Zaina Dkaidek

	Year 4 Student – 2021 Intake – Cohort 3 My academic background is in business management, finance, economics, and security studies, complemented by professional experience in country risk analysis. My research interests centre on the organisational, economic, and policy dimensions of cybersecurity, with a particular focus on how decision-making develops within complex, interconnected environments. I am especially interested in the social and technical dynamics that shape cybersecurity investment decisions such as the influence of institutional expectations, regulatory frameworks, and power relations within and between organisations. Broader areas of interest include cybersecurity’s impact on international security, the economic and strategic implications of digital threats, usable security and privacy, and the evolving field of cyber diplomacy. I am keen to further explore how multidisciplinary perspectives can enrich our understanding of cybersecurity challenges, and I am enthusiastic about expanding my expertise in the sociotechnical and organisational aspects of the field, building on my analytical, research, and policy skills.
PhD Project	Contextual Dynamics in Cybersecurity Investment Decision-Making Cyber risk has become an increasingly significant challenge for organisations, driven by rapid digitalisation and growing interdependence across industries. As ICT systems expand and underpin critical infrastructure, the attack surface grows, exposing firms to sophisticated and unpredictable threats. The complexity of securing these systems, combined with the uncertainty of future risks and the limitations of historical data, makes it difficult for organisations to determine where and how to invest in cybersecurity. Moreover, in today’s interconnected environment, the consequences of inadequate investment extend beyond individual firms, generating externalities that can impact entire supply chains, critical services, and society as a whole. While organisations are under pressure to invest in ways that protect their assets and broader networks, traditional approaches to cybersecurity investment have largely focused on normative, technical models that promise rational optimisation. However, these models often overlook the complex realities of organisational life where decisions are shaped not only by economic analysis but also by institutional expectations, internal politics, resource constraints, and the influence of external actors (e.g., consultants, regulators). Recognising these challenges, my thesis aims to move beyond the search for an “optimal” investment strategy. Instead, it investigates how cybersecurity investment decisions are actually made, negotiated, and justified within real-world socio-technical networks. By tracing how decisions are co-produced through interactions between people, technologies, and institutions, I aim to develop a more dynamic and situated understanding of cybersecurity investment. Therefore, my thesis seeks to challenge assumptions of neutrality, reveal the social and organisational complexities that influence investment strategies, and encourage a more adaptive, context-sensitive approach to securing resilient digital systems. Supervisors: Professor Adam Joinson (Bath) Dr Ola Michalec (Bristol) Dr Debbie Desrochers (Bath)
PhD Project	View poster here
Events Attended	- New Security Paradigms Workshop (NSPW) - CYBERUK - IMPACT Conference - Digital Security by Design Showcase (DSbD)
Academic and Industry Placements (Year 1)	Academic placement: Developed a presentation on threat modelling approaches, analysing and comparing multiple frameworks (e.g., STRIDE, PASTA) to inform the design of a cybersecurity investment decision-making board game. Industry placement: Researched the application of gamification principles to cybersecurity learning materials, aiming to enhance user engagement and improve knowledge retention among learners.
Publications and/or resented Papers	Z. Dkaidek and A. Rashid, "Bridging the Cybersecurity Skills Gap: Knowledge Framework Comparative Study," in IEEE Security & Privacy, vol. 22, no. 5, pp. 88-95, Sept.-Oct. 2024, doi: 10.1109/MSEC.2024.3428892. K. M. Ramokapane, M. Sameen and Z. Dkaidek, "Inclusive Internet of Things Privacy Labels," in IEEE Security & Privacy, vol. 22, no. 5, pp. 32-39, Sept.-Oct. 2024, doi: 10.1109/MSEC.2024.3417819.