---

Introduction

The professional career I chose to examine was a Penetration Tester. A penetration tester is a type of white-hat hacker who performs authorized investigations, and probing attacks of a network or device, called “Pentests” The reasoning behind these Pentests is to assess both the technical factors, and human factors protecting a network to see where the strengths, weaknesses, and most vulnerable exploits are. While Pentests can vary in scope and degree from a full network test for multiple weaknesses to simply testing for a specific vulnerability, often the biggest weakness lies in a network’s human factors (Bertiglio & Zorzo, 2017)

---

Social Engineering & Human Factors

Olivia Powell, an editor at CS Hub who covers a variety of cybersecurity reports and statistics has reported that as of mid-2022, 75% of respondents to their Market Report cited social engineering as a top threat to their cybersecurity (Powell, 2022). Much of this can be attributed to a rapid evolution in social engineering attacks and hacking techniques, but particular blame needs to be placed on the lack of training and diversity in human factors. Whether it be a common phishing scam, or a more targeted reverse social engineering attack, employees need to be trained on what to look for, and human factors need to be diversified and invested in. By diversifying the people and professional background that make up your cybersecurity team, and your enterprise in general, you can have a wealth of diverse knowledge and experience to pull from and develop.  Not only can it potentially boost performance among employees, but it can improve their decision-making, and make an enterprise less susceptible to a successful cyber-attack, or pentest social engineering attempts (Chamlou, 2022).

---

Physical Pentesting

            Physical pentesting is another method pentesters regularly utilize to test an enterprise’s vulnerability. Going to a physical location, and attempting to access that location, and it’s devices or network is something a hacker could just as easily do. From posing as someone with authority, or tailgating someone to gain access, to then using the work culture against some employees that leave vital access information just lying around, or access Lan networks or open on-site ports, physical pentests are very real (Stankovic, 2022). By utilizing physical pentests, a company can become aware of their shortcomings onsite, and implement mitigation tools or policies to negate the threats of a hacker physically attacking their location. Even something as small as a door guard at the main entrance, or not holding the door for someone following you in would increase security and decrease the likelihood of a physical infiltration.

---

Conclusion

          Penetration testers utilize many aspects of social science in their career path. They must take on the role of a hacker and put themselves in their shoes. This gives them a unique perspective on attacking an enterprise, and they must thoroughly investigate their target and prod it for vulnerabilities, both in cyberspace and the real world. I believe that pentesting can not only reveal vulnerabilities in a security network, but in the lack of diversity and training of an enterprise’s human factors as well. It could open the door for more diverse human factors in an organization. Physical pentesting can help an organization analyze it’s more risky tendencies such as loose username and password’s lying around, as well as ease of physical access, and solve them accordingly. Penetration testers are incredibly vital jobs from a technical aspect, but from a social aspect they are just as vital, opening the door for opportunities in cybersecurity organizations, looking at an attack form a hackers POV, and changing how an enterprise works.

---

Works Cited:

Chamlou, N. (2022, November 16). Why diversity in Cybersecurity Matters. CyberDegrees.org. Retrieved March 27, 2023, from https://www.cyberdegrees.org/resources/diversity-in-cybersecurity

Dalalana Bertoglio, D., Zorzo, A. Overview and open issues on penetration test. J Braz Comput Soc 23, 2 (2017). Accessed on March 26, 2023. https://doi.org/10.1186/s13173-017-0051-1

Powell, O. (2022, October 5). Social Engineering “most dangerous” threat, say 75% of security professionals. Cyber Security Hub. Retrieved March 26, 2023, from https://www.cshub.com/attacks/news/social-engineering-most-dangerous-threat-say-75-of-security-professionals

Stankovic, S. (2022, July 17). 13 physical penetration testing methods (that actually work). PurpleSec. Retrieved March 27, 2023, from https://purplesec.us/physical-penetration-testing/