The Cyber Security Professional
In their 2023 article “Ethical Dilemmas and Privacy Issues in Emerging Technologies: A Review” Dhirani et al. points out that in 2025, 85% of the world’s data will be in the cloud (p. 6). Today’s world is interconnected by technology more than ever. In their research, Dhirani et al. also found that out of 66 companies in California, safety and cybersecurity was cited as a top priority (p.9). It is in this landscape that the cybersecurity field has thrived, and demand for cybersecurity professionals continues to grow. To succeed in the field of cybersecurity, cybersecurity professionals need to be adaptable, analytical, and critical thinkers that communicate well. Successful professionals also demonstrate ethical neutrality, empiricism and parsimony in their work. Finally, archival information and case studies are valuable resources of data for cybersecurity professionals, because of the vast resources of archival data and the major role that the human factor plays in cybersecurity.
What is the Cyber Security Professional?
Before addressing the work that lays ahead of the cybersecurity professional, it is important to understand what makes a good cybersecurity professional. In the article “The Future Cybersecurity Workforce: Going Beyond Technical Skills for Successful Cyber Performance” (2018) Dawson and Thompson describe key traits and attributes that winning cybersecurity professionals and teams possess. Dawson and Thomspon argue that “technical knowledge alone is insufficient to develop our [cybersecurity] workforce. The lack of emphasis on social traits leaves not only a knowledge gap, but a security and retention gap” (p.3). In the realm of cybersecurity, technical understanding and competency is key. In addition to continual education in their practice Dawson and Thompson found that “40 percent of professionals felt that job experience was the highest factor in performance over degree of knowledge/education” (p.3). This professional knowledge as Dawson and Thompson points out, includes proficiency in using the tools and computer systems available for vulnerability analysis (p.4). In addition to this, the cyber professional also needs to have strong social skills in order to determine the correct ethical action in the face of dilemmas, work and communicate with a team, and in order to address one of the major causes of vulnerabilities: insider threats and the human factor (Dawson and Thompson, pg. 4). Insider threats, Dawson and Thompson argue, are “the largest vulnerability on any network” (p.9). The cyber professional needs to be technically proficient to critically recognize and analyze the ever-changing threats that occur in cyberspace, but communication and social skills are important as well to understand the human factor that often opens up these vulnerabilities to attack.
Issues in Cybersecurity
People are at the center of addressing cybersecurity. With dealing with people, ethical issues faced in the realm of cybersecurity call for the cybersecurity professional to be ethically neutral, and to use the social principles of empiricism and parsimony in their work. Dhirani et al. reminds cyber security professionals, “The goal of cybersecurity…is to assist people in mitigating risks in their systems, networks, and data, ensuring security and privacy” (p.2). The human factor in cybersecurity is why empiricism and parsimony are important. Empiricism is important because reliable tangible, evidence-based data that is actionable for the cybersecurity professional and the users in his charge. Parsimony is important for the same reason as empiricism. To respond to the threats and incidents that a cybersecurity professional will face, their communication will need to be understandable by their peers to facilitate collaboration. parsimony is also crucial in providing training and education that is easy to understand for users such as stakeholders, customers and the public that may not understand technical jargon. It is also in the process of serving their customers that cybersecurity professionals are sometimes faced with ethical dilemmas. Dhirani et al points out that cybersecurity professionals can often find themselves in “grey areas’” when it comes to ethical decisions depending on the role they play and for whom (p.4). Because of this distinction, it is important therefore for cybersecurity professionals to be familiar with laws, policies and regulations when acting and making decisions. Cybersecurity professionals need to be familiar with frameworks and policies such as those put forth by cybersecurity centered organizations such as NIST and ISO, as well as those put forth by the government such as the GDPR and CCPA in the United States.
The Importance of Ethical Archival and Case Study Research
In addition to understanding the laws, rules and regulations in the field of cybersecurity for their practice, cyber security professionals should also consider the importance and value of ethical research in understanding and preventing incidents. Of the types of research available to the cybersecurity professionals, archival and case study data is abundant in cyberspace. In their article “Establishing a framework for the ethical and legal use of web scrapers by cybercrime and cybersecurity researchers: learning from a systematic review of Australian research” (2023) Logos et al. addresses how cybersecurity professionals should approach ethical and legal concerns, specifically when it comes to using this resource. Logos et al. points out that the internet is especially attractive for data collection because of the ease that data can be accessed, collected, and analyzed to combat cyber threats and enhance cybersecurity (p.187). It is important that in doing so, cybersecurity professionals cause no harm as well. Cybersecurity professionals need to be careful when using this data however as personal and sensitive data can raise privacy concerns and increase subject risk and depending on the role of the researcher (public or private) they may also place themselves at legal risk depending on applicable local laws (Logos et al., p.208). Knowing local policy is again important for the cybersecurity professional in addition to knowing their customers and subjects they obtain data from and ensuring that data is obtained with consent. Logos et al. also recommend that in order to mitigate this risk, researchers can also reduce harm by “de-identifying and removing all personal information from data that is collected, stored analyzed and reported-ensuring similar practices are undertaken by any overseas agencies the data are shared with” (p.209). By using best practices and being familiar with privacy laws, researchers can utilize ethical methods in research in preventing and understanding cybersecurity threats without creating cybersecurity threats themselves.
Conclusion
In conclusion, cybersecurity professionals need to be competent in their fields and posses the analytical, critical thinking skills to address today’s cybersecurity problems. Due to the human centric nature of cybersecurity however, cybersecurity professionals need to possess good social skills in addressing the threats of today and in preventing the threats of the future. This is accomplished by being familiar with cybersecurity laws and regulations and demonstrating ethical neutrality when combating threats and conducting field research.
References:
Dhirani, L.L., Mukhtiar, N., Chowdry, B.S., Newe, T. (2023). Ethical Dillemas and Privacy Issues in Emerging Technologies: A Review. Sensors. https://doi.org/10.3390/s23031151
Dawson, J. and Thomson R. (2018). The Future Cybersecurity Workforce: Going Beyond Technical Skills for Successful Cyber Performance. Frontiers in Psychology. https://doi.org/10.3389/fpsyg.2018.00744
Logos, K., Brewer, R., Langos, C., and Westlake, B. (2023). Establishing a framework for the ethical and legal use of web scrapers by cybercrime and cybersecurity researchers: learnings from a systematic review of Australian research. International Journal of Law and Informational Technology. https://doi.org/10.1093/ijlit/eaad023