Career Paper

Posted by jflor025 on

Joseph Flores
04/07/2024


As a student that is currently majoring in cyber security I’ve come to realize that although
it is a field that is technology based, there is a multitude of intersectionality that this field of
work has in the social sciences and there is an important reason for that. Many would assume
that since a machine or software isn’t human, isn’t emotional, and is logical that there is no need
to learn about social science and should only focus on the technical aspects of this field. This is a
flawed way of seeing things because technology although technology may not be human the
person behind the computer is. This is especially important when it comes to the security side of
things, although psychology is a social sciences branch it is an important aspect to the career I
chose, a Cybersecurity Policy Analyst. They assess the impact of cybersecurity threats,
regulations, and compliance requirements on an organization’s operations and provide
recommendations to enhance security posture while ensuring compliance with relevant laws and
regulations. They are also responsible for analyzing, developing, and implementing policies and
strategies to address cybersecurity challenges within organizations or governmental bodies, it
seems like not an important role but it is a very necessary one, because on the one hand you need
the skills to be able to operate as a cybersecurity expert, but knowing how to apply it too laws
and regulations is a whole different ball game. In this career, understanding human behavior is
crucial for comprehending how people use technology, and social science offers insights into this
area. Knowing human elements like decision-making procedures, prejudices, and incentives aids
cybersecurity policy analysts in identifying and reducing security risks.

Understanding the importance and the intersectionality of social science and the field of
cybersecurity as a whole can sometimes be difficult and a complex endeavor but is crucial in
today’s connected global society. In short, the intersectionality between social sciences and
cybersecurity can provide us a greater understanding of human behavior. For example, as
humans we all tend to make decisions, have biases, and interactions with technology that often create vulnerabilities that hackers believe it or not can use to exploit us. This is why social science needs to go hand in hand with any technology field because by doing so cybersecurity professionals, in this case a Cybersecurity Policy Analyst, can design more effective security measures that align with the behavior that we as humans use, this ensures that they are more likely to be followed and make companies and government agency less vulnerable to exploitation.

Some of the concepts that I learned from class that I believe can be applied to this career
very well, are the concepts of social engineering, fake news/misinformation, and the importance
of cybersecurity culture. Especially with the controversy going around about the Tiktok bill and
especially as we approach election time later this year. Being a Cybersecurity policy analyst, my
job would be less technical and more focused on implementing policy, this goes especially well
with the concept of creating a culture that understands the importance of cybersecurity. In this
career I have the opportunity to be able to make strides in educating companies and government
agencies by creating policy that could for example, implement mandatory certifications in certain
positions of a company that have access to valuable and sensitive information. Or even creating a
new modern policy that can revamp how we teach cybersecurity to make sure it sticks with
individuals therefore creating a culture that understands the importance of cybersecurity.
Cybersecurity Policy Analysts always look at research data to be able to formulate policy and
regulations. If I were to apply it to the example of creating a culture within a company or
government agency, a cybersecurity policy analyst is going to look at all statistical and survey
data, to see where the faults are in older policy. A good journal article I would recommend that
shows a good example of this is an article called “Cyberattacks, cyber threats, and attitudes
toward cybersecurity policies” by Keren L G Snider, Ryan Shandler, Shay Zandani, Daphna
Canetti, Cyberattacks, cyber threats, and attitudes toward cybersecurity policies, Journal of
Cybersecurity, Volume 7, Issue 1, 2021, tyab019, https://doi.org/10.1093/cybsec/tyab019
In this article they came to the conclusion that cyber security policy and regulations should
consider how the general population perceives threats from hackers and their exposure to
cyberattacks. The authors agreed that by not including and interacting with the public, it removes
citizens from the democratic governance crucial to their welfare. Because of this it is of the
utmost importance for governments to engage the public as stakeholders when coming up with
and implementing new cybersecurity policy because at the end of bad cyber policy doesn’t only affect the individual, it affects us all. Especially marginalized groups, which oftentimes don’t have the same level of education of other privilege groups. As a Cybersecurity Policy Analyst you can develop specific policies that can provide more cyber education in areas that are underdeveloped, especially schools so we can teach the younger generation and reach the next generation of our society, where we might have failed previous generations to fix because of old habits.

Leave a Reply

Your email address will not be published. Required fields are marked *