Career Paper
Nicholas Dent
November 23 2024
CYSE 201S
The cybersecurity career I will be choosing is a cybersecurity analyst. This job position’s main role is to monitor, analyze, and respond to cyberattacks. They work towards structuring and stabilizing security solutions, as well as the overall framework. Cybersecurity analysts depend on social science research and principles by incorporating perceptions of psychology and criminology. More specifically, this role depends on social sciences and principles to understand human behavior, criminal motivations, and to gain more insight into communication tactics in the cyber world. The most common types of social engineering attacks that happen online are phishing, pretexting, tailgating, and baiting. Cybersecurity analysts use the ideas of social sciences, especially psychology, to better understand how and why cybercriminals utilize psychological methods to commit these social engineering attacks on society. Psychology can play a big part in understanding cybercriminals by providing a basis for how cybersecurity analysts receive and find solutions to these attacks. To give an example, trust, behavior, and authority help analysts gain a better understanding, which ultimately allows them to build more secure systems for individuals. Although these examples help cybersecurity analysts gain a better understanding of cybercriminals, there are some key concepts that analysts must pay attention to when using psychological science. Those key concepts are cognitive biases, the perception of risk, and stress or fatigue. Along with psychology, behavioral sciences can also play a role in this position. Cybersecurity analysts use behavioral sciences to determine risk insights, analyze unfamiliar log-ins or breaches, and recognize aspects pertaining to different reactions on digital accounts to prevent more possible security breaches. Analysts can also depend on criminology to be aware of criminal behavior, backgrounds, motivations, and methods of cybercriminals. Through implications of cybercriminal backgrounds, analysts can determine methods and tactics used by these criminals to stop operations. For example, cybersecurity analysts may conduct research on multiple cyberattacks potentially committed by one individual and identify patterns of repeated social engineering attacks, people targeted in certain marginalized groups, and time usage of said attacks. The use of these methods and tactics can be a huge help to analysts if a cybercriminal isn’t careful. In addition, criminology can also recognize motivations of cybercriminals to help identify and stop them from future cyberattacks. Some examples of possible motivations a cybercriminal might have would be financial gain, ego, insider threats, and ideology. When talking about social principles of cybersecurity, cybersecurity analysts can also depend on relativism, objectivity, parsimony, ethical neutrality, and determinism. Analysts use relativism to adapt and understand different outlooks relating to cybersecurity to make accurate decisions. These specific outlooks can vary by cultural or social regions and environments. Cybersecurity analysts use objectivity and ethical neutrality by determining data collected without using personal biases. This can be very important when collecting data in cybersecurity because it ensures that all data is collected from facts rather than emotional opinions. Parsimony is important in this job position because it ensures that analysts gather the most straightforward information when conducting investigations on cyberattacks. This social principle can be crucial for analysts because the less information tied to a cyberattack, the more efficient the solutions will be. An example of this social principle would be a cybersecurity analyst investigating a phishing attack on an individual and determining that the cause of the attack is the overuse of a password, as opposed to more advanced exploits during a cyberattack. Analysts use determinism to predict cyber breaches based on past methods and patterns used by cybercriminals. For example, an analyst might recognize that there is a vulnerable point in a system and determine that it is due to past events based on success rates of this point, ultimately strengthening it to prevent future attacks. All in all, the role of cybersecurity analysts can be characterized as interdisciplinary. Through the understanding of social principles like psychology and criminology, along with more cyber-related principles such as relativism, objectivity, parsimony, ethical neutrality, and determinism, analysts can better understand the main role of their job position. Psychological sciences play a part in understanding the human behaviors of cybercriminals such as phishing, pretexting, tailgating, and baiting. These behaviors enable analysts to build more secure systems to prevent cyberattacks. Likewise, analysts use criminology to gain more knowledge of cybercriminals’ motivations and methods to prevent them from committing these crimes in the future. With the use of more specific cybersecurity social science principles, analysts can collect unbiased data with the fewest explanations, understand human decision-making, and stop attacks based on past knowledge. Overall, when analysts depend on these social principles and research, they can fulfill their role of protecting company hardware, software, and networks from cybercriminals.
References
Rolim, Ligia. “Use of Criminology in a Practical Case in Cyber Security [en-pt].” Criminology vs Cybersecurity, 2023, p.1, https://www.linkedin.com/pulse/use-criminology-practical-case-cyber-security-en-pt-l%C3%ADgia-rolim-ceh#:~:text=Crime%20Analysis%3A%20Using%20criminology%20concepts,the%20timing%20of%20the%20attack. )
“What are the motivations for cyber-attacks?.” StraticSystems, 2024, p.1, https://stratixsystems.com/what-are-the-motivations-for-cyber-attacks/ )
Anilkumar, Anagha et al. “Intertwining Psychology and Cybersecurity to Improve Human Behavior.” securityquotient, 2023, p.1, https://securityquotient.io/using-a-psychology-driven-approach-to-improve-employee-cybersecurity-behaviour/#:~:text=Understanding%20human%20behavior%20in%20cybersecurity,aligns%20with%20pre%2Dexisting%20beliefs. )