Cybersecurity Risk Analyst: Understanding     

                 People, Risk, and Society

Student Name: Clifford Mammah

School of Cybersecurity, Old Dominion University

CYSE 201S: Cybersecurity and the Social Sciences

Instructor Name: Diwakar Yalpi

Date: 11/14/2025

BLUF: Cybersecurity risk analysts protect organizations by finding vulnerabilities, analyzing threats, and understanding the human behaviors behind security incidents. Their work relies on social science concepts such as psychology, organizational behavior, communication, and digital inequality. This paper explains how social science applies to cybersecurity risk analysis, how class concepts are used in the profession, how cybersecurity affects marginalized groups, and how this career supports society.

Introduction

Cybersecurity is important in today’s world because technology supports nearly every part of life, from healthcare and banking to education and government. Cybersecurity professionals work to protect systems from attacks, prevent data loss, and maintain digital trust. One important role in this field is the cybersecurity risk analyst. Risk analysts study threats, examine weaknesses, and help organizations understand what dangers they face before attacks happen. This paper explores how social science principles connect to this career, how class concepts are applied in daily work, how cybersecurity affects marginalized groups, and how cybersecurity professionals support society.

Social Science Principles

Cybersecurity risk analysts depend on social science because human behavior is often the cause of cyber incidents. Psychology helps analysts understand why people fall for phishing scams, ignore warnings, or fail to follow security rules. Research shows that effective security requires understanding how employees think, what motivates them, and how they respond to training (Haney, 2020). Social science also helps analysts understand hacker motivations. Some attackers seek money, others want power, and some act out of curiosity. Understanding these behaviors helps analysts predict patterns and build better defense strategies. Human-computer interaction is another area of social science in cybersecurity. Analysts look at how users interact with technology so they can make policies that people will actually follow. If a security rule is too confusing or time-consuming, users may ignore it. Social science helps risk analysts develop awareness programs, create realistic training, and improve communication so employees recognize threats and make safer choices (Haney, 2020).

Application of Key Concepts

Many key concepts from class, such as risk assessment, threat modeling, compliance, and organizational behavior, are central to the cybersecurity risk analyst role. Analysts use frameworks like NIST and ISO to measure risks, evaluate vulnerabilities, and determine the likelihood and impact of threats. Organizational behavior is also important. Research shows that when leaders promote a “security-first culture,” employees are more likely to follow cybersecurity policies (Willie, 2023). Risk analysts must understand how workplace culture affects compliance so they can create policies that fit the organization’s needs. Analysts also use tools such as vulnerability scanners, compliance audits, and behavioral monitoring systems. These tools combine technology with human behavior analysis. Like how analysts look at whether employees are using weak passwords, ignoring training, or mishandling sensitive data. A recent study found that employee compliance depends on both technological support and behavioral factors like awareness and motivation (Delso-Vicente et al., 2025). This shows why cybersecurity risk analysts need strong knowledge of social science along with technical skills.

Marginalization

Cybersecurity challenges impact marginalized groups more heavily than others. People with limited digital literacy, older adults, or low-income communities may lack secure devices or the knowledge needed to avoid scams. These groups are often targeted more frequently in breaches and phishing attacks because attackers assume they are easier victims. Risk analysts must keep this in mind when designing training, privacy protections, and security policies. They aim to create systems that protect all users equally, regardless of background. Some organizations even run programs to improve digital literacy in vulnerable communities, helping reduce cyber harm. Cybersecurity professionals are also working to diversify the field so people from marginalized groups have a stronger voice in decisions about digital safety.

Career Connection to Society

Cybersecurity risk analysts help protect major parts of society such as hospitals, energy systems, schools, transportation networks, and financial institutions. If these systems were attacked, society could experience major disruptions. Public policies, including breach reporting laws, national cybersecurity strategies, and privacy regulations, shape how analysts do their work. These policies protect individuals by requiring organizations to secure personal information, respond quickly to threats, and stay accountable after incidents. By reducing risks, strengthening defenses, and guiding organizations through compliance, cybersecurity risk analysts help create a safer and more stable digital society.

Conclusion

Cybersecurity risk analysts play a vital role in protecting organizations and society by analyzing threats, guiding decisions, and understanding the human factors behind security incidents. Their work is deeply connected to social science concepts such as psychology, communication, organizational culture, and digital inequality. They apply class concepts to assess risks, build strong security policies, and ensure legal compliance. They also help protect marginalized communities and support the safety of major infrastructures. As cyber threats continue to evolve, the combination of technical skills and social science knowledge will remain essential for effective cybersecurity risk analysis.

Sources

Haney, J., & Lutters, W. (2020, October). Security awareness training for the workforce: Moving beyond “check-the-box” compliance. Computer. https://pmc.ncbi.nlm.nih.gov/articles/PMC8201414/ 

(PDF) The Role of Organizational Culture in Cybersecurity: Building a security-first culture. (n.d.-b). https://www.researchgate.net/publication/371399113_The_Role_of_Organizational_Culture_in_Cybersecurity_Building_a_Security-First_Culture 

Delso-Vicente, A.-T., Diaz-Marcos, L., Aguado-Tevar, O., & Blanes-Sebastián, M. G. de. (2025, March 6). Factors influencing employee compliance with information security policies: A systematic literature review of behavioral and Technological Aspects in cybersecurity – future business journal. SpringerOpen. https://fbj.springeropen.com/articles/10.1186/s43093-025-00452-7