Organizational Impacts to Cybersecurity Expertise Development and Maintenance

Expertise shortages in cybersecurity operations in part may due to organizational factors that encumber expertise development and maintenance. Using an online survey approach with 157 cybersecurity professionals, we began a validation effort of 23 organizational factors discovered in prior job analysis research that enhanced or encumbered cybersecurity expertise development and maintenance. Ratings were collected on the frequency of personal experience with each factor, the effect of that factor on one’s own development (enhanced or encumbered), and the relevance of that factor to expertise development of cybersecurity professionals in general. Missing factors were also solicited. Chi-square tests of association between frequency and effect were conducted followed by a Cramer’s V calculation of effect size and 21/23 factors were statistically significant. The findings with the highest effect sizes indicated that when time, resources and proper management were not available, expertise development was encumbered. Many of the additional factors solicited overlapped with our findings; including encumbrances due to training and resource constraints, lack of work-life balance, etc. We hope these findings will inform organizations about the impact each has on cybersecurity expertise development and maintenance. Future research needs to determine whether requirements for experts are any different from normal organizational personnel.