Abstract/Summary

Cyber security aims to protect our connected society from threats affecting services that rely on cyberspace. The pervasive nature of those threats requires a collaborative engagement in which a heterogeneous set of stakeholders request or provide security services. One of the major challenges in current cyber security initiatives is to place skilled people wherever needed whilst reducing the overall knowledge gap. Thus, in order to orchestrate roles in such a complex and dynamic environment, a novel approach to discover talent within the cyber security community is required. This PhD research addresses this challenge by devising a conceptual model and an ontological methodology, which aids a robust discovery of the fittest expertise driven by the specific needs of cyber security projects, as well as benchmarking expertise shortages. Talent management, knowledge management and organisational modelling theories provide the theoretical foundations upon which the cyber security community is articulated. Mixed methods were performed within a cyber security community to triangulate findings in the literature, test the method and appraise the solution. The method for discovering expertise in cyber security communities (DECYSE) is capable of delivering a seamless solution for processes involving expertise discovery. This method enables learning from previous projects; supports selection, ranking and assessment of experts according to specified requirements in a project profile; and provides indicators to measure knowledge gaps and shortages in the cyber security community. The DECYSE method is robust and underpinned by analytical techniques, considering complex interactions and perspectives from the actors involved. In order to promote ongoing improvement on the method itself, this thesis also details the conceptual model which articulates the requirements for developing DECYSE. A round of experiments was successfully conducted, where a team of three experts, out of sixty-six participant profiles, met the criteria in a cyber security project. The method was also positively appraised by a board of experts working with strategic CS projects. DECYSE enables ongoing improvement and contributes to both theory and the cyber security community.