Its Not All About the Money: Self-efficacy and Motivation in Defensive and Offensive Cyber Security Professionals

Duncan Hodges, Oliver Buckley

Research output: Chapter in Book/Report/Conference proceedingConference contribution

17 Downloads (Pure)


Two important factors that define how humans go about performing tasks are self-efficacy and motivation. Through a better understanding of these factors, and how they are displayed by professionals in different roles within the cyber security discipline we can start to explore better ways to exploit the human capability within our cyber security. From our study of 137 cyber security professionals we found that those in attack-focussed roles displayed significantly higher-levels of self-efficacy than those in defensive-focussed roles. We also found those in attack-focussed roles demonstrated significantly higher levels of intrinsic motivation and significantly lower levels of externally regulated motivation. It should be noted we found no correlation with age or experience with either the focus of the practitioners task (whether offensive or defensive focussed) or their levels of motivation or self-efficacy. These striking findings further highlight the differences between those performing tasks that are self-described as offensive and those that are self-described as defensive. This also demonstrates the asymmetry that has long existed in cyber security from both a technical and opportunity viewpoint also exists in the human dimension.
Original languageEnglish
Title of host publicationInternational Conference on Human Aspects of Information Security, Privacy, and Trust (HAS)
Subtitle of host publicationHAS 2017: Human Aspects of Information Security, Privacy and Trust
Number of pages13
ISBN (Electronic)978-3-319-58460-7
ISBN (Print)978-3-319-58459-1
Publication statusPublished - 2017

Publication series

NameLecture Notes in Computer Science

Cite this