I recently came across quite an interesting paper from Dalhousie University in the US on the psychology of Information Security professionals called "profiling the defenders"[pdf]. While being admitedly limited in it's scope (they surveyed only 79 people), it nonetheless opens the door to an interesting and (afaik) not well-researched area of psychological analysis on the IT Security 'good guys'.
Typically the 'bad guys' are the ones being profiled, to better understand their motivation, to 'get into their heads' and therefore be able to second-guess them. There are plenty of courses [pdf] and certifications that are designed to help you 'think like a hacker', but how do the defenders think, and what needs to be changed over on the blue team to make them better?
Findings such as that IT Security Pros were 10 times more likely than the (US) average to be INTJ-type personalities is interesting/ Also that there was such a difference between IT Security Pros and law-enforcement personalities, who are largely ESTJ-type personalities -- a type that was not reflected in any of the surveyed IT Pros.
While I certainly have no background in Psychology (and parts of this paper are well over my head!), it is well worth a read for those interested and I'd like to see the results of a study done with a larger, more representative, survey group.
Some good further reading on different aspects of Psychology and Security is available here.
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment