Matthew Ryan

Date of Award

Spring 4-2025

Document Type

Dissertation

Degree Name

Doctor of Philosophy in Cyber Defense (PhDCD)

First Advisor

Patrick Engebretson

Second Advisor

Varghese Vaidyan

Third Advisor

Curtis Arnold

Fourth Advisor

Kaur Kullman

Abstract

This mixed-methods sequential explanatory study investigated how cybersecurity professionals construct meaning during and after major cyber incidents, using the SolarWinds supply-chain attack and Log4Shell vulnerability crisis as paired case studies. Through quantitative surveys (N=31) followed by in-depth qualitative interviews (N=10) with incident responders and leaders, the research revealed systematic perception gaps that fracture along various demographics and roles. Technical staff anchored SolarWinds to its six-month dwell time while executives emphasized procurement timelines; practitioners quantified Log4Shell’s impact through unacknowledged labor hours while those uninvolved in that effort dismissed it as a non-incident. These divergences were not random recall errors but predictable patterns of role-contingent sensemaking.

The study’s key contribution is demonstrating that incident response suffers not just from technical challenges, but from unexamined epistemological divides—different professional communities literally experience different cyber events even when responding to the same attack. Crucially, alignment emerged only around materially implemented solutions (threat hunting teams post-SolarWinds, WAF deployments post-Log4Shell), suggesting organizational learning concretizes through artifacts rather than abstract agreements. These findings compel a paradigm shift in cyber resilience practice: from merely improving detection and response to deliberately building shared interpretation frameworks. The paper concludes with specific design principles for epistemic-aware tools and processes that transform perceptual gaps from vulnerabilities into diagnostic assets.

Download

Share

COinS