The Work of Cybersecurity Advocates

Haney, Julie M.; Lutters, Wayne G.

doi:10.1145/3027063.3053134

Cited by 13 publications

(8 citation statements)

References 84 publications

(128 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…the new idea either fnds a champion or dies" [59, p. 8]. Prior research acknowledges the role of champions in software teams for promoting the use of software technologies such as Java generics [52,53], usability [46], and security practices [31][32][33].…”

Section: Related Workmentioning

confidence: 99%

“…They can be an experienced hacker who helps testers in fnding vulnerabilities [74], an intermediary between the security and development teams [25,70], or the leader in threat modelling activities [10,63]. They are involved in several security-related activities such as educating other developers [31,33,34,38,73], increasing awareness [19,33,34], and promoting the adoption of technologies [31,32,34].…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Privacy Champions in Software Teams: Understanding Their Motivations, Strategies, and Challenges

Tahaei

Frik

Vaniea

2021

Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems

View full text Add to dashboard Cite

Software development teams are responsible for making and implementing software design decisions that directly impact end-user privacy, a challenging task to do well. Privacy Champions-people who strongly care about advocating privacy-play a useful role in supporting privacy-respecting development cultures. To understand their motivations, challenges, and strategies for protecting end-user privacy, we conducted 12 interviews with Privacy Champions in software development teams. We fnd that common barriers to implementing privacy in software design include: negative privacy culture, internal prioritisation tensions, limited tool support, unclear evaluation metrics, and technical complexity. To promote privacy, Privacy Champions regularly use informal discussions, management support, communication among stakeholders, and documentation and guidelines. They perceive code reviews and practical training as more instructive than general privacy awareness and on-boarding training. Our study is a frst step towards understanding how Privacy Champions work to improve their organisation's privacy approaches and improve the privacy of enduser products. CCS CONCEPTS• Human-centered computing → Empirical studies in collaborative and social computing; • Security and privacy → Usability in security and privacy; • Social and professional topics → Software management.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Privacy Champions in Software Teams: Understanding Their Motivations, Strategies, and Challenges

Tahaei

Frik

Vaniea

2021

Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems

View full text Add to dashboard Cite

show abstract

“…Our results further showed that students are willing to disseminate the course among fellow students, family members, friends, and colleagues. Subsequently, students could act as "cybersecurity advocates: individuals who encourage positive change by promoting and providing guidance on security best practices and technologies" [9]. As such, they are indispensable for increasing security in different ecosystems, even outside the university.…”

Section: Discussionmentioning

confidence: 99%

Want to Raise Cybersecurity Awareness? Start with Future IT Professionals.

Kraus

Švábenský

Horák

et al. 2023

Proceedings of the 2023 Conference on Innovation and Technology in Computer Science Education v. 1

View full text Add to dashboard Cite

As cyber threats endanger everyone, from regular users to computing professionals, spreading cybersecurity awareness becomes increasingly critical. Therefore, our university designed an innovative cybersecurity awareness course that is freely available online for students, employees, and the general public. The course offers simple, actionable steps that anyone can use to implement defensive countermeasures. Compared to other resources, the course not only suggests learners what to do, but explains why and how to do it. To measure the course impact, we administered it to 138 computer science undergraduates within a compulsory information security and cryptography course. They completed the course as a part of their homework and filled out a questionnaire after each lesson. Analysis of the questionnaire responses revealed that the students valued the course highly. They reported new learning, perspective changes, and transfer to practice. Moreover, they suggested suitable improvements to the course. Based on the results, we have distilled specific insights to help security educators design similar courses. Lessons learned from this study are relevant for cybersecurity instructors, course designers, and educational managers.

show abstract

“…A number of past studies [20,29,30,64,65] have investigated the idea of categorizing software developers into distinct groups, based on a range or set of characteristics.…”

Section: Security Focused Developer Characteristicsmentioning

confidence: 99%

“…Haney et al [65] explore the skills and characteristics of successful cybersecurity advocates, and identify eight skills or characteristics that separate successful cybersecurity advocates from those less so [65]. These skills and characteristics included (a) diverse backgrounds and roles whereby different perspectives are introduced into their cybersecurity processes; (b) technical skills, and specifically cybersecurity skills; (c) soft skills, which include a combination of communication skills that allows them to "sell security" to those around them, positive personal and career attributes and people skills, namely the ability to get along with others; (d) context awareness, referring to good understanding of any security context in order to elicit the best outcomes; and (e) service orientation, which the authors describe as a desire to positively contribute to the security needs of those around them [65]. These findings are encouraging as they can potentially formulate persona dimensions; however, this study is focused on defining cybersecurity advocates, and the findings may therefore not extend to all software developers.…”

Section: Security Focused Developer Characteristicsmentioning

confidence: 99%

Towards Security-Focused Developer Personas

Karanassios

View full text Add to dashboard Cite

Usability issues are one of the reasons behind the lack of security testing tool adoption by software developers. The design of security testing tools by Security Software Creators (SSCs) can be strengthened through the use of security focused developer personas which allow an improved understanding of software developer behaviour. Despite the widespread use of personas in other fields, limited research exists that specifically tailors personas to software developers from a security perspective. This research uses an interview study with 20 participants to explore 18 security focused developer persona dimensions, as well as a survey study with 40 participants to identify a range of dimension-specific information.Based on the results from the two studies, we developed a security focused developer persona framework that provides SSCs with a structured approach to create securityfocused developer personas.I would also like to thank my thesis defence committee members -Dr. Elizabeth Stobert, and Dr. Alejandro Ramirez. Their insights and constructive critique have greatly enriched my work and contributed to its successful completion. Additionally, I would like to thank Dr. Alan Tsang for chairing the defence.Furthermore, I would like to acknowledge the academic community and Carleton University for providing the necessary resources and opportunities to pursue this research.Without their commitment to education and research, this thesis would not have been possible. Thank you all for your contributions, and I am truly grateful for the impact you have had on my academic and personal growth.

show abstract

The Work of Cybersecurity Advocates

Cited by 13 publications

References 84 publications

Privacy Champions in Software Teams: Understanding Their Motivations, Strategies, and Challenges

Privacy Champions in Software Teams: Understanding Their Motivations, Strategies, and Challenges

Want to Raise Cybersecurity Awareness? Start with Future IT Professionals.

Towards Security-Focused Developer Personas

Contact Info

Product

Resources

About