Penetration testing, a vital aspect of cybersecurity, is largely based on dealing with other people. Penetration testers, or “pen testers” for short, must be technically fluent to be successful in their field, but they also must be proficient in dealing with others. This means knowing how certain people may react upon being presented with a certain situation, knowing the phrases and sayings that are most likely to entice people to divulge private information, and countless other scenarios that use the principles of social science. This paper intends to explore the nature of social science in the world of cybersecurity and the somewhat symbiotic relationship between pen testers and social science researchers.


Pen testing is a great way for anybody with a cybersecurity team to test their mettle. It involves both the standard cybersecurity team, or “blue team” as well as the penetration testers themselves, or the “red team”. The red team is a group of specialists, usually hired outsiders, who will attempt to compromise the security of the business the way a real intruder would. This gives companies a way to gauge what would happen in the case of a real intruder. The red team may be “hired” as fake employees to get them into the company or may need to come up with disguises and an entry plan on their own.

Social Science is the study of people as social creatures and how they interact with society. This field of research provides great insight into the minds of your average fellow member of society, something vital if you want to be a good penetration tester. Pen testers are liars and deceivers by nature. They will exploit any given weakness to get the information they desire. While dealing with a living human with thoughts and feelings is much different than interacting with a computer, these bits of research can give penetration testers a framework for dealing with people much like they would with a computer. Just as having poor passwords is a weakness to be exploited within the machine, our human nature to trust somebody who looks and acts like they belong there is a weakness to be exploited as well.

Penetration testers have only become more and more popular over the years as technology as well as cybercrime has advanced drastically, a trend that shows no signs of stopping. While most people don’t think of cybersecurity specialists as particularly social people, that is often not the case and in the case of penetration testers it is typically the exact opposite. As their role becomes more and more important, so to does the role of the social science researcher. It is important to note that this same research that gives penetration testers tactics to get information from people, hackers are out there using the same information maliciously. In my opinion though, I would certainly rather be aware of my weaknesses than unaware.