skip to main content
OSTI.GOV title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: Investigating the Relationship between Need for Cognition and Skill in Ethical Hackers

Abstract

As technology gets more complex and increasingly connected, there is an increasing concern with cyber security. There is also a growing demand for cyber security professionals. Unfortunately there currently are not enough skilled professionals to meet that demand. In order to prepare the next generation of cyber security professionals to meet this demand, we need to understand what characteristics make skilled cyber security professionals. For this work, we focus on professionals who take an offensive approach to cyber security, so called ethical hackers. These hackers utilize many of the same skills that the adversaries that we defend against would use, with the goal of identifying vulnerabilities and address them before they are exploited by adversaries. A commonly held belief among ethical hackers is that hackers must possess exceptional curiosity and problem solving skills in order to be successful. Curiosity is has been studied extensively in psychology, but there is no consensus on what it is and how to measure it. Further, many existing inventories for assessing curiosity are targeted at measuring curiosity in children. Although there isn’t an accepted standard to assess curiosity in adults, a related construct, called Need for Cognition (may capture what is meant when people speakmore » of curiosity. The Need for Cognition scale also captures the tendency toward preferring complex problems (which correlates with good problem solving skills), which may provide insight into what make skilled hackers. In addition to the Need for Cognition, we used a structured interview to assess hacker skill. Hackers rated their own skill on a scale from one to ten on a predefined list of hacker skills. They were then asked to rate a peer who they felt was most skilled in each of the skills. They were asked to rate two peers for each skill, one that they worked with directly and one person that was the most skilled in the field (these could be known by reputation only). The hypothesis is that hackers have a higher than average (i.e., compared to non-hackers) Need for cognition and that Need for Cognition will be positively correlated with self-reported and peer reported skill. We interviewed 20 cyber security researchers who specialize in offensive approaches. Based on the responses to the hacker skill inventory, we generated a self-reported skill score for each participant. We also developed a peer-rating for each participant based on the number of times each individual that was interviewed was named as the most skilled in a particular area. The results indicate that the sample of ethical hackers has a high Need for Cognition and that Need for cognition was related to both self-reported skill and peer-reported skill. The results are discussed in the context of training and recruitment of cyber security professionals.« less

Authors:
;
Publication Date:
Research Org.:
Idaho National Lab. (INL), Idaho Falls, ID (United States)
Sponsoring Org.:
USDOE Office of Nuclear Energy (NE)
OSTI Identifier:
1358196
Report Number(s):
INL/CON-15-37384
Journal ID: 978-3-319-41932-9
DOE Contract Number:  
DE-AC07-05ID14517
Resource Type:
Conference
Resource Relation:
Journal Name: Part of the Advances in Intelligent Systems and Computing; Journal Volume: 501; Conference: 7th International Conference on Applied Human Factors and Ergonomics, Florida, USA, July 27–31, 2016
Country of Publication:
United States
Language:
English
Subject:
99 GENERAL AND MISCELLANEOUS; Curiosity; Cyber Security; Hacker; Need for Cognition; Skill

Citation Formats

Le Blanc, Katya, and Freeman, Sarah. Investigating the Relationship between Need for Cognition and Skill in Ethical Hackers. United States: N. p., 2016. Web. doi:10.1007/978-3-319-41932-9_18.
Le Blanc, Katya, & Freeman, Sarah. Investigating the Relationship between Need for Cognition and Skill in Ethical Hackers. United States. doi:10.1007/978-3-319-41932-9_18.
Le Blanc, Katya, and Freeman, Sarah. Fri . "Investigating the Relationship between Need for Cognition and Skill in Ethical Hackers". United States. doi:10.1007/978-3-319-41932-9_18. https://www.osti.gov/servlets/purl/1358196.
@article{osti_1358196,
title = {Investigating the Relationship between Need for Cognition and Skill in Ethical Hackers},
author = {Le Blanc, Katya and Freeman, Sarah},
abstractNote = {As technology gets more complex and increasingly connected, there is an increasing concern with cyber security. There is also a growing demand for cyber security professionals. Unfortunately there currently are not enough skilled professionals to meet that demand. In order to prepare the next generation of cyber security professionals to meet this demand, we need to understand what characteristics make skilled cyber security professionals. For this work, we focus on professionals who take an offensive approach to cyber security, so called ethical hackers. These hackers utilize many of the same skills that the adversaries that we defend against would use, with the goal of identifying vulnerabilities and address them before they are exploited by adversaries. A commonly held belief among ethical hackers is that hackers must possess exceptional curiosity and problem solving skills in order to be successful. Curiosity is has been studied extensively in psychology, but there is no consensus on what it is and how to measure it. Further, many existing inventories for assessing curiosity are targeted at measuring curiosity in children. Although there isn’t an accepted standard to assess curiosity in adults, a related construct, called Need for Cognition (may capture what is meant when people speak of curiosity. The Need for Cognition scale also captures the tendency toward preferring complex problems (which correlates with good problem solving skills), which may provide insight into what make skilled hackers. In addition to the Need for Cognition, we used a structured interview to assess hacker skill. Hackers rated their own skill on a scale from one to ten on a predefined list of hacker skills. They were then asked to rate a peer who they felt was most skilled in each of the skills. They were asked to rate two peers for each skill, one that they worked with directly and one person that was the most skilled in the field (these could be known by reputation only). The hypothesis is that hackers have a higher than average (i.e., compared to non-hackers) Need for cognition and that Need for Cognition will be positively correlated with self-reported and peer reported skill. We interviewed 20 cyber security researchers who specialize in offensive approaches. Based on the responses to the hacker skill inventory, we generated a self-reported skill score for each participant. We also developed a peer-rating for each participant based on the number of times each individual that was interviewed was named as the most skilled in a particular area. The results indicate that the sample of ethical hackers has a high Need for Cognition and that Need for cognition was related to both self-reported skill and peer-reported skill. The results are discussed in the context of training and recruitment of cyber security professionals.},
doi = {10.1007/978-3-319-41932-9_18},
journal = {Part of the Advances in Intelligent Systems and Computing},
number = ,
volume = 501,
place = {United States},
year = {Fri Jul 01 00:00:00 EDT 2016},
month = {Fri Jul 01 00:00:00 EDT 2016}
}

Conference:
Other availability
Please see Document Availability for additional information on obtaining the full-text document. Library patrons may search WorldCat to identify libraries that hold this conference proceeding.

Save / Share: