Re: Researcher seeks volunteers for interview

[Mike Waite <mfw113 () PSU EDU>]

Brad,

A colleague of mine at Penn State forward me a similar request that does include some pertinent details into Michelle's 
research, most notably a link to the Project summary 
http://ist.psu.edu/facultyresearch/sponsored/summaries/page2.cfm?intPageID=696&intGrantID=2091 and an IRB# 33169.

I do not have details of her research and what date she is interested in collecting, other that what is listed on the 
project summary website, but I am confident that this is a legitimate research project.

I am sure that we can all recall a time when we were new in this field and were searching for help from this community 
that tend to hold everything tight to their chests and the difficulties that we were presented when it came to trust.  
All I can say is if have time hear her out and respond as you feel is appropriate to her questions.

Thanks

Michael Waite
Enterprise Security Analyst
Enterprise Information Privacy and Security Services (EIPSs)
Security Operations and Services (SOS)
Information Technology Services (ITS)
The Pennsylvania State University (PSU)
201 Greenleaf Park One
2013 Sandy Drive, Suite 201
State College, PA  16803

Direct Telephone:  814-865-2297
ITS-SOS Telephone: 814-863-9533
ITS-SOS E-Mail: security () psu edu

On 03/04/2010 02:06 PM, Brad Judy wrote:
> I would start with a reference to your advisor
> (http://ist.psu.edu/ist/directory/faculty/?EmployeeID=68 ), who could be
> confirmed as faculty and confirm your work if needed, and a link to your
> information (http://www.psu.edu/cgi-bin/ldap/ldap_query.cgi?uid=mly107 )
> .  If there’s an official web page for the project, that would be good
> too. 
>
>  
>
> This group is also going to be interested in the privacy controls you
> have in place for your research.  Is there an IRB document that outlines
> how you will protect the identity and information you receive from
> participants?  Presumably you submitted something to the PSU ORP
> (http://www.research.psu.edu/orp/index.asp). 
>
>  
>
> Brad Judy
>
>  
>
> Emory University
>
>  
>
> *From:* The EDUCAUSE Security Constituent Group Listserv
> [mailto:SECURITY () LISTSERV EDUCAUSE EDU] *On Behalf Of *Michelle Young
> *Sent:* Thursday, March 04, 2010 1:43 PM
> *To:* SECURITY () LISTSERV EDUCAUSE EDU
> *Subject:* Re: [SECURITY] Researcher seeks volunteers for interview
>
>  
>
> Ha ha, ok that's fair.  So any suggestions on how a poor master's
> student could convince someone... anyone to talk to her?  Letters of
> recommendation from other Listserv participants?
>
> On Thu, Mar 4, 2010 at 1:04 PM, <Valdis.Kletnieks () vt edu
> <mailto:Valdis.Kletnieks () vt edu>> wrote:
>
> On Thu, 04 Mar 2010 12:31:25 EST, Michelle Young said:
>
> > Research volunteers from the field of cyber security, 18 years of age and
> > older, are being sought to participate in a Penn State research study of
> > cyber security professionals.  Specifically, the research seeks to
> > understand how cyber security professionals make decisions under complex
> > circumstances.  The study involves a one-hour telephone interview to
> discuss
> > cognitive tasks, methods, and techniques used by the analyst to prevent and
> > detect cyber security attacks.
>
> Does detecting a social-engineering attack count? ;)
>
> Sorry Michelle - but that's somewhat a serious question.  Security
> professionals
> are by nature at least somewhat paranoid, and unlikely to volunteer info
> unless they're reasonably sure they know who they're talking to.
>
> And it isn't just you - we don't even have a good handle on the number of
> compromised zombie computers out there, because most of the people who have
> any hard data are often not talking because either their employer gets a
> competitive advantage from the hard data, or not wanting the black hats to
> know how much we do/don't know about their activities.
>
>

Attachment: signature.asc
Description: OpenPGP digital signature