The career I have chosen to take a closer look at is the job of a chief information security officer (CISO). This job is a high-level position at major companies that is tasked with keeping a company’s digital information safe from attacks. They use advanced information security and managerial work that provides direction and guidance in strategic operations and planning. In order to do their job, they use social science research and principles to formulate their defenses around these findings and principles. One of the reasons that a CISO would need to use social science research is to find out what could lead to weaknesses in their systems. The famous quote that says, “Humans are the weakest link in information security” shows why they need to conduct and study research. Due to humans typically being the most unpredictable part of information security they focus on research that involves human behaviors and psychology in the digital space. The research that they use must follow social science principles in order for them to be valid sources to design training and systems around. Some of the principles that they need to focus on is relativism and objectivity. Relativism is required to help them connect the findings in the research to the data they are seeing in their own companies. Objectivity is needed in order to make sure that they only implement a new system or practice based on the research findings and not due to any underlying prejudices or emotions.

There are many topics that we went over in class that can be applied to this career. One of the main concepts that is applied as a CISO is the use of risk management. When planning and designing a defensive system you need to understand what you must protect. The CISO is a vital person in creating the risk assessments of their companies digital information. Another concept that a CISO applies is the cost/benefit analysis for the implementation of new and current systems. They must make the final decisions on the use of their budget and if the cost of a new system update is worth the benefits it could add to the company. 

As a CISO you have to interact and think about a lot of different types of people. ONe of those types are people who are marginalized. First, in the case of the hiring process of being a CISO there might be bias and prejudice in who is hired. Even though we may not like it, most people in power are white men and they are usually the ones who have a large enough business to need to hire a CISO in the first place. The job title of CISO is an executive level position that has a lot of responsibility and power. These CEOs tend to hire people who look like them and talk like them. This biased practice is not anything new in our society, but it is one of the challenges that marginalized groups would have to deal with if they wanted to get this job. 

This job is deeply connected to society because of the need to study the social sciences and society as a whole in order to create systems that help solve current issues. Without the study of society there would not be a way for CISOs to come up with effective defensive measures other than their own trial and error. Also, hackers are a part of society and the need to study their habits is just as important. Even the creation of the CISO position was because the evolution of crimes toward society’s major institutions spread to the digital realm. The need to protect these companies that benefit society and the citizen resources invested into them from malicious digital attacks was fulfilled by this position. 

References

1. “What Is a Chief Information Security Officer?: Skills and Career Path.” Explore Cybersecurity Degrees and Careers | CyberDegrees.org, 8 Dec. 2022, https://www.cyberdegrees.org/jobs/chief-information-security-officer-ciso/.  
2. “How to Become a Chief Information Security Officer.” Western Governors University, 9 Dec. 2021, https://www.wgu.edu/career-guide/information-technology/CISO-career.html#close.  
3. 0239 – Chief Information Security Officer – Hr.sao.texas.gov. https://hr.sao.texas.gov/Compensation/JobDescriptions/R0239.pdf.