ADVANCES

The main objective is to advance the performance of the cybersecurity (CS) specialist by identifying possible improvements from three different perspectives: by regarding the human as a biological entity, by analyzing behaviour patterns of the person, and by addressing the necessary knowledge and skills of the cybersecurity specialist.

The project is based on a hypothesis that it is possible to map cyber competencies required to solve cyber-crime, defend infrastructure, or be resilient to cyber-abuse and then to develop a rational competence improvement path for a CS specialist. When dealing with critical infrastructures or handling life mission-critical support systems, tools that enable the assessment of human traits or inherent risks are non-existent, or research components are not validated scientifically.

The envisioned results include:

• Identification of key performance indicators in individual/team level training/exercises to develop an evidence base for a comprehensive assessment of cyber competences.
• Development of methods to assess and predict the performance of a human in individual tasks and collaborative decision-making environments in cyberspace.
• Development of specific tools to advance the performance of a human in learning to cope with challenges during stressful situations that require technological knowledge.

Most cyber incidents occur to human error. Therefore, risk assessment strategies should consider digital assets and challenges that lead to risks due to individual human characteristics under certain conditions, e.g., in stressful situations during crises. The initial project’s paper [1] presented a theoretical ontology-based model as a basis for a human trait semantic network. The built proof-of-the-concept prototype combined artificial intelligence algorithms and psychological questionnaires to demonstrate existing human trait links to cyber hygiene. Another paper [2] presents a holistic architecture to assess human traits and explains the links between the natural human and digital-self using the impulsivity trait example. Also, we deconstructed the stress factor understandable in an everyday setting of the cybersecurity specialist to emphasize the need for personalized training to build resilience against stress as genetics influences reaction to the environment’s triggers [3]. Therefore, in a project, the competence model of the trainee (see Figure~) considers the trainee’s performance (behavior and results) under certain conditions with an impact of personal characteristics during a particular scenario that requires one to play a professional role and apply related competences [4].

The ADVANCES intervention mapping methodology [4],[5] supports the designed competence model. The methodology consists of three building blocks—competence model, course design process, and training environment [5].

The multidimensional approach that combines soft and hard skills, behavior, and cognitive aspects requires redesigning training methods and scenarios to involve trainees and stimulate their interest in cybersecurity [6],[7],[8]. For example, we demonstrated that a penetration testing course for military cadets with no prior technical skills could increase their interest in a cybersecurity career [6] if it was designed using the experiential learning paradigm, thus, making an additional professional development path. The developed CyberEscape approach [7] is based on the hybrid training environment with physical elements and virtual infrastructure to simulate the Computer Security Incident Response Team (CSIRT) tasks. The execution results showed the approach’s value in increasing self-efficacy and engagement, stimulating critical thinking, and fostering collaboration and communication skills.

The project research scope involves an educational environment and professional training, i.e., cyber defense exercises. Thus, the ontology was developed to overcome the knowledge management gap [9]. Finally, we introduce the multidimensional approach for a cyber defense exercise based on the event cycle, stakeholders’ goals, and necessary social, emotional, and cognitive aspects [8]. The approach ensures psychological safety, motivation, and other event ingredients to achieve training goals.

[1] A. Jurevičienė, A. Brilingaitė, and L. Bukauskas, “Digital human in cybersecurity risk assessment,” in Augmented cognition - 15th international conference, AC, held as part of the 23rd HCI international conference, HCII, proceedings, in Lecture notes in computer science, vol. 12776. Springer, 2021, pp. 418–432. doi: 10.1007/978-3-030-78114-9_29.

[2] L. Ambrozaitytė, A. Brilingaitė, L. Bukauskas, I. Domarkienė, and T. Rančelis, “Human characteristics and genomic factors as behavioural aspects for cybersecurity,” in Augmented cognition - 15th international conference, AC, held as part of the 23rd HCI international conference, HCII, proceedings, in Lecture notes in computer science, vol. 12776. Springer, 2021, pp. 333–350. doi: 10.1007/978-3-030-78114-9_23.

[3] I. Domarkienė et al., “CyberGenomics: Application of behavioral genetics in cybersecurity,” Behavioral Sciences, vol. 11, no. 11, p. p. 15, 2021, doi: 10.3390/bs11110152.

[4] R. Pirta-Dreimane et al., “Application of intervention mapping in cybersecurity education design,” Frontiers in Education, vol. 7, p. p. 12, 2022, doi: 10.3389/feduc.2022.998335.

[5] R. Pirta-Dreimane, A. Brilingaitė, E. Roponena, and K. Parish, “Multi-dimensional cybersecurity education design: A case study,” in IEEE intl. Conf. On dependable, autonomic and secure computing, intl. Conf. On pervasive intelligence and computing, intl. Conf. On cloud and big data computing, intl. Conf. On cyber science and technology congress, dasc/picom/cbdcom/cyberscitech, IEEE, 2022, pp. 1–8. doi: 10.1109/DASC/PiCom/CBDCom/Cy55231.2022.9927931.

[6] A. Melnikovas, R. G. Lugo, K. Maennel, A. Brilingaitė, S. Sütterlin, and A. Juozapavičius, “Teaching pentesting to social sciences students using experiential learning techniques to improve attitudes towards possible cybersecurity careers,” in Proc. Of the 22nd european conference on cyber warfare and security, Jun. 2023, pp. 294–302. doi: 10.34190/eccws.22.1.1145.

[7] R. Pirta-Dreimane et al., “CyberEscape approach to advancing hard and soft skills in cybersecurity education,” in Proc. Of the 25th HCI international conference, july 2023 (lncs series), Springer, 2023, p. 19. Available: https://hdl.handle.net/11250/3051549

[8] K. Maennel et al., “A multidimensional cyber defense exercise: Emphasis on emotional, social, and cognitive aspects,” SAGE Open, vol. 13, no. 1, p. p. 12, 2023, doi: 10.1177/21582440231156367.

[9] G. Babayeva, K. Maennel, and O. M. Maennel, “Building an ontology for cyber defence exercises,” in IEEE european symposium on security and privacy, euros&P, IEEE, 2022, pp. 423–432. doi: 10.1109/EuroSPW55150.2022.00050.

[10] G. Majore, L. Bukauskas, S. Sutterlin and A. Brilingaitė, “Advancing Human Performance in Cybersecurity, ADVANCES,” RPE@CAiSE’23: Research Projects Exhibition at the International Conference on Advanced Information Systems Engineering, June 12–16, 2023, Zaragoza, Spain.