Abstract
The conditions for cybersecurity work in the public sector are diverse, yet the variety of roles, challenges, and organizational contexts of those responsible for upholding cybersecurity remains poorly understood. This study presents user-centered personas representative of cybersecurity staff at Swedish administrative authorities, intended for communication and design purposes to improve cyber situation awareness support systems and facilitate crisis communication.
Empirical material from 17 semi-structured interviews with cybersecurity staff and data on administrative authority size were used to create four personas, validated through triangulation across three activities. The personas are conceptually positioned as boundary objects. Implications for practice are addressed and use cases for the persona card deck are presented and discussed. Using personas in this way makes the diversity of cybersecurity work visible across organizational boundaries, supporting more responsible design of systems, training, and governance for improved cyber situation awareness.