Measuring Expert and Novice Performance Within Computer Security Incident Response Teams
There is a great need for creating cohesive, expert cybersecurity incident response teams and training them effectively. This paper discusses new methodologies for measuring and understanding expert and novice differences within a cybersecurity environment to bolster training, selection, and teaming. This methodology for baselining and characterizing individuals and teams relies on relating eye tracking gaze patterns to psychological assessments, human-machine transaction monitoring, and electroencephalography data that are collected during participation in the game-based training platform Tracer FIRE. We discuss preliminary findings from two pilot studies using novice and professional teams.
KeywordsCybersecurity Training Teams Visual search Eye tracking EEG In situ testing Measuring individual differences Psychological measures
Sandia National Laboratories is a multi-program laboratory managed and operated by Sandia Corporation, a wholly owned subsidiary of Lockheed Martin Corporation, for the U.S. Department of Energy’s National Nuclear Security Administration under Contract DE-AC04-94AL85000, Sandia Report SAND2015-1796 C.
- 10.Silva, A., McClain, J., Reed, T., Anderson, B., Nauer, K., Abbott, R., Forsythe, C.: Factors impacting performance in competitive cyber exercises. In: Proceedings of the Interservice/Industry Training, Simulation and Education Conference (I/ITSEC2014) (2014)Google Scholar
- 11.Matzen, L.E.: Effects of professional visual search experience on domain-general and domain-specific visual. Paper presented at the HCI International, Los Angeles, CA (2015)Google Scholar
- 12.Haass, M.J., Matzen, L.E.: Using computational modeling to assess use of cognitive strategies. In: Schmorrow, D.D., Fidopiastis, C.M. (eds.) FAC 2011. LNCS, vol. 6780, pp. 77–86. Springer, Heidelberg (2011)Google Scholar