Prof Kerry-Lynn Thomson

Professor

Head of Department: Network Engineering

kerry-lynn.thomson@mandela.ac.za

041 504 3408

North Campus, Room R103


Biography / Background

Professor Thomson is a Professor in the School of Information Technology, the Head of Department for the Network Engineering department and a senior team member of the Centre for Research in Information and Cyber Security (CRICS).She currently holds a National Research Foundation (NRF) C2-rating. She is the Chair of the international IFIP Technical Committee 11 Working Group 12 (11.12) – Human Aspects of Information Security and Assurance. She has served as the Secretary and Vice-Chair of this Working Group for the past nine years.  Professor Thomson is a senior instructor in the Cisco Networking Academy Program and is an industry certified Cisco Certified Networking Associate, and has achieved the CCNA Security certification.

Qualifications

DTech: Information Technology (Nelson Mandela Metropolitan University, 2008)
MTech: Information Technology (Port Elizabeth Technikon, 2004)
BTech: Information Technology (Port Elizabeth Technikon, 2003)
NDip: Information Technology (Port Elizabeth Technikon, 2002)
Certifications:

  • Cisco Certified Networking Associate (CCNA)
  • Cisco Certified Networking Associate Security (CCNA Security)

Awards and Achievements

NRF Y2 Rated Researcher 2012-2016
Emerging Researcher of the Year for the Faculty of Engineering, the Built Environment and Information Technology - 2010
Emerging Teacher of the Year for the Faculty of Engineering, the Built Environment and Information Technology - 2009
Best Conference Paper Award at the 8th Annual Security Conference in Las Vegas, Nevada, USA
South African National Research Foundation Scarce Skills Scholarship 2002
Port Elizabeth Technikon Rector’s Bursary 1999-2002
South African National Research Foundation Prestigious Scholarship for Masters’ Studies 2003
South African National Research Foundation Prestigious Scholarship for Doctoral Studies 2004-2006
Nelson Mandela Metropolitan University Internal Research Bursary 2006
1998 East Cape Weekend Matric of the Year’ – awarded to the top all-round Matric in the Eastern Cape, South Africa


Professional Activities

  • Chair of IFIP 11.12 Working Group
  • Member of the Institute of Information Technology Professionals South Africa (IITPSA)
  • Professional Member of the Institute of Information Technology Professionals South Africa (PMIITPSA)
  • Vice-Chair of the IITPSA Special Interest Group on Cybersecurity (SIGCyber)
  • Vice-Chair of the IITPSA Eastern Cape Chapter

In her capacity as a cybersecurity researcher, Professor Thomson has been invited as a guest speaker on cybersecurity awareness topics at various schools, career evenings, and leadership academies.  She has published several research articles in journals, presented papers at national and international conferences, been an invited contributor for a security encyclopaedia and is a member of number international conference program committees.

Teaching Interests

I subscribe to the humanising pedagogical approach when it comes to Learning and Teaching, and I see this as building relationships between lecturers and students.  I facilitate the learning and help students build knowledge through creativity, collaboration, critical thinking and problem-solving.

In trying to foster this, I have employed concepts such as the Flipped Classroom approach for some of my student classes.  The students work through the learning material that I provide to them before class and are able to work at their own pace. Then, in class, I answer questions, work through exercises, and use class discussions/debates.

My teaching is focused on communication networks and cybersecurity, with topics such as network device configuration, troubleshooting and secure network design.


Research Interests

Professor Thomson’s research is primarily focused on information and cybersecurity.  Her research includes investigations into the fostering of information and cybersecurity culture through awareness, training and education, in an attempt to mitigate cyberthreats by reducing the human attack surface. 

The research includes studies into the pervasive integration of information and cybersecurity into undergraduate curricula across multiple disciplines, including IT and Nursing Sciences, addressing security fatigue in organisations through user acceptance of cybersecurity, addressing cyberbullying through interdisciplinary cyberbullying campaigns at schools and cybersafety for school children, mitigation of social engineering, research concerning eduroam and SANReN, and using a personal informatics approach for internet self-regulatory efficacy in Universities. 

Significant output from her research includes a model for information security shared tacit espoused values for cultivating an information security culture and promoting prosocial organisational behaviour.

Supervision

Eugene Slabbert, Masters in Information Technology, 2022

Apelele Mbuqe, Masters in Information Technology, 2020

Odwa Yekela, Masters in Information Technology, 2018

Luzuko Tekeni, Masters in Information Technology, 2017

Thando Mabece, Masters in Information Technology, 2017

Lindokuhle Gomana, Masters in Information Technology, 2017

Damian Fredericks, Masters in Information Technology, 2017

Dean von Schoultz, MTech: Information Technology, 2015

Yolanda Mjikeliso, MTech: Information Technology, 2015

Phillip van Rensburg, MA: Clinical Psychology, 2015

Tian Gerber, MTech: Information Technology, 2013

Nico Fouche, MTech: Information Technology, 2013

Mercy Bere, Master of Information Technology (Polytechnic of Namibia), 2013

Edwin Frauenstein, MTech: Information Technology, 2013

Eranee Swanepoel, MTech: Information Technology, 2012

Prosecutor Maninjwa, MTech: Information Technology, 2012

Apelele Mbuqe, Masters in Information Technology, 2020

Odwa Yekela, Masters in Information Technology, 2018

Luzuko Tekeni, Masters in Information Technology, 2017

Thando Mabece, Masters in Information Technology, 2017

Lindokuhle Gomana, Masters in Information Technology, 2017

Damian Fredericks, Masters in Information Technology, 2017

Dean von Schoultz, MTech: Information Technology, 2015

Yolanda Mjikeliso, MTech: Information Technology, 2015

Phillip van Rensburg, MA: Clinical Psychology, 2015

Tian Gerber, MTech: Information Technology, 2013

Nico Fouche, MTech: Information Technology, 2013

Mercy Bere, Master of Information Technology (Polytechnic of Namibia), 2013

Edwin Frauenstein, MTech: Information Technology, 2013

Eranee Swanepoel, MTech: Information Technology, 2012

Prosecutor Maninjwa, MTech: Information Technology, 2012
 


Representative Publications

In 2022, “A Thematic Content Analysis of the Cybersecurity Skills Demand in South Africa”, M Kruger, L Futcher and K Thomson was published in Human Aspects of Information Security and Assurances, Springer, IFIP AICT 658, pages 24-38.

In 2021, “Towards a Risk Assessment Matrix for Information Security Workarounds”, E Slabbert, K Thomson and L Futcher was published in Human Aspects of Information Security and Assurances, Springer, IFIP AICT 613, pages 164-178.

In 2020, “Internet Self-Regulation in Higher Education: A Metacognitive Approach to Internet Addiction”, D von Schoultz, K Thomson and J van Niekerk was published in Human Aspects of Information Security and Assurance, Springer, IFIP AICT 593, pages 186-210.

In 2020, “A Cybersecurity Curricular Framework for IT Undergraduates in South Africa”, L Futcher, K Thomson and A Mbuqe was chosen for publication in Communications in Computer and Information Science (CCIS Vol. 730) – SACLA 2020.

In 2019, “Towards a Framework for the Integration of Information Security into Undergraduate Computing Curricula”, L. Gomana, L. Futcher and K. Thomson was published in the South African Journal of Higher Education in August 2019. 


In 2018, “Towards Culturally Sensitive Policy: Africanising Approaches to prevent Social Engineering”, K. Thomson and J. van Niekerk was published in Advanced Science Letters, Volume 24, Number 4, April 2018, pages 2499 – 2503(5). 

In 2018, “Factors Influencing Smart Application Downloads”, W. Janse van Rensburg, K. Thomson and L. Futcher was published in IFIP Advances in Information and Communication Technology (Information Security Education - Towards a Cybersecure Society), Springer, Volume 531, pages 81-92.

In 2017, “South African Computing Educators’ Perspectives on Information Security Behaviour” T. Mabece, L. Futcher & K. Thomson was published in IFIP Advances in Information and Communication Technology (Information Security Education for a Global Digital Society), Springer, Volume 503, 2017, pages 121-132. 

In 2017, “Assessing the Effectiveness of the Cisco Network Academy Program in Developing Countries”, O. Yekela, J. van Niekerk & K. Thomson was published in IFIP Advances in Information and Communication Technology (Information Security Education for a Global Digital Society), Springer, Volume 503, 2017, pages 27-38. 

In 2015, “A Multi-faceted Model for IP-based Service Authorization in the eduroam Network”, L Tekeni, R Botha & K Thomson was published in the South African Institute for Electrical Engineers (SAIEE) edition of the Africa Research Journal.

In 2012, “Risk Management for VoIP Implementations”, T Gerber & K Thomson was published in the African Journal of Business Management.

In 2009, “Scare tactics – a viable weapon in the security war?”, S Furnell, M Papadaki & K-L Thomson was published in Computer Fraud & Security, December 2009, pages 6 – 10.

In 2009, “Recognising and addressing ‘security fatigue’”, S Furnell & K-L Thomson was published in Computer Fraud & Security, November 2009, pages 7 – 11.

In 2009, “From Culture to Disobedience: Recognising the Varying User Acceptance of IT Security”, S Furnell & K-L Thomson was published in Computer Fraud & Security, February 2009, pages 5 – 10.

In 2006, “Cultivating an Organisational Information Security Culture”; K-L Thomson, R von Solms & L Louw was published in Computer Fraud & Security, Volume 2006, Issue 10, pages 7 – 11.

In 2006, “Towards an Information Security Competence Maturity Model”; K-L Thomson & R von Solms was published in Computer Fraud & Security, Volume 2006, Issue 5, pages 11-15.

In 2005, “Information Security Obedience: A Definition”; K-L Thomson & R von Solms was published in Computers & Security, Volume 24, pages 69-75.

List of Publications (Conference Papers)

In 2020, Kerry-Lynn co-authored a paper, “Internet Self-Regulation in Higher Education: A Metacognitive approach to Internet Addiction” for the virtual Human Aspects of Information Security & Assurance (HAISA 2020).  Authors: D. von Schoultz, K. Thomson & J. van Niekerk.

In 2020, Kerry-Lynn co-authored a paper, “A Cybersecurity Curricular Framework for IT Undergraduates in South Africa” for the virtual Southern African Computer Lecturers’ Association Conference (SACLA 2020).  Authors: L. Futcher, K. Thomson & A. Mbuqe.

In 2018, Kerry-Lynn co-authored a paper, “An Educational Intervention Towards Safe Smartphone Usage” for the Twelfth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2018) in Dundee, Scotland.  Authors: W. Janse van Rensburg, K. Thomson & L. Futcher.

In 2018, Kerry-Lynn co-authored a paper “A Personal Informatics Approach for Internet Self-regulatory efficacy in a South African University” for the Open Conference on Computers in Education (OCCE) IFIP 3 in Linz, Austria. Authors: D. von Schoultz, K. Thomson and J. van Niekerk.

In 2016, Kerry-Lynn co-authored a paper, “An Overview of Access Control Practices: Guidance from ITIL, COBIT 5 and ISO/IEC 27002” for the Information Institute Annual Security Conference in Las Vegas, USA.  Authors: L. Tekeni, R. Botha & K. Thomson.

In 2016, Kerry-Lynn co-authored a paper, “Towards an Interdisciplinary Cyberbullying Campaign” for the Tenth International Symposium on the Human Aspects of Information Security & Assurance (HAISA) in Frankfurt, Germany.  Authors: J. van Niekerk & K. Thomson.

In 2016, Kerry-Lynn co-authored a paper, “Comparing Student Password Knowledge and Behaviour: A Case Study” for the Tenth International Symposium on the Human Aspects of Information Security & Assurance (HAISA) in Frankfurt, Germany.  Authors: D.T. Fredericks, L.A. Futcher & K. Thomson.

In 2016, Kerry-Lynn co-authored a paper, “An Educators Perspective of Integrating Information Security into Undergraduate Computing Curricula” for the Tenth International Symposium on the Human Aspects of Information Security & Assurance (HAISA) in Frankfurt, Germany.  Authors: L. Gomana, L.A. Futcher & K. Thomson.

In 2016, Kerry-Lynn co-authored a paper, “Towards using pervasive information security education to influence information security behaviour in undergraduate computing graduates” for the International Conference on Information Resources Management (CONF-IRM) in Cape Town, South Africa.  Authors: T. Mabece, L. Futcher & K. Thomson.

In 2015, Kerry-Lynn co-authored a paper, “A critical evaluation of information security education in nursing science: a case study” for the IFIP TC3 Working Conference in Vilnius, Lithuania. Authors: I Okere, J van Niekerk & K Thomson.

In 2015, Kerry-Lynn co-authored a paper, “Integrating Information Security into the IT Undergraduate Curriculum: A Case Study” for the 44th Southern African Computer Lecturers’ Association (SACLA) conference in Johannesburg, South Africa. Authors: L Gomana, L Futcher & K Thomson.

In 2014, Kerry-Lynn co-authored a paper, “Concerns Regarding Service Authorization by IP address using eduroam” for the 13th Information Security South Africa (ISSA) conference in Johannesburg, South Africa. Authors: L Tekeni, R Botha & K Thomson.

In 2014, Kerry-Lynn co-authored a paper, “Exploring the Human Dimension in the Beneficiary Institution of the SANReN Network” for the 8th International Symposium Human Aspects of Information Security and Assurance Conference in Plymouth, England. Authors: Y Mjikeliso, J van Niekerk & K Thomson.

In 2013, Kerry-Lynn co-authored a paper, “Cyber Safety for School Children: A Case Study in the Nelson Mandela Metropolis” for the 8th IFIP WG 11.8 World Conference on Information Security Education in Auckland, New Zealand. Authors: J van Niekerk, K Thomson & R Reid.

In 2013, Kerry-Lynn co-authored a paper, “Web usage mining within a South African university infrastructure: towards useful information from student web usage data” for the ZAWWW – Annual Conference on World Wide Web Applications. Authors: D von Schoultz, J van Niekerk & K Thomson.

In 2013, Kerry-Lynn co-authored a paper, “Service desk link into IT asset disposal: A case of a discarded IT asset” for the 2013 International Conference on Adaptive Science and Technology (ICAST). Authors: K Adesemowo & K Thomson.

In 2011, Kerry-Lynn presented a paper, “Combating Information Security Apathy by Encouraging Prosocial Organisational Behaviour” at the International Symposium for Human Aspects of Information Security and Assurance in London, England. Authors: K Thomson & J van Niekerk.

In 2011, Kerry-Lynn co-authored a paper, “Information security governance control through comprehensive policy architectures” which was presented at the ISSA Conference in Johannesburg. Authors: R von Solms, K Thomson & M Maninjwa.

In 2011, Kerry-Lynn co-authored a paper, “Exploring the human dimension of TETRA” which was presented at the ISSA Conference in Johannesburg. Authors: N Fouche & K Thomson.

In 2010, Kerry-Lynn presented a paper, “Evaluating the Cisco Networking Academy Program's Instructional Model against Bloom‘s Taxonomy for the purpose of Information Security Education for Organizational End-users” at the World Computer Congress in Brisbane, Australia. Authors: J van Niekerk & K Thomson.

In 2009, Kerry-Lynn presented a paper, “Information Security Conscience: a Precondition to an Information Security Culture?” at the 8th Annual Security Conference in Las Vegas, Nevada, US (Kerry-Lynn received the “Best Conference Paper Award” for this paper she presented in Las Vegas). Authors: K Thomson.

In 2009, Kerry-Lynn co-authored a paper, “E-voting: A South African Perspective” that was presented at the 1st AFRICOMM conference held in Maputo, Mozambique. Authors: E. Swanepoel, K Thomson & J van Niekerk.

In 2008, Kerry-Lynn presented a paper, “Using Knowledge Creation and Agency Theory to Shape an Information Security Obedient Culture” at the IFIP TC11.1 Working Conference in Information Security Management in Richmond, Virginia, US. Authors: K Thomson & R von Solms.

In 2004, Kerry-Lynn presented a paper, “Towards Corporate Information Security Obedience” at IFIP/SEC Conference in Toulouse, France. Authors: K Thomson & R von Solms.

In 2004, Kerry-Lynn presented a paper, “Cultivating Corporate Information Security Obedience” at the Information Security of South Africa (ISSA) Conference in Midrand, Gauteng, South Africa. Authors: K Thomson & R von Solms.

In 2003, Kerry-Lynn presented a paper, “Integrating Information Security into Corporate Governance” at IFIP/SEC Conference in Athens, Greece. Authors: K Thomson & R von Solms.

In 2003, Kerry-Lynn presented a paper, “Effective Corporate Governance” at the Information Security of South Africa (ISSA) Conference in Johannesburg, South Africa. Authors: K Thomson & R von Solms.

In 2002, Kerry-Lynn presented a paper, “Corporate Governance: Information security the weakest link?” at the Information Security of South Africa (ISSA) Conference in Muldersdrift, Gauteng, South Africa. Authors: K Thomson & R von Solms.