Work Practices of Cyber Security Professionals
Dear Sir/Madam, I am a university researcher who is investigating the development of new, usable tools that will improve the work practices of cyber security professionals. As a first step to achieve this goal, I am undertaking a survey to gain an in-depth understanding of the day-to-day activities of cyber security professionals. The targeted participants for this survey are those who perform security related activities as a part of their job (e.g. security analysts, network administrators, penetration testers). I would be very grateful if you could spare some time and complete this short (10 minutes) survey for me. It can be accessed at the following link: http://edu.surveygizmo.com/s3/1536165/Work-Practices-of-Cyber-Security-Profe... If you have questions or concerns about this research, please contact me ( Muhammad.Adnan@gcu.ac.uk) or my Ph.D. supervisor Dr. Mike Just ( Mike.Just@gcu.ac.uk), both at the Interactive and Trustworthy Technologies research group (http://www.ittgroup.org/), Glasgow Caledonian University, UK. Kind regards, Adnan
On Mon, 17 Feb 2014 15:27:25 +0000, Muhammad Adnan said:
I am a university researcher who is investigating the development of new, usable tools that will improve the work practices of cyber security professionals. As a first step to achieve this goal, I am undertaking a survey to gain an in-depth understanding of the day-to-day activities of cyber security professionals. The targeted participants for this survey are those who perform security related activities as a part of their job (e.g. security analysts, network administrators, penetration testers).
Several comments: 1) If you're including network admins, you should also make sure to get system admins (though you'll be more successful asking elsewhere for those). 2) Having worn at least a partial hat of all those along my careeer, I'm curious what sort of tools will improve work practices for all the groups concerned. Probably the only place you'll find much overlap is in record keeping - but even there the record keeping that a sysadmin needs to do for changelogging their boxes is fairly different from what security analysts working an incident and pen testers engaged in a test will need. There's also the problem that many sites have their change logging integrated into their version control system or other workflow software already... Good luck!
1) If you're including network admins, you should also make sure to get system admins (though you'll be more successful asking elsewhere for
Dear Valdis, those). We are also targeting system admins. As I mentioned in my e-mail, "targeted participants for this survey are those who perform security related activities as a part of their job". After this sentence, I mentioned a couple of roles as an example. By those examples I meant "including but not limited to".
2) Having worn at least a partial hat of all those along my career, I'm curious what sort of tools will improve work practices for all the groups concerned.
The goal of this project is not to improve the work practices for all the groups concerned. Instead, our aim is to first find out what cyber security professionals (we are using this term to define anyone who performs security related activities) do on day-to-day basis and which of their activities are relatively significant (i.e. performed frequently and require more time) than others. Once we establish that, then we will pick a couple of relatively significant activities from their workflow and build tools for those activities, following a user-centered design process. But, to get to that stage we first need to know that cyber security professionals do, how often they do that, and how much time they spend on doing that. Hope that answers you questions. Feel free to ask if you have anymore. Best wishes, Adnan On Tue, Feb 18, 2014 at 2:28 PM, <Valdis.Kletnieks@vt.edu> wrote:
On Mon, 17 Feb 2014 15:27:25 +0000, Muhammad Adnan said:
I am a university researcher who is investigating the development of new, usable tools that will improve the work practices of cyber security professionals. As a first step to achieve this goal, I am undertaking a survey to gain an in-depth understanding of the day-to-day activities of cyber security professionals. The targeted participants for this survey are those who perform security related activities as a part of their job (e.g. security analysts, network administrators, penetration testers).
Several comments:
1) If you're including network admins, you should also make sure to get system admins (though you'll be more successful asking elsewhere for those).
2) Having worn at least a partial hat of all those along my careeer, I'm curious what sort of tools will improve work practices for all the groups concerned. Probably the only place you'll find much overlap is in record keeping - but even there the record keeping that a sysadmin needs to do for changelogging their boxes is fairly different from what security analysts working an incident and pen testers engaged in a test will need. There's also the problem that many sites have their change logging integrated into their version control system or other workflow software already...
Good luck!
participants (2)
-
Muhammad Adnan -
Valdis.Kletnieks@vt.edu