The costs of cybersecurity breaches are staggering. A recent estimate placed the average cost to an organization hit by a cyberattack at nearly $13 million—9 percent more than just one year earlier.1
The danger is clear, and yet the threat seems to have caught many organizations flat-footed. Consider the following:
- Hundreds of thousands of cyber jobs in the U.S. are currently vacant.
- Postings for cyber jobs take longer to fill than postings in general.
- Many cybersecurity experts warn that employees present as much of a threat as outside hackers.
These figures illustrate a stark reality: the cyber threat is a people challenge. Our work has helped organizations recruit and hire the people who can help prevent cyberattacks, and has also led to a better understanding of who is likely to perpetrate such attacks.
Growing Cyber Talent
HumRRO’s expertise includes every part of the cyber talent equation: understanding the requirements of cyber jobs, helping students and employees match their skills to those requirements, and finding the right people to fill cyber jobs.
Understanding Cyber Jobs. We have gained rich insight into cyber job requirements through a variety of sources. As one example, we conducted a comprehensive job analysis of the special agents who work in the cyber field for the Federal Bureau of Investigation. Additionally, our work helping populate the Occupational Information Network (O*NET) affords us an ideal opportunity to understand the fundamentals of cyber occupations.
Exploring Cyber Careers. Over 80% of millennials report that no high school teacher or guidance counselor ever discussed cyber careers with them.2 Our career exploration work helps close this gap. We played a central role in creating YouScience’s Latitude system—a groundbreaking online tool that helps students identify their interests and aptitudes and find college majors and occupations that fit them, including cyber careers. We also developed federal career exploration systems that allow users to assess how their education, experience, skills, and interests fit with hundreds of different occupations, including cyber.
Assessing Cyber Talents. In the coming years, the cyber workforce is expected to grow at three times the rate of other sectors.3 We understand how to effectively assess the talents needed for cyber jobs using methods ranging from innovative rich-media simulations to more traditional knowledge and ability-based assessments. We recently developed a knowledge test to select entry-level cyber professionals that is currently being administered to tens of thousands of applicants a year.
Unlocking The Cyber Threat Mindset
We have also been instrumental in helping organizations identify “insider threats”—employees who steal confidential data or sabotage critical information systems. HumRRO served on a team of multidisciplinary researchers funded by the Defense Advanced Research Projects Agency (DARPA) to develop models for predicting and detecting malicious insider attacks.
Understanding how people perpetrate a cyberattack is important. However, understanding why they engage in damaging cyber behavior is equally critical and often overlooked by cybersecurity professionals. Our research on insider threats has found the following:
- People with a certain personality profile are particularly likely to engage in malicious cyber behavior.
- Personality data is not enough to predict insider threats. More often than not, dynamic situational or environmental factors serve as triggers (e.g., life or work stressors), increasing the risk of insider attacks.
Our insider threat work involves complex statistical analyses, including Bayesian analyses, data simulations, and structural equation models. These tools are examples of our rich quantitative technical expertise, which allows us to formulate unique and creative approaches to thorny measurement and assessment challenges.
We are well-known for our technical rigor, integrity, and collaborative approach to working with clients in the cyber domain and beyond. Our research and methodological expertise, coupled with a deep understanding of the environment, constraints, and vision of our client organizations allow us to work in partnership to create effective solutions.
1Ponemon 2014 Cost of Cyber Crime Study
2Preparing Millennials to Lead in Cyberspace (Raytheon)
3Bureau of Labor Statistics Occupational Outlook Handbook (2014-2015)