Bryce Staples
School of Cybersecurity, Old Dominion University
CYSE 201S: Cybersecurity and the Social Sciences
Instructor Name: Diwakar Yalpi
Date: 4/16/2026
Penetration Tester
Penetration testers rely heavily on social science principles, especially human behavior, to identify vulnerabilities and strengthen cybersecurity systems, making their role as much about understanding people and society as it is about technology.
Role of A Penetration Tester
A penetration tester’s main responsibility is to identify weaknesses before hackers can exploit them. This can include testing systems through controlled attacks, analyzing security policies, and often attempting to manipulate human behavior through methods like phishing (National Cyber Security Centre, 2026). Penetration testers have to have the mindset of an attacker, which requires not only technical knowledge but also an understanding of how people make decisions. A large portion of their work involves testing the human element.
Human Behavior and Social Engineering
An important social science concept that is used by penetration testers is social engineering. Social engineering is manipulating an individual into revealing confidential information. This practice is rooted in psychology and sociology, as it is based on understanding trust and human error. They use techniques like phishing emails or impersonating someone to test how employees respond to potential threats (Carley, 2020, p. 2). By studying human behavior, pen testers can notice patterns of vulnerability, and they can recommend training programs to companies to help improve their awareness of these attacks.
Interaction with Marginalized Groups and Society
Pen testers interact with marginalized groups and society by finding out how differences in access to technology and digital literacy can affect cybersecurity risks. Marginalized communities, such as low-income populations, older adults, and individuals with limited experience in technology, who are more likely to be more vulnerable to cyberattacks like phishing. Because of these groups, pen testers have to consider these disparities when evaluating security systems and human behavior. Pen testers can assess how users from different backgrounds respond to simulated attacks, noticing that not everyone has the same level of awareness when it comes to cyberattacks. Applying social science concepts like the digital divide and social inequality to ensure that security recommendations are realistic. Pen testers also contribute to public safety by helping organizations keep sensitive information, such as healthcare information and personal identities, secure. Penetration testers help create cybersecurity strategies that help society as a whole, not just those with advanced technical knowledge.
Connection to Society
Penetration testers play an important role in society by keeping systems and data that people rely on every day protected. Today, most things that hold sensitive information are mostly online, for example, bank accounts, healthcare information, and education. Because of this, the need for cybersecurity professionals becomes stronger. Pen testers have a direct impact on public trust in systems online. Pen testers help maintain trust to make sure that companies follow strong cybersecurity practices and give recommendations on improvements based on real threats. Their work supports a safer and more inclusive digital environment, where people from all backgrounds can interact with technology safely.
Conclusion
Penetration testers demonstrate that cybersecurity is not just a technical field, but it is also connected to social science. With concepts like social engineering, routine activity theory, and the digital divide, understanding and preventing cyber threats is important for marginalized groups. Pen testing relies on knowledge of human behavior and social structures to perform its tasks effectively. By combining their technical experiences with social science insights, pen testers play a critical role in making a safer space in the digital world for individuals.

Works Cited
Carley, K. M. (2020). Social cybersecurity: an emerging science. Computational and Mathematical Organization Theory, 26(4), 365–381. https://doi.org/10.1007/s10588-020-09322-9
Leukfeldt, E. R., & Yar, M. (2016). Applying Routine Activity Theory to Cybercrime: A Theoretical and Empirical analysis. Deviant Behavior, 37(3), 263–280. https://doi.org/10.1080/01639625.2015.1012409
National Cyber Security Centre. (2026). Penetration testing. In National Cyber Security Centre. https://www.ncsc.gov.uk/guidance/penetration-testing
What is penetration testing? (n.d.). Palo Alto Networks. https://www.paloaltonetworks.com/cyberpedia/what-is-penetration-testing