Adryanna Smith
April 17, 2025
The Social Science Contribution to Cybersecurity Careers: The Case of Security Awareness Training Professionals
Bottom Line Up Front (BLUF)
Security Awareness Training Professionals have a critical part to play in combating cybersecurity threats by working on the human aspect of cyber security. Their work uses social science principles like behavior change theory, social learning, human error psychology, and group dynamics to influence user behavior and establish a culture of security. Their work also has certain challenges since they work with vulnerable populations and have to overcome cultural, educational, and social disparities so as to develop interesting as well as effective training programs.
Understanding the function of the Security Awareness Training Specialist
Security Awareness Training Specialists (SATS) create and implement training to teach workers how to identify threats such as phishing, malware, and social engineering. In contrast to technically focused defense positions, SATS depend heavily on behavioral science to impact how individuals assess risk as well as respond to cyber threats. For instance, behavior change theory is at the core of their efforts—more specifically, employing positive reinforcement, repetition, and providing feedback so that risky behavior will change (Puhakainen & Siponen, 2010). These behaviors form long-term habits such as checking links, having strong passwords, as well as reporting suspicious behavior.
In addition, SATS capitalize on social learning theory, where a person acquires behavior through observance of others (Bandura, 1977). SATS training programs often include simulated-phishing drills, peer-to-peer training, as well as actual situations as a way of reinforcing correct behavior within a social environment. This renders the learning process comfortable and effective, especially within group environments where group culture prevails.
Human Behavior and Social Science for Cybersecurity
Security is as much a people issue as it is a technology issue. SATS professionals recognize that human error psychology is responsible for over 80% of breaches (Verizon, 2023). They develop training to overcome cognitive load, distraction, and poor decision-making. Microlearning modules and just-in-time training, for example, reduce the cognitive load on employees, so they are more likely to retain and apply what they have learned.
Group dynamics also have an influence on security behavior. Peer pressure, conformity, and normalization of risky behavior can overcome even the best technical defense. SATS make group norms do their job by situating cybersecurity as an everybody responsibility within a culture. Openly praising secure behavior, as well as encouraging being a team “cyber ambassador,” encourages a sense of responsibility and inhibits non-conformance.
Involving Marginalized Groups and Social Issues
SATS professionals must also factor in how cybersecurity education impacts and engages marginalized groups. Differences in culture, language, and digital literacy variations can all play a role in how the population members receive, apply, or absorb cybersecurity education. Members of low-resource communities, for instance, would have had fewer opportunities for formal digital security training, thus one-size-fits-all training becomes unproductive, or worse, discriminatory.
Three major challenges include:
Accessibility – Training could be inaccessible for neurodivergent users, as well as for users who have disabilities.
Cultural Sensitivity – What is “normal” risk behavior varies throughout the globe.
These communities might not trust institutions based on past discrimination, as well as the misuse of surveillance.
SATS must adopt inclusive communication strategies as well as culturally sensitive training based on the multicultural nature of the users. By closing such gaps through mechanisms of feedback, multilingual content, as well as including a representation of such groups within training development, they manage to provide equitable cybersecurity training (Hadlington, 2017).
Conclusion
Security Awareness Training Specialists’ activities capture the deep intertwining of cybersecurity with social science. They apply theories of behavior change, social learning theory, human error theory, and social influence theory within applied training settings. Not only is their effectiveness dependent upon their threat awareness, it is a function of their knowledge of people. By taking into consideration the special risks for vulnerable groups of people and adapting their approach based on social context, SATS practitioners make cybersecurity more inclusive, more resilient, and more human-centered. In an evolving threat landscape, so too must the social countermeasures used for securing society.
References
Bandura, A. (1977). Social learning theory. Prentice Hall.
Hadlington, L. (2017). Human factors in cybersecurity; examining the link between Internet addiction, impulsivity, attitudes towards cybersecurity, and risky cybersecurity behaviors. Heliyon, 3(7), e00346. https://doi.org/10.1016/j.heliyon.2017.e00346
Puhakainen, P., & Siponen, M. (2010). Improving employees’ compliance through information systems security training: an action research study. MIS Quarterly, 34(4), 757–778.