Advanced Search

Content Type

Topics

Publication Date

Job Analysis Results for Malicious-Code Reverse Engineers: A Case Study

Abstract

Recently, government and news media publications have noted that a large-scale military cyberattack against the United States will be crippling primarily because of the existing personnel shortages and expertise gaps in the cybersecurity workforce. One critical job role within cyber defense teams is the malicious-code reverse engineer who deconstructs malicious code to understand, at the binary level, how the malware behaves on a network. Given the severe staffing shortages of these engineers, efforts to identify individual traits and characteristics that predict the development of expertise is important. Currently, job analysis research on teams of malicious-code reverse engineers is lacking. Therefore, a job analysis was conducted to identify individual factors (e.g., cognitive abilities, knowledge, and skills) and team factors (e.g., team leadership, decision making) that enable, encumber, or halt the development of malicious-code reverse engineering expertise. A 10-member malicious-code reverse engineering team was interviewed using a contextual inquiry/semi-structured interview hybrid technique to collect job analysis information. Performance factors were inferred based on the raw interview data.

The results indicate that expert performance requires other non-domain-specific knowledge and skills (e.g., performance monitoring, oral and written communication skills, teamwork skills) that enable successful performance. Expert performance may be enabled by personality factors (i.e., conscientiousness) and cognitive abilities (i.e., working memory capacity). Attributes of successful novices were also collected. Subsequent research will empirically validate that these factors predict the development of expertise. Training and operations implications for this research are also detailed.

Cite This Report

Show Citation Formats

SEI

Cowley, Jennifer. Job Analysis Results for Malicious-Code Reverse Engineers: A Case Study (CMU/SEI-2014-TR-002). Software Engineering Institute, Carnegie Mellon University, 2014. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=91548

IEEE

Cowley. Jennifer, "Job Analysis Results for Malicious-Code Reverse Engineers: A Case Study," Software Engineering Institute, Carnegie Mellon University, Pittsburgh, Pennsylvania, Technical Report CMU/SEI-2014-TR-002, 2014. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=91548

APA

Cowley, Jennifer. (2014). Job Analysis Results for Malicious-Code Reverse Engineers: A Case Study (CMU/SEI-2014-TR-002). Retrieved October 31, 2014, from the Software Engineering Institute, Carnegie Mellon University website: http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=91548

CHI

Jennifer Cowley. Job Analysis Results for Malicious-Code Reverse Engineers: A Case Study (CMU/SEI-2014-TR-002). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2014. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=91548

MLA

Cowley, Jennifer. 2014. Job Analysis Results for Malicious-Code Reverse Engineers: A Case Study (Technical Report CMU/SEI-2014-TR-002). Pittsburgh: Software Engineering Institute, Carnegie Mellon University. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=91548