Cyber Analysts and Social Sciences
Cybersecurity Analysts are often the entry level roles in many cybersecurity environments, they have a wide range of responsibilities such as monitoring networks for threats and vulnerabilities, responding to incidents and even implementing policies for users to abide by in the future. The purpose of this article is to examine the ways in which this technical role intersects with the social sciences of cybersecurity and illustrate why it is such an important facet of security.
Social sciences within cybersecurity aim to dissect human behaviors to correctly pinpoint and define how they shape risk. Psychology approaches such as cognitive theories help cyber analysts explain and understand each step of the cybersecurity process as most cybersecurity threats emerge from human behaviors. Effectively utilizing social science principles, cyber analysts can understand these motivations and develop effective practices to mitigate them.
Objectivity and parsimony help explain users’ incidents or implemented policies in efforts to better educate themselves to keep safe, while relativism can help them relate the presence of malware to exploited vulnerability or possibly insider threats. Interchangeably these become necessary tools to navigate the threat landscape. Even within their own teams, social sciences become imperative as many cyber analysts must work collaboratively in incident responses. Many of Cyber Analysts tools whenever searching for root causes of attacks, such as the MITRE ATT&CK model which illustrates hackers’ typical behavioral patterns.
Cyber Analysts help protect marginalized groups even in the workplace by ensuring that the compromised company data does not compromise personal data, affecting people who may not have access to cyber education. This is done by Cyber Analysts by implementing user training such as phishing simulations, evaluating the cyber health of employees and routinely using this behavioral data to build resilience. Cyber Analysts help these marginalized communities specifically because this education remains important even after working hours. Because we are constantly surrounded by technology nowadays, concepts such as cyber hygiene are unavoidable, and the more individuals that are aware, the more likely they are to teach the unaware such as their elders or children.
Many Cyber Analysts also work for critical infrastructure systems which benefit the whole of society. They ensure that payments are processed securely and fairly as online banking becomes more of the norm, and they are constantly improving upon that. For example, many banks must be compliant with Payment Card Industry Data Security Standard (PCI DSS). PCI DSS is a policy which requires implementations such as encryption of user information, real-time monitoring by cyber analysts, and ensured network security. Without PCI DSS compliance, many banks would be vulnerable, and this would negatively impact the whole of society as banks are considered critical infrastructure under the financial sector.
In conclusion, Cyber Analysts oversee working extensively with the human layer of cybersecurity, making social sciences nearly impossible to avoid in their day-to-day routines. Many job applications refer to these elements as “soft skills” as an umbrella term, but a great Cyber Analyst will have proficiency in recognizing user behavior to best remediate it. It also helps in communicating with other departments or shareholders to ensure cooperation as cyber resiliency in companies is always a collaborative effort.
Sources
National Academies of Sciences, Engineering, and Medicine. (2019). 6 Integrating social and behavioral sciences (SBS) research to enhance security in cyberspace. In A decadal survey of the social and behavioral sciences: A research agenda for advancing intelligence analysis (pp. 141-160). The National Academies Press. https://doi.org/10.17226/25335
University of California San Francisco, Controller’s Office. (2025). Understanding Payment Card Industry Data Security Standard (PCI DSS). https://controller.ucsf.edu/how-to-guides/accounts-receivable-banking-services/understanding-payment-card-industry-data-security
Ainslie, S., Thompson, D., Maynard, S. B., & Ahmad, A. (2023). Cyber-threat intelligence for security decision-making: A review and research agenda for practice. Computers & Security, 132, 103352. https://doi.org/10.1016/J.COSE.2023.103352
Carley, K. M. (2020). Social cybersecurity: An emerging science. Computational and Mathematical Organization Theory, 26(4), 365-381. https://doi.org/10.1007/s10588-020-09322-9