Cybersecurity Professional Career Paper: How Chief Information Officers Apply Principles of Social Science Research to the Field
Student Name: Michelle Zimmer
School of Cybersecurity, Old Dominion University
CYSE 201S: Cybersecurity and the Social Sciences
Instructor Name: Diwakar Yalpi
Date: November 10, 2025
Introduction
The specific subset of cybersecurity career covered in this paper will be the pathway of the Chief Information Officer. In a world that is increasingly reliant on technology, cybersecurity becomes increasingly central to the maintenance of everyday functioning both of individuals and society as a whole. Technology is integral to much of day-to-day life, including but not limited to industrial systems, office work, and even e-commerce, which has become a prominent supplier of everyday goods for individuals across the country.
This paper will cover the career of the Chief Information Officer, with a special emphasis on the ways in which social science research and theories relate and apply to the field.
Social science principles
Chief Information Officers (CIOs) oversee information systems and cybersecurity strategy. Social science research helps CIOs understand human factors, shape policy and culture, and lead interdisciplinary teams. Human factors are incredibly important within the realm of cybersecurity, as it is the individual who is most often exploited via social engineering by cyber criminals.
Studies show that motivations for hacking have a wide range, including the motivation of financial gain, notoriety/peer social status, revenge, and even activism (sometimes also labeled ‘hacktivism’). Understanding the motivations of hackers can assist the CIO both in policy creation as well as decisions on cybersecurity training within their organization.
In regard to ethical decision-making, behavioral ethics research reveals how people justify unethical actions, such as rationalizing data theft as harmless. This is also know as the theory of rationalization, which many postulate to be particularly relevant to the psychology of cyber criminals. Awareness of rationalization theory can assist CIOs in understanding the potential psychology of cyber criminals, thus also how to possibly better defend against such criminals.
Insider threats are a prominent risk to organizations, whether due to individuals obtaining access to information or data that they shouldn’t, or individuals who intentionally steal or leak data due to factors such as vindication or monetary motivation. Psychology and organizational behavior can help identify risk factors such as job dissatisfaction, stress, or perceived injustice that may lead employees to leak data or sabotage systems.
Application of Key Concepts
Some of the key concepts from the class include the study of criminology, psychology, and sociology, among others.
Criminology is an important concept for individuals pursuing cybersecurity careers, as the study of criminals, crime, and victims allows for deeper understanding of crime, and by extension, cybercrime. An understanding of criminology leads to an understanding of criminal behavior, motives, and even the prevalence of certain types of crimes. This knowledge can assist cybersecurity professionals in determining what data is most at risk, by whom, and what the criminals motives might be.
Similarly, the study of psychology can be applied to cybersecurity. Understanding the way the mind works and develops can help professionals understand both the psychology of criminals and victims. One example might be the concept that explores the intersection between ease-of-use and effectiveness in cybersecurity tools and protocols. A tool that is extremely difficult to use might be more secure, but runs the risk of either not being used at all or circumvented, which defeats the purpose of said tool. Cybersecurity professionals must keep this facet of psychology in mind while working in the field.
Finally, the topic of sociology. The nature of the internet is in essence, social. Many cybercrimes, such as online bullying, online stalking, and cyber terrorism are all crimes that hold a basis in social structures. Thus, understanding social life, behaviors, and institutions proves a great advantage to cybersecurity professionals.
Marginalization
As discussed in the linked article regarding cyber victimization of female students, it is clear that in many cases women and girls are particularly vulnerable to online attacks. For example, women and girls are much more likely to be stalked, harassed, and even victimized by crimes such as revenge porn. These crimes are far from harmless. “Such behavior creates discomfort and insecurity for the receiver and contributes to the sense of unsafety in digital environments.” (Yaqoob, Sheikh, 2025).
In addition, women are much more likely to be the target of the cyber crime of romance fraud. The victims of this specific crime are typically middle aged, educated, kinder women who have low self-control.
There have been efforts within the field of cybersecurity to study topics such as these, which is the first step in being able to understand and mitigate risk to marginalized groups such as women in online spaces.
Career Connection to Society
Cybersecurity professionals contribute greatly to the safety and stability of societal infrastructures. With society relying on technology to a greater and greater extent, the security of that technology becomes ever more important. Studies have shown that the sector most often targeted by cyber criminals is the healthcare sector. When hired, cybersecurity professionals are responsible for securing sensitive data, training personnel, and essentially ensuring that access to healthcare is not jeopardized by acts of cybercrime.
In addition, many industries utilize technology for interfacing. Such technology is vulnerable to attack when unsecured, and can pose a significant threat to public order. When public works such as water treatment centers, nuclear plants, and even traffic control utilize digital systems for management, those very same systems are at risk of being hacked and exploited.
A number of public policies have been put into place since the inception of technology. Some of these include laws regarding recording people without their consent, laws prohibiting the download of stolen software, videos, and music online, and even policies prohibiting the solicitation of information from minors online. Some of these policies carry greater impact than others. For example, while it is illegal to download data such as movies and music online for free without proper licensing, this law does not typically stop the people who desire to commit such crimes. Other policies, however, such as the prohibition of recording others without consent, are more likely to be followed.
Scholarly Journal Articles
The first scholarly journal explores how cybercrimes target female students of Kashmir University. The article found that female students were more susceptible to articular forms of cybercrimes, regardless of their financial or educational background. Researchers found that the crimes induced significant adverse affects on the mental wellbeing of the victims. They also found that adequate social support is a key factor in healing from said crimes.
On the section of ‘growth of international norms to prevent cyberattacks’, the second article discusses the motivations of hackers, both white-hat and black-hat. The article proposes that black-hat hackers are often motivated by both financial gains and social injustice, but that when properly monetarily incentivized, they may switch to become white-hat hackers. This supports the social science principle of both parsimony. Regarding parsimony, the simplest explanation should be used. In this case, the simplest way to motivate black hat hackers to become ethical hackers is to use their base motivation: money. Similarly, knowing that money
The final article discusses the effects of cyberterrorism on psychological well-being, public confidence, and political attitudes. This article ties in key concepts to cybersecurity and social sciences by discussing both psychology and sociology. The results of the study confirmed that cyberterrorism increases anxiety and decreases personal security, increase perceptions of threat, and finally, increase the willingness of individuals to support strong government policies. From a sociological perspective, the article found that cyberterrorism does not “significantly undermine confidence in the national government or its institutions any more than conventional terrorism does.” (Gross, Vashdi. 2017). The exploration of both psychological and sociological principles in relation to cyberterrorism helps to integrate these core concepts into cybersecurity.
Sources:
Michael L. Gross, Daphna Canetti, Dana R. Vashdi, Cyberterrorism: its effects on psychological
well-being, public confidence and political attitudes, Journal of Cybersecurity, Volume 3, Issue 1, March 2017, Pages 49–58, https://doi.org/10.1093/cybsec/tyw018
Nori Katagiri, Why international law and norms do little in preventing non-state cyber
attacks, Journal of Cybersecurity, Volume 7, Issue 1, 2021, tyab009, https://doi.org/10.1093/cybsec/tyab009
Syed Shubeena Yaqoob, Aasif Hussain Sheikh, Unmasking the silent threat: understanding
cybercrimes targeting female students of Kashmir university—a mixed-method analysis, Journal of Cybersecurity, Volume 11, Issue 1, 2025, tyaf026, https://doi.org/10.1093/cybsec/tyaf026