Security Engineering and Social Sciences

Cybersecurity is generally viewed as a purely technical field which focuses on programming, and network defense. But, there is much more to cybersecurity than that. Cybersecuirty is deeply interdisciplinary, mixing technical skills with understanding  human behavior. Security engineers, in particular, utilize principles and social science to address complicated challenges in cyberspace. This paper will explore how social science research research and understanding plays a key role in the daily work of a security engineer.

Security Engineering and Its Interdisciplinary Nature

Cybersecurity involves the interaction between humans and machines/computers. The technical tools and systems created to protect digital assets are only as strong as their alignment with human behavior within cyberspace. Social science research provides valuable research on how individuals interact and behave on the internet, the factors they contribute to cybersecurity vulnerabilities, and input on the motivations behind cybercrime. Security engineers take that research and implement them into designing solutions that address technical flaws and the human element of security. For example, phishing attacks usually exploit the psychological tendencies of humans, such as urgency and trust. By understanding these tendencies, security engineers can create systems that avoid human exploits and mitigate such risks. 

Understanding Human Behavior in Cybersecurity

Human behavior is a huge part of cybersecurity. Many studies have shown that human error is  the biggest contribution to security breaches. These errors can span anywhere from weak passwords to improper handling of sensitive information. Security engineers’ jobs are to predict these mistakes and mitigate the behaviors before they negatively impact security. 

Social Sciences in Action

There are several social science principles security engineers work with. Starting with relativism, security engineers know that cybersecurity challenges are determined by societal change like advancements in technology or changes in the economy. They have to adapt their strategies and implementations to address evolving risks. Empiricism is also a key principle security engineers utilize. The reliance on empirical data is crucial for cybersecurity. Engineers analyze threat reports, study past breach data and human behavior on the internet to predict vulnerabilities systems might come across. 

Social Sciences in Daily Work

Security engineers apply social science principles in multiple aspects of their work. By analyzing the motivations behind cybercrime, security engineers can understand cybercriminal psychology and better predict and prevent attacks. An example of such is when security engineers understand the economic motivations behind ransomware attacks. This helps them design systems that effectively minimize the risk of ransomware. Another principle is designing usable security systems. A secure system is ineffective when users cannot or will not use such a system. It is important for security engineers to study human-computer interaction to create a system that is both intuitive and secure. Lastly, Security engineers are big on promoting cybersecurity awareness. Educating people about cybersecurity is an area where social science plays a key role. Security engineers usually develop training programs that focus on behavioral  science in which users will understand the importance of security practices. 

Disparities and Marginalization

Security engineers also have to consider the societal impacts their work does, particularly on marginalized groups. Cybersecurity issues usually disproportionately affect those with limited  access to technology, education, and money. An example of such is when individuals in underdeveloped communities lack the knowledge and tools to properly protect their data from cyber attacks which leaves them vulnerable to exploitation. Promoting diversity in the cybersecurity field will address the disparities that exist. Security teams can create solutions that are more inclusive and address a wider range of vulnerabilities which will hopefully tackle the challenges the disproportionate communities face. 

Conclusion

The role of security engineer includes more than technical knowledge. It requires a  good understanding of human behavior, social structures, and ethical considerations. Security engineers design systems that not only protect individuals against technical vulnerabilities but also discuss the human factors of cybersecurity. This interdisciplinary path is imperative to build a safe digital world that ensures that the benefits  of technology are accessible to everyone. 

References 

Indeed.com. (2024, March 15). Q&A: What does a security engineer do?. https://www.indeed.com/career-advice/finding-a-job/what-does-security-engineer-do

Houston Christian University. (n.d.). What does a cybersecurity engineer do?. https://www.hcu.edu/career-compass/what-does-a-cybersecurity-engineer-do/

Coursera. (2024, April 1). What is a security engineer? 2024 career guide. https://www.coursera.org/articles/security-engineer