Argus Cybersecurity Lab

Bringing Anthropology into Cybersecurity

This research applies anthropological methods to study cybersecurity analysts working in Security Operation Centers (SOC). These analysts process large amounts of data while handling cyber threats. The job requires intelligence and high levels of skills but has many mundane/repetitive aspects. Adequate tool support is largely lacking and many of the skills and procedures involved are uncodified and undocumented resulting in a large body of "tacit knowledge." This project places researchers trained in both cybersecurity and anthropology into SOCs, working side by side with the analysts. This "participant observation" approach provides a means to access the tacit knowledge of the analysts and to convert it into more explicit knowledge, leading to the development of algorithms that can help automate the tasks. The ethnographic fieldwork also provides an opportunity to observe real security operation centers' work processes and identify factors that influence the effectiveness and efficiency with which cybersecurity incidents are handled. This helps explain why some cybersecurity problems are hard to address in practice, what roles humans and organizational structures play, and where procedures might be inefficient or completely fail for non-technical reasons. The research is carried out through a collaborative effort involving researchers from Kansas State University and two companies. Results from the research will create practical tools that leverage tacit knowledge in security analytics and automate tasks such as incident response and forensic analysis. Research findings also inform the training of cybersecurity professionals by making explicit the tacit knowledge of effective security analytics acquired during participant observation.

Faculty: Funded Collaborators:
  • Dr. John McHugh (RedJack, LLC)
  • Dr. Raj Rajagopalan (Honeywell ACS Labs)
Unfunded Collaborators:
  • Marc Eisenbarth (Arbor Networks)
  • Dr. William Horne (HP Labs)
  • Dr. Loai Zomlot (HP Labs)
  • Dan Moor (HP Digital Investigation Services)
Students: Call for Participation:
    We would like to work with interested parties to extend our research to more organizations. If you are interested, please look at this flyer.
Papers and Presentations: In the News: Acknowledgment:
This research is supported by the National Science Foundation under Grant No. 1314925. Any opinions, findings and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the National Science Foundation.