TY - GEN
T1 - The knowledge, skills, and abilities used by penetration testers
AU - Armstrong, Miriam E.
AU - Jones, Keith S.
AU - Namin, Akbar Siami
AU - Newton, David C.
N1 - Funding Information:
This work was supported by the National Science Foundation under award number DGE: 1516636. The authors would like to thank Dennis Harris and Max Ogunfunwa for their data collection efforts.
Publisher Copyright:
© 2018 Human Factors an Ergonomics Society Inc.. All rights reserved.
PY - 2018
Y1 - 2018
N2 - There is a growing need for cybersecurity professionals with the knowledge, skills and abilities (KSAs) necessary for risk and vulnerability analysis of security incidents. Currently, little is known about the relative importance of KSAs or tools used in vulnerability assessment and management, which leads to inefficiencies in education, personnel selection, and research. We interviewed 38 cybersecurity professionals to determine which KSAs are most important in Vulnerability Assessment and Management work. Of the 31 KSAs, 12 were rated as being significantly important to Vulnerability Assessment and Management work and indicate that four key areas should be prioritized in education, recruitment, and research: 1) knowledge of and skills in identifying vulnerabilities and robustness of systems and applications; 2) conceptual familiarity with classes of attacks and attack stages; 3) knowledge of and skills in penetration testing principles and tools; and 4) knowledge of network traffic and network protocols.
AB - There is a growing need for cybersecurity professionals with the knowledge, skills and abilities (KSAs) necessary for risk and vulnerability analysis of security incidents. Currently, little is known about the relative importance of KSAs or tools used in vulnerability assessment and management, which leads to inefficiencies in education, personnel selection, and research. We interviewed 38 cybersecurity professionals to determine which KSAs are most important in Vulnerability Assessment and Management work. Of the 31 KSAs, 12 were rated as being significantly important to Vulnerability Assessment and Management work and indicate that four key areas should be prioritized in education, recruitment, and research: 1) knowledge of and skills in identifying vulnerabilities and robustness of systems and applications; 2) conceptual familiarity with classes of attacks and attack stages; 3) knowledge of and skills in penetration testing principles and tools; and 4) knowledge of network traffic and network protocols.
UR - http://www.scopus.com/inward/record.url?scp=85072748536&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:85072748536
T3 - Proceedings of the Human Factors and Ergonomics Society
SP - 709
EP - 713
BT - 62nd Human Factors and Ergonomics Society Annual Meeting, HFES 2018
PB - Human Factors and Ergonomics Society Inc.
Y2 - 1 October 2018 through 5 October 2018
ER -