Introduction

According to cyberdegrees.org, Penetration testers, also called Pen-testers, help organizations identify and resolve security vulnerabilities affecting their digital assets and computer networks (Cyberdegrees, 2023). Other titles may be called Ethical hackers or Assurance validators; they often have the same duties as pen-testers. Usually, a Penetration testing team performs cyberattacks and other security breaches to access sensitive or private information (Cyberdegrees, 2023). During a simulated attack, they often document their findings to produce a detailed report that explains how they bypassed established security protocols. Pen-testers are crucial to cybersecurity because they work hard to identify and fix vulnerabilities before hackers can exploit systems (Cyberdegrees, 2023). The purpose of this paper is to explore in greater depth how cybersecurity careers, specifically penetration testers, interact with social science research and the seven principles.

Social science principles

I think Pen-testers rely on social science research and studies to understand why people behave the way they do and to understand how hackers think. This helps Pen-testers simulate real-life situations, especially in security. For example, when employers at an organization click on phishing or scam emails, Pen-testers can create training that is relevant and hard to overlook. This will help the organization prepare a better defense team when it comes to hacker knowledge.

Application of Key Concepts

The seven principles of social science and cybersecurity are relevant to the daily routines of a Penetration tester because they not only identify why organizations experience technical issues, but also why people (employers) make unsafe decisions that lead to hacking or system issues.  For example, a Penetration tester relies on evidence provided rather than assumptions, which aligns with the objectivity principle. As discussed in class, the researcher’s opinion should not shape the research’s conclusion. Another principle that I believe is related to a Penetration tester is Ethical Neutrality.  These individuals create a simulated attack to improve and educate people rather than judge individuals for making what others may call careless mistakes.

Marginalization

I think cybersecurity affects marginalized groups in many ways. For example, most elderly individuals are not very familiar with using technology, securing their networks, or recognizing phishing emails.  I believe cybersecurity affects more than just older people; it also affects uneducated people in low-income areas who may not have the resources or knowledge to protect themselves.  In situations like this, cybercriminals often take that as an opportunity to attack. From my experience, organizations should conduct more awareness training, assign policies, and create teams within the company to build a safer environment. I think organizations are starting to increasingly focus on human errors rather than on technology fixes alone.

Career Connection to Society

As seen with the latest AWS outage, cybersecurity and technology are used across many organizations, including bank apps, grocery store pickup apps, and even healthcare apps. Witnessing people being annoyed because their bank app was not working, or because a particular social media platform (Snapchat) was mind blowing. However, there was a time when we did not have the internet. Those who are not knowledgeable about cybersecurity may think its job is solely to protect systems and fix tech issues, but that is not true. Cybersecurity is also about safeguarding trust and privacy. Without Cybersecurity professionals, the cybercrime rate would be even higher. Since technology is more advanced now, we need this service for everyday life.

Scholarly Journal Articles

According to Jamuna (2024), the purpose of the article “Social Engineering and Human Factors in Penetration Testing” was to investigate the roles of the social engineer and human factors in penetration testing. The article goes into detail about different ways to protect against vulnerabilities, including practicing with simulated attacks, awareness training, and enforcing the company’s policies.  This article discussed the most common Psychological Principles and their relationship to social engineering attacks. For example, some key principles mentioned in the article were Authority., Scarcity, Social Proof, and Reciprocity. According to Jamuna (2024), it is crucial to understand these principles not only for attackers but also for those working to mitigate the risk posed by social engineering.

After reading Gonzalez (2025), “Understanding social engineering in penetration testing,” I have a better understanding of the role of a penetration tester. This article focuses on how the social engineering goal is human behavior rather than technical system attacks. As mentioned, the role of Penetration is crucial in preparing a strong defense and simulating attacks (Gonzalez, 2025). I think when people think of Cybersecurity, they only think of technical issues, never the policies, training, or errors caused by human or criminal behavior. This article gives a great explanation and understanding for those less knowledgeable in cybersecurity.

Reference

Gonzalez, C. (2025, May 19). Understanding social engineering in penetration testing. OCD Tech. https://ocd-tech.com/2025/05/19/social-engineering-penetration-testing/

Jamuna, K. M. (2024). Social engineering and human factors in penetration testing. International Journal for Multidisciplinary Research (IJFMR), 6(3). https://www.ijfmr.com

Alasmary, W. (2022). The role of social engineering in cybersecurity: A penetration testing perspective. The International Journal of Cybersecurity Intelligence & Cybercrime, 8(1), Article 4. https://vc.bridgew.edu/ijcic/vol8/iss1/4/

What is a penetration tester: Skills and career paths. Explore Cybersecurity Degrees and Careers | CyberDegrees.org. (2023, January 20). https://www.cyberdegrees.org/jobs/penetration-tester/