| The purpose of this study was to explore the learning activities used by a sample of cybersecurity professionals to identify, acquire, and maintain the competencies regarded as necessary to perform their duties successfully. In order to surface and synthesize study findings, the researcher relied on the qualitative research paradigm and made particular use of the case study method.;A group of 20 full-time, "front line" practitioners from the commercial, governmental and not-for-profit sectors served as the unit of analysis for the study. The demographics of this sample provided variation relative to work history, job tenure, and proficiency. Data collection methods included pre-interview demographic inventory (PIDI), semi-structured interviews, critical incident, and document analysis. Data analysis techniques focused on the perceived relationships between competencies, experience, and learning.;Analysis and interpretation of findings were organized into three analytic categories that were based on the study's conceptual framework: (1) the duties, competencies, and success measures of the role, (2) the learning approaches and methods used by participants, and (3) those factors perceived to have influenced ability to learn and develop needed competencies. The researcher also used aspects of experiential learning, situated cognition, and expertise development to guide his information gathering and synthesis efforts.;The research showed that in the course of their careers the study participants relied on various individual and collaborative forms of learning to build and maintain needed competencies. Key findings uncovered showed that ongoing success was predicated on practitioner ability to function as an "expert" in two or more competency areas while engaging routinely with others whose experiences and opinions provided additional insight and perspective. New aspects of learning identified included the emergence of "meta-versatilists" and the fractionalization of expertise among practitioners in the field.;The principal recommendation is that cybersecurity professionals should participate actively in secure, multi-tiered social learning networks in which knowledge can be shared and experiences discussed openly beyond a small cadre of trusted peers and confidants. The study's findings suggest that membership in such communities may enhance practitioner ability to identify, acquire, and develop needed competencies over time. |
