Cybersecurity Consultants and Social Sciences 

Ian Burd

Introduction

A cybersecurity consultant is a cybersecurity professional who works with an organization to identify and mitigate cybersecurity risks. They assess and analyze the systems within an organization to look for vulnerabilities or weaknesses that could potentially be exploited by hackers or cybercriminals alike.While they seem similar to the SOC Analyst, but in reality, the SOC analysts can be viewed as the first line of defense, where as a cybersecurity consultant is more like a strategist, helping organizations and businesses build strong cybersecurity practices. Cybersecurity Consultants have a strong relation to social science and social cybersecurity, while preventing social engineering attacks and helping marginalized groups have reliable cybersecurity practices. 

Relation to Social Science Principles 

Due to the social nature of a cybersecurity consultant, many of the social science principles are relevant. Objectivism is extremely important to a career as a cybersecurity consultant. This ensures that no bias goes into implemented practices or solutions to mitigate cybersecurity threats. This allows for rational decision making and the creation of robust and strong security measures. Relativism could allow a cybersecurity consultant to be more flexible when it comes to implementing the practices that are needed. The results are typically more shaped towards what the company wants, rather than the best practices, in regards to cybersecurity. Parsimony is also widely used in the career of a cybersecurity consultant. When consulting with an organization or business about cybersecurity practices or measures, it is important that explanations are as simple as possible to allow for people who aren’t as technically savvy to understand what is being implemented. This means that solutions need to be straightforward, both in their use and explanations to allow the organizations to fully comprehend. Ethical Neutrality is important as a cybersecurity consultant, allowing professionals to make non-judgmental decisions and offer objective advice related to what an organization wants. 

Relationship to Social Cybersecurity

Social Cybersecurity is a new and emerging field that focuses on preventing or mitigating cyber threats.These threats often focus on social dynamics and human interaction or behavior. One article explains that one objective of social cybersecurity is to “build a social cyber infrastructure that will allow the essential character of a society to persist in a cyber-mediated information environment that is characterized by changing conditions, actual or imminent social cyberthreats, and cyber-mediated threats” (Carely). Cybersecurity Consultants would work to minimize the risk of social engineering, by emphasizing the importance of user awareness provided them with the knowledge and methods to make safe cybersecurity decisions. Consultants could create an idea that ensures everyone handles cybersecurity threats as best they can, without relying solely on the IT department. 

Cybersecurity Consultants and Social Engineering 

Social engineering attacks are becoming more and more prevalent. They are becoming increasingly threatening in the world of cybersecurity and to technology users in general. In a global survey, it was found that “48% of large companies and 32% of companies of all sizes have experienced 25 or more social engineering attacks in the past two years. 30% of large companies cite a per incident cost of over $100,000” (Wang et al., 2020). A cybersecurity consultant might train the employees of an organization to be able to recognize social engineering tactics, such as impersonation, phishing or pretexting. This mitigates the risk that social engineering has on cybersecurity. 

Cybersecurity Consulting and Marginalized Groups
Representation and cultural differences will always play a role in cybersecurity effectiveness. Groups with less representation can cause a large impact in the security of an individual or organization. In an article discussing this issue, it is explained that “Many programs are designed by and for people from dominant racial and gender groups, which makes it difficult for minority populations to relate to the information presented” (Wongkrachang, 2023, p. 35). Cybersecurity consultants can help this problem, by providing proper strategies tailored to their unique needs, and providing or recommending affordable solutions to low income areas. Regardless of the group, a cybersecurity consultant can create a plan or training to ensure safe cybersecurity practice. 

Conclusion

Cybersecurity Consultants are extremely important to cybersecurity as a whole, and have an incredibly strong relationship to the social sciences. In their everyday practices, they follow the social science principles of objectivism, parsimony, relativism and ethical neutrality. Consultants aim to educate people on social engineering, and reduce the risk of such an event taking place.  For every client, including marginalized groups, they tailor their plans and training to suit the hiring organizations specific needs, regardless of their status or representation.   

References

Carley, K. M. (2020). Social cybersecurity: An emerging science. Computational & Mathematical Organization Theory, 26(4), 365–381. https://doi.org/10.1007/s10588-020-09322-9

Wang, Z., Sun, L., & Zhu, H. (2020). Defining social engineering in cybersecurity. IEEE Access, 8, 85094–85115. https://doi.org/10.1109/ACCESS.2020.2992807

Wongkrachang, S. (2023, June). Cybersecurity awareness and training programs for racial and sexual minority populations: An examination of effectiveness and best practices. CORE. https://core.ac.uk/reader/568393010