D’Amico, A., Buchanan, L., Kirkpatrick, D., & Walczak, P. (2016). Cyber Operator Perspectives on Security Visualization. Advances in Human Factors in Cybersecurity, 69.
Abstract: In a survey of cyber defense practitioners, we presented 39 assertions about the work cyber operators do, data sources they use, and how they use or could use cyber security visual presentations. The assertions were drawn from prior work in cyber security visualization over 15 years. Our goal was to determine if these assertions are still valid for today’s cyber operators. Participants included industry, government and academia experts with real experience in the cyber domain. Results validated the assertions, which will serve as a foundation for follow-on security visualization research. Feedback also indicates that when analyzing a security situation, cyber operators inspect large volumes of data, usually in alpha-numeric format, and try to answer a series of analytic questions, expending considerable cognitive energy. Operators believe security visualizations could support their analysis and communication of findings, as well as training new operators.