Penetration Testers and Network Analysts: Cybersecurity and Social
Science
Jarrell Jackson
Introduction
Cybersecurity is not just about computers, but it is also about people. Jobs like penetration
testers (pen testers) and network analysts prove this. Not only do cybersecurity
professionals handle more than just technology in today’s day and age, but they also need to
think of the people. Thinking about how people behave and make choices can and will aid
them in their work, social science being the key to this work. This paper explains how pen
testers and network analysts use social science. It also shows how their work impacts
marginalized groups and connects to society.
How Social Science Principles Apply
Pen testers find weak spots in security systems by thinking like hackers. Many hackers are
people, so understanding how they act in certain scenarios is important. Pen testers use
determinism to predict what will happen when they test systems. For example, they might
send a fake phishing email to all the employees, and they know some employees will click
because of curiosity. According to (Wang et al., 2021), social engineering attacks often
exploit trust and predictable human behaviors, making an understanding of psychology
critical in penetration testing. Relativism is also important since every job is different. For
example, a small business would need different tests than bigger companies get as they
have different assets, budgets, and other factors.
Network analysts monitor data to stop threats. They use empiricism, which means making
decisions based on what they see in the data. Ethical neutrality is also important to stay fair
when reviewing information. This helps them avoid letting their opinions get in the way of
spotting potential problems. Additionally, skepticism, as highlighted by (Dwyer et al., 2022),
can help network analysts question assumptions and improve the fairness and accuracy of
their tools and methods.
Impact on Marginalized Groups
Cyberattacks often target marginalized groups more than others. Phishing scams and
ransomware exploit people who have less knowledge or access to cybersecurity resources.
Pen testers can help by creating tools that are simple for everyone to use. Network analysts
track attack patterns to see which groups are most affected and then focus on stopping
those threats. For example, (Chattopadhyay et al., 2024) notes that underserved
populations face unique challenges in accessing secure technologies, making inclusive
cybersecurity practices essential.
Bias in cybersecurity is also a problem. If pen testers assume certain threats are unlikely
because of cultural gaps, they may miss risks. Network analysts rely on tools that can
sometimes be unfair to specific groups. Social science principles like skepticism push
professionals to question their tools and methods to ensure they are fair.
Society and Cybersecurity
Cybersecurity is about protecting systems and people. Pen testers and network analysts
both help by keeping personal data safe. Pen testers make systems stronger so hackers
cannot steal information. Network analysts stop attacks that could shut down hospitals or
banks.
These jobs also build trust. People are more willing to use online tools if they feel safe. As
(Dwyer et al., 2022) emphasizes, cybersecurity professionals must uphold ethical
responsibilities to ensure their work benefits society and promotes trust in digital systems.
With trust comes responsibility. Cybersecurity professionals must make sure their work
helps society and includes everyone.
Conclusion
Pen testers and network analysts show that cybersecurity depends on social science. They
study human behavior, create better security, and protect vulnerable groups. By focusing on
both people and technology, they make cybersecurity work for everyone. Their efforts go
beyond stopping attacks. They make the digital world safer for all.
References
Wang, Zuoguang, et al. “Social engineering in cybersecurity: a domain ontology and
knowledge graph application examples.” Cybersecurity 4 (2021): 1-21.
Chattopadhyay, Anadi, et al. “Where Are Marginalized Communities in Cybersecurity
Research?”, 11 Aug. 2024,
www.usenix.org/system/files/soups2024_poster56_abstract-
chattopadhyay_final.pdf.
Dwyer, Andrew C, et al. “What Can a Critical Cybersecurity Do?” Academic.Oup.Com,
International Political Sociology, 23 July 2022,
academic.oup.com/ips/article/16/3/olac013/6649355?login=true.