The principles of science and scientific research are relevant to the study of cybersecurity and find a place in the everyday lives of cybersecurity professionals which I discuss here.

Starting with determinism; just as history is said to repeat itself, a deterministic view of cybersecurity will assist DevSecOps professionals and network engineers to design systems which will help to secure systems from the current trend in vulnerability. Being able to identify what bad actors will do as influenced by the newest technology is a skill leveraged by these and many other cyber professionals. Relativism is also brought in at this point, as what a cyber-professional can anticipate is relative to what is happening in the world.

Security managers and other information security workforce members have to build objectivity into their everyday work flow. If these ground-level protectors falter because, “we’ve never had an issue here before,” or , “who’d hack a flower shop?” their systems may as well operate without any protections at all.

Parsimony, empiricism and skepticism go hand in hand. In the aftermath of any security incident a digital forensic specialist needs to exercise skepticism to ensure all data is collected, legitimately observed (empirical) and identify the simplest explanation at the end. Remaining ethically neutral when publishing a report, even if incriminating to your organization is FUNDAMENTAL to ensuring the integrity of any  cybersecurity profession.