Cybersecurity Professional Career Paper:
Penetration Tester
Student Name: Deonta Carmack
School of Cybersecurity, Old Dominion University
CYSE 201S: Cybersecurity and the Social Sciences
Instructor Name: Professor Yalpi
Date: 4/14/2026

Introduction
Penetration testing is one of the most dynamic and human‑centered careers in cybersecurity.
While the role is often associated with technical skills such as vulnerability scanning, exploit
development, and network analysis, the profession also relies heavily on understanding human
behavior. In today’s digital environment, cyberattacks frequently exploit psychological
weaknesses rather than purely technical flaws, making social science principles essential to the
penetration tester’s work. This paper examines how penetration testers integrate social science
research into their daily routines, how the profession interacts with marginalized groups, and
how key concepts from CYSE 201S apply to this career.

Social Science Principles
Penetration testers depend on social science research to understand the motivations, behaviors,
and decision‑making patterns of both attackers and end users. For example, psychological studies
on risk perception help testers anticipate how employees might respond to suspicious emails or
unexpected system prompts. Research on hacking subcultures and cybercriminal motivations
provides insight into how real adversaries think, which helps testers design realistic attack
simulations.
Human‑computer interaction (HCI) is another critical social science area that shapes penetration
testing. Testers must understand how users navigate systems, where confusion is likely to occur,
and how interface design can unintentionally create security vulnerabilities. Social engineering, a
core component of many penetration tests, is itself grounded in behavioral psychology,
persuasion theory, and communication studies. When testers craft phishing emails or conduct
pretexting calls, they rely on principles such as authority bias, urgency cues, and trust‑building
techniques.
Penetration testers also use social science insights to design effective awareness training. By
understanding how people learn, what motivates behavioral change, and why individuals ignore
security policies, testers can help organizations build more resilient human defenses.

Application of Key Concepts
Several concepts from CYSE 201S directly apply to penetration testing. Threat modeling helps
testers identify the most likely human‑driven attack vectors, such as phishing or credential reuse.
Risk assessment frameworks guide testers in evaluating which vulnerabilities pose the greatest
threat based on user behavior and organizational culture.
The concept of social engineering is central to penetration testing. Testers apply theories of
human behavior to simulate realistic attacks, demonstrating how easily individuals can be
manipulated into revealing sensitive information. Concepts related to ethics, privacy, and legal
compliance also shape the profession. Penetration testers must follow strict rules of engagement,
obtain written authorization, and ensure that their activities do not harm employees or violate
privacy laws.
Tools such as the NIST Cybersecurity Framework, MITRE ATT&CK, and behavioral analytics
platforms demonstrate how social science and technical methods intersect. These tools help
testers understand not only how systems fail but also how people contribute to security
weaknesses.

Marginalization
Penetration testing intersects with issues of marginalization in several ways. Marginalized
groups, including low‑income individuals, elderly populations, and communities with limited
Digital literacy is disproportionately targeted by phishing, fraud, and identity theft. When
Penetration testers design social engineering assessments; they must be aware of these disparities
to avoid reinforcing harm or bias.
The profession is also working to address underrepresentation within cybersecurity. Women,
racial minorities, and individuals from disadvantaged backgrounds remain significantly
underrepresented in penetration testing roles. Many organizations now support diversity
initiatives, mentorship programs, and inclusive hiring practices to broaden participation in the
field. Additionally, penetration testers contribute to equitable digital protection by advocating for
accessible training materials and security policies that consider the needs of all users.

Career Connection to Society
Penetration testers play a vital role in protecting the digital infrastructure that society depends on
on. By identifying vulnerabilities before malicious actors exploit them, testers help safeguard
financial systems, healthcare networks, government services, and critical infrastructure. Their
work strengthens public trust in digital services and reduces the likelihood of large‑scale
breaches that could disrupt society.
Public policies such as data protection laws, cybersecurity regulations, and national security
directives shape the responsibilities of penetration testers. These policies influence how tests are
conducted, how data is handled, and how organizations must respond to discovered
vulnerabilities. As cyber threats continue to evolve, penetration testers remain essential to
maintaining societal stability and digital resilience.

Scholarly Journal Articles
Source 1: A scholarly article on social engineering effectiveness may highlight how
psychological principles influence user susceptibility. These findings support the paper’s
discussion of behavioral science in penetration testing.
Source 2: Research on digital inequality or marginalized groups may show how certain
populations face higher cybersecurity risks. This supports the section on equitable protection and
the profession’s responsibility to address disparities.
Source 3: An article examining cybersecurity’s role in critical infrastructure or organizational
Resilience can reinforce the societal importance of penetration testing and its connection to the public
policy.

Conclusion
Penetration testing is a cybersecurity career that blends technical expertise with deep social
science understanding. By analyzing human behavior, applying key concepts from CYSE 201S,
and addressing the needs of marginalized groups, penetration testers help organizations
strengthen their defenses and protect society at large. As cyber threats grow more sophisticated,
the integration of social science principles will remain essential to the success and ethical
practice of penetration testing.