How Social Science Shapes Security Engineering in Cybersecurity

Introduction
Cybersecurity may seem like a field driven solely by technical expertise, but
professionals in this space increasingly rely on social science to do their jobs effectively.
Security engineers, in particular, work at the intersection of technology and human
behavior. While they are responsible for designing and implementing secure systems,
their success depends just as much on understanding how people think and act. This
paper explores how social science research and principles are essential to the work of
security engineers, especially in the context of building equitable systems that serve a
diverse society. It also highlights how these professionals help protect marginalized
communities in a rapidly evolving digital landscape.

The Social Side of Security Engineering
Security engineers often work behind the scenes to build protections into digital
infrastructure, but many of the risks they manage are rooted in human behavior. People
fall for phishing scams, use weak passwords, ignore security updates, not because
they’re careless, but because they’re human. That’s where social science comes in
(Hadnagy & Fincher, 2015).
Psychology helps security engineers anticipate how users behave under stress,
distraction, or routine. Concepts like cognitive load, decision fatigue, and risk perception
guide the design of systems that are both secure and usable (National Academies of
Sciences, Engineering, and Medicine [NASEM], 2019). For example, instead of
overloading users with complex security tasks, engineers use principles from behavioral
science to streamline authentication or encourage safer habits through default settings.
Sociology and organizational behavior also play a role. Engineers need to understand
the cultural and structural dynamics of the companies or institutions they’re securing.
Knowing how teams communicate, how decisions are made, and what kind of
resistance new protocols might face helps engineers design security processes that fit
within real-world environments, not just ideal technical ones (NASEM, 2019).

Addressing Equity and Inclusion
Security engineering isn’t just about preventing hacks; it’s also about protecting people,
especially those most vulnerable to digital harm. Cyberattacks can disproportionately
impact marginalized communities, who may lack the resources or knowledge to defend
themselves online (SecureWorld, 2024). Engineers who are informed by social science
are better equipped to anticipate these risks.

For example, inclusive design ensures that security tools work for people with
disabilities, language barriers, or limited access to technology. Engineers might use
user research or ethnographic studies to understand how different populations interact
with technology (Forward Pathway, 2025). This helps avoid solutions that
unintentionally exclude or disadvantage certain groups.

In addition, security engineers play a key role in addressing issues like surveillance,
data privacy, and algorithmic bias. These are not just technical problems; they’re deeply
social ones. A security engineer who understands the historical and societal context of
these issues is more likely to advocate for ethical, fair, and transparent solutions
(NASEM, 2019; Forward Pathway, 2025).

Conclusion
Security engineers are often seen as purely technical professionals, but their work is
grounded in both social science and human-centered thinking. From understanding user
behavior to designing inclusive systems, social science principles shape how they
approach everyday challenges. As society becomes more connected and more
vulnerable, this intersection between technology and the human experience will only
become more important. Security engineers who embrace this perspective help ensure
not just safer systems, but a more equitable digital world.

References
Hadnagy, C., & Fincher, M. (2015). Phishing Dark Waters: The Offensive and Defensive
Sides of Malicious Emails. Wiley.
National Academies of Sciences, Engineering, and Medicine. (2019). A Decadal Survey
of the Social and Behavioral Sciences: A Research Agenda for Advancing Intelligence
Analysis. The National Academies Press. https://doi.org/10.17226/25335
SecureWorld. (2024). Minorities and the Cybersecurity Skills Gap: A 2024 Update.
https://www.secureworld.io/industry-news/minorities-cybersecurity-skills-gap-2024
Forward Pathway. (2025). Marginalized Groups in Tech: Challenges, Inclusive Design,
and Cybersecurity Education for a Fairer Digital Future.
https://www.forwardpathway.us/marginalized-groups-in-tech-challenges-inclusive-
design-and-cybersecurity-education-for-a-fairer-digital-future