Search results

Cybersecurity competitions can effectively develop skills, but engaging a wide learner spectrum is challenging. This study aims to investigate the perceptions of cybersecurity competitions among Reddit users. These users constitute a substantial demographic of young individuals, often participating in communities oriented towards college students or cybersecurity enthusiasts. The authors specifically focus on novice learners who showed an interest in cybersecurity but have not participated in competitions. By understanding their views and concerns, the authors aim to devise strategies to encourage their continuous involvement in cybersecurity learning. The Reddit platform provides unique access to this significant demographic, contributing to enhancing and diversifying the cybersecurity workforce.

The authors propose to mine Reddit posts for information about learners’ attitudes, interests and experiences with cybersecurity competitions. To mine Reddit posts, the authors developed a text mining approach that integrates computational text mining and qualitative content analysis techniques, and the authors discussed the advantages of the integrated approach.

The authors' text mining approach was successful in extracting the major themes from the collected posts. The authors found that motivated learners would want to form a strategic way to facilitate their learning. In addition, hope and fear collide, which exposes the learners’ interests and challenges.

The authors discussed the findings to provide education and training experts with a thorough understanding of novice learners, allowing them to engage them in the cybersecurity industry.

Industry 4.0 (I40) is an open window of opportunity for Turkey, a developed country, to eliminate technological dependence and produce with maximum productivity. However, I40, which corresponds to the fourth wave of industrial revolutions, brings both opportunities and challenges. In this context, this study aims to reveal the foresight of managers in the Turkish white goods industry (TWGI) regarding the advantages and challenges of I40 and compare them with the literature.

The Delphi method was used for the study. Data were collected from managers of companies that are members of the White Goods Suppliers Association (BEYSAD). Seventy managers from 55 companies participated in the first round, and 19 managers participated in the second round of Delphi.

The results show that the most frequently cited advantages are productivity/resource efficiency, data and information-enabled effectiveness/productivity, quality 4.0 and competitiveness/strategy. The most frequently mentioned challenges are financial resources/investment, employee qualification/training, technical/processual challenges and organizational transformation/leadership.

The sample was limited to the managers of the TWGI.

Players in similar ecosystems and policymakers should consider the advantages and respond to potential challenges when creating roadmaps, taking the necessary steps and positioning themselves in the marketplace. In particular, the TWGI – Turkey’s showcase in international markets – should consider the undeniable benefits of the I40 transition to increase innovation.

The findings for the first time highlight the advantages and challenges of I40 in an industry in Turkey, and they will benefit the TWGI, which is among the leaders in Turkey in terms of digital maturity and innovation in its journey to I40.

This case is meant for MBA students as a part of their leadership/information technology and system curriculum. It is suitable for classes in both offline and online mode.

Human resources management/information technology and systems.

The case discusses how Poppy Gustafsson (Gustafsson) (she), Cofounder and Chief Executive Officer of Darktrace plc, one of the world’s largest cyber-AI companies, is reinventing enterprise security by using artificial intelligence (AI) to detect and respond to cyberthreats to businesses and protect the public. Darktrace’s technology leverages the principles of the human immune system to autonomously defend organizations from cyberattacks, insider threats and AI warfare. In addition to leading a cutting-edge cybersecurity company, Gustafsson evangelizes gender diversity at Darktrace where 40% of employees and four C-level executives are women, a number nearly unheard of in the tech sector.The case chronicles the journey of Gustafsson and how she led the company to growth and success. Under her leadership, Darktrace has grown into a market leader in the AI cybersecurity space serving 5,600 customers in 100 countries, as of June 2021. Gustafsson not only redefined the cybersecurity space but also inspired women to pursue a career in the field of cybersecurity. She also collaborated with a social enterprise called WISE to encourage more girls to consider STEM careers.However, along the way, she faced several challenges including growing competition, procuring funds from investors, cybersecurity talent shortage and training personnel. Going forward, some of the challenges before Gustafsson would be to meet the changing cyber protection demands of customers; hire, train and retain highly skilled cybersecurity personnel; beat the competition in a saturated cybersecurity services space; sustain revenue growth; and post profits as Darktrace had incurred losses every year since its inception.

This case is designed to enable students to: understand the issues and challenges women face in the field of cybersecurity; understand the qualities required for a woman leader to lead a technology firm; study the leadership and management style of Gustafsson; understand the importance of transformational leadership in management; understand the role of Gustafsson in Darktrace’s growth and success; analyze the traits that Gustafsson possesses as a tech leader in an emerging cybersecurity space; understand the importance of gender diversity in cybersecurity; and analyze the challenges faced by Gustafsson going forward and explore ways in which she can overcome them.

CSS: 11 Strategy.

The purpose of this study is to investigate whether having accessible cybersecurity programs (CPs) for high-school students affected girls’ long-term engagement with the industry, given that they already had interests in technology. Although much research has been done to evaluate how high-school science, technology, engineering, and mathematics programs retain girls in computing fields, it is necessary to see if this same long-term engagement exists in cybersecurity-specific programs.

In total, 55 members were surveyed from the aspirations in computing community regarding their experience in and accessibility to high-school CPs. A quantitative analysis of such responses was then undertaken using inferential statistical tools and chi-squared tests for independence.

The results showed that the existence of CPs alone are not influential factors in increasing long-term engagement with the field, showcasing that the high-knowledge barrier of CPs affects many students (even those with prior interests in technology). Instead, by having multiple occurrences of these programs and providing more cybersecurity resources to areas that lacked them, girls were more likely to report an increased interest in the field.

Such information can support future program leaders to develop effective, accessible and more targeted cybersecurity initiatives for students of various communities.

By analyzing the unique interactions of tech-aspiring women with cybersecurity, this exploration was able to demonstrate that women of different computing experiences face a shared barrier when entering the cybersecurity field. Likewise, in comparing these perspectives across different age groups, the investigation highlighted the development and subsequent growth of cybersecurity programming over the years and why such initiatives should be supported into the future.

This paper aims to highlight the potential of using capture the flag (CTF) challenges, as part of an engaging cybersecurity learning experience for enhancing skills and knowledge acquirement of undergraduate students in academic programs.

The approach involves integrating interactivity, gamification, self-directed and collaborative learning attributes using a CTF hosting platform for cybersecurity education. The proposed methodology includes the deployment of a pre-engagement survey for selecting the appropriate CTF challenges in accordance with the skills and preferences of the participants. During the learning phase, storytelling elements were presented, while a behavior rubric was constructed to observe the participants’ behavior and responses during a five-week lab. Finally, a survey was created for getting feedback from the students and for extracting quantitative results based on the attention, relevance, confidence and satisfaction (ARCS) model of motivational design.

Students felt more confident about their skills and were highly engaged to the learning process. The outcomes in terms of technical skills and knowledge acquisition were shown to be positive.

As the number of participants was small, the results and information retrieved from applying the ARCS model only have an indicative value; however, specific challenges to overcome are highlighted which are important for the future deployments.

Educators could use the proposed approach for deploying an engaging cybersecurity learning experience in an academic program, emphasizing on providing hands-on practice labs and featuring topics from real-world cybersecurity cases. Using the proposed approach, an educator could also monitor the progress of the participants and get qualitative and quantitative statistics regarding the learning impact for each exercise.

Educators could demonstrate modern cybersecurity topics in the classroom, closing further the gap between theory and practice. As a result, students from academia will benefit from the proposed approach by acquiring technical skills, knowledge and experience through hands-on practice in real-world cases.

This paper intends to bridge the existing gap between theory and practice in the topics of cybersecurity by using CTF challenges for learning purposes and not only for testing the participants’ skills. This paper offers important knowledge for enhancing cybersecurity education programs and for educators to use CTF challenges for conducting cybersecurity exercises in academia, extracting meaningful statistics regarding the learning impact.

This study aims to identify factors impacting female underrepresentation among cybersecurity professionals in Sri Lanka.

The study is based on survey data from 75 female professionals working in the cybersecurity sector of Sri Lanka. Partial least squares structural equation modelling was used to analyse the data.

Results showed that female self-efficacy on their capabilities, family, organisational culture, mentors and role model act as antecedents for women’s perceived motivation to select cybersecurity as a career option.

The study advances the literature on workforce gaps in the cybersecurity sector and claims that there is no single factor causing significant female underrepresentation in the cybersecurity industry. While clarifying the complexity of such factors, the study presents how such factors can systematise to attract females into the cybersecurity field.

The objective of this paper is to investigate how firms react to cybersecurity information sharing environment where government organizations disseminate cybersecurity threat information gathered by individual firms to the private entities. The overall impact of information sharing on firms' cybersecurity investment decision has only been game-theoretically explored, not giving practical implication. The authors therefore leverage the Cybersecurity Information Sharing Act of 2015 (CISA) to observe firms' attitudinal changes toward investing in cybersecurity.

The authors design a quasi-experiment where they set US cybersecurity firms as an experimental group (a proxy for total investment in cybersecurity) and nonsecurity firms as a control group to measure the net effect of CISA on overall cybersecurity investment. To enhance the robustness of the authors’ difference-in-difference estimation, the authors employed propensity score matched sample test and reduced sample test as well.

For the full sample, the authors’ empirical findings suggest that US security firms' overall performance (i.e. Tobin's Q) improved following the legislation, which indicates that more investment in cybersecurity was followed by the formation of information sharing environment. Interestingly, big cybersecurity firms are beneficiaries of the CISA when the full samples are divided into small and large group. Both Tobin's Q and sales growth rate increased for big firms after CISA.

The authors’ findings shed more light on the research stream of cybersecurity and information sharing, a research area only explored by game-theoretical approaches. Given that the US government has tried to enforce cybersecurity defensive measures by building cooperative architecture such as CISA 2015, the policy implication of this study is far-reaching.

The authors’ study contributes to the research on the economic benefits of sharing cybersecurity information by finding the missing link (i.e. empirical evidence) between “sharing” and “economic impact.” This paper confirms that CISA affects the cybersecurity industry unevenly by firm size, a previously unidentified relationship.

The impact of stress on personal and work-related outcomes has been studied in the information systems (IS) literature across several professions. However, the cybersecurity profession has received little attention despite numerous reports suggesting stress is a leading cause of various adverse professional outcomes. Cybersecurity professionals work in a constantly changing adversarial threat landscape, are focused on enforcement rather than compliance, and are required to adhere to ever-changing industry mandates – a work environment that is stressful and has been likened to a war zone. Hence, this literature review aims to reveal gaps and trends in the current extant general workplace and IS-specific stress literature and illuminate potentially fruitful paths for future research focused on stress among cybersecurity professionals.

Using the systematic literature review process (Okoli and Schabram, 2010), the authors examined the current IS research that studies stress in organizations. A disciplinary corpus was generated from IS journals and conferences encompassing 30 years. The authors analyzed 293 articles from 21 journals and six conferences to retain 77 articles and four conference proceedings for literature review.

The findings reveal four key research opportunities. First, the demands experienced by cybersecurity professionals are distinct from the demands experienced by regular information technology (IT) professionals. Second, it is crucial to identify the appraisal process that cybersecurity professionals follow in assessing security demands. Third, there are many stress responses from cybersecurity professionals, not just negative responses. Fourth, future research should focus on stress-related outcomes such as employee productivity, job satisfaction, job turnover, etc., and not only security compliance among cybersecurity professionals.

This study is the first to provide a systematic synthesis of the IS stress literature to reveal gaps, trends and opportunities for future research focused on stress among cybersecurity professionals. The study presents several novel trends and research opportunities. It contends that the demands experienced by cybersecurity professionals are distinct from those experienced by regular IT professionals and scholars should seek to identify the key characteristics of these demands that influence their appraisal process. Also, there are many stress responses, not just negative responses, deserving increased attention and future research should focus on unexplored stress-related outcomes for cybersecurity professionals.