My research self-evaluation could be summarised as the following:
I understand that the term ‘cyber security’ can be interpreted broadly, and may even be a ‘catch all’ category within the security domain. However, my research fits clearly into this area, be it IT audit, IT control and assurance, management of IT risk, behavioural security, or even digital forensics viewed from a management rather than a technical perspective. My management consulting background, my tenure in a Faculty of Management and Commerce, the attainment of an MBA, and my understanding of business processes have all helped me to develop insights in this research area; insights which in turn have been influenced by the typical management drive for productivity, optimisation and effectiveness. Accordingly, my understanding of management principles as relating to people, processes and technology has dovetailed with my specific research area of information security management. After attaining my doctorate, it is in this context that I continue to supervise postgraduate students in a variety of research projects.
From a research philosophy perspective I have aligned myself with a positivist paradigm, leaning towards that side of the continuum, as I have always tried to be ‘objective’ when considering the ‘artefacts’ I work with.
However, I have come to realise that although the actual artefacts may well be on the positivist side, the successful deployment of these artefacts requires me to consider the environment more extensively. This realisation has necessitated that I spend more time on understanding the social sciences and the research questions I have been grappling with in this context, consequently leading me to conduct much of my research with a leaning towards interpretivism. When considering the environment, people and context in research there is certainly art involved. This has without a doubt influenced my view of reality, a reality that I have tended to interpret as a concrete structure. Nevertheless, I have learnt that, in the context in which I operate, reality tends to be a social construction rather than a concrete structure and, thus, my research involves a number of interpretivist elements.
This leads me to my next point on research outputs. I have built up a substantial team of postgraduate researchers, master’s and doctoral students. This principle of multiplication of effort was learnt when I was a manager in the management consulting industry and these skills have remained with me and now serve me well as a supervisor of postgraduate students.
Initially, I found my head of department and deputy dean duties somewhat overwhelming, as I had to recruit staff, build the Department, oversee the recurriculation of programmes, teach courses, write reports, chair meetings, mentor junior staff, and conduct research. Consequently, my research area had suffered slightly as there were more pressing issues that needed attention. I have now found a way of prioritising my efforts and allocating time for my research activities.
Currently, I have seven research students working with me on various projects, and accordingly contributing to my research area of information security management and behavioural information security. Although I may have erred in the past by not focusing enough on a specific research area and allowing other issues at times to distract me, I feel this has all been part of a learning curve.
As part of my planned future research I intend to continue to focus on information security, cyber security and more specifically the human aspects of cyber security.