DOI QR코드

DOI QR Code

사이버 정보보호 인력의 양성과 유지를 위한 방향: 정보보호 전공자들의 직업 선택 의도에 관한 연구

A Road To Retain Cybersecurity Professionals: An Examination of Career Decisions Among Cybersecurity Scholars

  • 투고 : 2011.02.08
  • 심사 : 2011.05.19
  • 발행 : 2012.04.30

초록

최근 정보화 사회에서 사이버 정보 보호는 가장 중요한 분야로 대두 되고 있는 가운데 전문적인 정보 보호 인력에 대한 수요는 전 세계적으로 빠르게 증가 하고 있다. 전문적이고 능력 있는 정보 기술 인력의 보유는 정보화 사회에서 향후 경쟁력과 리더십을 얻는데 매우 중요한 이슈이다. 본 연구는 대학에서 정보 보호와 관련한 전공을 선택한 학생들을 중심으로 어떠한 요인들이 그들의 전공선택과 향후 정보보안과 관련한 직업을 선택하게 하는데 영향을 미치는 지를 분석 하였다. 문헌 고찰을 통해 학생들이 전공 선택과 직업선택에 관한 영향을 미칠 수 있는 대표적인 요인들을 도출하고 이 요인들과 학생들의 전공 및 직업선택과의 관계를 실증적으로 검증 하였다. 본 연구의 연구 결과는 향후 우리 사회가 보다 우수하고 전문적인 정보 보호 인력을 양성하고 유지하는 데에 기여 할 수 있을 것이다.

In the recent field, cybersecuriyt has become one of the critical areas in the information technology field, and demands for cyberseucirty professionals have been increasing tremendously. However, there is In the recent past, cybersecurity has become one of the critical areas in the Information Technology (IT) field, and demands for cybersecurity professionals have been increasing tremendously. However, there is a shortfall in the qualified cybersecurity workforce which is a factor that contributes to the vulnerability of society to various cyber threats. Our study articulates a model to explain career selection behavior in the cybersecurity field. The study explored factors that affect scholars' behavioral intention to pursue a cybersecurity career. Positive outcome expectations from a cybersecurity career as well as high self-efficacy about skills and knowledge about cybersecurity have a strong impact on the scholars' cybersecurity career decisions. Further, perceived usefulness of the cybersecurity curriculum has a positive effect on the scholars' career decisions. The results of this research have implications for retaining a qualified workforce in the computer and information security fields.

키워드

I. Introduction

As the number of threats in cyberspace increases, concerns about safety in cyberspace are also dramatically rising. With the Internet emerging as a fundamental infrastructure of our society[1], Internet crimes have also been increasing steeply. Internet Crime Complaint Center received 231,493 submissions in 2005, an 11.6% increase over 2004. In 2004, the economic impact of cyber attacks on business already reached $226 billion[2]. In the corporate setting, inadequate security is acritical obstacle to implementing new information technologies for organizations [3]. Cybersecurity professionals are critical to solving security problems while implementing new information technologies in organizations. As our society realizes the risk of threats in cyberspace, demands for cybersecurity professionals will increase greatly and will be needed to protect networks and information systems of organizations. In this study, cybersecurity professionals are defined as skilled workforce involved in the set of activities in cybersecurity areas. The activities include protecting computer networks, responding to attacks, coordinating preparedness against attacks, detecting and monitoring the network, information and information systems from the cyber attacks and other duties relating to cybersecurity. The US government created a unique program entitled–Federal Cyber Service Scholarship for Service(SFS), which is designed to increase and strengthen the cadre of federal information assurance professionals that protect critical information infrastructure [4]. Through this program 23 university in the U.S have created undergraduate and graduate programs focus on information assurance and computer security.

To secure a pipeline of qualified and skil led cybersecurity workforce for society and industry, it is important to support a number of trained students in cybersecurity and to retain trained workers in the cybersecurity field. In this current study, we investigate cybersecurity scholars’ career selections in order to suggest possible solutions to enable educational facilities and organizations to address shortfall problems in the qualified cybersecurity workforce

The contributions of this paper are two-fold. First, this paper develops a framework to examine factors affecting cybersecurity scholars’ intention to remain in a cybersecurity career. While establishing the framework, we apply the barriers, gender stereotype which has been identified in the information technology and computer science literature. We also examine how the scholars’ self efficacy, education in cybersecurity and outcome expectation influence the intention to continue in their cybersecurity careers. Second, the study empirically tests this framework through a survey of cybersecurity scholars who are about to enter the cybersecurity career as soon as they receive their degrees in the area.

II. Research and Theoretical Background

Since cybersecurity is a subfield of IT and the role of cybersecurity professionals includes activities related to computers, electronic communications systems, electronic communication services, and electronic communications and information security, it is important to study Information Technology workforce literature to establish a background for our research regarding the cybersecurity workforce. We reviewed the prior literature in order to find factors which affect the IT workers and the special characteristics of IT jobs as we assumed that these factors and characteristics would be very relevant to the cybersecurity workforce. Based on the literature, we focused on education, job attitude, and barriers relevant to the cybersecurity workforce. Prior research can be categorized into three parts. First the effect of the IT curriculum in higher education facilities because students in IT related majors in college take various courses and learn specific skills to qualify for IT job requirements before entering their careers in IT. We also examined the factors and job characteristics that would make an impact on the IT workforce and how students dealt with them after their first step into the IT career was also conducted.

In the area of IT education, academic institutions needed to make efforts for providing more soft and business skills in their curriculum, which would improve the usefulness of the education to IT workers[5]. Nielson’s study found that college students did not have a clear picture about the type of IT careers that they would develop and what factors would contribute to their IT careers[6]. Von Helens et al. also mentioned that college students in IT courses had no clear direction about an IT career and perceived that the courses they had to take were harder than they expected[7]. This research concluded that IT education needs to be improved to help college students prepare for their IT careers.

Regarding IT job characteristics, Nielson pointed out that subjects did not have a positive image of IT[6]. An IT worker is generally described as a “nerd” who plays only with computers. This image transfers to career images in IT. Bailey and Stefaniak classified job categories of IT workers depending on their skills (e.g., computer programmer, system analyst, computer engineers, database administrators, computer support specialist)[5]. Like other jobs, there was frequent turnover in many of the IT jobs. Igbaria and Greenhaus empirically proved that IT job and career satisfaction negatively influenced IT turnover intentions[8].

Ahuja[9] and Nielson et al[6]. addressed balancing work and family for IT workers. According to Ahuja, work-family conflicts can be a major source of occupational stress. In many IT-related jobs, workers are expected to work on-call to solve technical problems and often travel for work[9]. This aspect was more important for female IT workers due to traditional roles in the family. Trauth emphasized that social support plays an important role in IT workforces[10]. Clayton and Lynch also stated that students required educational support before they entered the IT career path[11]. Drawing from the IT workforce literature, we include several motivating factors that we believe will also directly affect the continuance of the members of the workforce in their cybersecurity career

The Theory of Planned Behavior (TPB) [12,13], which directly predicts behavioral achievement using a perceived behavior control and a behavioral intention, has been applied in explaining intentions and behaviors in decision making situations such as purchasing consumer goods and adopting information technology[14,15]. The Theory of Planned Behavior establishes that behavioral intentions drive individual behavior – and further that (a) individual attitude toward the behavior, (b) the subjective norms and (c) perceived behavior controls, affect behavioral intentions[16]. According to TPB, attitude toward the behavior is determined by salient beliefs about that behavior and refers to the degree that a person is favorable to evaluation or appraisal of the behavior. Subjective norms, the other major component of the theory, are perceived social pressure to perform the behavior. Another antecedent, perceived behavior control, is defined as a perceived difficulty in behavior in assuming to reflect past experience as well as anticipated impediments and obstacles[12] explored the behavioral intention of user acceptance and usage behavior in technology. In our study, we use the TPB model as a theoretical foundation. We assume that an individual’s behavioral intention to pursue a cybersecurity career is influenced by his or her attitude toward selecting and continuing a cybersecurity career. Beliefs that specific individuals and groups, such as parents, peer, and faculty, think one should or should not pursue a cybersecurity career also exert an influence on the behavioral intention to pursue a cybersecurity career. Social cognitive theory[17] is widely used to explain individual behavior. Its premise is that personal factors in the form of cognitive, affective and biological events, as well as behavioral and environmental events all operate as interacting determinants that influence each other. According to this theory, an individual chooses the environment in which he or she exists in addition to being influenced by that environment. Furthermore, in a given situation, both behavior and the environment affect each other. Finally, a behavior is influenced by cognitive and personal factors[18]. In this relationship among environment, behavior and individual, Bandura [17] introduces self-efficacy as a major cognitive force guiding individual behavior. He defines self-efficacy as people’s judgment of their capabilities to perform a task. Self-efficacy is concerned with judgments of what one can or cannot do with their skills.

Self-efficacy beliefs are an important set of determinants of human motivation and action. They operate on personal behavior through motivational, cognitive, and affective intervening processes[19]. Bandura et al. show that students’ academic self-efficacy is positively associated with their academic performance[20]. In the context of IT, the research suggests that individuals who possess high self-efficacy toward IT use IT more frequently[21, 22].

Self-efficacy is discussed as a strong predictor of career choice behavior in literature[23-25]. According to Lent et al.[23], one’s self-efficacy towards mathematics is strongly related with one’s science-based career selection. Hackett and Betz [24] proposed that self-efficacy might serve as an important career development mechanism and influence educational and career decisions, achievement behavior, and career adjustment.

In this study, we use self-efficacy theory to explain students’ behavioral intention to purse a cybersecurity career choice. We assume that an individual’s behavioral intention to pursue a cybersecurity career is affected by his or her level of self-efficacy about cybersecurity related skills and knowledge. Based on the TPB and self-efficacy model, we expand our research model to reflect the cybersecurity career context.

III. Research Model and Hypothesis

3.1 Intention to continue a cybersecurity career

In this research, we investigate an individual’s intention to continue a cybersecurity career. The reason that we measure intention instead of actual behavior comes from the difficulty of measuring people’s behavioral choice that will happen in the future. All behaviors are based on behavioral intention[26,27]. Davis also confirms that behavioral intention is the best predictor of human behaviors[28]. Based on this prior research, we argue that an individual’s behavioral intention is a useful proxy of actual behavior. Therefore, we base the intention to continue a cybersecurity career on 5 behavioral intentions: (1) The intention to establish a career in the information assurance field in the future, (2) The intention to continue a cybersecurity career for at least 2 years, (3) The intention to continue a Csec career for at least 5 years, (4) The intention to pursue a Csec career as a lifetime career, and (5) a Csec career is my first preference.

3.2 Cybersecurity career outcome expectation

Outcome expectation is another important variable in cognitive theory. Bandura describes outcome expectation as an anticipation of physical, social and self-evaluated outcomes[17]. Lent, Brown and Hackett defined outcome expectation as personal beliefs about probable outcomes which involve imagined consequences of performing a particular behavior[29]. Career attitude is one of the important factors for career choice. For example, Felton et al. found that students’ attitudes toward becoming chartered accountants is a strong predictor of their intention to pursue a chartered accountant career based on survey results of 897 graduating business students[30]. In the information system field, Crepeau et al. discussed factors that affect an IS personnel’s career decision in the IS field. From a survey of 321 IS personnel, they found out that IS professionals rely on technical and managerial orientations of the IS career as well as expected values such as stability, service, identity and variety in guiding their future career decisions[31]. Vroom proposed that a person’s choice of career could be explained by the individuals’ beliefs that a career would lead to certain outcomes weighted by their evaluation of the outcome[32]. Betz et al. also confirmed that career outcome expectations are the best predictor of career exploration intentions[33]. Lent, Hackett and Brown suggested that career outcome expectation plays a central role in developing students’ academic and career interests and occupational options. Their research also discussed how an individual’s career possibility can be restricted by occupational outcome expectation in early age because people have a tendency to exclude careers in which they do not expect a positive result[34].

Based on previous research results, we use career outcome expectation of a cybersecurity career to measure students’ attitude toward a Csec career. Since most cybersecurity scholars, who are participating in the SFS program, do not have actual work experience in a cybersecurity field, it is reasonable to assess their perceived beliefs toward their future behavior of choosing a Csec career as their lifetime career. In our research, a Csec career outcome expectation is related to possible outcomes when the individual decides to pursue a Csec career (e.g. High long-term earnings, technical and managerial advancement opportunities, job stability, a structured career path, plentiful supply of jobs, social prestige, and a chance to make a contribution to society). In this research, we argue that an individual’s positive attitude toward a Csec career will result in a higher behavior intention to pursue a Csec career and to continue that career in the future. Thus we state the following hypotheses:

H1: Csec career outcome expectations have a positive effect on the intention to continue in a Csec career.

3.3 Cyberseucrity self-efficacy, math and computer background

In social cognitive theory[19, 35], as discussed earlier, self-efficacy is considered to be an important factor driving individuals’ behavior[20,36]. Individuals’ self-efficacy beliefs operate on personal behavior through motivational, cognitive, and affective intervening processes [19]. Bandura et al. investigated the role of academic self-efficacy on academic performance and found a positive relationship between students’ academic self-efficacy and their performance[20]. In the career choice context, self-efficacy is regarded as a strong predictor of career choice behaviors in literature[23-25]. According to Lent et al., one’s self-efficacy toward mathematics is strongly related with one’s science-based career selection[23]. Hackett and Betz proposed that self-efficacy might serve as an important career development mechanism, influencing educational and career decisions, achievement behavior, and career adjustment[24]. We propose that the SFS students’ self-efficacy beliefs about cybersecurity knowledge and skills are positively related with their intention to continue in a Csec career. In this research, cybersecurity self-efficacy is defined as a personal belief about his or her capability in cybersecurity related skills and knowledge. From the above discussions, we hypothesize:

H2a: Csec self-efficacy has a positive effect on the intention to continue in a Csec career.

H2b: Csec self-efficacy has a positive effect on the Csec Career Outcome Expectation.

H2c: Csec self-efficacy has a positive effect on the Perceived Usefulness of Csec Education.

Even though cybersecurity has a distinc tive flavor as compared with other computer science and information system areas, computer skills and knowledge about computer-related components are necessary to pursue a career in the cybersecurity field. In this research, we investigate relationships between a computer and mathematics background and cybersecurity self-efficacy. Harrison and Rainer found that an individual’s self-efficacy is affected by his or her math anxiety. For computer science students, their perceived math proficiency can be a key success factor[37]. Havelka confirmed that an individual’s self-efficacy about computer software is strongly affected by an experience of computer[38]. Agarwal and Sambamurthy empirically proved a strong positive relationship between individual’s self-efficacy toward computer applications and one’s perceived ease of use[39]. Based on the above, this study proposes that there is a negative impact of a lack of math and computer background on cybersecurity self-efficacy.

Hypotheses 3 and 4 are:

H3: A Lack of Math background has a negative relationship with Csec self-efficacy.

H4: A Lack of Computer skills has a negative relationship with Csec self-efficacy.

3.4 Perceived usefulness of a cybersecurity education

With the growing importance of computer and information security in society, many colleges provide cybersecurity related courses such as information assurance, computer and Internet security and wireless network security. Many education facilities including community colleges, undergraduate, and graduate institutions deliver the supporting skills for information security professionals through education and training programs[40]. In order for the federal government to meet the increasing demand of skilled cybersecurity professionals, it provides scholarship for students who are joining academic programs related to information assurance and computer security. These programs consist of the following courses; information assurance, computer & Internet security, wireless network security, data security, cryptography. In this research, we investigate the role of these cybersecurity related curricula of colleges by investigating SFS students’ overall satisfaction with the curricula. Some researchers advocate the role of education in an individual’s career choice[34,41]. They insist that educational opportunity and experience finally influence an individual’s career selection process. Understanding course concepts helps students in computer science field to do their jobs easier and faster[42], this study assumes a relationship between cybersecurity curriculum and career decision. This research adopts “perceived usefulness” to measure SFS scholars’ level of satisfaction with Csec education. Perceived usefulness is often discussed as one of the strongest determinants, which has both direct and indirect effects on attitude and the intention to use IT[28,43]. In this study, perceived usefulness of a Csec education connects to whether the classes offered in college are useful in establishing practical knowledge and skills that are needed in a Csec career. This is measured by 4 dimensions of usefulness: Classes are useful in: 1) pursuing my future career, 2) learning practical skills that might be needed in Csec career, 3) to establish a knowledge foundation for information assurance, and 4) overall satisfaction of Csec classes. In our research, we argue that the perceived usefulness of a Csec career has a positive relationship with an individual’s intention to continue a Csec career. Thus, we propose the following hypotheses:

H5: Perceived usefulness of Csec education has a positive impact on the intention to continue a Csec career.

3.5 Cybersecurity career support

Subjective norms are an individual’s beliefs coming from reference groups’ (e.g., parents, peers and faculties) approval or disapproval of an individual’s behavior. In our study, the subjective norms are considered to be parents, peer and faculty supports for individual’s behavior pursuing a Csec career. Bank et al. suggested that peer and parent norms have a significant relationship to students’ intentions to pursue careers. However, faculty norms do not[44]. London also pointed out that workers with high support from peers would have high ratings on their career motivation scale[45]. Guay et al. also empirically proved that peers’ and parents’ support and behavior are positively linked to career decisions of college students[46]. Based on the above, we hypothesize:

H6: Csec career support has a positive effect on the intention to continue a Csec career.

3.6 Perceived barriers of cyberscurity careers

Among the many factors which influence an individual’s career choice, perceived barriers[47] toward a career is discussed by numerous researchers as a critical obstacle which may hamper one’s entrance into or continuation of a career[48-51]. Luzzo presents four categories of barriers based on interviews of 375 college students. They are family related barriers (e.g., balancing work, family responsibilities, finding day care for children), study skills barriers (e.g., poor study habits, lack of basic skills education), ethnic identity barriers (e.g., job discrimination on the basis of race, different treatment by teachers based on ethnicity), and financial barriers (e.g., lack of funds for higher education)[49]. Other research concerning career choice barriers suggests that personal difficulties such as problems adjusting to college, depression, and time management are substantial barriers that influence career choice. Additionally, negative social/family influences, concerns about role conflict, excessive educational requirements, negative school/work experiences, and work conditions/reinforces are also introduced as barriers[52]. In this study, we measured SFS students’ perceived barriers of a Csec career in terms of three dimensions: Family related barriers (e.g. difficulty in balancing work and family, spending not enough time with my family), Personal barriers (e.g. having to work hard but not being able to keep up, not fitting with others in my work), and Institutional barriers (e.g., there will be not many job opportunities, less flexible working time). Based on above, we hypothesize:

H7a: Perceived barriers to a Csec career have a negative relationship with the intention to continue a Csec career.

H7b: Perceived barriers to Csec career have a negative relationship with a Csec Career Outcome Expectation.

3.7 Perceived gender-stereotype of cybersecurity career

According to IDC report of cybersecurity professionals, cybersecurity professions are a male dominated field. Only 12% of cybersecurity professionals in the U.S are women, higher than in Europe and Asia. Based on a survey of worldwide cybersecurity professionals, the report predicts that male domination in the cybersecurity profession will continue in the future[53]. Some researchers have discussed gender stereotype of occupation as a contributor to females’ underrepresentation in computer, science, and engineering careers[54,55]. According to Ramussen and Hapnes, male dominated occupational culture in computing influences women and their position in the area of computing[55]. Newton also mentions that these factors help to make girls perceive computer work as a male field. A certain occupation can be typically identified as belonging to one gender. For example, company president, government official, and auto mechanic are viewed as masculine occupations whereas nurse, elementary school teacher, and librarian are identified as feminine occupations[56]. The study of Ruble et al. defended occupational gender stereo type as a set of probabilistic judgments about whether a given job will be held by a man or a women[57]. The main determinant of certain gender stereo type of occupation is current distribution of male versus female in a job category[56]. While the gender itself is not discussed as main factor affects cognitive skills in computer[58], women in applied IT programs are less confident in their computing abilities than their male peers[59,60]. Since cybersecurity professionals’ work is heavily related with computers and its’ components and are traditionally discussed as a masculine field[54, 55] and few female professionals exist, we can assume that cybersecurity professions may have a gender stereotype. To investigate cybersecurity scholars’ perceived gender stereotype of Csec career and the possible effect of perceived gender stereotype of Csec career, we propose the following hypotheses.

H8a: Perceived gender-stereotype of a Csec career has a negative relationship with intention to continue a Csec career.

H8b: Gender has a moderating effect on relationship between perceived gender-stereotype of a Csec career and intention to continue a Csec career. Our detailed research model is presented in Figure 1.

[Figure 1] Research Model

IV. Research Design and Methodology

The current study conducted an exhaustive survey of cybersecurity scholars who are studying information assurance and computer security in the 23 universities in the U.S. This research adopted a structured questionnaire survey and was preceded by a comprehensive interview as its research methodology. To investigate the scholars’ intention to pursue a cybersecurity career and their intention to continue in the cybersecurity profession, we administered the survey to 350 cybersecurity scholars from October, 2008 to April, 2009, who were participating in the scholarship service program at 23 U.S universities the U.S National Science Foundation and are pursuing academic programs in in formation assurance and computer security fields for the final two years of undergraduate study or for two years at the master’s level study, including a summer internship in the U.S federal agency. Hence this selected set of students has experience in cybersecurity curriculum in universities. Moreover, since they have an intention to enter into a cybersecurity career for at least 2 years and have pursued cybersecurity-related academic programs in college, it is appropriate to investigate their intention to remain in the cybersecurity workforce in the medium or long term career.

185 students out of 350 responded to our survey, resulting in a 52% response rate. The average age of the respondents is 25.3 years, and 68% were male and 32% were female respondents. We dropped 16 unsatisfactory cases after applying logical consistency and low variance checks. As a result, we used 169 cases for the rest of the analysis. We used Partia lLeast Square (PLS), a Structural Equation Modeling (SEM) technique to test our research model. PLS enables the specification of both the relationships among the constructs and the measures underlying each construct[61]. The summary of this analysis is presented in the following sections.

4.1 Measurement Development

We adopted many of measurement indicators from career research literature and modified them to fit in cybersecurity career context. Measurement indicators of Csec career outcome expectation are adopted from[62,63]. The measurements for perceived usefulness of Csec education, Csec career support, and intention to continue in a Csec career are adopted from the technology acceptance model and the theory of planed behavior literature and were modified to fit into the context of a cybersecurity career for this study. To obtain internal validity of each measurement, we compared measures that were to be utilized in the survey questionnaire with interview results. All indicators are described in Appendix. Table 1 describes definitions of the constructs.

Indicators were standardized to avoid computational errors[64]. A bootstrap resampling procedure was performed to examine the stability of estimates and to develop robust confidence intervals[65]. Most of the standardized loadings of individual items were above the ideal cutoff level of 0.7[66,67]. Only three out of the 35 reflective indicators had loadings lower than 0.7, but they were higher or the same as the acceptable level of 0.6[67,68].

[Table 1] Construct Definitions

[Table 2] Factor Loadings

Therefore, reliabilities of each item are acceptable. The composite reliabilities, also referred to, for the multiple reflective indicators in our mode lranged from 0.871 (Perceived Barriers) to 0.966 (Perceived Gender stereo type of Csec Career). They are well over the recommended acceptable level of 0.7[68], which means that the measurement model secures construct level reliability.

[Table 3] Correlations, Composite Reliability and AVE of Latent Variables

CR: Composite Reliability, AVE: Average Variance Extracted, COE: Csec Career Outcome Expectation, CSE: Csec Self-efficacy, CCS:Csec Career Support, ICC: Intention to continue a Csec career, PUCE: Perceived Usefulness of Csec Education, PBC: Perceived Barriers of a Csec Career, PGS: Perceived Gender Stereotype of Csec Career

We tested discriminant validity by comparing Average Variance Extracted (AVE) and inter-construct correlation. All AVEs for the latent variables measured by reflective indicators were greater than the required minimum level of 0.5 and every construct had a larger square root of AVE than its correlations with other constructs. This result shows that our measurement model ensures discriminant validity[69]. The values of AVE, composite reliability and correlation are presented in Table 3.

In our research model, there is a second order factor (i.e. Perceived barriers of Csec careers). As shown in Figure 2, the three dimensions of perceived barriers are arranged in a second-order factor model, which depicts the multiple perceived barriers dimensions as multidimensional entities of the higher second order factor. All of its indicators had factor loadings above 0.7 and were significant at the 0.01 level. Only one out of nine items had loadings below 0.7 (i.e. 0.6462). However, it is still acceptable as there are additional and other reliable indicators in the block[65]. All indicators load higher on the first order factors than on the second order factor and AVE of Perceived barriers of a Csec careers was greater than the square of the correlations between it and its three first order factors. It confirms that family related barriers, personal barriers and institutional barriers reflect the second order factor well[70]. Regarding the relative importance of the three dimensions, the family related barriers and institutional barriers are relatively more important than personal barriers since their path coefficients from the perceived barriers of a Csec careers to family related barriers, institutional barriers and personal barriers were 0.791, 0.835, and 0.710 respectively.

V. Results

Overall, the tests showed significant support for our model and the amount of variance in the dependent latent variables explained by the model was moderately high. Our research result is presented in figure 2. As shown in figure 2, most hypotheses are supported by data test results except for the hypothesis regarding the effect of a Csec career support to the intention to continue a Csec career. Around 48.3% of variance of the students’ intention to pursue a Csec career and the intention to remain with the Csec profession is explained by a Csec career outcome expectation, perceived usefulness of Csec education, Csec self-efficacy, perceived barriers of a Csec career, and perceived gender stereotype of Csec career.

For hypothesis 1, there was a significant and positive relationship between Csec career outcome expectation and intention to continue a Csec career (path = 0.418; p < 0.01). For Hypothesis 2a, Csec self-efficacy had a positive relationship with the intention to continue a Csec career (path = 0.198; p < 0.01). Hypothesis H2b and H2c are also supported by data test results, Csec self-efficacy had a positive effect on students’ Csec career outcome expectation (path= 0.287; p<0.01) and perceived usefulness of a Csec education (path=0.335, p<0.01). Our data results supported hypothesis 4, which postulated that a lack of computer skill has a negative relationship with Csec self-efficacy (path = -0.373; p < 0.01). The perceived usefulness of a Csec education also had a positive relationship with the intention to continue a Csec career (path = 0.154; p < 0.01), providing support for hypothesis 5. Similarly, for hypothesis 7a and 7b, support was found for the proposed negative relationship between the perceived barriers of a Csec career and the intention to continue a Csec career (path = -0.240; p < 0.01) and the perceived barriers of a Csec career and a Csec career outcome expectation (path=-0.233; p<0.001). Hypothesis 8a was strongly supported by our data test result (Path=-0.200; p<0.01) which means scholars’ perceived gender stereotype of Csec career has negative relationship with their intention to a cybersecurity career.

For testing the moderating role of gender on relationship between perceived gender stereotype of Csec career and intention to continue a Csec career, this paper followed the direction of Carte and Russell who tested whether the variance explained by the moderating effects was significant, using F-statistics[69]. This study also computed Cohen’s f 2 in order to compare the R2 values between the main and moderating effects, following Chin et al. [64].Based on the guidelines of Chin et al., this study has f-statistic, 3.94 which is significant at p<0.05 and Cohen’s f2, 0.04 which means small effective size[71]. This result indicates male scholars have more tendencies to be affected by a gender stereotype.

However, hypothesis 3, a lack of math background has a negative relationship with Csec self-efficacy, and hypothesis 6, Csec career support from family, peer and faculty had a positive impact on the intention to continue a Csec career, were not supported by data test results. The path coefficients for hypothesis 3 and hypothesis 6 happened to be -0.002 and 0.009. These results show the difference characteristic between computer engineering career and cybersecurity career. Prior research has addressed the importance of math background on students’ intention to choose computer engineering and related careers[32], however our research results show that computer skills are more important than math back ground in pursuing cybersecurity careers.

Csec career outcome expectations, perceived usefulness of Csec education, and Csec self-efficacy have strong positive effects on the scholars’ intention to continue a Csec career. In contrast, perceived barriers toward a Csec career and perceived gender stereotype of Csec career have negative relationships with the intention to remain with a Csec career. In addition, the relationship between perceived gender stereotype of Csec career and intention to continue Csec career is affected by gender which means gender has an interaction effect with perceived gender stereotype of Csec career. Interestingly, we find that the effect of support for a Csec career from parents, peer and faculties on students’ intention is not strong enough to show the relationship between support and intention. Table 4 summarizes the results for supporting hypothesis.

[Table 4] Summary of results for supporting hypothesis

[Figure 2] Data Analysis Results

VI. Discussion and Conclusion

The results of our study show that cybersecurity scholars, who have strong positive outcome expectations and a positive attitude toward a Csec career, have a higher intention to pursue a Csec profession for a longer period than students who do not have positive outcome expectations. High long-term earnings, technical and managerial advancement opportunities, job stability, a structured career path, a plentiful supply of jobs, social prestige, and a chance to make a contribution to society are important factors of formulating scholars’ positive attitudes toward a cybersecurity career. Our results indicate that job security as well as social contribution affect cybersecurity scholars’ attitude toward a cybersecurity career. The results also showed that a lack of social recognition toward cybersecurity jobs is an obstacle when deciding to remain in the cybersecurity field for any length of time

Another significant factor affecting the intention to pursue a cybersecurity career is the individual’s level of self-efficacy regarding the skills and knowledge of cybersecurity. We could find a strong positive effect of self-efficacy toward cybersecurity related skills and knowledge on students’ positive cybersecurity career outcome expectation and perceived usefulness of cybersecurity education. A lack of self-confidence toward math and science is discussed as obstacles to entering science and computer related careers in prior studies[23,36]. However, our results show that computer skills are a more important factor than math on the formation of one’s self-efficacy toward cybersecurity. Also, more computer experience and education are needed to retain a more qualified workforce in the cybersecurity area. In addition, we found that the role of education facilities is essential for providing a sound and solid foundation for cybersecurity employees. According to our research results, cybersecurity scholars understood that a cybersecurity education has a positive effect when choosing Csec career. We also conclude that educational institutions play a significant role in formulating cybersecurity workforce pipeline by developing appropriate and relevant curricula. Computer security fields require both technical training and education aspects [72]. Higher education must deliver the practical skills and knowledge regarding cybersecurity in order to enhance students’ perceptions of the very real necessity of the program.

In our study, we found a negative effect of gender stereotypes regarding cybersecurity career intentions. Scholars who have strong perceived gender stereotypes of a cybersecurity position have less of an intention to pursue a cybersecurity career. The effect of these probabilistic judgments toward cybersecurity professions varies with each gender group. Interestingly, male cybersecurity scholars responded that male workers may be better at a set of technical skills which require performing cybersecurity projects than female workers. Female scholars disagree with this idea. As we discussed earlier, gender stereotype toward a specific occupation comes from external images that suggest that the occupations are dominated by one gender. Most participants in the interview that we carried out for this study reveal that they consider cybersecurity occupations as a male dominated field because of a lack of female professors or female role models. Female students in IT area show concerns about gender discrimination in their work place[73]. This study recommends that education facilities as well as companies should try to reduce prejudgments of gender stereotypes in cybersecurity by suggesting gender balanced role models and mentors.

This study also shows that students put more weight on possible positive outcomes from pursuing cybersecurity careers than on social norms that evolve from their reference group such as family, peer, and faculty members when they make a decision on career selection. Our interview results also support the more significant role of behavioral belief as compared to normative belief. Most cybersecurity scholars who were interviewed said that they decided to participate in the program even though their decision was not supported by their families. Our research results suggest those students’ behavioral beliefs regarding cybersecurity professions (e.g positive outcome expectations, Csec self-efficacy) need to be stimulated to retain cybersecurity workers for a long time and to avoid frequent turnover in cybersecurity jobs. In addition, we could find the role of self-efficacy on cybersecurity scholars’ behavioral intention to continue cybersecurity careers. cybersecurity scholars who have confidence in their computer skills and cybersecurity related knowledge and skills have a more positive attitude toward a cybersecurity career and cybersecurity education so that they have a higher behavioral intention to pursue a cybersecurity career than students who do not have. The results show that scholars’ outcome expectation and barriers toward cybersecurity career have more effect among other factors. In addition, institutional barriers and family related barriers have more impact on scholars’ intention to continue cybersecurity career than personal barriers.

For the companies and organizations which need qualified cybersecurity workforce, this study suggests useful directions to retain qualified cybersecurity professionals by presenting cybersecurity career barriers for three dimensions; family related barriers, personal barriers and institutional barriers. The obstacles which hamper cybersecurity scholars in pursuing cybersecurity careers were time constraint, work-family conflict, non flexible working time and less job opportunity in the field. For cybersecurity scholars, work-family conflict and non flexible working time can present possible difficulties which will prevent them from making long term commitments to cybersecurity jobs. In addition, the balance of male and female workers in cybersecurity profession is important to obtain a secure pipeline of supplying skilled cybersecurity professionals.

For successful organizations, availability of IT professionals are very important strategically; therefore, organizational effort should be made continually to retain qualified IT professionals[74]. To retain more qualified human resources in the cybersecurity field, companies try to provide cybersecurity workers with job opportunities, technical as well as managerial advancement opportunities[75], variety in their works and projects, help for balancing work and family concerns. With the increasing demand on cybersecurity professionals in our society, we believe that our research is the first step in understanding the career choice in the cybersecurity profession. Our research provides findings on cybersecurity career choices and perceived job characteristics. From the response of scholars who are in the cybersecurity field, we realize that students’ positive outcome expectations from a cybersecurity career will result in a longer stay in that profession. Particularly, the role of academic programs in information security in college is critical to formulate students’ attitudes towards a cybersecurity career.

참고문헌

  1. A.-M. Chang, and P. K. Kannan, Preparing for Wireless and Mobile Technologies in Government, IBM Endowment for The Business of Government, Oct. 2002.
  2. E. Chabrow, "Homeland Security Tries To Get Its Cybersecurity House In Order "Information Week, [10/2/2006,2006].
  3. P. Duchessi, and I. Chengalur-Smith, "Client/server benefits, problems, best practices," Communications of the ACM, vol. 41, no. 5, pp.87, May 1998. https://doi.org/10.1145/274946.274961
  4. L. M. Liebrock, "Scholarship For Service," IEEE Distributed Systems Online, vol. 7, pp. 9, art.no.0609-o9002, Sep. 2006.
  5. J. Bailey, and G. Stefaniak, "Preparing the information technology workforce for the new millennium." ACM SIGCPR Computer Personnel, vol. 20, no. 4, pp.4-15. Oct. 1999.
  6. S. Nielsen, L. V. Hellens, and S. Wong, "The male IT domain: You've got to be in it to win IT." Proceedings from the 12th Australasian Conference on Information System, pp.1-12, Dec. 2001.
  7. L.V. Hellens, S. Nielsen, R. Doyleetal., "Bridging the IT Skills Gap: .A Strategy to Improve the Recruitment and Success of IT Students." Proceedings from the 10th Australasian Conference on Information Systems, pp.1129-1144, Dec. 1999.
  8. M. Igbaria, and J. Greenhaus, "Determinants of MIS employees' turnover intentions: a structural equation model," Communications of the ACM, vol. 35, no. 2, pp.34-49, Feb. 1992. https://doi.org/10.1145/129630.129631
  9. M. K. Ahuja, " Women in the information technology profession: A literature review, synthesis and research agenda," European Journal of Information Systems, vol. 11, no. 1, pp.20-34, Mar. 2002. https://doi.org/10.1057/palgrave.ejis.3000417
  10. E. M. Trauth, "Mapping informationsector work to the work force," Communications of the ACM, vol. 44, no.7, pp.74-75, Jul. 2001. https://doi.org/10.1145/379300.379318
  11. D. Clyton, and T. Lynch, "Ten years of strategies to increase participation of women in computing programs: The central queensland university experience 1999-2001," SIGCSE Bulletin,.vol. 34, no.2, pp.89-93, Jun. 2002. https://doi.org/10.1145/543812.543838
  12. I. Ajzen, From intentions to actions: A theory of planned behavior, Springer, Mar. 1985.
  13. I. Ajzen, "The theory of planned behavior," Organizational Behavior and Human Decision Processes, vol. 50, no. 2. pp.179- 211, Dec. 1991. https://doi.org/10.1016/0749-5978(91)90020-T
  14. S. A. Brown, and V. Venkatesh, "Model of adoption of technology in households: A baseline model test and extension incorporating household life cycle.," MIS Quarterly, vol. 29, no. 3, pp.399-426, Sep. 2005.
  15. J. F. George, "The theory of planned behavior and internet purchasing," Internet Research, vol. 14, no. 3, pp.198- 212, 2004 https://doi.org/10.1108/10662240410542634
  16. A. H. Eagly, and S. Chaiken, The psychology of attitudes, Harcourt Brace Jovanovich College, Nov. 1993.
  17. A. Bandura, Social Foundations of Thought and Action, Prentice Hall, Oct. 1986.
  18. D. R. Compeau, and C. A. Higgins, "Computer Self-Efficacy - Development of a Measure and Initial Test," MIS Quarterly, vol. 19, no. 2, pp.189-211, Jun. 1995. https://doi.org/10.2307/249688
  19. A. Bandura, "Human Agency in Social Cognitive Theory," American Psychologist, vol. 44, no.9, pp.1175-1184, Sep. 1989. https://doi.org/10.1037/0003-066X.44.9.1175
  20. A. Bandura, C. Barbaranelli, G. Caprara and C. Pastorelli, "Multifaceted impact of self-efficacy beliefs on academic functioning," Child Development. vol. 67, no. 3, pp.1206-1222, Jun. 1996. https://doi.org/10.2307/1131888
  21. D. Compeau, C. A. Higgins, and S. Huff, "Social cognitive theory and individual reactions to computing technology: A longitudinal study," MIS Quarterly, vol. 23, no. 2, pp.145-158, Jun. 1999. https://doi.org/10.2307/249749
  22. D. R. Compeau, and C. A. Higgins, "Application of Social Cognitive Theory to Training for Computer Skills," Information Systems Research, vol. 6, no. 2, pp.118-143, Jun. 1995. https://doi.org/10.1287/isre.6.2.118
  23. R. W. Lent, F. G. Lopez, and K. J. Bieschke, "Mathematics Self-Efficacy: Sources and Relation to Science-Based Career Choice," Journal of Counseling Psychology, vol. 38, no. 4, pp.424-430, Oct. 1991. https://doi.org/10.1037/0022-0167.38.4.424
  24. G. Hackett, and N. E. Betz, "A selfefficacy approach to the career development of women," Journal of Vocational Behavior, vol. 18, pp.326-339, Jun. 1981. https://doi.org/10.1016/0001-8791(81)90019-1
  25. G. Hackett, and N. K. Campbell, "Task self-efficacy and task interest as a function of performance on a genderneutral task," Journal of Vocational Behavior, vol. 30, pp.203-215, Apr. 1987. https://doi.org/10.1016/0001-8791(87)90019-4
  26. I. Ajzen Attitudes, personality, and behavior, Dorsey Press, Nov. 1988.
  27. I. Ajzen, and M. Fishbein, Understanding Attitudes and Predicting Social Behavior, Prentice-Hall, Mar. 1980.
  28. F. D. Davis, "Perceived Usefulness, Perceived Ease of Use, and User Acceptance of Information Technology," MIS Quarterly, vol. 13, no. 3, pp.319-340, Sep. 1989. https://doi.org/10.2307/249008
  29. R,W. Lent, S.D. Brown and G, Hackett. "Toward a unifying social cognitive theory of career and academic interest, choice, and performance." Journal of Vocational Behavior, vol. 45, pp.79-122, Aug. 1994. https://doi.org/10.1006/jvbe.1994.1027
  30. S. Felton, T. Dimnik, and M. Northey, "A theory of reasoned action model of the chartered accountant career choice," Journal of Accounting Education, vol. 13, no. 1, pp.1-19, Winter 1995. https://doi.org/10.1016/0748-5751(94)00027-1
  31. R. Crepeau, C. Crook, M. Goslar and M. McMurtery, "Career anchors of information systems personnel," Journal of Management Information Systems. vol. 9, no. 2, pp.145-160, Fall 1992.
  32. V. Vroom, Work and motivation, Wiley, Aug. 1964.
  33. N. Betz, E.Voyten, and K. Klein, "Efficacy and Outcome Expectations Influence Career Exploration and Decidedness," Career Development Quarterly, vol. 46, no. 2, pp.179-89, Dec. 1997. https://doi.org/10.1002/j.2161-0045.1997.tb01004.x
  34. R. W. Lent, G. Hackett, and S. D. Brown, "A Social Cognitive Framework for Studying Career Choice and Transition to Work," Journal of Vocational Education Research, vol. 21, no. 4, pp.2-31, Dec. 1996.
  35. A. Bandura, "Self-Efficacy Mechanism in Human Agency," American Psychologist, vol. 37, no. 2, pp.122-147, Feb. 1982. https://doi.org/10.1037/0003-066X.37.2.122
  36. A. Bandura, and D. Cervone, "Self- Evaluative and Self-Efficacy Mechanisms Governing the Motivational Effects of Goal Systems," Journal of Personality and Social Psychology, vol. 45, no. 5, pp.1017-1028, Nov. 1983. https://doi.org/10.1037/0022-3514.45.5.1017
  37. J. Konvalina, A. W. Stanley, and L. Stephens, "Math Proficiency: a key to success factor for computer science students," Communications of the ACM, vol. 26, np.5, pp.377-382, May 1983. https://doi.org/10.1145/69586.358140
  38. D. Havelka, "Predicting Software Self Efficacy among Business Students: A Preliminary Assessment," Journal of Information Systems Education, vol. 14, no. 2, pp.145-152, Summer 2003.
  39. R. Agarwal, V. Sambamurthy, and R. Stair, "The Evolving Relationship between General and Specific Computer Self- Efficacy: An Empirical Investigation," Information Systems Research, vol. 11, no. 4, pp.418-430, Dec. 2000. https://doi.org/10.1287/isre.11.4.418.11876
  40. A. Yasinsac, and M. Burmester, "Centers of Academic Excellence: A Case Study," IEEE Security & Privacy, vol. 3. no. 1, pp.62-65, Jan.-Feb. 2005.
  41. D. H. Schunk, Self-efficacy and education and instruction, Plenum, Apr. 1995.
  42. D. J. Bagert, and S. A. Mengel, "Developing and using a web-based project process throughout the software engineering curriculum " The Journal of Systems and Software. vol. 74, no. 2, pp.113-120, Jan. 2005. https://doi.org/10.1016/j.jss.2003.09.024
  43. V. Venkatesh, and F. D. Davis, "A Theoretical Extension of the Technology Acceptance Model: Four Longitudinal Field Studies," Management Science, vol. 46, no. 2, pp.186-204, Feb. 2000. https://doi.org/10.1287/mnsc.46.2.186.11926
  44. B. J. Bank, R. L. Slavings, and B. J. Biddle, "Effects of peer, faculty, and parental influences on students' persis tence" Sociology of education, vol. 63, no. 3, pp.208-225, Jul. 1990. https://doi.org/10.2307/2112838
  45. M. London, "Relationships between career motivation, empowerment and support for career development," Journal of occupational and organizational psychology, vol. 66, pp.55-69, Mar. 1993. https://doi.org/10.1111/j.2044-8325.1993.tb00516.x
  46. F. Guay, C. Senecal, L. Gauthier and C. Fernet, "Predicting Career in decision: A self-determination theory perspective," Journal of counseling psychology, vol. 50, no. 2, pp.165-177, Apr. 2003. https://doi.org/10.1037/0022-0167.50.2.165
  47. I. Ajzen, and T. J. Madden, "Prediction of goal-directed behavior: Attitudes, intentions, and perceived behavioral control," Journal of Experimental Social Psychology, vol. 22, pp.453-474, Sep. 1986. https://doi.org/10.1016/0022-1031(86)90045-4
  48. J. L. Swanson, and D. M. Tokar, "Development and initial validation of the Career Barriers Inventory," Journal of Vocational Behavior, vol. 39, pp.344-361, Dec. 1991. https://doi.org/10.1016/0001-8791(91)90043-L
  49. D. A. Luzzo, "Ethnic Differences in College Students' Perceptions of Barriers to Career Development," Journal of Multicultural Counseling and Development, vol. 21, no. 4, pp.211-226, Oct. 1993. https://doi.org/10.1002/j.2161-1912.1993.tb00232.x
  50. J. L. Swanson, and D. M. Tokar, "College stuents' perceptions of barriers to career development," Journal of Vocational Behavior, vol. 38, pp.92-106, Feb. 1991. https://doi.org/10.1016/0001-8791(91)90020-M
  51. S. Chai, S. Bagchi-Sen, R. Goel, H. R. Rao, S. Upadhyaya "A Framework for Understanding Minority Students' cybersecurity Career Interests." Procedings of the Twelfth Americas conference on Information systems, pp.3426-3432, Aug. 2006.
  52. R. W. Lent, S. D. Brown, R. Talleyrand, McPartland, E.B., Davis, T., Chopra, S.B, Alexander M.S., Suthkaran, V.Chai, C.M..,"Career Choice Barriers, Supports, and Coping Strategies: College Students Experience," Journal of Vocational Behavior, vol. 60, pp.61-72, Feb. 2002. https://doi.org/10.1006/jvbe.2001.1814
  53. A. Carey, 2006 Global Information Security Workforce Study, IDC, Oct. 2006.
  54. P. Newton, Computing: an ideal occupation for women? In Women at Work: Psychological and Occupational Perspective, Open University Press, Jan. 1991.
  55. B. Ramussen, and T. Hapnes, "Excluding women from the technologies of the future: a case study of the culture of computer science," Futures, vol. 23, pp.1107-1119, Dec. 1991. https://doi.org/10.1016/0016-3287(91)90075-D
  56. E. H. Shinar, "Sexual stereotypes of occupations" Journal of Vocational Behavior, vol. 7, no. 1, pp.99-111, Aug. 1975. https://doi.org/10.1016/0001-8791(75)90037-8
  57. T. Ruble, R. Cohen, and S. Ruble, "Sex stereotypes occupational barriers for women," The American Behavioral, vol. 27, no. 3, pp.339-356, Jan. 1984. https://doi.org/10.1177/000276484027003006
  58. V. W. Mbarika, C. S. Sankar, and P. K. Raju, "Identification of Factors That Lead to Perceived Learning Improvements for Female Students," IEEE Transactions on Education, vol. 46, no. 1, pp.26-37, Feb. 2003. https://doi.org/10.1109/TE.2002.804407
  59. C. Ogan, M. Ahuja, J. C. Robinson, Herring, S.C., Gender differences among students in computer science and applied information technology. MIT Press, Feb. 2006.
  60. S. Herring, C. Ogan, M. Ahuja, Robinson, J., Gender and the culture of computing in applied IT education, Information Science Publishing, Mar. 2006.
  61. H. Wold, Introduction to the Second Generation of Multivariate Analysis, Paragon House, Sep. 1989.
  62. J. R. Hackamn, and G. R. Oldham, "Motivation through the design of work: Test of a theory," Organizational Behavior and Human Performance, vol. 16, pp.250-279, Aug. 1976. https://doi.org/10.1016/0030-5073(76)90016-7
  63. J. R. Hackman, and L. W. Porter, "Expectancy theory of predictions of work effectiveness," Organizational Behavior and Human Performance, vol. 3, pp, 417-426, Nov. 1968. https://doi.org/10.1016/0030-5073(68)90018-4
  64. W. W. Chin, B. L. Marcolin, and P. R. Newsted, "A Partial Least Squares Latent Variable Modeling Approach for Measuring Interaction Effects: Results from a Monte Carlo Simulation Study and an Electronic-Mail Emotion/Adoption Study," Information Systems Research, vol. 14, no. 2, pp.189-217, Jun. 2003. https://doi.org/10.1287/isre.14.2.189.16018
  65. W. W. Chin, The partial least squares approach for structural equation modeling, Lawrence Erlbaum Associates, Sep. 1998.
  66. D. Barclay, C. Higgins, and R. Thompson, "The Partial Least Squares (PLS) Approach to Causal Modeling: Personal Computer Adoption and Use as an Illustration," Technology Studies,.vol. 2, no. 2, pp.285-324, Summer/Fall 1995.
  67. C. Fornell, and D. Larcker, "Evaluating Structural Equation Models with Unobservable Variables and Measurement Error," Journal of Marketing Research, vol. 18 ,pp.39-50, Feb. 1981. https://doi.org/10.2307/3151312
  68. W. W. Chin, "Issues and Opinion on Structural Equation Modeling," MIS Quarterly, vol. 22, no. 1, pp.vii-xvi, Mar. 1998.
  69. T. Carte, and C. Russell, "In pursuit of moderation: nine common errors and their solutions," MIS Quarterly,.vol. 27, no. 3, pp.479-501, Sep. 2003.
  70. W. W. Chin and A. Gopal, "Adoption intention in GSS: Relative importance of belief," SIGMIS Database, vol. 26, no. 2-3, pp.42-64, May/Aug. 1995. https://doi.org/10.1145/217278.217285
  71. J. Cohen, Statistical Power Analysis for the Behavioral Sciences, Lawrence Erlbaum, Jan. 1998.
  72. A. E. Yasinsac, R.F. Marks, D.G. Pollitt, M.M. Sommer, P.M., "Computer forensics education," IEEE Security & Privacy, vol. 1, no. 4, pp.15-23, Jul./Aug. 2003. https://doi.org/10.1109/MSECP.2003.1219052
  73. L. Kvasny, F. C. Payton, V. W. Mbarika., "Gendered Perspectives on the Digital Divide, IT Education, and Workforce Participation in Kenya," IEEE Transaction on Education, vol. 51, no. 2, pp. 256-251, May 2008. https://doi.org/10.1109/TE.2007.909360
  74. R. Agarwal, and T. W. Ferratt, "Enduring Practices for Managing IT Professionals," Communications of the ACM, vol. 45, no. 9, pp.73-79, Sep. 2002. https://doi.org/10.1145/567498.567502
  75. H. W. Yoo, and T. S. Kim, Information Security Professionals' Turnover Intention and Its Causes. Journal of the Korea Institute of Information Security and Cryptology, vol. 20, no. 1, pp.95-104, Feb. 2010.