Hackers pose a continuous and unrelenting threat. Industry and academic researchers alike can benefit from a greater understanding of how hackers engage in criminal behavior. A limiting factor of hacker research is the inability to verify that self-proclaimed hackers participating in research actually possess their purported knowledge and skills. This paper develops and validates a conceptual-expertise-based tool that we call SEAM that can be used to discriminate between novice and expert hackers.
This tool has the potential to provide information systems researchers with the following two key capabilities: (1) maximizing the generalizability of hacking research by verifying the legitimacy of hackers involved in data collections, and (2) segmenting samples of hackers into different groups based on skill thereby allowing more granular analyses and insights. This paper reports on samples from four different groups: security experts, students, security workers, and Amazon Mechanical Turk hackers. SEAM was able to differentiate between security expertise in different populations (e.g., experts and student novices). We also provide norm development by measuring security workers and Amazon Mechanical Turk hackers.
- The Security Expertise Assessment Measure (SEAM): Developing a scale for hacker expertise in Computers & Security Volume 60, July 2016, Pages 37–51