查看文章

The security community has used psychological research on attacker personalities, but little work has been done to investigate the personalities of the defenders. One instrument currently dominating personality research is the Five Factor Model, a taxonomy that identifies five major domains of personal traits, composed of sets of facets. This model can be used within an organizational or vocational capacity to reveal dominant tendencies, such as openness to new experiences. Within a security context, this tool could show what patterns professionals exhibit, which may reveal areas of insufficient diversity and “blind spots” in defenses.

We surveyed 43 security professionals using a Five Factor Model-based test (the IPIP-NEO) to reveal common dominant traits. We found that our sampled security population demonstrated that they were highly dutiful, achievement-striving, and cautious; in addition, they were high in morality and cooperation, but low in imagination. We note that many of these characteristics seem to be appropriate for security professionals, although the low scores in the “openness to experience” domain may indicate difficulties in devising new security defense methods and in anticipating new forms of attack. This finding implies that security professionals might be more reactive to security threats, rather than proactive in discovering them before they are used by adversaries. This lack of anticipation could potentially leave large organizations vulnerable to attacks that might have otherwise been prevented.