Austin Hildenbrand
CYSE 201S
Dr. Yalpi
4/17/2025
Relations with Pen-Testing and The Social Sciences
BLUF
Penetration testing in cybersecurity is not solely a technical exercise—it critically relies on insights from the social sciences to be effective. Integrating social science perspectives strengthens both the methodology and impact of penetration testing.
Introduction
In the digital world of today, companies are finding it difficult to protect the confidential information of consumers while maintaining a public internet presence. Every piece of information is vulnerable when applied to technology, requiring a special need for mitigating risks and understanding risk assessments. A penetration tester in today’s world focuses on how to help an entity know their vulnerabilities by exploiting them in an ethical process; they do so by understanding key concepts involving software and hardware strategies, while also tapping into Social Science exploits.
Penetration Testing as a Career
A Penetration Tester is responsible for evaluating the security of computer systems, networks, and applications by simulating real-world attacks. The Cybersecurity and Infrastructure Security Agency (CISA) defines Penetration Testing (Pen Testing) as “a method of testing individual binary components or the application to determine whether intra or intercomponent vulnerabilities can be exploited to compromise the application, its data, or its environment resources.” In other words, their primary role is to identify vulnerabilities and weaknesses in an organization’s infrastructure, with the goal of helping organizations enhance their security posture and protect against potential threats. Penetration testers can perform three types of tests: Black-box test, White-box test, and Gray-box test. Each has a different amount of information given by the company and different permissions from the company on areas they are allowed to test. This lets the company keep their confidential information secure, while still allowing pen testers to do their job.
Relationship to the Social Sciences
There are three areas of attention when developing a relationship between the social sciences and penetration testing within cybersecurity. First, pen testers must understand human behavior. The phrase human factors explore how those factors related to being a human influence the use of different projects but is defined as “the application of knowledge about human capabilities (Physical, Sensory, Emotional, and Intellectual) and limitations to the design and development of tools, devices, systems, environments, and organizations” (CYSE 201S Module 4 Cybersecurity and Human Factors, 3). Within specific parameters, penetration testers can use social engineering to explore exploits, involving phishing tactics (unsolicited messages, suspicious attachments or links, and fake authority figures). Second, pen testers must understand organizational culture. Security culture varies across organizations. For example, a company with a causal culture might be more vulnerable to certain attacks than one with strict protocols. Additionally, pen testers must adapt their methods based on cultural norms, communication styles, and hierarchical structures, all of which are social science concepts. It is quite common for a penetration testing company to work with clients all over the world, creating dynamic situations in which employees must adapt. Thirdly, penetration testing must remain ethical and provide trustworthiness between both parties. “The best way to stop a criminal is to think the way a criminal thinks,” says Andrew Whitaker and Daniel P. Newman, who authored an article in partnership with Cisco Press on the importance of penetration testing. With ethical hacking walking a fine line, it makes companies question if they can trust the company that is providing the service. This is millions of dollar’s worth of information that is being cracked, so transparency is the most important thing when conducting business regarding penetration testing.
Conclusion
Penetration testing is not about breaking into systems—it is about understanding people. Social sciences help explain why people act the way they do, which in turn helps pen testers design more realistic and effective tests. The success of simulated attacks frequently hinges on understanding human psychology, navigating organizational culture, and ethically managing trust and communication. By incorporating disciplines such as sociology, psychology, communication studies, and ethics, penetration testing becomes a more holistic and realistic tool for assessing security. As cybersecurity threats continue to evolve, so must the methods, but in the complexities of human behavior.
Works Cited
CISA. “Secure by Design, Secure by Default | CISA.” Www.cisa.gov, www.cisa.gov/securebydesign.
“Penetration Testing and Network Defense.” Google Books, 2025, books.google.com/books?hl=en&lr=&id=SC-tAwAAQBAJ&oi=fnd&pg=PR9&dq=what+kinds+of+threats+do+pen+testers+deal+with%3F&ots=Oq-OfizreZ&sig=Au_mni4jEj_rNHilF2krSl78Zqs#v=onepage&q=what%20kinds%20of%20threats%20do%20pen%20testers%20deal%20with%3F&f=false. Accessed 17 Apr. 2025.
“CYSE201S Module 4 Spring 2025.Pptx.” Sharepoint.com, 2025, olddominion-my.sharepoint.com/:p:/g/personal/ahild004_odu_edu/EaC7RMgNgAdNkemJL8TkuHkBpqY9HR0rGOkGHN22eh43uQ?e=ZV1frb. Accessed 17 Apr. 2025.