Do you need a “security mindset”? (Article Review)

Posted by jalva018 on
I decided to review this article about researchers questioning cybersecurity workers about whether they have a “security mindset” and whether they’re capable of doing the job. The researchers believe that the security mindset is important, especially if you’re working in a cybersecurity field, because it allows you to investigate problems easily. A common way of describing a security mindset is “thinking like an attacker” and “recognizing how something can be used maliciously or broken” (pg. 2). Researchers interviewed 21 cybersecurity professionals and all 21 of them said that they have a security mindset. The researchers gathered the results and identified three aspects of having a security mindset and that is monitoring, investigating, and evaluation. Monitoring and investigating was the best aspect that all 21 professionals felt that they have in their mindset because they automatically and unconsciously spotted security flaws in the digital world around them (pg. 5). The researchers also asked them how they believe they got their security mindset. Most of them answered by naturally being aroused by curiosity and it makes them investigate things further more (pg. 7).

Having a security mindset connects with cybersecurity well because it motivates them to investigate security issues and other flaws within the security system, and it is all motivated by curiosity. Although it isn’t a requirement to have a security mindset when applying for a cybersecurity position, it is an added bonus that will help your job a lot more and others who may not have that kind of mindset. Not everybody has that same kind of mentality when doing their job, which could raise some concern for those who aren’t motivated to do their job to protect their security systems. But it is a great advantage to have a security mindset for this kind of work.

Security mindset relates to some concepts from the class by discussing what skills a good cybersecurity professional must have. Similarly, a security mindset is about “thinking like an attacker”. This means that a good professional has to know what flaws there are in their own security database.

References:
Schoenmakers, Koen et al., “The Security Mindset: Characteristics, Development, and Consequences”, Journal of Cybersecurity, vol. 9, 1, 2023, https://doi.org/10.1093/cybsec/tyad010

https://academic.oup.com/cybersecurity/article/9/1/tyad010/7147623?searchresult=1

Leave a Reply

Your email address will not be published. Required fields are marked *