites and forum discussions as well as observation at hacking related conferences; the subsequent surveys and interviews were conducted with volunteers from these communities. Formal data collection was initiated through a pilot study, carried out in early 2016, with 44 participants. This was followed by the first study survey in early 2017, completed by 155 participants. The second study was individual interviews, conducted with 14 participants throughout 2017. These interviews were analysed in the context of Social Identity Theory (Tajfel, 1974). The third and final study was another survey, conducted early 2018 with 197 participants. Thematic analysis was conducted on all data. There was limited evidence of manipulation of group process or trust observed in forums or reported by participants. The adoption of a specific social identity does have strong and influential behavioural norms; however, the adoption of a specific social identity category does not prevent individuals from identifying and confirming to multiple categories which may use or accept different behaviours. The majority of particiapnts in these studies appeared to position themselves as positive deviants, acknowledging past or minor “black-hat” behaviour. This work contributes to the development and improvement of methodologies in online environments: this research was exploratory in accessing a hard to reach demographic that is often untrusting of outsiders. Adaptions to ethical procedures ensured complete anonymity for the participants, improving the participant recruitment rate. Key findings from this research demonstrate that hacking communities can be very positive and supportive for their members, functioning primarily as meritocracies. This is regarded by the communities as an important positive trait, in conjunction with online anonymity. The conclusions of this research consistently support the findings of previous studies