Cybersecurity Professional Career Paper: Defensive Cybersecurity

Melissa Baddie

School of Cybersecurity, Old Dominion University

CYSE 201S: Cybersecurity and Social Sciences

Professor D. Yalpi

November 14, 2025

The cybersecurity profession is an ever-evolving field that not only consists of cyberspace and technology, but also the sociological factor. As there is an assortment of moving parts within the cybersecurity field, the profession has been identified as multidisciplinary and at time there is opportunity for an interdisciplinary approach as well. Cyberspace isn’t just a tool of convenience or leisure, many organizations, corporations and our critical infrastructures rely on technology. This technology holds personal identifying information and needs to be protected, but as technology evolves crime also evolves.

The purpose of this paper is to inform the reader about a Defensive Cybersecurity professional previously known as a Cyber Defense Analyst. A Defensive Cybersecurity professional is responsible for analyzing data that has been collected from numerous cybersecurity defense tools and abate those risks. (National Institute for Cybersecurity Careers and Studies, Rev 2020) This paper will discuss how professionals in the field of cybersecurity rely on different social science research methods, and social science principles like empiricism, relativism, parsimony, ethical neutrality, determinism objectivity and skepticism.

The cybersecurity professional uses key concepts such as psychological theory, human factors including cyber victimization and human centered cybersecurity. I will discuss how important it is to have diversity in the cybersecurity profession. This paper is to help the reader understand that there are many definitions attached to cybersecurity, and it will continue to grow as the profession advances. If anyone is going to enter this field, then they must understand the definitions. Here are a few examples of definitions, starting with my favorite.

• “The science of cybersecurity offers many opportunities for advances… based on a multidisciplinary approach because, after all, cybersecurity is fundamentally about an adversarial engagement. Humans must defend machines that are attacked by other humans using machines, So, in addition to the critical traditional fields of computer science, electrical engineering, and mathematics, perspectives from other fields are needed.” (Chang, 2012)
• “Cybersecurity is the organization and collection of resources, processes, and structures used to protect cyberspace and cyberspace-enabled systems from occurrences that misalign de jure from de facto property rights.” (Craigen, 2014)
• “The art of ensuring the existence and continuity of the information society of a nation, guaranteeing and protecting, in Cyberspace, its information, assets and critical infrastructure.” (Canongia, 2014)
• “Cybersecurity consists largely of defensive methods used to detect and thwart would-be intruders.” (Kemmer, 2003)
• “Cybersecurity is the collection of tools, policies, security concepts, security safeguards, guidelines, risk management approaches, actions, training, best practices, assurance and technologies that can be used to protect the cyber environment and organization and user’s assets.” (ITU, 2009)
• The ability to protect or defend the use of cyberspace from cyber-attacks.” (CNSS, 2010)

In the cybersecurity profession social science studies human behavior related to the motivation of cyber offenses such as money, political, curiosity, revenge, entertainment or other multiple reasons. These ethical considerations are assisted by psychological theories that explain cyber offending, like why hackers hack and the justification behind it. These theories were created prior to the internet, yet can apply such as the neutralization theory, a criminological theory suggesting individuals know right from wrong and they rationalize their behavior before committing a crime. This theory was created by Sykes and Matza in the 1950s and they identified five techniques of neutralization called; the denial of responsibility, denial of injury, condemnation of the condemners and appeal to higher loyalties. (James, 2015). There are other theories, and they are not limited to the cyber offender.

The cybersecurity professional must also consider the psychological role of the victim. The victim may not know they have been a victim of cybercrime, their self-control, cyber-awareness, and where they are willing to report once they have become aware of being a victim of a cyber offense. This helps to prevent further cybersecurity attacks and to assist with training, policy and procedures. As there are personality traits to consider for, the cyber offender the social sciences have assisted with identifying personality traits of victims such as openness to experience, agreeableness, extraversion, conscientiousness and neuroticism. Each of these traits play a particular role in cyber victimization. A good cybersecurity professional needs to be well versed in the psychological consequences of cyber victimization. The profession isn’t only about technical or hard skills; the soft skills are just as important and continuous learning is required to maintain success.

In addition to prevention and detection as a Defensive cybersecurity professional one would need to be well versed in the human factor and centered. While determining preventative techniques, the professional needs to consider that of the human factor and their workload to reduce human enabled errors either on purpose or inadvertently. The training needs to be available and simple, for those who are not familiar with technology and won’t make shortcuts. As not all groups have access to computers, or as technology advances, they are therefore more vulnerable to malicious attacks such as phishing emails, social engineering and may not self-report.

            Although some marginalized groups may have access to computers it tends to be at high school level, they are not encouraged to focus their efforts on cybersecurity courses, or science technology, engineering, math, (S.T.E.M.) programs. The programs are very few in high school and the students haven’t been provided with the support to pursue those careers in college. There are many organizations offering internships to encourage diversity in the field. Diversity in cybersecurity helps create different decision making in a positive outcome, it also creates a healthier work environment. This attracts additional clients and employees and helps guard against threats that target marginalized groups.

References

Canongia, C. a. (2014). Cybersecurity: The New Challenge of the Information Society. Crisis Management: Concepts, Methodologies, Tools, and Applications, 60-80. doi:https://doi.org/10.4018/978-1-4666-4707-7.ch003

Chang, F. R. (2012). Guest Editor’s Column. The Next Wave: The National Security Agency’s review of emerging techologies , 19(4), 1-2. Retrieved from https://www.nsa.gov/portals/75/documents/resources/everyone/digital-media-center/publications/the-next-wave/TNW-19-4.pdf

CNSS. (2010). National Information Assurance Glossary. Retrieved from Committee on National Security Systems (CNSS) Instruction No. 4009: http://www.ncix.gov/publications/policy/docs/CNSSI_4009.pdf

Craigen, D. D.-T. (2014). Defining Cybersecurity. Technology Innovation Management Review, 4(10), 13-21. doi:doi.org/10.22215/timreview/835

ITU. (2009). Overview of Cybersecurity. Geneva: International Telecommunication Union, ITU, Recommendation ITU-T X. doi:http://www.itu.int/rec/T-REC-X.1205-200804-I/en

James, N. (2015, March 15). The Causes of Crime: Techniques of Neutralization. Retrieved from Hubs Page: https://discover.hubpages.com/politics/The-Causes-of-Crime-Techniques-of-Neutralization

Kemmer, R. A. (2003). Cybersecurity. Proceedings of the 25th IEEE International Conference on Software Engineering. 705-715. doi:https://dl.acm.org/doi/abs/10.5555/776816.776918

National Institute for Cybersecurity Careers and Studies. (Rev 2020). NICE Framework. Retrieved from https://niccs.cisa.gov/tools/nice-framework/work-role/defensive-cybersecurity

Rodney Petersen (NIST), D. S. (2020, November). NIST Computer Security Resource Center (CSRC). Retrieved from NIST: https://csrc.nist.gov/pubs/sp/800/181/r1/final