Why Cybersecurity Analysts Need to Know Social Sciences

Posted by hvern002 on

A cybersecurity analyst is a professional who specializes in possessing a deep understanding of an organization’s IT infrastructure in order to prevent vulnerabilities from being exploited. This can involve constant monitoring of the infrastructure, reporting vulnerabilities, and configuring tools (WGU, 2022.) The job of a cybersecurity analyst is related to the social studies because an important part of this prevention of breaches involves an understanding of the psychology of both threat actors and their targets.

The reason understanding the psychology of threat actors is important is because this allows one to better predict what vulnerabilities are the most likely to be exploited. Having this understanding, then, means that one can know how to prioritize vulnerability fixes.

Likewise, understanding the psychology of people within an organization is important because the prevalence of social engineering attacks in the modern day. Social engineering is when a threat actor exploits trust and emotions in order to forward their malicious goals (CMU, 2023.) It is imperative that one understand where an individual might fall victim to a social engineering attack in order to provide necessary advice to stop such attacks from succeeding.

The prevention of social engineering falls into the general practice of encouraging best practices within an organization. The construction and propagation of best practices is one of the many key jobs of a cybersecurity analyst (Coursera, 2023.) This, too, requires an understanding of the social sciences in order to understand how people react to rules. This can depend on a variety of things that all tie back to the social sciences. Culture is one such example, as some cultures are more collectivistic and therefore inclined to accept authority than other, more individualistic cultures.

Marginalized peoples, particularly individuals within such groups who have been wrongfully profiled by employers and law enforcement, can also be inclined to distrust authority due to bad experiences with authority figures. This too must be considered when proposing cybersecurity best practices for an organization. A way this can be mitigated is by making logical cases for cybersecurity policies. This will convince people with a distrust of authority that one is not merely suggesting arbitrary rules, but principles that will genuinely build a safer and more efficient working environment.

 In conclusion, the job of a cybersecurity analyst is deeply connected with the social sciences. This is mostly through the need to understand the minds of both individuals and groups in order to best construct cybersecurity policy.

References:

CMU. (2023). Social Engineering – Information Security Office – Computing Services – Carnegie Mellon University. https://www.cmu.edu/iso/aware/dont-take-the-bait/social-engineering.html

Coursera. (2023, November 29). What does a cybersecurity analyst do? 2023 job guide. https://www.coursera.org/articles/cybersecurity-analyst-job-guide

WGU. (2022, April 30). What does a cybersecurity analyst do?. Western Governors University. https://www.wgu.edu/career-guide/information-technology/cybersecurity-analyst-career.html

Leave a Reply

Your email address will not be published. Required fields are marked *