.

“Cybersecurity careers and social science” By Dominique Taylor.

Cybersecurity is a growing field that relies on many things to provide information so that it can grow and do its job effectively. One main assistant is social science due to the information it provides regarding humans which is highly needed in cybersecurity. Two careers that use social science in their everyday routine are cybersecurity analysis and cybersecurity engineering. 

In all aspects of cybersecurity, we must think about social science, but the way they collaborate with each other is through the principles of social science which are relativism, objectivity, parsimony, ethical neutrality, and determinism. All these principles are used in cybersecurity for different reasons but are meant to help gain an understanding of cybersecurity. As we learn cases throughout our cyber journey there will be many cases that must be looked at through an ethical lens. In the view of ethical neutrality, you must remember that the number one rule is you must protect all rights of the person or the community you are researching. Determinism is also an interesting trait in cybersecurity because most cyber crimes are caused by previous events that in their mind make them feel that their crime was justifiable. Objectivity in cyber is used to research more ways of how hackers are entering through vulnerabilities. The last principle is parsimony, in cybersecurity assessments Documentation must be written as plainly as possible so that even a CEO or a consumer can understand.

Cyber engineering is a very interesting career due to all the tasks and responsibilities they have daily. Understanding what these careers do on a daily basis will help understand how they use social science to help complete their task. In engineering, a major task they have is to Create, maintain, and monitor security policies and procedures. Another task they have that is similar to other jobs is to manage and maintain security infrastructures. In companies, this position is affected consistently due to human factors which gives them the responsibility of leading risk and incident activities.  Although these are very extensive task to do within a company it is very necessary to the security infrastructure. Society makes this position detrimental due to their ability to find ways to manipulate IOTs which can make social science research very important. 

Cybersecurity analysis is an extremely important career that is consistently growing within the cybersecurity industry due to companies understanding how many employees it takes to complete these tasks. One task they do on a daily basis is to Analyze security logs from firewalls and security software to detect potential security threats. Another obligation they have is to Ensure the timely and accurate collection of quantitative and qualitative data and intelligence for company security reports. The third task they must do for security purposes is to Lead security-related technical projects such as assessments and risk/benefit analysis. This task makes this position detrimental to the security process due to analysts being the first to detect potential threats over the network. In this position human factors are important and having the ability to write Parsimony reports for the company.

In the field of cybersecurity, engineers use social science in many different ways. One way they use social science is with their task to create, maintain, and secure security policies they must analyze the behavior of society. Society’s behavior can affect what areas they need to put a key focus on and what they must add to their security policies. Since technology has been advancing society has converted everything we do to over the internet which could be very dangerous due to the vulnerabilities within human factors that a cybersecurity engineer must account for. The article “Social Engineering in Cybersecurity: Effect Mechanisms, Human Vulnerabilities and Attack Methods” supports the previous statement saying “For some situations, social engineering attacks may be as simple as making a phone call and impersonating an insider to elicit the classified information. Moreover, with the development of new technology and the formation of new cyber-environment, social engineering threat is increasingly serious. Social Network Sites (SNSs), mobile communication, Industrial Internet, and the Internet of Things (IoT) generate not only large amounts of sensitive information about people and devices but also more attack channels and a bigger attack surface.” These frequent new challenges make it important to start influencing people all around about the position of a cyber engineer so that we can have more engineers and stay protected.

For cyber analysts, their whole job revolves around social science so they must consistently do their job through a social viewpoint. Cyber analysis relates to social behaviors through the viewpoint that attackers find some of their victims through human behavior and human interaction with media. A familiar attack that cyber analyst encounter are phishers who have studied their victims through something simple like social media. This requires them to rely on a social science mindset so that if a user reports a potential threat, the analyst can understand where the threat came from. The article “An Analysis on Cyber Crime, Cyber Threats, and Role of Cyber Analysts” shows an example of how many were affected by phishing attacks by stating “ The statistics that have been obtained and reported about demonstrate the seriousness Internet crimes in the world. Just the “phishing” emails mentioned in a previous paragraph produce one billion dollars for their perpetrators (Dalton 1). In a FBI survey in early 2004, 90 percent of the 500 companies surveyed reported a security breach and 80 percent of those suffered a financial loss (Fisher 22).” This career field requires a lot of study of society because as the majority of society changes how it interacts with society, this data can affect what new attacks an analyst must be aware of. 

In both careers, there are many challenges that marginalized groups face that we must overcome. Regarding cybersecurity engineering, there is a major disconnect in the level of education that is necessary and since we don’t see many from our communities becoming an engineer or getting a degree we are unaware of the need and potential growth in the field. The article “Cybersecurity Engineering: The Growing Need” states “One reason for the worker shortage in the cyber security field is that companies are looking for highly qualified, educated and skilled professionals. Hiring managers and recruiters typically seek candidates where a bachelor’s degree, is almost always required, while a master’s degree is typically preferred. In addition, many companies require specific certifications and extensive experience in the field.”  Being someone who comes from a marginalized group pushes me harder to succeed in the cyber analyst field because even I face hardships like finding a corporation that’s willing to teach and let me grow within the corporation. Although these troubles are very difficult I keep going so that people who are from where I’m from and look like me can be motivated to get into this field.

Cybersecurity professionals have many viewpoints that an issue can be looked through but a crucial one is social science. Taking the cybersecurity and social science course has taught me many lessons that I will use as I progress in my cybersecurity career. 

Sources: 

Nandy, Miss Debalina, and Mr Renish J. Padariya. “An analysis on cyber crime, cyber threats and role of cyber analyst.” International Journal for Research in Applied Science and Engineering Technology (IJRASET) 4 (2016): 319-322.

.

Callen, Jennifer, and Jason E. James. “CYBERSECURITY ENGINEERING: THE GROWING NEED.” Issues in Information Systems 21.4 (2020).