Blake Murphy
4/15/2025
Penetration Tester
Penetration testing, also known as ethical hacking, is a cybersecurity career designed around performing system attacks with express permission to test for vulnerabilities or weaknesses. This has been a subject gone over in class, and it was originally what gave me the idea to write about penetration testers. The career is highly valuable for businesses who may suffer from increased levels of attacks and also serve as a way to help former criminals as well.
Social Science Principles
One of the social science principles that most closely applies to penetration testing is the principle of parsimony. Parsimony is essentially about keeping the explanation of complicated tasks as simple as possible to allow for a greater ease of understanding. In an examination of a collegiate penetration testing competition created by Benjamin Meyers et. Al, they discovered that teams identified vulnerabilities quickly and were able to simply articulate how it was done. As stated, “A reasonable assumption is that vulnerabilities that can be exploited via automated tools would be exploited faster than vulnerabilities that require manual human effort,” (Meyers 17). Instead of the explanation remaining complicated by using technical terms that require deeper explanation, it was summarized in a way that nearly anybody can understand, which is a strong indication of the use of parsimony. This same principle can apply when penetration testers give feedback to businesses as well.
Class Concepts
During a study penetration testing modern households, Fredrik Heiding et. Al discovered that one of the most primary weaknesses the average house possessed was a high susceptibility to denial-of-service attacks, also known as DOS. This was in a study titled “Penetration testing of connected households,”. From Module 7, there is a sociological paradigm known as structural functionalism that would examine why penetration testing has become such a necessity in society. Structural functionalists like to consider how things such as cyber attacks have changed laws and strategies, and one of those strategies was created in the form of penetration testing. From that same module, it is stated that Old Dominion University also collects a mass amount of data because they teach cybersecurity. They would likely be targeted for data breaches, so hiring penetration testers to see how they can defend themselves would definitely be a smart thing to do to avoid having their data stolen. Lastly, Module 12 states that cybercriminology applies empirical aspects to cyber crimes such as data breaches. Empiricism is about what we experience, and penetration testers simulate attacks to impart that knowledge onto other groups.
Marginalized Groups
In regard to marginalized groups, penetration testers might be called on more frequently by businesses who are cyber-attacked due to what they stand for or who they are as a company. Companies who support a certain race may suffer from an attack from hate groups, so penetration testers may be on call more frequently during those times of the year. This may lead to overwork, but it also isn’t the only reason one may be attacked. If a company or business itself is run by people of color or members of the LGBTQ+, they are also more likely to be targeted for attacks. Because all of these groups are targets, penetration testers often form close relationships with these businesses because of the level of risk they are at.
Societal Contributions
The career is closely related to society, especially politics. As stated in Module 8, the government itself decides how much should be spent on cybersecurity, which would include the career. Penetration testers are also often hired by the government for their skills, as well as the possibility to be hired by nearly anyone. An article created by Ankur Chowdhary et. Al is centered around how breach testing can help engines on the internet that society uses as a whole, which goes over how web applications may be attacked by cross-site scripting or SQL injection. This directly helps society pinpoint problems. Another example would be how testing can be done on even common households, as Heiding stated earlier in his article about how denial-of-service attacks are extremely damaging to homes.
Conclusion
With all of this in mind, I believe that the career discussed here is almost a necessity for businesses that may be vulnerable to cyber-attacks. It provides essential strategies needed to protect data and people alike. It’s also useful as a way to turn former cyber-criminals into people who greatly benefit society, as they would have prior experience breaching into systems. As a career, it can be considered both a great aid to all under risk of cyber threat and a interesting job.
References
Chowdhary, Ankur, et al. “Generative Adversarial Network (GAN)-Based Autonomous
Penetration Testing for Web Applications.” Sensors (Basel, Switzerland), vol. 23, no. 18,
2023, pp. 8014-, https://doi.org/10.3390/s23188014.
Heiding, Fredrik, et al. “Penetration Testing of Connected Households.” Computers &
Security, vol. 126, 2023, pp. 103067-, https://doi.org/10.1016/j.cose.2022.103067.
Meyers, Benjamin S., et al. “Examining Penetration Tester Behavior in the Collegiate
Penetration Testing Competition.” ACM Transactions on Software Engineering and
Methodology, vol. 31, no. 3, 2022, pp. 1–25, https://doi.org/10.1145/3514040.