{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,17]],"date-time":"2026-02-17T19:21:13Z","timestamp":1771356073255,"version":"3.50.1"},"reference-count":31,"publisher":"Emerald","issue":"3","license":[{"start":{"date-parts":[[2021,3,22]],"date-time":"2021-03-22T00:00:00Z","timestamp":1616371200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["ICS"],"published-print":{"date-parts":[[2021,8,17]]},"abstract":"<jats:sec><jats:title content-type=\"abstract-subheading\">Purpose<\/jats:title><jats:p>Cybersecurity advocates safeguard their organizations by promoting security best practices. This paper aims to describe the skills and characteristics of successful advocates.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-subheading\">Design\/methodology\/approach<\/jats:title><jats:p>This study involved 28 in-depth interviews of cybersecurity advocates.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-subheading\">Findings<\/jats:title><jats:p>Effective advocates possess not only technical acumen but also interpersonal skills, communication skills context awareness and a customer service orientation.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-subheading\">Practical implications<\/jats:title><jats:p>Non-technical skills are deemphasized in cybersecurity training, limiting career progression into the cybersecurity advocate role for existing security professionals and those from other disciplines. This paper suggests improvements for professional development that encourage greater security workforce diversity.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-subheading\">Originality\/value<\/jats:title><jats:p>To the best of the authors\u2019 knowledge, this study is the first to define and enumerate competencies for the role of cybersecurity advocate.<\/jats:p><\/jats:sec>","DOI":"10.1108\/ics-08-2020-0131","type":"journal-article","created":{"date-parts":[[2021,3,24]],"date-time":"2021-03-24T08:21:34Z","timestamp":1616574094000},"page":"485-499","source":"Crossref","is-referenced-by-count":14,"title":["Cybersecurity advocates: discovering the characteristics and skills of an emergent role"],"prefix":"10.1108","volume":"29","author":[{"given":"Julie M.","family":"Haney","sequence":"first","affiliation":[]},{"given":"Wayne G.","family":"Lutters","sequence":"additional","affiliation":[]}],"member":"140","published-online":{"date-parts":[[2021,3,22]]},"reference":[{"key":"key2021081408083477000_ref001","unstructured":"Arbuckle, A. (2018), \u201cThe solution to the cybersecurity talent gap is inclusion\u201d, available at: www.securityweek.com\/solution-cybersecurity-talent-gap-inclusion (accessed 30 June 2020)."},{"key":"key2021081408083477000_ref002","unstructured":"Arnou, S. (2020), \u201cThe security advocate\u201d, available at: www.thesecurityadvocate.com\/ (accessed 15 September 2020)."},{"key":"key2021081408083477000_ref003","doi-asserted-by":"crossref","first-page":"100","DOI":"10.1145\/1280680.1280693","article-title":"Towards understanding IT security professionals and their tools","volume-title":"Proceedings of the 3rd Symposium on Usable Privacy and Security","year":"2007"},{"key":"key2021081408083477000_ref004","volume-title":"Basics of Qualitative Research: Techniques and Procedures for Developing Grounded Theory","year":"2015","edition":"4th ed."},{"key":"key2021081408083477000_ref005","article-title":"Risk communication","volume-title":"Occupational Health Practice","year":"1997","edition":"4th ed."},{"key":"key2021081408083477000_ref006","unstructured":"Cybersecurity Ventures (2020), \u201cThe 2020 official annual cybercrime report\u201d, available at: www.herjavecgroup.com\/the-2019-official-annual-cybercrime-report\/ (accessed 30 June 2020)."},{"key":"key2021081408083477000_ref007","doi-asserted-by":"crossref","first-page":"744","DOI":"10.3389\/fpsyg.2018.00744","article-title":"The future cybersecurity workforce: going beyond technical skills for successful cyber performance","volume":"9","year":"2018","journal-title":"Frontiers in Psychology"},{"issue":"1","key":"key2021081408083477000_ref008","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1016\/j.giq.2017.02.007","article-title":"Building cybersecurity awareness: the need for evidence-based framing strategies","volume":"34","year":"2017","journal-title":"Government Information Quarterly"},{"key":"key2021081408083477000_ref009","first-page":"24","article-title":"Building a cybersecurity pipeline to attract, train, and retain women","volume":"3","year":"2015","journal-title":"Business Journal for Entrepreneurs"},{"issue":"1","key":"key2021081408083477000_ref010","first-page":"28","article-title":"Meeting the challenge of risk communication","volume":"47","year":"1991","journal-title":"Public Relations Journal"},{"key":"key2021081408083477000_ref011","first-page":"3","article-title":"Security administrators: a breed Apart","volume-title":"Workshop on Usable IT Security Management","year":"2007"},{"key":"key2021081408083477000_ref012","first-page":"411","article-title":"It's scary [\u2026] it's confusing [\u2026] it's dull: how cybersecurity advocates overcome negative perceptions of security","volume-title":"Proceeding of the 14th Symposium on Usable Privacy and Security","year":"2018"},{"key":"key2021081408083477000_ref013","first-page":"109","article-title":"Motivating cybersecurity advocates: implications for recruitment and retention","volume-title":"Proceedings of the Computers and People Research Conference","year":"2019"},{"issue":"2","key":"key2021081408083477000_ref014","doi-asserted-by":"crossref","first-page":"33","DOI":"10.1109\/MSP.2011.181","article-title":"Holistically building the cybersecurity workforce","volume":"10","year":"2012","journal-title":"IEEE Security and Privacy Magazine"},{"issue":"1","key":"key2021081408083477000_ref015","doi-asserted-by":"crossref","first-page":"167","DOI":"10.1037\/0021-9010.69.1.167","article-title":"How to measure service orientation","volume":"69","year":"1984","journal-title":"Journal of Applied Psychology"},{"key":"key2021081408083477000_ref016","unstructured":"ISACA (2016), \u201cState of cybersecurity implications for 2016\u201d, available at: www.isaca.org\/cyber\/Documents\/state-of-cybersecurity_res_eng_0316.pdf (accessed 30 June 2020)."},{"key":"key2021081408083477000_ref017","doi-asserted-by":"crossref","unstructured":"Joint Task Force on Cybersecurity Education (2017), \u201cCurriculum guidelines for post-secondary degree programs in cybersecurity\u201d, available at: https:\/\/cybered.hosting.acm.org\/wp-content\/uploads\/2018\/02\/newcover_csec2017.pdf (accessed 5 August 2020).","DOI":"10.1145\/3422808"},{"issue":"4","key":"key2021081408083477000_ref018","doi-asserted-by":"crossref","first-page":"161","DOI":"10.1111\/j.1540-4560.1992.tb01950.x","article-title":"Social distrust as a factor in siting hazardous facilities and communicating risks","volume":"48","year":"1992","journal-title":"Journal of Social Issues"},{"key":"key2021081408083477000_ref019","first-page":"1","article-title":"Multi-disciplinary approach to cyber security education","volume-title":"Proceedings of the International Conference on Security and Management","year":"2013"},{"issue":"4","key":"key2021081408083477000_ref020","doi-asserted-by":"crossref","first-page":"385","DOI":"10.2307\/249561","article-title":"Change agentry \u2013 the next is frontier","volume":"20","year":"1996","journal-title":"MIS Quarterly"},{"issue":"2","key":"key2021081408083477000_ref021","doi-asserted-by":"crossref","first-page":"225","DOI":"10.1007\/s10869-010-9172-7","article-title":"Millennials in the workplace: a communication perspective on millennials\u2019 organizational relationships and performance","volume":"25","year":"2010","journal-title":"Journal of Business and Psychology"},{"key":"key2021081408083477000_ref023","unstructured":"NSA \u2013 National Security Agency and Department of Homeland Security (2020), \u201cNational centers of academic excellence in cyber defense\u201d, available at: www.iad.gov\/NIETP\/documents\/Requirements\/CAE-CD_Program_Guidance_2020.pdf (accessed 30 June 2020)."},{"key":"key2021081408083477000_ref024","first-page":"60","article-title":"Trustworthy and effective communication of cybersecurity risks: a review","volume-title":"1st Workshop on Socio-Technical Aspects in Security and Trust","year":"2011"},{"key":"key2021081408083477000_ref025","unstructured":"Oltsik, J. (2017), \u201cThe life and times of cybersecurity professionals\u201d, available at: www.issa.org\/wp-content\/uploads\/2017\/11\/2017-ESG-ISSA-full-report.pdf (accessed 13 July 2020)."},{"key":"key2021081408083477000_ref026","unstructured":"Petersen, R., Santos, D., Wetzel, K., Smith, M. and Witte, G. (2020), \u201cNIST special publication 800-181 revision 1: workforce framework for cybersecurity (NICE framework)\u201d, available at: https:\/\/nvlpubs.nist.gov\/nistpubs\/SpecialPublications\/NIST.SP.800-181r1.pdf (accessed 5 December 2020)."},{"key":"key2021081408083477000_ref027","unstructured":"SANS (2019), \u201cNIST NICE work role description for security awareness and communications manager\u201d, available at: www.sans.org\/security-awareness-training\/blog\/nist-nice-work-role-description-security-awareness-and-communications-manager (accessed 30 June 2020)."},{"key":"key2021081408083477000_ref028","volume-title":"Generation Z Goes to College","year":"2016"},{"key":"key2021081408083477000_ref029","unstructured":"SFIA (2018), \u201cSFIA 7 - the seventh major version of the skills framework for the information age\u201d, available at: www.sfia-online.org\/en\/framework\/sfia-7 (accessed 30 June 2020)."},{"key":"key2021081408083477000_ref030","first-page":"1","article-title":"Cybersecurity, women and minorities: findings and recommendations from a preliminary investigation","volume-title":"Proceedings of the ITiCSE Conference on Innovation and Technology in Computer Science Education","year":"2013"},{"issue":"4799","key":"key2021081408083477000_ref031","doi-asserted-by":"crossref","first-page":"280","DOI":"10.1126\/science.3563507","article-title":"Perception of risk","volume":"236","year":"1987","journal-title":"Science"},{"key":"key2021081408083477000_ref032","unstructured":"Zorz, M. (2016), \u201cWhat a security evangelist does, and why you need one\u201d, available at: www.helpnetsecurity.com\/2016\/05\/03\/security-evangelist\/ (accessed 15 September 2020)."}],"container-title":["Information &amp; Computer Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-08-2020-0131\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-08-2020-0131\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,25]],"date-time":"2025-07-25T01:23:08Z","timestamp":1753406588000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/ics\/article\/29\/3\/485-499\/225407"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,3,22]]},"references-count":31,"journal-issue":{"issue":"3","published-online":{"date-parts":[[2021,3,22]]},"published-print":{"date-parts":[[2021,8,17]]}},"alternative-id":["10.1108\/ICS-08-2020-0131"],"URL":"https:\/\/doi.org\/10.1108\/ics-08-2020-0131","relation":{},"ISSN":["2056-4961","2056-4961"],"issn-type":[{"value":"2056-4961","type":"print"},{"value":"2056-4961","type":"print"}],"subject":[],"published":{"date-parts":[[2021,3,22]]}}}