CEC Faculty Proceedings, Presentations, Speeches and Lectures


Expert assessment of the top platform independent cybersecurity skills of non-IT professionals

Event Location / Date(s)

Fort Lauderdale, FL / April 9-12, 2015

Document Type

Conference Proceeding

Presentation Date


Conference Name / Publication Title

Proceedings of the 2015 IEEE SoutheastCon



First Page


Last Page



Cybersecurity threats are causing substantial financial losses for individuals, organizations, and governments. Information technology (IT) users' mistakes, due to poor cybersecurity skills, represent about 72% to 95% of cybersecurity threats to organizations. As opposed to IT professionals, computer end-users are one of the weakest links in the cybersecurity chain, due to their limited cybersecurity skills. Skills are defined as the combination of knowledge, experience, and ability to do something well. Cybersecurity skills are the skills one possess to prevent damage to IT via the Internet. However, the current measures of end-user cybersecurity skills are based on self-reported surveys. This study is the first phase of a larger research project that is aimed to develop a scenario-based iPad application to measure cybersecurity skills based on actual scenarios with hands-on tasks that the participants complete in demonstrating their skills. To design a measure that has both high validity and reliability, the first phase of the study was set forth to follow the Delphi method in seeking subject matter experts' opinion on the top platform independent cybersecurity skills for non-IT professionals. A total of 18 experts from the Florida chapter of the InfraGard, a public-private partnership between the United States Federal Bureau of Investigation (FBI)'s cyber division and private sector that focus on cybersecurity, along with subject matter experts from other federal agencies such as the United States Secret Services' (USSS) Electronic Crimes Task Force team and industry, took part in our Delphi expert panel process. The exploratory expert panel data was recorded and categorized into similar groups of comments for improvements, along with quantitative rankings. Comments were then solicited again for expert consensus, to derive the rankings of the top nine platform independent cybersecurity skills. The paper ends with some discussion on the next phase of this ong- ing research along with some initial implications of the findings to practice and research.