Towards projection of the individualised risk assessment for the cybersecurity workforce

In the era of global digitalisation, there is rapid development of services requiring cybersecurity resilience against adversarial actions. The demand for skilled cybersecurity professionals is at an all-time high, with over three million positions yet to be filled worldwide. Employers call for help to recruit and retain specialists as a stressful cybersecurity work environment increases the risk of insecure and non-compliant behaviour. Current training methodologies need to be revised to address this issue, underlining the need for a shift towards more individualised training methods to raise awareness about personal traits that impact professional conduct. This paper introduces a multi-disciplinary model that enables the personal trait triangulation of the cybersecurity specialist from three different perspectives: human genetics, psychology, and information and communication technology. The model offers a novel approach by incorporating a self-regulation feature, exemplified through impulsivity measured by the Barratt Impulsiveness Scale, and leveraging a web-based system for both psychological assessment and cybersecurity task completion. Pilot experimental data (n=48) was used for model building and proof of concept. The example demonstrates model potential in individual behaviour prognosis. It suggests its utility in tailoring training strategies that not only enhance cybersecurity performance but also aid in workforce retention by acknowledging and addressing the complex interplay of factors influencing daily cyber routines.