Research > Cognitive Factors in Cybersecurity

We investigate the cognitive factors that support cybersecurity professionals, cyber workforce development, and cyber hygiene. We take an interdisciplinary approach, bridging psychology and engineering, to improving the security of computer networks.

This project is funded by the National Science Foundation under CAREER: RUI: Understanding Human Cognition in Computer Network Defense

Cybersecurity Professionals: Understanding Cognition and Proficiency

Cyber security professionals, the individuals responsible for keeping organizations secure, investigate network activity to find, identify, and respond to threats. These individuals are among the last lines of defense for an organization. Cyber security professionals depend on automated tools to perform their jobs but must make critical decisions that impact security. Therefore, successful defense against cyber attacks depends on human decision making. This research identifies cognitive outcomes that predict successful threat response. We are investigating the content and structure of cyber security professionals' knowledge, creating assessments of cyber security professional cognition, and developing training techniques for cyber security decision making. This project's broader impacts address the large need for cyber security workforce development. The training developed through this research will make cyber security careers more accessible to individuals beyond traditional computer science career paths. Threat response training for network defense provides a strategic advantage against cyber adversaries and increasingly sophisticated threats.

Selected Publications & Presentations

• Khan, H. A., Helzer, M. R., & Schuster, D. (2021, June 21 to 24). Training for macrocognitive skills awareness in cybersecurity professionals [Lecture presentation]. Resilience Engineering Association, Naturalistic Decision Making and Foundation for an Industrial Safety Culture Joint Initiative: Bouncing Forward from Global Crises and Challenges, Toulouse, France.
• Schuster, D. (2020). Exploring cognitive processes to develop cybersecurity defender proficiency. Cybersecurity Skills Journal: NICE Framework Special Issue: Investigating Framework Adoption, Adaptation, or Extension, 40-57. [ Open Access ]
• Mabie, D., & Schuster, D. (2020). Lessons learned in leveraging existing simulations for cybersecurity training, evaluation, and research. Proceedings of the Human Factors and Ergonomics Society Annual Meeting. https://doi.org/10.1177/1071181320641095

Workforce Development: Addressing the Cybersecurity Shortage

To help address a massive shortage of cybersecurity professionals, we advise on best practices for encouraging, diversifying, and developing the next generation of STEM professionals. We collaborate with Cyber Spartans, a STEM education program of the SJSU Center for Community Learning and Leadership.

Selected Publications & Presentations

• Pradhan, K. D., Norton, C. M., Chavarin, C., Tran, T., Mubarez, H., & Schuster, D. (2022, April 18). Evaluating macrocognitive awareness training [Poster presentation]. Spartan Psychological Association Research Conference, San Jose, CA. [ Poster ]
• Khan, H. A., Helzer, M. R., & Schuster, D. (2021, June 21 to 24). Training for macrocognitive skills awareness in cybersecurity professionals [Lecture presentation]. Resilience Engineering Association, Naturalistic Decision Making and Foundation for an Industrial Safety Culture Joint Initiative: Bouncing Forward from Global Crises and Challenges, Toulouse, France.
• Fausett, C., Salubre, K., Dinh, L., Kraskian, R., Fisher, H., Contreras, G., Do, S., Tully, A., Schuster, D., & Klaw, E. (2019, April). Cyber Spartans: Assessing Self-Efficacy and Engagement in STEM. Poster session presented at the Spartan Psychological Association Research Conference, San Jose, CA.
• Schuster, D., & Wu, S. (2018). Toward cyber workforce development: An exploratory survey of information security professionals. Proceedings of the Human Factors and Ergonomics Society Annual Meeting. https://doi.org/10.1177/1541931218621285 [ Poster ]

Cyber Hygiene: Empowering Individuals' Security

We study how individual knowledge and behavior by employees, customers, and the general public affects Internet security.

Selected Publications & Presentations

• Norton, C. M. & Schuster, D. (2022, April 18). Exploring threat understanding and cyber hygiene behaviors using card sorting [Poster presentation]. Spartan Psychological Association Research Conference, San Jose, CA. [ Poster ]
• Schuster, D., & Keebler, J. (2019). Cybersecurity in organizations: A sociotechnical systems approach. In M. Mouloua & P. Hancock (Eds.), Human Performance in Automated and Autonomous Systems: Emerging Issues and Practical Perspectives. CRC Press.
• Kelley, D., Macabante, C., Salubre, K. J., Fausett, C., Do, S., Lee, C., & Schuster, D. (2019, April). A mental model approach to understanding phishing susceptibility. Poster session presented at the meeting of the Western Psychological Association, Pasadena, CA.
• Contreras Barrios, G. A., & Schuster, D. (2019, April). Decision making style and cyber hygiene. Poster session presented at the Spartan Psychological Association Research Conference, San Jose, CA.
• Still, J. D., Cain, A., & Schuster, D. (2017). Human-centered authentication guidelines. Information and Computer Security. https://doi.org/10.1108/ICS-04-2016-0034

Any opinions, findings, and conclusions or recommendations expressed on this site are those of the author(s) and do not necessarily reflect the views of the National Science Foundation or San José State University.