| The vulnerability of critical and valued digital infrastructures and the difficulty of defending networks against attacks are a growing concern throughout domains. While numerous efforts exist to improve cyber defense through technological advances, human-centered research to uncover and address the difficulties experienced by network defenders is recent and still limited. Moreover, understanding cyber security, a fundamentally adversarial domain, requires investigations of the interrelated defense and attack processes, but such studies are rare. The dissertation presents results from a staged-world study of an adversarial cyber security exercise. This daylong exercise involved forty participants divided into an outside attacking team and a defending team operating in a simulated production environment.;The first objective is to identify critical skills and forms of expertise of cyber security as a domain of practice. Designed by cyber security experts, the exercise allowed for the investigation of core dimensions of cyber events, which have seen limited empirical study in past work on cyber defense: (1) decision-making in cyber defense; (2) network security within larger production structures and processes; (3) decision-making in cyber attack; and (4) interplay of attack and defense.;The second objective of the research is to discuss the approach designed and implemented in order to capture and analyze the cyber event observed. Challenges result especially from the scale of the processes to be tracked (attack and defense; number of participants; distribution of participants in teams, roles and space; duration of the exercise). The study we conducted aimed at exploring the domain of cyber security with an emphasis on the methodological dimensions of such investigation. Given the partially novel character of the research, a critical account of choices made, successes and pitfalls experienced aims at informing future advancements in the domain.;The third objective is to connect this study of the particular domain of cyber security to other studies of work in real-world situations. Relevant theoretical frameworks include: decision-making under uncertainty, distributed anomaly response, joint activity, perception of intent, and more generally Resilience Engineering. Making this link allows for the discussion of potential directions to improve cyber defense, as well as to further develop these theoretical frameworks. Cyber security, because of its nature and the typical challenges associated, constitutes a rich environment for such purposes. |
