Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Taking Measure

Just a Standard Blog

‌A Summer of Studying Cybersecurity — and Human Error’s Role in Attacks

Miles Walker poses smiling in front of the spiral staircase in the NIST library.

NIST summer intern Miles Walker is researching the role of human error in cyberattacks.

Credit: R. Wilson/NIST

Apply to Become a NIST Intern! 

College students: Learn about our Summer Undergraduate Research Fellowship (SURF) and apply to join us. 

As more everyday objects, such as cars and even refrigerators, connect to the internet, new opportunities for cyberattacks open up. So, keeping our technology safe and secure is more important than ever. 

As a cybersecurity student and summer intern at NIST, I’m learning firsthand about the role people play in cybersecurity. 

You may think that most cybersecurity incidents result from technological errors, but this is a common misconception. As I conducted preliminary research for my internship as part of the Summer Undergraduate Research Fellowship (SURF), I was surprised to learn that human error accounts for more than 80% of cyberattacks

Human error can take various forms. Employees can ignore password requirements or create weak passwords. In other cases, staff members may accidentally put a system at risk, such as by clicking a link in a phishing email

These examples illustrate the need to consider human factors, specifically how people think and operate, in cybersecurity. Despite the significance of human factors, many organizations fail to address these issues when designing cybersecurity guidelines and procedures. As a result, they may miss opportunities to identify and prevent breaches. 

This summer, I am interning at NIST’s NICE Program, which promotes cybersecurity education, training and workforce development. I am conducting a case study on human factors in cybersecurity. This involves reviewing various research publications on these incidents and analyzing the human factors that may have caused them. 

A person's hands hover over the keyboard of a laptop while an image floats above showing a login screen with email and password fields.
Many organizations fail to consider human factors — such as employees ignoring password requirements — when designing cybersecurity guidelines and procedures.
Credit: NicoElNino/Shutterstock

To further narrow down my research, I’m emphasizing supervisory errors and their possible role. 

For example, I’ve researched the 2011 attack by the hacker group Anonymous on the technology security company HBGary. Top executives’ poor password management was among the issues that contributed to the attack. Soon after, the company’s security firm, HBGary Federal, went out of business. 

NIST offers the NICE Workforce Framework for Cybersecurity (NICE Framework), a nationally recognized resource that organizations use to educate and train their employees and to help prevent cyber incidents like the one that happened at HBGary. Within the framework, there’s a defined role for managers, called the Program Management Work Role. This work role and others offer guidance on how managers can strengthen cybersecurity in their organizations. 

I hope my research can be incorporated into the guidance for this work role. This would allow organizations to better educate their supervisors on how to reduce avoidable human errors and create a more robust cybersecurity workforce. 

Experiencing NIST as an Intern

As I write this a little over halfway through my internship, I can say it has been immensely enriching. 

I’m fortunate to work under a great mentor and a supportive team filled with bright minds. I’ve gained valuable professional experience and research skills that I will be sure to use as I continue my education. 

One of the most memorable experiences was attending NICE Director Rodney Petersen’s testimony before the House Homeland Security Committee. It was a very interesting glimpse into the inner workings of our government departments. 

Additionally, living on my own has allowed me to further develop important life skills, such as budgeting and time management. 

Pursuing a Career in Tech 

Having grown up in the 2000s and 2010s, I was surrounded by technology from a young age. I believe this was the catalyst for my growing interest in the field. 

I knew early on that I wanted to study a technology-related field in college and potentially pursue it as a career. This led me to pursue a computer science degree at Hampton University, a historically Black university in Virginia. 

However, after realizing that I didn’t enjoy the math aspect, I switched to cybersecurity. This opened my eyes to a new side of technology that I hadn’t looked at in detail before. 

After finishing my undergraduate education, I plan to pursue a master’s or law degree. After that, I’m keeping my career options open, but I know that I want to work in the technology sector. 

The SURF program has given me invaluable experience working a federal job. I hope to intern at Google, Microsoft or another tech company in the future to explore work in the private sector. In a perfect world, I’d love to work in the video game industry, whether it be in cybersecurity or a different role. 

Advice for Future SURF Students

My best advice for future interns is to keep an open mind. Don’t be afraid to explore a variety of topics and change course if needed. The path of research is never a straight line. 

Don’t feel like you need to know a ton about your topic to start either. The point of research is to learn and explore. 

You won’t always get the results you expect — or the results you want — but you’ll always come out of it learning something new.

About the author

Miles Walker

Miles Walker is an honor student and cybersecurity major at Hampton University in Virginia. After completing his undergraduate degree, he plans to pursue a master’s degree and seek work in the technology sector, making his SURF experience a valuable opportunity to explore cybersecurity careers and work in the public sector. In his free time, Miles enjoys gaming, exercise, listening to music and playing tennis.

Related posts

Cybersecurity Careers Go Beyond Coding

You don’t have to be a coder or have a technical background to work in cybersecurity. Learn about the career stories of three of our NIST cybersecurity

Comments

Great post Miles,

It's awesome to hear about your journey as a cybersecurity student and your experience at NIST! Your focus on human factors in cybersecurity is incredibly important, especially considering how often they contribute to breaches. It's surprising how many organizations overlook this aspect when designing their cybersecurity protocols. Your case study on supervisory errors, like the one involving HBGary, highlights just how crucial management practices are in preventing cyberattacks.

It sounds like your internship has been both enriching and eye-opening, giving you valuable insights into the intersection of technology, human behavior, and cybersecurity. Your advice for future SURF students is spot on—research is all about exploration and learning, even when things don’t go as expected.

Best of luck with the rest of your internship and your future endeavors in cybersecurity! It’s clear that your passion and dedication will take you far in this field, whether you end up in tech, law, or even the video game industry. Keep pushing boundaries and exploring new avenues!

Cheers,

Miles Walker brought up an interesting tropic in light of what has recently happened at social security. Unfortunatly there are no easy fixes with technology you either build it, sell the software and hope that someone contracts you with regards to a possable back door you left unsecured. For the most part I am from the older generation and I am barely past 55....I was
Forced to send the support team for my passwords app an email begging them to reset the app so that I could regain my information because with the 2f authentication threw microsoft or google there was No Way I could do it on my own. So seeing the writting in the wall like former President Bidden has...I have decided to reduce technology in my life and leave vital portal data in the care of my children because
I don't have the time in my retirement for the stress and anxiety which will further rob me of my retirement years. What will happen in the future? I don't know but I suggest to you young man to focus ypur energy on creating a patent for an app that will give the owner a Rublic cube like cypher of a password which is uncrackable by the human mind....That is not to say that A.I. can't figure it out someday but
Someday isn't hear yet and not many
folks earn the income for a super A.I. computer and when your cyber security software company
makes you a millionair someday....You'll remember this conversation and
Do
Something to help the Eldery and most vulnerable in your
Society.

Respectfully,

Thomas

In my opinion, this work is a valuable, readable contribution to the education of the workforce in any private or government organization, at each tier of that organization.
For many in the c-suite tier and the next two tiers, this work should serve as their wake-up call.
Very useful. jes

Good work Miles. You have a bright & wonderful future. Pursue & protect it with all you have.

What are you writing miles we didn't have technology in the 70s. You ever have someone continuously beep your beeper for 30 minutes straight until you found a pay phone that worked to call them. Lol

Add new comment

CAPTCHA
Image CAPTCHA
Enter the characters shown in the image.
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.
Please be respectful when posting comments. We will post all comments without editing as long as they are appropriate for a public, family friendly website, are on topic and do not contain profanity, personal attacks, misleading or false information/accusations or promote specific commercial products, services or organizations. Comments that violate our comment policy or include links to non-government organizations/web pages will not be posted.