Wesley Faxlanger
School of Cybersecurity, Old Dominion University
CYSE 201S: Cybersecurity as a Social Science
Dr. Leigh Armistead, CISSP Teresa Duvall
3 December 2023
Career Paper
Cybersecurity has rapidly gained attention from individuals in information technology and social sciences. The digital revolution has ushered in a new era of modern conveniences and luxuries previously inconceivable to past generations. Cybersecurity is an interdisciplinary field that shares many similarities with other social sciences, which is a computational social science. While there are many exciting career paths within cybersecurity, penetration testers or (ethical hackers) are uniquely responsible for attempting to bypass an organization or government entity’s security. While the digital aspect of penetration testing is complex and exciting, the physical penetration testing aspect of the job offers far more opportunities to utilize social engineering and to attempt to beat physical security, such as electronic doors and security systems.
Penetration testing, a cornerstone of cybersecurity, involves simulated attacks on systems to evaluate their vulnerabilities. While technical acumen is foundational, penetration testers must also grasp the psychological aspects of security. Penetration testing requires understanding the intricacies of various operating systems and network configurations and the ability to think like a hacker, as an investigator would need to feel like a criminal. This necessitates a nuanced understanding of human behavior, motivations, and the intricate dance between technology and psychology (Bishop, M. 2007, pg.84-85). Human factors play a pivotal role in cybersecurity, and penetration testers often find themselves at the intersection of technology and psychology. Social engineering, a technique that exploits human psychology to gain unauthorized access, is a prime example. Christopher Hadnagy’s work in “Social Engineering: The Art of Human Hacking” underscores the human-centric aspect of cybersecurity (Hadnagy, 2011). Penetration testers leverage social science principles to anticipate and exploit these human vulnerabilities, identifying potential entry points for cyber threats. Relativism is the idea that understanding differences in cultures and environments can provide different avenues for cyber-attacks. For example, specific individuals may be more susceptible to varying forms of social engineering based on how they interact with their environment and communities. Sociology is an essential aspect of cybersecurity and penetration testing, as penetration testing relies heavily on exploiting human weakness. When an individual understands sociology, it becomes dangerously easy to manipulate and exploit just about any aspect of human nature. This is why phishing emails have become so common, as it is one of the most effective exploits of human error and social engineering.
In conclusion, while pen testing is generally considered an ethical form of hacking, hacking has a lot of grey areas surrounding its morality. This becomes amplified with the addition of social engineering. According to an article by L. M. Tanczer, “IT and cybersecurity professionals perceive hackers in an ambivalent light and in subtle contrast to themselves” (Tanczer, L. M. 2020, 108-128). Despite the negative connotations surrounding ethical hacking or penetration testing, it is an interesting career that provides ample opportunities to problem-solve and approach challenges in exciting new ways. Penetration testing is a cornerstone of cybersecurity. Without constantly testing and attempting to beat a system or organization’s security, many potential attack channels or points of weakness are left undiscovered. Cybercriminals may then use these weaknesses to seriously harm organizations and the people who trusted the organizations to protect their information. With that in mind, penetration testing is an invaluable aspect of cybersecurity that can help us grow and defend society from the malicious cyberattacks we commonly face.
Works Cited
Bishop, M. (2007). About penetration testing. IEEE Security & Privacy, 5(6), 84-87.
Hadnagy, C. (2010). Social engineering: The art of human hacking. John Wiley & Sons.
Tanczer, L. M. (2020). 50 shades of hacking: how IT and cybersecurity industry actors perceive good, bad, and former hackers. Contemporary Security Policy, 41(1), 108-128.