Haystack Solutions CATA identifies cognitive abilities of individuals entering or upskilling in cybersecurity

Haystack Solutions introduced the Cyber Aptitude and Talent Assessment (CATA). It is the first such commercially available solution that is scientifically designed to identify the natural cognitive abilities of individuals entering or upskilling in cybersecurity. Until now, such assessments (including Haystack’s core product) were available only within military and federal intelligence-focused organizations.

“As the 10th Fleet Commander, I was compelled by the need for identifying and retaining our best talent,” said Vice Admiral Jan Tighe. “I wanted an Armed Services Vocational Aptitude Battery (ASVAB) standard assessment for Cyber. I thought if we can create an aptitude determiner to best align our computer network operations workforce with their optimal work roles, we would boost retention by putting team members in challenging, satisfying roles best suited to their interests and aptitude. The University of Maryland was investigating a similar approach, and we capitalized on some work.”

“A tool like CATA would have saved our team countless hours by driving up retention, reducing retraining costs, and increasing mission effectiveness,” Tighe added.

University of Maryland test results for U.S. Department of Defense

In research conducted by the University of Maryland, performance-under-pressure testing of hundreds of DoD participants from SOCOM, U.S. Navy, West Point, and USAF, identified aptitudes in key areas associated with cybersecurity excellence such as critical thinking, exhaustiveness of approach and practices, initiating behaviors, real-time effectiveness, and responding behaviors. All tests minimized language bias and allowed participants to be competitive regardless of native language, English-speaking proficiency, or prior experience with IT and cybersecurity principles. Among the DoD partners, CATA testing accurately:

  • Classified 97% of all Elite (90% course average or better) performers on a USAF ITF course
  • Distinguished with 84% accuracy between high-skill and untrained USAF cyber personnel
  • Developed a composite score – one number that was representative of a candidate’s total aptitude
  • Identified six main clusters of test participants that correlated with a variety of course performance metrics across DoD participants (e.g. SOCOM, U.S. Navy, West Point, and USAF).
    • High performers in four key disciplines – who became the most successful in cyber courses
    • Critical thinkers who scored well in CATA tests such as “Need for Cognition,” “Matrix Reasoning,” and “Dynamic Systems Control.” These candidates were also top performers.
    • Many of the test subjects were determined to be creative thinkers who scored low on many tasks but who performed well in crucial areas such as “Need for Cognition,” “Need for Cognitive Closure,” and “Pattern Vigilance,” and so were well suited for and chosen for cybersecurity roles for which they had not previously applied.

Security Mindsets Principal Charles J. Kolodgy said: “Finding the right candidates and figuring out which employees to invest in additional training are tough decisions that have far ranging impact. The right decision can lead to overall improvement of your organization’s security posture, while a poor decision can erode readiness.

Haystack’s solution opens the ‘black box’ of the cognitive capabilities that can help identify optimal candidates who don’t just have the proper certifications but who also have aptitudes required for success. In this way it is possible to weed out those with superb qualifications but whose innate skills aren’t a fit for a specific task. Getting it right is imperative, and the costs – from delayed hires and poor retention to severe consequences such as missed warning signs – are just too high to gamble with.”

CATA focuses on five key cerebral dimensions: critical thinking, deliberate action, real-time action, proactive thinking, and reactive thinking. It includes a series of tests designed to measure cognitive abilities and map natural aptitude within four domains of cybersecurity careers in the commercial sector:

  • Offensive operations: initiative and creative problem-solving skills using partial data in real time;
  • Defensive operations: detecting anomalies with scans and real time, partial data, screening out distractions;
  • Analytics and forensics: interpret and reconcile exhaustive amounts of often conflicting data; and,
  • Design/development: abilities to programatize creative problem solving and build model programs for execution.

Much of CATA’s core was co-developed by the University of Maryland, and the cognitive assessment was originally used by the National Security Agency and the predecessor of the U.S. Cyber Command, 10th Fleet.

Michael Bunting, Ph.D., the Director of Cognitive Security and Information Operations at University of Maryland’s ARLIS center, Haystack’s CTO, and technology co-inventor, said: “CATA’s core has been used by the U.S. Intelligence Community and Department of Defense (DoD) to create some of the highest performing Cyber Teams. It has been heartening to see it adapted for the commercial sector and, in early trials, to help identify previously unexplored but inherently genius-level cyber talent in schools and universities, who are now garnering some of the most prestigious CTF awards, and who had not previously considered cybersecurity careers.”

Along with mapping to cybersecurity domains, the assessment report supports the NIST/NICE job role framework showing a path to the job roles where there is a natural fit for a more personally rewarding cybersecurity career.

“Cybersecurity is an increasingly complex domain, with a lengthy and arduous learning curve,” said Doug Britton, Haystack Solutions CEO and Founder, and co-developer of CATA. “The commercial sector has long needed insight into the problem solving, visualization, and pattern recognition capabilities of cybersecurity candidates – qualities that certifications and degrees don’t necessarily reflect. Let’s face it, the cybersecurity challenges in the commercial sector are expanding and growing more complex daily. The ability to identify those with innate talents and ensure that they’re being trained for the roles for which they’re best suited can help the commercial sector bridge the talent gap more quickly and effectively. CATA meets this urgent challenge.”

Dr. Bunting agreed: “We need to identify everyone that has the cognitive fingerprint of a cyber warrior and get them in the fight.”

Don't miss