My research self-evaluation could be summarised as the following: I understand that the term cyber security can be interpreted broadly, and may even be a catch all category within the security domain. However, my research fits clearly into this area, be it IT audit, IT control and assurance, management of IT risk, behavioural security, or even digital forensics viewed from a management rather than a technical perspective.

My management consulting background, my tenure in a Faculty of  Commerce, the attainment of an MBA, and my understanding of business processes have all helped me to develop insights in this research area; insights which in turn have been influenced by the typical management drive for productivity, optimisation and effectiveness. Accordingly, my understanding of management principles as relating to people, processes and technology have dovetailed with my specific research area of information security management.

After attaining my doctorate, it is in this context that I continue to supervise postgraduate students in a variety of research projects. From a research philosophy perspective I have aligned myself with a postpositivist paradigm, leaning towards that side of the continuum.  I have always tried to be objective when considering the artefacts that I work with; however, I have come to realise that I should not overlook the context.  Thus, I spend a fair amout of time theorising the context  and trying to understand the environment more comprehensively.  This has without a doubt influenced my view of reality, a reality that I have tended to interpret as a concrete structure. Nevertheless, I have learnt that, in the context in which I operate, reality tends to be a social construction rather than a concrete structure.

This leads me to my next point on research outputs. I have built up a substantial team of postgraduate researchers, masters and doctoral students. This principle of multiplication of effort was learnt when I was a manager in the management consulting industry and these skills have remained with me and now serve me well as a supervisor of postgraduate students. Initially, I found my head of department and deputy dean duties somewhat overwhelming, as I had to recruit staff, build the Department, oversee the recurriculation of programmes, teach courses, write reports, chair meetings, mentor junior staff, and conduct research. Consequently, my research area had suffered slightly as there were more pressing issues that needed attention. I have now found a way of prioritising my efforts and allocating time for my research activities.

Currently, I have seven research students working with me on various projects, and accordingly contributing to my research area of information security management and behavioural information security. Although I may have erred in the past by not focusing enough on a specific research area and allowing other issues at times to distract me, I feel this has all been part of a learning curve. As part of my planned future research I intend to continue to focus on information security, cyber security and more specifically the human aspects of cyber security.