Profiling Cross-Border Remote Cybersecurity Employment for Jurisdictional Complexity via Unsupervised Role-Arrangement Clustering

Cross-border remote work has expanded the practical footprint of cybersecurity labor beyond traditional organizational and national boundaries, raising jurisdictional questions about employment governance, taxation, and cross-border data access. However, empirical cyberlaw research is often limited by the availability of legal outcome variables at scale. This study presents a dataset-only, unsupervised method to detect and summarize cross-border remote work configurations that plausibly differ in jurisdictional coordination burden. Using a structured salary dataset of cybersecurity-related roles, we operationalize cross-border status as a mismatch between employee residence and company location. To avoid a trivial domesticversus-cross-border split, clustering is performed exclusively on cross-border records. Mixed categorical and numeric features—remote-work intensity, employment type, experience level, company size, and optional role grouping and jurisdiction categories—are represented via Gower distance. We apply averagelinkage hierarchical clustering to the resulting precomputed distance matrix and select a solution using silhouette score. To prevent unstable singleton patterns from being reported as typologies, we enforce a minimum cluster size (n≥5) by merging microclusters into the nearest larger cluster using mean inter-cluster Gower distance. The final cross-border typology yields two interpretable groups: a dominant “enterprise remote-first” configuration (n=52) with high fully remote prevalence and strong concentration in large firms, and a smaller “mid/small mixed-remote” configuration (n=6) with no large-firm representation and a tighter salary distribution. The dominant group spans many distinct residence→company corridors, suggesting broader crossjurisdiction exposure and coordination needs, while the smaller group reflects more constrained organizational settings. The study contributes an interpretable clustering workflow with explicit micro-cluster handling for exploratory cyberlaw analyses, and it delineates the limits of inference when legal compliance variables are absent.