The knowledge, skills, and abilities used by penetration testers: Results of interviews with cybersecurity professionals in vulnerability assessment and management

Miriam E. Armstrong, Keith S. Jones, Akbar Siami Namin, David C. Newton

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

There is a growing need for cybersecurity professionals with the knowledge, skills and abilities (KSAs) necessary for risk and vulnerability analysis of security incidents. Currently, little is known about the relative importance of KSAs or tools used in vulnerability assessment and management, which leads to inefficiencies in education, personnel selection, and research. We interviewed 38 cybersecurity professionals to determine which KSAs are most important in Vulnerability Assessment and Management work. Of the 31 KSAs, 12 were rated as being significantly important to Vulnerability Assessment and Management work and indicate that four key areas should be prioritized in education, recruitment, and research: 1) knowledge of and skills in identifying vulnerabilities and robustness of systems and applications; 2) conceptual familiarity with classes of attacks and attack stages; 3) knowledge of and skills in penetration testing principles and tools; and 4) knowledge of network traffic and network protocols.

Original languageEnglish
Title of host publication62nd Human Factors and Ergonomics Society Annual Meeting, HFES 2018
PublisherHuman Factors and Ergonomics Society Inc.
Pages709-713
Number of pages5
ISBN (Electronic)9781510889538
StatePublished - 2018
Event62nd Human Factors and Ergonomics Society Annual Meeting, HFES 2018 - Philadelphia, United States
Duration: Oct 1 2018Oct 5 2018

Publication series

NameProceedings of the Human Factors and Ergonomics Society
Volume2
ISSN (Print)1071-1813

Conference

Conference62nd Human Factors and Ergonomics Society Annual Meeting, HFES 2018
CountryUnited States
CityPhiladelphia
Period10/1/1810/5/18

Fingerprint Dive into the research topics of 'The knowledge, skills, and abilities used by penetration testers: Results of interviews with cybersecurity professionals in vulnerability assessment and management'. Together they form a unique fingerprint.

Cite this