A Psychological Profile of Defender Personality Traits

摘要

—The security community has used psychologicalresearch on attacker personalities, but little work has beendone to investigate the personalities of the defenders. Oneinstrument currently dominating personality research is theFive Factor Model, a taxonomy that identifies five majordomains of personal traits, composed of sets of facets. Thismodel can be used within an organizational or vocationalcapacity to reveal dominant tendencies, such as openness tonew experiences. Within a security context, this tool couldshow what patterns professionals exhibit, which may revealareas of insufficient diversity and “blind spots” in defenses.We surveyed 43 security professionals using a FiveFactor Model-based test (the IPIP-NEO) to reveal commondominant traits. We found that our sampled securitypopulation demonstrated that they were highly dutiful,achievement-striving, and cautious; in addition, they werehigh in morality and cooperation, but low in imagination.We note that many of these characteristics seem to beappropriate for security professionals, although the lowscores in the “openness to experience” domain may indicatedifficulties in devising new security defense methods and inanticipating new forms of attack. This finding implies thatsecurity professionals might be more reactive to securitythreats, rather than proactive in discovering them beforethey are used by adversaries. This lack of anticipationcould potentially leave large organizations vulnerable toattacks that might have otherwise been prevented.