Career Paper

Penetration Tester

The cyber security career I chose was a ‘Penetration Tester’. This career is a cyber security related job where the professionals seek for any flaws or weaknesses within an active network/system. Penetration testing is one of the most beneficial security measures a company can decide to take, “a penetration test is one of the most effective ways to identify systemic weaknesses and deficiencies in these programs (Kennedy, D. 2011)”. Becoming a penetration tester requires some years of schooling, getting certifications, and gaining experience in related fields. However, that is not the only bit of information that is required to succeed in this career. A penetration tester depends on social science research and principles as it is a strong part of their career. The social science principles include: relativism, objectivity, parsimony, ethical neutrality, and determinism. These professionals must adapt these principles within their career as they depend on it. 

Social science research is one of the components that penetration testers use on a daily basis. This type of research is best described as gathering information, analyzing it, and interpreting it for a variety of purposes, “social sciences, includes a variety of research

approaches, tools, and techniques, for collecting and analyzing qualitative or quantitative data (Bhattacherjee, A. (2012)”. When it comes to everyday tasks within the career of a penetration tester those include performing tests on applications, research with different types of attacks, and conducting stimulated cyber attacks. Penetration testing relies on social science research as they use it on a daily basis. For example, a penetration tester will research different types of attacks, analyze them, and then interpret them for research and experiment purposes. This is because there are many ways a cyber criminal could attack a system and it is important to be able to combat them all “malicious actors have many tactics at their disposal, and software engineers need to know what tactics attackers will prioritize in the first few hours of an attack (Meyers, B. 2022)”. There are a variety of purposes for social science research and a penetration tester’s purpose is to experiment with these cyber attacks and find the best way to approach it. Therefore, these cyber security professionals use the concepts of social science research on a daily basis.

The social science principles are: relativism, objectivity, parsimony, ethical neutrality, and determinism. Each of these principles play a role in penetration testers and it is applied to their work daily. Relativism is essentially the idea that everyone is allowed to have their own mindset on any topic and can believe what they want to believe. This in relation to penetration testing comes within the research aspect and how personal opinions must be put aside. A true professional is not to allow their personal biases and opinions to affect the outcomes of research. The next social science principle is objectivity which is similar to relativism. Objectivity is when an individual makes a decision based on facts and not based on another individual’s opinion/bias. A penetration tester is constantly researching cyber attacks and figuring out the best way to handle them. Therefore, putting aside a personal bias or opinion on how to handle a cyber attack would allow them to find more solutions. The next principle is parsimony and this is choosing the explanation that has the fewest assumptions. This would mean when a penetration tester is conducting research and has formed an explanation, they must choose the one that is a ‘simpler theory’. This is important because it would prevent the unnecessary evolutionary changes. The next social science principle is ethical neutrality and this is being respectful of other individuals’ ideas and allowing them to feel heard and considered. In penetration testing, many individuals are coming together to research solutions to cyber attacks, and it is important to not ignore any possible solutions. An individual could have a solution that would be extremely successful and beneficial, however if they’re not being heard it would never be able to be a solution. The last social science principle is determinism and this is the idea that all outcomes are influenced by previous events. This is a beneficial concept for penetration testers because it allows them to understand cyber attacks better knowing that it is an attack they’ve seen before. 

In conclusion, penetration testers use concepts of social science research and principles on a daily basis. Social science research gathers information, analyzing it, and interpreting it for a variety of purposes. Penetration testers do just that, they gather information about a previous cyber attack, analyze it, and find other possible solutions. Without this concept, penetration testers wouldn’t be able to research more on cyber attacks in the best way possible. The social science principles also play a huge role in these professionals careers. The concepts that are explained help penetration testers become unbiased and open professionals. This career requires these individuals to take those steps to ensure that they conduct their work efficiently. 

Sources

Meyers, B., Almassari, S., Keller, B., & Meneely, A. (2022). Examining Penetration Tester Behavior in the Collegiate Penetration Testing Competition. ACM Transactions on Software Engineering and Methodology, 31(3), 1-25.

Kennedy, D., O’Gorman, J., Kearns, D., & Aharoni, M. (2011). Metasploit. San Francisco: No Starch Press, Incorporated.

Bhattacherjee, A. (2012). Social science research: Principles, methods, and practices.