Cybersecurity professionals are in high demand, but the definition of individual interests and the functions that comprise those roles is more complex than it may seem. In the face of a global shortage of cybersecurity professionals, and an often-difficult team dynamic around these individuals, in addition to a dramatic rise in cybercrime and security breaches, it is important to define and understand career success and career performance within an organization. This research uses a design science approach founded on a sociotechnical theoretical framework based on Information Technology (IT) turnover and Human Resources (HR) theories to analyze individual factors of job satisfaction and job performance for cybersecurity roles to design a cybersecurity interest to function career alignment model through the integration of prominent indicators of individual interest. This is accomplished using a mixed methods approach of surveys, interviews, and a focus group that are employed using various techniques of visual, descriptive, correlation, and thematic analysis. Two key findings within this research involves cybersecurity roles and functions and the ability to align an individual's personal interests to those roles. In the former case, cybersecurity roles are poorly defined and are prone to widespread ambiguity, requiring the design of a taxonomy of discrete functions for analysis. In the latter case, individual interests, as analyzed through popular individual profiling solutions are vague and largely irrelevant to cybersecurity professionals. This requires that individual interests be defined and applied to relevant industry functions to provide meaningful alignment to job satisfaction and job performance. Among the implications for IT Turnover Theory, is the refined attribution of individual interests within cybersecurity roles instead of a monolithic interpretation of cybersecurity professionals as a single factor. This is also true for the Intermediate Linkages Model as the job satisfaction-turnover relationship may be further refined to include industry-specific functions for cybersecurity functions and the specific interests of cybersecurity professionals. The implications for design science research could extend beyond the usage of standard guidelines, venturing into this study's process of using design challenges to illuminate hidden design principles. This challenge-principle relationship may provide additional insight to new or existing facets of reasoning. These new viewpoints may uncover otherwise excluded aspects that provide additional insight into this study or topics beyond. For cybersecurity and human resources practitioners, this study provides several implications beyond the foundation for career training for functional guidance. It provides an alternative viewpoint on organizational and departmental design for cybersecurity to business alignment to increase individual job satisfaction and ultimately improve organizational performance. Future research would result in deployed artifact instantiations that promotes general career direction for future and current cybersecurity personnel, while also providing additional guidance to organizations for the proper deployment of cybersecurity teams. Other research could include IT careers beyond cybersecurity to create a standardized method for the alignment of interests to career functions for the improvement of individual job satisfaction and overall organizational performance.
Thesis (PhD (Information Technology))--University of Pretoria, 2020.