Brittney Davis
CYSE 201S
Professor Trinity Woodbury
April 26, 2025

Career Paper

Penetration Tester

A Penetration Tester, or “ethical hackers,” as they are more commonly known, is an IT
professional who a company or organization hires to assess the security of its computer systems
and networks by simulating cyberattacks. In cybersecurity, penetration testers are pivotal because
they can find vulnerabilities in a company or organization’s systems before cybercriminals can
exploit them. This paper will examine the correlation between Penetration testers (Ethical Hackers)
and the social sciences of cybersecurity and marginalized groups.
Penetration Testing and Why It’s Important
Penetration testing is important because it simulates an attack on your networks, systems,
or applications to identify weaknesses in your security. Penetration testers are important to the
cybersecurity field because they use the same techniques, processes, and skills that cybercriminals
may use to find flaws within your systems. The only difference is that they employ these tactics to
help improve an organization’s security, whereas cybercriminals will exploit these weaknesses for
their benefit. Some methods for penetration testing are:
• Black box testing- gives the hacker little to no information about your systems
• White box testing – provides testers with security details
• Gray box testing- provides pen testers with partial security knowledge
• Red team/Blue team- this method allows hackers and security staff to work in tandem when
trying to find vulnerabilities within an organization’s security
• Covert pen testing- does not warn staff when a test will occur.
While there are many other methods that a pen tester can employ, the ones listed above are the
most commonly used. These methods are important because they allow for different methods to
gather information and test an organization’s security. The pen tester can then form a report that
they can present to help the organization improve its security.

Penetration Testing Correlation to the Social Sciences

Regarding penetration testing and its correlation to the social sciences, I believe that this
career path relates to the social sciences of Psychology and human behavior, Ethics and law, and
Communication skills. As discussed in class, human behavior and psychology also play a role in
cybersecurity. Since humans are the cause of most of the incidents that cause the failure of a
company’s security, pen testers use social engineering to conduct their tests. Some social
engineering attacks they use are phishing attacks, USB drops, and impersonation. As stated in the
article Social Engineering Penetration Testing: Attacks, Methods, & Steps, “the goals of these tests
are to identify weaknesses in a person, group of people, or processes and identify vulnerabilities
with a clear path to remediation “ (Firch, 2024). Using these social engineering tactics, pen testers
can weed out the most vulnerable employees, allowing the company that hired them to provide
additional training to their employees. Another way the social sciences apply to Penetration testing
is through Ethics. As discussed in class, cybersecurity is continuing to advance every day. With
that advancement, the ethical conduct and laws that govern cyberspace have to continue to improve
and update as well. This means that professionals who choose to become pen testers must
understand and comply with their position’s legal and ethical responsibilities, when developing
and employing exploits that could possibly compromise a company’s security, pen testers’ ethics
and compliance with the law comes into play because they actively make the choice not to use the
information for their personal benefit. Lastly, communication skills are important for pen testers
to have. Being able to effectively communicate with their team and the employers who hire them,
pen testers can ensure that they present their reports in a way everyone understands, regardless of
their technical literacy. Since pen testers also communicate with industry professionals and the
general public, they have to be able to tailor their information so that everyone can understand the
concerns and solutions they are addressing. While other aspects of the social sciences apply to the
position of a penetration tester, the few listed above are the ones that I believe play a significant
role in a pen tester’s ability to perform their job effectively.

Marginalized Groups

Penetration testers are critical to ensuring the safety of everyone’s information, including
marginalized groups. Unfortunately, marginalized groups may prove to be more vulnerable to
specific attacks since they don’t have access to the resources that others may have. These are some
of the concerns that pen testers will need to consider when performing their assessments and giving
their reports. If they are unable or refuse to address the vulnerabilities that marginalized groups
face, then they will not be able to perform their job to the best of their abilities and will get incorrect
results. By acknowledging the different vulnerabilities that everyone may face, pen testers can
develop inclusive and accurate processes that will benefit everyone.

Conclusion

In conclusion, the social sciences are very important for the Penetration tester position. The
social sciences are fundamental principles for a penetration tester that can be used as a guide to
perform their job effectively. As technology advances, penetration testers must acknowledge that
human error is a major factor in a company’s cybersecurity failure and apply this knowledge to
redevelop their exploits and resolutions, which can help develop more secure systems, networks,
and processes that everyone can use to navigate cyberspace safely.

References

Firch, J. (2024, February 28). Social Engineering Penetration Testing: Attacks, Methods, & Steps.
Purplesec. Retrieved April 27, 2025, from https://purplesec.us/learn/social-engineering-
penetration-testing/
Mukherjee, A. (2023, June 6). Understanding Social Engineering Penetration Testing. Threat
Intelligence. Retrieved April 27, 2025, from https://www.threatintelligence.com/blog/social-
engineering-penetration-testing
(n.d.). Penetration Testing: Why It’s Important + Common Types. Drata. Retrieved April 27, 2025,
from https://drata.com/grc-central/risk/penetration-testing
Hatfield, J. (n.d.). Virtuous human hacking: The ethics of social engineering in penetration-testing.
ScienceDirect. Retrieved April 27, 2025, from
https://www.sciencedirect.com/science/article/abs/pii/S016740481831174X