PhD Student Openings

I am recruiting new students who are interested in pursuing an interdisciplinary PhD in Cyber Studies at the University of Tulsa. We have multiple projects in the area of cybersecurity measurement and security economics. I welcome students from a variety of academic backgrounds, including computer science, social sciences, and information systems.

For example, Bradey Brummel, Sal Aurigemma and I are recruiting two PhD in Cyber Studies students for a TU-Team8 Cyber Fellows project.

Project Title: Assessing and Improving Organizational Cybersecurity Hygiene and Culture in the Perimeterless World

Project Summary: There is no shortage of challenging cyber security problems at the interface of technology, people, and the organization. Promoting a strong security culture is a widely professed goal of many organizations, yet evaluating whether these objectives are being met can be hard. Thus, this project will focus on developing evidence-based security hygiene and culture assessment by identifying and evaluating different data sources and developing metrics to capture existing organizational security hygiene and security culture. With an understanding of the security challenges of the workforce and end-users and a baseline of the current security culture, organizations need clear and proven methods to effect measurable and lasting security hygiene and culture improvements. Accordingly, the research team will develop and empirically validate security hygiene and security culture change methodologies. This project will work with real organizations to achieve quantifiable results supported by both objective and qualitative evidence.

Additionally, the global pandemic has radically changed how and where work is conducted. This project will also examine the impact of the current and emerging remote / flex workforce on employee cyber security behaviors and activities. One area to investigate centers on the cyber security challenges that arise from the flexibility given to workers across the organizational hierarchy to potentially work from anywhere. In this case, organizations must assess and likely adapt their view of adequate security hygiene and the impact on their security culture.