As most of you know, I am a doctoral student at Colorado Technical University working on my dissertation. My research focuses on the use of security automation, intelligence sharing, and adaptive cyber defense methods within the financial services industry. I discussed the conceptual framework for my research in a previous post. Essentially, the framework calls for the use of security automation and intelligence sharing to speed detection and response, while using deception and active defenses to slow the attack. For more background on my research, you can check out these prior posts:
Driving Forces for Security Automation – My initial look into why automation is necessary.
The Need for Automation in the Threat Intelligence Process – The title says it all.
Adaptive Cyber Defense and the OODA Loop – Discusses the applicability of the OODA loop to cybersecurity.
Enhancing Defense with Deception – Addressing the other side of the equation with deception.
These previous subjects set the foundation for my research. Over the past couple of months, I have been interviewing cybersecurity professionals in the financial services industry to understand how these concepts have been, or can be, applied. The experience has been quite rewarding. I am almost finished with the interviewing and data collection. However, I could use one or two more participants.
I have now started analyzing the data from the interviews using an open-coding technique. I have found the process of coding quite interesting. To assist with the coding, I am using Quirkos, which has been a great help. If you plan to do any qualitative analysis, I recommend you investigate Quirkos. Open coding uses inductive analysis to allow the themes to emerge from the data.
The data analysis process I am using was based on a process described by Ruona [1]. The data analysis began with the preparation of the data, including the transcription of the interviews. The next stage of the data analysis was data familiarization. According to Pope et al. [2], during the data familiarization stage, the researcher listens to the recordings and reads the transcripts. Ruona [1] recommended this step to provide an overall sense of the information and impression of the data. During this initial reading, I noted any general observations of the data as suggested by Saldaña [3].
Following the reading of the responses, I began the coding process. The coding followed an iterative process, as suggested by Saldaña [3]. First, I used three of the responses to develop preliminary codes. With these preliminary codes, I read all the responses and coded the data using the preliminary codes. During this process, I noted any additional codes that emerged. As new codes emerged, I analyzed the previous responses using these emergent codes. Finally, I analyzed the codes to shape the themes into general descriptions and identify connections between themes. Stay tuned for details on the themes and the f my research.
About the author: Donnie Wendt is an information security professional focused on designing and engineering security controls and monitoring solutions. Also, Donnie is an adjunct professor of cybersecurity at Utica College. Donnie is currently pursuing a Doctorate of Science in Computer Science with a research focus on security automation and orchestration.
[1] Ruona, W. E. (2005). Analyzing Qualitative Data. In R. A. Swanson, & E. F. Holton III (Eds.), Research in Organizations: Foundations and Methods of Inquiry (pp. 233-264). San Francisco, CA: Berrett-Koehler Publishers
[2] Pope, C., Ziebland, S., & Mays, N. (2007). Analyzing Quantitative Data. In C. Pope, & N. Mays, Qualitative Research in Health Care (pp. 63-81). Oxford, UK: Blackwell Publishing. doi:10.1002/9780470750841.ch7.
[3] P Saldaña, J. (2013). The Coding Manual for Qualitative Researchers. Los Angeles, CA: Sage.