The knowledge, skills, and abilities used by penetration testers: Results of interviews with cybersecurity professionals in vulnerability assessment and management

Miriam E. Armstrong; Keith S. Jones; Akbar Siami Namin; David C. Newton

The knowledge, skills, and abilities used by penetration testers: Results of interviews with cybersecurity professionals in vulnerability assessment and management

Miriam E. Armstrong, Keith S. Jones, Akbar Siami Namin, David C. Newton

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

5 Scopus citations

Abstract

There is a growing need for cybersecurity professionals with the knowledge, skills and abilities (KSAs) necessary for risk and vulnerability analysis of security incidents. Currently, little is known about the relative importance of KSAs or tools used in vulnerability assessment and management, which leads to inefficiencies in education, personnel selection, and research. We interviewed 38 cybersecurity professionals to determine which KSAs are most important in Vulnerability Assessment and Management work. Of the 31 KSAs, 12 were rated as being significantly important to Vulnerability Assessment and Management work and indicate that four key areas should be prioritized in education, recruitment, and research: 1) knowledge of and skills in identifying vulnerabilities and robustness of systems and applications; 2) conceptual familiarity with classes of attacks and attack stages; 3) knowledge of and skills in penetration testing principles and tools; and 4) knowledge of network traffic and network protocols.

Original language	English
Title of host publication	62nd Human Factors and Ergonomics Society Annual Meeting, HFES 2018
Publisher	Human Factors and Ergonomics Society Inc.
Pages	709-713
Number of pages	5
ISBN (Electronic)	9781510889538
State	Published - 2018
Event	62nd Human Factors and Ergonomics Society Annual Meeting, HFES 2018 - Philadelphia, United States Duration: Oct 1 2018 → Oct 5 2018

Publication series

Name	Proceedings of the Human Factors and Ergonomics Society
Volume	2
ISSN (Print)	1071-1813

Conference

Conference	62nd Human Factors and Ergonomics Society Annual Meeting, HFES 2018
Country/Territory	United States
City	Philadelphia
Period	10/1/18 → 10/5/18

Cite this

Armstrong, M. E., Jones, K. S., Namin, A. S., & Newton, D. C. (2018). The knowledge, skills, and abilities used by penetration testers: Results of interviews with cybersecurity professionals in vulnerability assessment and management. In 62nd Human Factors and Ergonomics Society Annual Meeting, HFES 2018 (pp. 709-713). (Proceedings of the Human Factors and Ergonomics Society; Vol. 2). Human Factors and Ergonomics Society Inc..

Armstrong, Miriam E. ; Jones, Keith S. ; Namin, Akbar Siami et al. / The knowledge, skills, and abilities used by penetration testers : Results of interviews with cybersecurity professionals in vulnerability assessment and management. 62nd Human Factors and Ergonomics Society Annual Meeting, HFES 2018. Human Factors and Ergonomics Society Inc., 2018. pp. 709-713 (Proceedings of the Human Factors and Ergonomics Society).

@inproceedings{d7d66634d8054a66b8b3735eb4f21044,

title = "The knowledge, skills, and abilities used by penetration testers: Results of interviews with cybersecurity professionals in vulnerability assessment and management",

abstract = "There is a growing need for cybersecurity professionals with the knowledge, skills and abilities (KSAs) necessary for risk and vulnerability analysis of security incidents. Currently, little is known about the relative importance of KSAs or tools used in vulnerability assessment and management, which leads to inefficiencies in education, personnel selection, and research. We interviewed 38 cybersecurity professionals to determine which KSAs are most important in Vulnerability Assessment and Management work. Of the 31 KSAs, 12 were rated as being significantly important to Vulnerability Assessment and Management work and indicate that four key areas should be prioritized in education, recruitment, and research: 1) knowledge of and skills in identifying vulnerabilities and robustness of systems and applications; 2) conceptual familiarity with classes of attacks and attack stages; 3) knowledge of and skills in penetration testing principles and tools; and 4) knowledge of network traffic and network protocols.",

author = "Armstrong, {Miriam E.} and Jones, {Keith S.} and Namin, {Akbar Siami} and Newton, {David C.}",

note = "Funding Information: This work was supported by the National Science Foundation under award number DGE: 1516636. The authors would like to thank Dennis Harris and Max Ogunfunwa for their data collection efforts. Publisher Copyright: {\textcopyright} 2018 Human Factors an Ergonomics Society Inc.. All rights reserved.; null ; Conference date: 01-10-2018 Through 05-10-2018",

year = "2018",

language = "English",

series = "Proceedings of the Human Factors and Ergonomics Society",

publisher = "Human Factors and Ergonomics Society Inc.",

pages = "709--713",

booktitle = "62nd Human Factors and Ergonomics Society Annual Meeting, HFES 2018",

}

Armstrong, ME, Jones, KS , Namin, AS & Newton, DC 2018, The knowledge, skills, and abilities used by penetration testers: Results of interviews with cybersecurity professionals in vulnerability assessment and management. in 62nd Human Factors and Ergonomics Society Annual Meeting, HFES 2018. Proceedings of the Human Factors and Ergonomics Society, vol. 2, Human Factors and Ergonomics Society Inc., pp. 709-713, 62nd Human Factors and Ergonomics Society Annual Meeting, HFES 2018, Philadelphia, United States, 10/1/18.

The knowledge, skills, and abilities used by penetration testers : Results of interviews with cybersecurity professionals in vulnerability assessment and management. / Armstrong, Miriam E.; Jones, Keith S.; Namin, Akbar Siami et al.

62nd Human Factors and Ergonomics Society Annual Meeting, HFES 2018. Human Factors and Ergonomics Society Inc., 2018. p. 709-713 (Proceedings of the Human Factors and Ergonomics Society; Vol. 2).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - The knowledge, skills, and abilities used by penetration testers

AU - Armstrong, Miriam E.

AU - Jones, Keith S.

AU - Namin, Akbar Siami

AU - Newton, David C.

N1 - Funding Information: This work was supported by the National Science Foundation under award number DGE: 1516636. The authors would like to thank Dennis Harris and Max Ogunfunwa for their data collection efforts. Publisher Copyright: © 2018 Human Factors an Ergonomics Society Inc.. All rights reserved.

PY - 2018

Y1 - 2018

N2 - There is a growing need for cybersecurity professionals with the knowledge, skills and abilities (KSAs) necessary for risk and vulnerability analysis of security incidents. Currently, little is known about the relative importance of KSAs or tools used in vulnerability assessment and management, which leads to inefficiencies in education, personnel selection, and research. We interviewed 38 cybersecurity professionals to determine which KSAs are most important in Vulnerability Assessment and Management work. Of the 31 KSAs, 12 were rated as being significantly important to Vulnerability Assessment and Management work and indicate that four key areas should be prioritized in education, recruitment, and research: 1) knowledge of and skills in identifying vulnerabilities and robustness of systems and applications; 2) conceptual familiarity with classes of attacks and attack stages; 3) knowledge of and skills in penetration testing principles and tools; and 4) knowledge of network traffic and network protocols.

AB - There is a growing need for cybersecurity professionals with the knowledge, skills and abilities (KSAs) necessary for risk and vulnerability analysis of security incidents. Currently, little is known about the relative importance of KSAs or tools used in vulnerability assessment and management, which leads to inefficiencies in education, personnel selection, and research. We interviewed 38 cybersecurity professionals to determine which KSAs are most important in Vulnerability Assessment and Management work. Of the 31 KSAs, 12 were rated as being significantly important to Vulnerability Assessment and Management work and indicate that four key areas should be prioritized in education, recruitment, and research: 1) knowledge of and skills in identifying vulnerabilities and robustness of systems and applications; 2) conceptual familiarity with classes of attacks and attack stages; 3) knowledge of and skills in penetration testing principles and tools; and 4) knowledge of network traffic and network protocols.

UR - http://www.scopus.com/inward/record.url?scp=85072748536&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:85072748536

T3 - Proceedings of the Human Factors and Ergonomics Society

SP - 709

EP - 713

BT - 62nd Human Factors and Ergonomics Society Annual Meeting, HFES 2018

PB - Human Factors and Ergonomics Society Inc.

Y2 - 1 October 2018 through 5 October 2018

ER -

Armstrong ME, Jones KS , Namin AS, Newton DC. The knowledge, skills, and abilities used by penetration testers: Results of interviews with cybersecurity professionals in vulnerability assessment and management. In 62nd Human Factors and Ergonomics Society Annual Meeting, HFES 2018. Human Factors and Ergonomics Society Inc. 2018. p. 709-713. (Proceedings of the Human Factors and Ergonomics Society).

The knowledge, skills, and abilities used by penetration testers: Results of interviews with cybersecurity professionals in vulnerability assessment and management

Abstract

Publication series

Conference

Other files and links

Fingerprint

Cite this