Tijdelijk dienstverband
Den Haag
Doctorate/PhD (EQF 8)
Reageer voor:
Uur p/wk:


The Institute of Security and Global Affairs (ISGA) of the Faculty of Governance and Global Affairs at Leiden University is looking for a PhD Candidate in the field of Cybersecurity Governance



Project description
The Institute of Security and Global Affairs (ISGA) at Leiden University seeks to appoint a full-time PhD candidate to carry out research (75%) and teaching (25%) activities on cyber security.


Most organisations still focus on awareness campaigns and providing information to improve their employees’ cybersecurity behaviour, while we know that awareness campaigns are not sufficient (van Steen, 2017, 2019; van Steen, Norris, Atha, & Joinson, in press) and providing information is too narrow a solution to be effective (Michie, van Straalen, & West, 2011). At the same time, behavioural and cognitive factors are hindering a secure environment as security policies become more complex. For instance, shadow security, where employees find workarounds to existing policies in order to finish their task on time, increases security risks (Kirlappos, Parkin, & Sasse, 2015). Furthermore, the increasing number of implemented security policies in organisations is pushing the limits of employees’ so-called ‘compliance budget’, a cognitive reservoir that, once depleted, causes employees to stop complying with security policies (Beautement, Sasse, & Wonham, 2009). Taken together with a rising risk of cyberthreats, the necessity for strong, evidence based, cybersecurity training is evident. Cybersecurity training for end-users can take many forms such as challenge based learning (Cheung, Cohen, Lo & Elia, 2011), capture the flag events (McDaniel, Talvi, & Hay, 2016), serious games (van Steen, & Deeleman, under review), or perhaps a combination of various behavioural change campaigns. The aim of the present project is to bring together the field of cybersecurity training for organisations, to design an evidence-based cybersecurity training for employees, and to test this training in the field. The overall research question is: How can we design, implement, and test the effectiveness of an evidence-based organisational cybersecurity training?


The PhD candidate will be supervised by Dr. Bibi van den Berg, promotor and Dr. Tommy van Steen, co-promotor (both ISGA). The candidate will perform the research and teaching at the Institute of Security and Global Affairs. Education activities and assistance will serve the specialization track ‘Governance of Cyber Security’ in the master program Crisis and Security Management under the coordination of the supervisors.



Key responsibilities

  • Conduct research in the field of Cyber Security, with a particular emphasis on cyber security behaviour and the development of evidence-based training;
  • Obtain a PhD by publishing a monograph or four articles in leading journals on cyber security in organisational contexts within a four-year timeframe;
  • Support the education activities of the specialization ‘Cyber Security Governance’ in the master Crisis and Security Management, including lecturing, marking, and providing feedback to students, and potentially support other courses;
  • Develop teaching-related skills by (co-) teaching courses and obtaining the basic teaching qualification (BKO);
  • Present their work to both academic and professional audiences;
  • Contribute when applicable to the Dutch or international public debate on cyber security;
  • Be able to work in a highly independent, organized and result-oriented fashion;
  • Demonstrate good time-management skills;
  • Build an (inter)national network that spans both academics and policymakers/practitioners working on topics related to crisis research;
  • Actively participate in discussions at the Institute, the research group Cyber Security Governance and the master programme CSM on research and teaching innovation;
  • Follow PhD courses based on an individual training and supervision plan.