Organizations operating within complex dynamic systems need to transform into learning organizations and develop the evaluation capacity of their workforce. Workforce development in emergent situations requires knowledge workers and critical practitioners who can learn, innovate, and adapt in real time to constantly changing landscapes. The cybersecurity evaluation-by-design framework (CEDF) builds on three evaluation approaches, namely developmental evaluation, evaluative thinking, and foresight, to advance an embedded and forward-looking approach for evaluating cybersecurity practices within the organizational setting. While cyber knowledge workers and agents are not necessarily evaluators themselves, the CEDF serves as a learning framework, offering opportunities for learning and evaluation capacity building in complex dynamic systems. We characterize the cybersecurity evaluation-by-design approach based on inputs from critical infrastructure organization representatives, using the concept mapping methodology.
