Co-design Collaborative Partnership: WiCyS Australia and LaTrobe

Professor Leanne Ngo is a supporter of WiCyS Australia, and together with our affiliate she led a workshop on Human Factors in Cybersecurity. Here is her summary of this event:

WiCyS Australia and La Trobe University partnered in a co-design Human Factors in Cybersecurity workshop, holding a hybrid session with industry and academia. Collaborating, the workshop aimed to define the importance of human factors in cybersecurity and identify the essential knowledge and transferable job-ready skills required and discovering teaching and learning activities and assessment approaches. By bringing together academic and industry thought leaders, the shared objective was to bridge the cyber skills gap and empower the next generation of cybersecurity professionals with industry-relevant insights and practical skills.

Here are some of the key discussion points in the workshop.

In the sphere of Human Factors in Cybersecurity, industry and academia highlighted the following 'knowledge' job-ready skills:

1.     Psychological insights and decision making: Comprehending how individual cognition, emotions, and personality traits influence cybersecurity decisions and vulnerabilities.

2.     Sociology and anthropology: Understanding of how societal structures, community norms, and human behaviours collectively influence the cybersecurity landscape. This includes the role of cultural contexts, social and group dynamics, and societal norms in shaping cybersecurity practices on cyber threats and security measures.

3.     Cybercrime models, hacker motivations, and threat models: Acquiring knowledge about the strategies and tactics used by cybercriminals, comprehending hacker motivations, and understanding the importance of threat modelling for pre-emptive security planning and effective response management.

4.     Risk management and incident response: Grasping the nuances of identifying, evaluating, and prioritising risks, including handling incident response effectively. This skill is fundamental to proactive and reactive cybersecurity strategies within organisations.

5.     Understanding financial implications in cybersecurity: Learning to comprehend the financial and economic repercussions associated with cybersecurity measures, data breaches, and their remediation. This insight is essential to evaluate the cost-effectiveness and strategic allocation of resources in a cybersecurity program.

6.     Cultivating organisational behaviour change: Developing strategies to nurture an effective cybersecurity culture within organisations, promoting engagement, communication, and awareness. The goal is to influence long-term behavioural shifts that enhance an organisation's cybersecurity resilience.

7.     Secure design ethics: Appreciating the importance of designing secure products from inception, with an understanding of potential biases. Recognising the importance of proactive measures in cybersecurity and the need to mitigate inherent biases that could compromise the design's integrity.

8.     Synthetic and digital ethics: Understanding the ethical implications and considerations when working with artificial intelligence and navigating the digital world.

9.     Human factors in computer interface design: Probing the interplay between user behaviours, preferences, cognitive abilities, and system design to minimise security risks attributed to human error.

10.   ‘Human firewall’ and cyber resilience: Understanding the role each individual plays as a 'human firewall' in securing an organisation, the potential risks posed by insider threats, and fostering cybersecurity resilience within diverse communities.

These skills collectively offer a comprehensive understanding of the intricacies involved in the human factors in cybersecurity, preparing aspiring cyber security professionals for the complex challenges they may face in their professional journey.

Equally crucial is the emphasis on building transferable job-ready skills. These were the key essentials discussed by both industry and academia:

1.     Working under pressure: This skill is vital in cybersecurity as professionals often need to respond swiftly and efficiently to security breaches and cyber threats that require immediate attention.

2.     Resilience: Cybersecurity professionals face constant challenges from evolving threats and must have the resilience to adapt and overcome setbacks.

3.     Professional skills: Mastery of professional skills such as project management, interpersonal communication, and ethical decision-making is critical in the multi-disciplinary cybersecurity field.

4.     Critical analysis: Cybersecurity requires the ability to critically analyse data, detect patterns, and make informed decisions, making this skill integral to the profession.

5.     Negotiation: Effective negotiation skills are essential in cybersecurity for various scenarios, such as securing resources for security measures or handling incidents with different stakeholders.

6.     Succinct communication for executives: The ability to communicate complex cybersecurity issues clearly and concisely to non-technical stakeholders, like executives, is crucial to ensure understanding and support for security initiatives.

7.     Problem solving: Given the dynamic nature of cybersecurity threats, professionals in this field must possess the ability to solve complex and unpredictable problems swiftly and effectively.

8.     Resourcefulness and enterprising: Cybersecurity professionals need to be inventive and adaptive, able to find solutions in resource-constrained situations and anticipate potential security issues before they arise. This enterprising spirit can lead to innovative strategies for tackling cybersecurity challenges.

9.     Teamwork and diversity skills: Crucial for collaborative problem-solving in cybersecurity, enabling effective coordination and leveraging diverse perspectives. This includes the ability to work harmoniously with people from various backgrounds, experiences, and skill levels.

10.  Creativity and out-of-the-box thinking: where threats constantly evolve, this skill allows for the development of innovative solutions and unique approaches to tackle new and unanticipated challenges. It involves seeing beyond the conventional methods and leveraging creative problem-solving strategies.

11.  Learning agility: Given the rapidly evolving nature of the cybersecurity landscape, possessing the ability to learn quickly and adapt to new information, tools, technologies, or threats is crucial. This encompasses staying abreast of industry developments and adjusting strategies or methods as necessary.

How do we go about teaching and assessing this?

The workshop emphasised assurance of learning and assessment security in cybersecurity education, aligning authentic assessment strategies with desired human factors knowledge and skills.  Maintaining assessment integrity and confidentiality is crucial for credibility and developing reliable cybersecurity professionals.

Authentic assessment evaluates students' real-world knowledge, skills, and abilities through practical tasks mirroring professional challenges. It encourages hands-on projects resembling real-world scenarios, moving away from standardised tests and memorisation. Reflection, feedback, and scaffolded learning enhance the process, enabling students to demonstrate their understanding effectively.

Examples of authentic assessments could include case studies, real-world projects, simulations, role-plays, oral presentations, inquiry-based learning, work-based ‘hands-on’ experiences and building a digital portfolio of evidence curating and showcasing relevant assets and professional skills. These assets could take the form of writing an executive proposal for the CEO, curation of relevant assets and professional skills, creating a digital poster for a security awareness campaign, or crafting an article for a blog to promote cyber awareness. These multimodal forms of assessments not only measure students' understanding but also prepares them for real-world challenges, helping to bridge the gap between academia and professional practice.

Active learning opportunities were emphasised, for example, promoting engagement through digital escape rooms, gamification, and capture the flag competitions. These activities develop resilience, teamwork, and critical problem-solving skills, highlighting the impact of human behaviour on cybersecurity outcomes.

Summary and call to action.

The dialogue was underpinned by a shared belief in the importance of ongoing collaboration and partnership between industry, academia, and the broader cybersecurity community. Our shared endeavour aims to address and ultimately close the cybersecurity skills gap. WiCys Australia and La Trobe University are thrilled to explore this critical dialogue, shaping the next wave of cybersecurity professionals to meet the dynamic demands of our cybersecurity landscape.

At the core of cybersecurity are human factors. Cultivating a culture of care and encouraging a profound passion for protecting our digital ecosystem are fundamental. Everyone's contribution can make a real difference.

The ongoing partnership between industry and academia in cybersecurity is of paramount importance. The co-design workshop showcased the value of bringing together diverse perspectives to address challenges and develop job-ready skills. Continuing collaboration ensures relevant and up-to-date cybersecurity education, closing the skills gap, and fostering a skilled workforce to safeguard our digital world.

We are excited to deepen this dialogue, explore new insights, and cultivate job-ready skills in the evolving field of cybersecurity. Together, we can build a stronger, more secure digital world.

Thank you for your commitment, and let's keep moving forward, together.

Associate Professor Leanne Ngo

Coordinator, Online Programs Computer Sciences & IT

School of Computing, Engineering and Mathematical Sciences
La Trobe University

Professor Ngo is speaking at the Cybercon conference in October, and one of her presentation topics is on closing the cyber skills divide with a focus on education innovation. A key emphasis of my talk is on co-design / partnerships with educational providers, industry, government, and communities.