{School of Applied and Creative Computing} Student PhD Defense - Rachel Sitarz

Cyber intrusion research has historically focused on technical systems and vulnerabilities, often neglecting individual differences in attackers' decision-making. This mixed-methods study examined how Dark Triad and Big Five personality traits influence cyber intrusion behaviors in a simulated tabletop exercise. The goal was to understand how personality affects both the selection and execution of intrusion strategies.

Of the 257 participants who completed the personality measures, 196 provided complete responses to the intrusion scenario aligned with the MITRE ATT&CK Framework. Quantitative analyses used correlational tests, binary logistic regression, moderation analyses, and Random Forest validation to evaluate predictive consistency. Qualitative responses were thematically coded for behaviors such as reconnaissance, deception, persistence, creativity, and aggression.

Results showed that Dark Triad traits were associated with risk-intrusion behaviors. Psychopathy predicted persistence, boldness, and high-risk tactics; Machiavellianism was linked to deception and manipulation. Narcissism had a limited but meaningful impact. Big Five traits primarily influenced cognitive and procedural styles: Conscientiousness for structured behaviors, Openness for creativity, and Extraversion for assertiveness. Age and cybersecurity involvement moderated these relationships, underscoring developmental and experiential effects.

Qualitative findings reinforced the quantitative results, showing intrusion decision-making as dynamic and multi-phased rather than linear. The findings support a person-situation interaction framework, highlighting that cyber intrusion decision-making involves personality traits, context, and technical expertise. Although exploratory, this study underscores the importance of human factors in cybersecurity research and practice.