Areas of Interest

CSJ welcomes original work from the following communities of research and practice: process improvement; organizational design and alignment; analysis, evaluation, and measurement; performance management; instructional systems; and management of organizational performance. CSJ will consider literature reviews, experimental studies, survey research, and case studies with a scholarly base.

Submissions may address any aspect of research into cybersecurity but must align with the Journal’s mission: emphasis should be placed on enhancing the capabilities of the cybersecurity practitioner, educator, or researcher. Submissions related to cybersecurity technology or tools should emphasize the human factors involved in the technology design, development, use, or support. Abstracts on technical solutions that lack a substantive contribution for improving or teaching skillful performance of cybersecurity job functions and roles do not align with the Journal’s mission and will not be considered.

CSJ generally seeks submissions in the following areas (non-exclusive list):

• Research on cybersecurity professional practice and performance requirements
• Unique challenges encountered by cybersecurity professionals in applying their knowledge, skill, and abilities
• Theoretical/conceptual research with implications for capabilities of the cybersecurity workforce
• Systematic investigations that analyze, evaluate, improve, and measure the human operator’s techniques, tactics, and procedures (TTPs) including, but not limited to, the use of technologies
• In-depth, systematic reviews of the research and literature in specific areas of evidence-based practice of cybersecurity by practitioners, educators, and researchers
• Case studies or other qualitative analyses demonstrating the application of innovative tactics, techniques and protocols which highlight critical or often overlooked skill requirements for cybersecurity professionals
• Instructional designs or materials, assessments, or practice/challenge lab designs that may raise capability maturity in students or professionals
• Design and deployment of instructional systems that raise capability maturity

CSJ Formats

Dialogue. Captures a discussion among stakeholders about dilemmas or previously insurmountable challenges to cybersecurity skills assessment, development, recruitment, or evaluation. Dialogues represent the first step in developing a research proposal, trying to define specific and current problems, gathering foundational data and identifying potential approaches.

Note. Explores uncharted territory, rather than seeking to confirm or disconfirm the results of prior literature as is done in an article. Research proposals that detail planned, systematic research may be readily adapted to the Note format. (1,000 – 2,500 words)

Article. Supports replication, validation, and generalization of practice, systematic investigation, or instructional methods and results. May confirm or disconfirm results of prior investigations or seek to extend or adapt prior scholarly research. (7,500 – 15,000 words)

CSJ Sections

Submissions should be primarily directed towards one of section of CSJ, aligning with that section’s intended audience (practitioners instructors, and researchers) and with the content guidelines below.

Practice. These articles should offer evidence-based guidance to practitioners in the form of techniques, tactics, procedures or tools that demonstrate substantial effectiveness in preventing, mitigating, or resolving cybersecurity risk, threats, or vulnerabilities. A CSJ practice article sufficiently documents the practice such that a reader can follow the procedural guidance to execute the actions necessary for effective application. CSJ encourages practice articles that document a digital asset which can be downloaded by readers to support implementation of the practice, e.g., a configuration tool or checklist document.

Instructional design. In CSJ, instructional design articles should provide guidance to instructors as though you were “training the trainer” with the article. In other words, might there be observations or conclusions an instructor should be making about the learner as they proceed with each step to ensure their proficiency in understanding both the concepts involved and the procedure being applied. Some considerations might be:

• What conceptual understanding is a prerequisite for each step?
• What misunderstandings (confusion) or misconceptions (confidently held, but mistaken assumptions) may prevent a learner from fully comprehending or performing each step?
• How would you recommend assessing correct or incorrect understanding of prerequisite or instructed conceptual understanding?
• If incorrect understanding has occurred with students in the past, or you can imagine lack of prerequisite knowledge, confusion or mistakes that could occur, what additional instructional devices might you recommend should be applied to remediate learning?
• Are there conditions at any step that might suggest an alternative process or a decision on an approach that might be more effective or less effective at that stage?
• If the procedure needs to be altered on some conditions, under what situations might these conditions arise?
• What errors might be expected during the application of the principles and techniques in hands-on practice? How might these errors be detected or manifested? What remediation might be appropriate for each error?
• How might the understanding and skilled application of the concepts and techniques you are developing through your instruction be further tested in simulations of real-world events, such as in designing an interactive competition?
• What research is needed to adequately answer any of the above questions or to further improve your instructional design?
• How might the processes and procedures taught through your instructional design be used to improve cybersecurity practices in the workplace?
• Are there executable files (e.g., LMS packages, test questions, procedural guides) that have been or could be developed to assist with implementing your instructional design?

Research. These articles should provide evidence from the literature to clearly establish the severity and urgency of the problem being addressed by the empirical study. In all cases, the method of design, implementation and/or evaluation should be clearly specified to enable replication of results by others. Articles and Notes for experimental studies should include discussion of the Population, Intervention, Comparative measurement, and Outcomes (PICO) achieved (or anticipated) in an empirical analysis of effectiveness. Results should be reported with sufficient detail that a reader of the article can determine practice standardized effects, coefficient of determination, or variance explained. Discussion should conclude the article by summarizing the contribution made to cybersecurity practice, any limitations of the study design, and the implications for future research.

Submitting to a Special Issue

CSJ publishes Special Issues Volumes (or series) on various topics; please refer to our Editorial Calendar for upcoming specific topics and timelines. Prospective authors are highly encouraged to review the general Overview Presentation linked in the Editorial Calendar. CSJ uses a two-step submission process designed to encourage submissions aligned with the Journal’s mission and requires prospective authors to propose abstracts for consideration before developing a complete manuscript.