Call for Proposals

The Cybersecurity Skills Journal: Practice and Research (CSJ) is a double-blind peer-reviewed journal published by the CyberWatch Center Digital Press. The goal of CSJ is to stimulate professional discussion and advance the interdisciplinary field of cybersecurity through the publication of scholarly works of value and interest to the profession. CSJ seeks to integrate and expand the methods, processes, and evidence of effective practices which underlie skilled performance. CSJ focuses on valued, measured results; considers the larger system context of people’s performance; and provides valid and reliable measures of effectiveness.

CSJ​ uses a two-step submission process to encourage submissions aligned with our mission. Prospective authors are highly encouraged to review the Overview Presentation and attend a Proposal Development Workshop to understand the different paper types and submission requirements. Our Manuscript Content Guidelines provide specifications for practice, instructional design, or research section manuscripts, and the Author Guidelines details the structured abstract format used by CSJ and the processes for developing accepted manuscripts. Abstracts on technical solutions that lack a substantive contribution for improving or teaching skillful performance of cybersecurity job functions and roles do not align with our mission and will not be considered.

Cybersecurity Conference and Colloquium Sessions (3CS) Vol 2.

The recent pandemic initially curtailed the sharing of new information and ideas that typically happened at conferences and colloquium sessions. As the community adapted by conducting virtual events, many participated in these events to a greater extent or even for the first time. The second volume in the 3CS Special Issue series of CSJ seeks to expand the dissemination of ideas, insights and practices on topics related to cybersecurity education, research, and workforce development initially presented at recent conferences, colloquium and other events. CSJ invites practitioners, scholars, and educators to propose their presentation content for further development into a paper for publication that will contribute to advancing the state of cybersecurity capability maturity.

Timeline for the 3CS Vol. 2 Special Issue

  • December 15, 2022: Call for Proposals published
  • January 2023: Proposal Development Workshops begin
  • January 15, 2023: Submissions open for Articles, Notes and Dialogues
  • May 15, 2023: Early submission deadline for Articles (prioritized for publication)
  • July 15, 2023: Initial Idea submission closes for Notes and Dialogues
  • September 30, 2023: Final Manuscripts (Articles and Notes) due for December digital release
  • December 15, 2023: Digital release of collected 3CS Vol. 2 Special Issue

Submissions may address any aspect of cybersecurity but must align with the Journal’s mission: emphasis should be placed on enhancing the capabilities of the cybersecurity practitioner, educator, or researcher. Ideas related to cybersecurity technology or tools should emphasize the human factors involved in the technology design, development, use, or support. Prospective authors are highly encouraged participate in a hands-on Proposal Development Workshop where they may receive immediate feedback on their initial ideas from members of the CSJ Editorial Board. Authors who participate these workshops are more likely to succeed in publication through CSJ.

If your organization runs a conference or colloquium and is interested in publishing proceedings with this Special Issue, please contact the Editors at csjeditors@nationalcyberwatch.org.

Special Issue: NICE Framework 2023 Volume

The National Initiative for Cybersecurity Education (NICE) Workforce Framework (NICE Framework) was originally published as NIST Special Publication 800-181 in 2017. NICE has issued several updates regarding the Framework, including draft Task, Knowledge, and Skill (TKS) statements, Ability Statements, and Competency Areas, and a report to Congress, “Measuring Cybersecurity Workforce Capabilities: Defining a Proficiency Scale for the NICE Framework.” The Cybersecurity Skills Journal is seeking manuscript proposals that examine the usefulness, benefits, and challenges associated with the adoption, adaptation, or extension of the current NICE Framework, including the draft Competencies and report on measuring capabilities, to improve learning and advance the state of cybersecurity capability maturity.

Timeline for the Special Issue: NICE Framework – 2023 Volume

  • September 23, 2022: Call for Proposals released
  • December 2022: Proposal Development Workshops begin
  • December 15, 2022: Submissions opens
  • February 15, 2023: Early submission deadline for Articles (prioritized for publication)
  • May 15, 2023: Initial Idea submission for Notes and Dialogues close
  • July 15, 2023: Final Manuscripts due for September release
  • September 15, 2023: Digital Release begins

Submitted abstracts may address any aspect of the NICE Framework, though emphasis should be placed on empirical support for effective awareness, application, and impact of the NICE Framework in enhancing the cybersecurity capability maturity of the entrant, extant, or future workforce, including the cybersecurity practitioner, educator, or researcher. Submissions related to cybersecurity technology or tools should emphasize the human factors involved in the technology design, development, use, or support.

The Cybersecurity Skills Journal uses a two-step submission process to encourage submissions aligned with the Journal’s mission. Prospective authors are highly encouraged to review our Overview Presentation and attend a proposal development workshop to understand the different paper types and submission requirements. The Manuscript Content Guidelines provides detailed specifications for practice, instructional design, or research section manuscripts. Abstracts on technical solutions that lack a substantive contribution for improving or teaching skillful performance of cybersecurity job functions and roles do not align with the Journal’s mission and will not be considered.

Updated September 30, 2022

2023 Facilitated Virtual Focus Group

The goal of the Cybersecurity Skills Journal: Practice and Research (CSJ) is to stimulate professional discussion and advance the interdisciplinary field of cybersecurity through the publication of scholarly works of value and interest to the profession. To encourage the community to engage in critical discussions surrounding the broader cybersecurity workforce, CSJ invites practitioners, scholars, and educators to propose and lead live virtual Focus Groups that will explore specific challenges and persistent problems related to raising the capabilities of the cybersecurity workforce. Proposals may address any aspect of research into cybersecurity but must align with the Journal’s mission: emphasis should be placed on enhancing the capabilities of the cybersecurity practitioner, educator, or researcher.

Timeline for the Focus Group

  • October 15, 2022: Call for Proposals published
  • December 1, 2022: Submission deadline for Focus Group session proposals
  • December 15, 2022: Notification sent to all Focus Group proposers
  • December 16, 2022: Registration for Focus Group Event opens
  • January 11, 2023: Focus Group Event

To encourage the community in critical discussions surrounding the broader cybersecurity workforce, CSJ invites practitioners, scholars, and educators to propose and lead virtual Focus Groups that will explore specific challenges and persistent problems related to raising the capabilities of the cybersecurity workforce.

The next Focus Group event will be on Wednesday, January 11, 2023. Individual discussion sessions will run between 90 and 120 minutes, with different sessions starting at 10:30 AM (Eastern) and 3:00 PM (Eastern). Registration for the event will open in December 2022. Proposals for individual Focus Group sessions must be submitted by December 1, 2022, to Track 1 in Easy Chair.
Proposers must identify the topic area for their Focus Group session, e.g., the specific problem and questions to be explored, and should also identify individuals who are key stakeholders that will participate in that Focus Group. Focus Groups are not panel discussions or one-way webinars: registered attendees for the Focus Group will join in the real-time discussion on each question and share their expertise. CSJ will provide moderators for each session to facilitate the session and participation.

Focus Groups may address any aspect of research into cybersecurity but must align with the Journal’s mission: emphasis should be placed on enhancing the capabilities of the cybersecurity practitioner, educator, or researcher. Submissions related to cybersecurity technology or tools
should emphasize the human factors involved in the technology design, development, use, or support.

Focus Group proposals might explore areas such as:

  1. What should the role of industry be in funded research into cybersecurity skills?
      a) Students graduate with degrees but lack the skills local industry needs for open jobs; how might we change this dynamic? What degree or curriculum changes can we envision?
      b) Given workforce constraints, how might industry be more involved in funded research into cybersecurity skills?
      c) How might educational institutions more directly engage industry – how have you approached the challenges and what does success look like to you?
  2. What is evidence-based research in cybersecurity?
  3. What are the critical research gaps related to cybersecurity skills and how could the cybersecurity community address them? Who might fund this research?
  4. What are potential innovative, long-range funded research programs into cybersecurity skills (acquisition, assessment, etc.) that could be game-changers for the maturity of the cybersecurity workforce?
  5. What questions are YOU or YOUR ORGANIZATION wrestling with regarding funded research and cybersecurity skills in the workforce – recognizing that educators are part of the workforce?
  6. Specific challenges or contributing factors to building (or retaining) a more diverse and/or larger pipeline of career entrants, and better prepared career entrants.
  7. What research is needed to empirically identify shortfalls in cybersecurity workforce skills?
  8. Is there empirical evidence that cybersecurity competitions actually improve or provide accurate assessment of specific technical skills or problem-solving? How could this evidence be collected?
  9. What are achievable measures of success for NICE Strategic Plan, or for Implementation Plans from the NICE Working Groups or Communities of Interest?
  10. What life factors do students believe are impeding their abilities to devote enough time (i.e., the Carnegie Unit) to learning for their courses? What approaches might increase engagement for them?
  11. What should be the scope of a cybersecurity course, given the amount of time students actually have available? How can faculty streamline the  concept list to just the most essential content that will enable students to continue learning after the course?

All ideas submitted will be reviewed by the CSJ Editorial Board. Submissions must include at least three invited participants that are subject matter experts or stakeholders (e.g., practitioners, hiring managers, CISOs, learners, educators, government, academia, industry, K12, higher ed, etc.) impacted by the topic of the Focus group. Preference will be given to submissions that align with any of our open Calls for Proposals.

Each proposer may choose to pursue publishing the discussion from their Focus Group as a research manuscript in the form of a CSJ Dialogue. CSJ facilitates the creation of Dialogues by recording all sessions in the virtual platform; individual session proposers will receive both an audio recording and an automatic transcription of their group discussion. Proposers must review and edit the transcript, and provide an introduction and summary remarks before submitting the Dialogue for publication in a Special Issue from CSJ.

2022 Special Issue: Evidencing Competencies: Progress from Funded Research into Human Performance in Cybersecurity

The creation and adoption of any new technology or tool has direct impacts and consideration for the cybersecurity workforce, which includes practitioners, educators, and researchers. Investment in cybersecurity research in the last decade has resulted in many opportunities to consider the impact of new cybersecurity technologies to the broader cybersecurity workforce, from testing to planning for technology transfer. Beyond marketing, operationalizing new technology requires an understanding of how to train or educate practitioners and educators to effectively use the technology to achieve the positive outcomes promised by that technology.

Special Issue Timeline

  • November 12, 2021: Call for Abstracts released
  • December 1, 2021: Proposal Development Workshops begin
  • April 1, 2022: Abstract submissions opens
  • July 31, 2022: Early submission deadline (prioritized for publication)
  • October 15, 2022: Initial submissions for Articles and Notes close
  • December 1, 2022: Initial submissions for Dialogues close
  • December 15, 2022: Final accepted manuscripts due for Articles and Notes submissions

Despite a critical call a decade ago for research on the human performance of cybersecurity1 and various legislative attempts to spur research efforts to understand behavioral factors that affect cybersecurity technology and practice, there is still little published research into the role of the human practitioner in cybersecurity. Recent technical advances such as automation, ML and AI further highlight the gap in understanding human performance and knowing what knowledge or procedures are needed to optimize the interaction between practitioners and automated processes intended to protect and defend the nation. The Cybersecurity Skills Journal is seeking ideas and drafts for Articles, Notes and Dialogues that impact cybersecurity practice, improve learning, and advance the state of the cybersecurity workforce’s capability maturity and which arise from recent sponsored research. Abstracts may address any aspect of research into cybersecurity but must align with the Journal’s mission: emphasis should be placed on enhancing the capabilities of the cybersecurity practitioner, educator, or researcher, not on technology.

CSJ seeks submissions in the following areas (non-exclusive list):

  • Theoretical/conceptual research with implications for capabilities of the cybersecurity workforce
  • Systematic investigations that analyze, evaluate, improve, and measure the human operator’s techniques, tactics and procedures (TTPs) including, but not limited to, the use of technologies
  • In-depth, systematic reviews of the research and literature in specific areas of evidence-based practice of cybersecurity by practitioners, educators, and researchers
  • Case studies or other qualitative analyses demonstrating the application of innovative tactics, techniques and protocols which highlight critical or often overlooked skill requirements for cybersecurity professionals
  • Research on cybersecurity professional practice and performance requirements
  • Unique challenges encountered by cybersecurity professionals in applying their knowledge, skill, and abilities
  • Instructional designs or materials, assessments, or practice/challenge lab designs that may raise capability maturity in students or professionals
  • Design and deployment of instructional systems that raise capability maturity

The Cybersecurity Skills Journal uses a two-step submission process designed to encourage submission of abstracts aligned with the Journal’s mission. Prospective authors are highly encouraged to review the Overview Presentation link below to understand the different paper types and submission requirements.

Detailed specifications for practice, instructional design, or research section manuscripts are available in the Manuscript Content Guidelines. Abstracts on technical solutions that lack a substantive contribution for improving or teaching skillful performance of cybersecurity job functions and roles do not align with the Journal’s mission and will not be considered.