By: Sarah Gantner

CYSE-201S Fall 2023

The cybersecurity field is huge and forever growing, this is due to the influx of technology running our day-to-day lives like it never has before. Cybersecurity as a field is fairly new to our world. The first known idea of a cybersecurity career wasn’t until the late 1980s and the thought that it would grow to be as it is in today’s world could have never been anticipated. Since the cybersecurity field is so large today, it consists of a vast number of career choices and many branches of those career choices as well. A career I decided to do some research into for this paper is the position of a security engineer.

A security engineer is a position well known within the cybersecurity field as it calls to both newcomers and veterans in the field alike. This position is something that would require a vast knowledge base in many different information technology and cybersecurity understandings and experience A few responsibilities someone with a security engineering title would hold are: risk assessment, security architecture, incidence response and security testing, among other things.

Security Engineers rely heavily on social science research in their field as well as the technical knowledge they are require to have. They use social science research to understand human behavior, using that information to anticipate potential vulnerabilities people in the world as well as employees could become victim to. With social science research security engineers are able to take these finding and not only create better security measures, but they can also create systems that are built for the users instead of for the company. This creates a user friendly software that also contains built in preventative measures for common vulnerabilities to counter attacks from outsiders.

Security engineers are also required to hold knowledge of social science principles and apply them to ensure the network they use can be secured. Some key points to these principles include user behavior analysis. User behavior analysis is very similar to the research principle that is used to understand human behavior. While this can be effective while creating the networks, these principles and research studies have to continue to be conducted, if they are not it is likely to cause a breach to occur.

Another principle that is needed to be successful in the security engineering field would be Phishing awareness. Phishing awareness needs to be applied using behavioral psychology to develop training to educate users about the risks and different cyber-attacks they or their network could fall victim to if left unknown.

Security engineers are also required to keep up with security training and awareness for both the users as well as the employees who would have access to the networks they are working to protect. This is a social science principle that ties into the others but is essential.

Security engineers also need to understand and apply insider threats and work to mitigate the risk of these threats taking place. A security engineer must understand organizational psychology concepts to identify the risks of insider threats, these can include several things, but an example would be employee satisfaction. If an employee was feeling underpaid or underappreciated they may choose to work with someone on the outside to allow access or insert malware to take the network down for money and or gain of some other sort.

Another principle that must been used by security engineers would be behavioral economics. Behavioral economics must be applied in order to influence decision-making of those who would use the network, ensuring that they would apply certain protections on their own without the need for required pushing of this sort.

 In conclusion, to be successful in any field within cybersecurity it is essential to understand and continuously apply social science constructs. Without these principles and their application from psychology to research the number of vulnerabilities, particularly those that are user-based would be massively at risk of failure as well as creating a lack of trust from the community that the network is used to protect and/or assist.

La Rédaction / the Editorial Team. (2021, September 2). Social science and cybersecurity: a key challenge for the future – InCyber. InCyber. https://incyber.org/en/social-science-and-cybersecurity-a-key-challenge-for-the-future/

Cybersecurity Guide. (2023, October 23). How to become a security engineer. https://cybersecurityguide.org/careers/security-engineer/

Steinmetz, K. F., Pimentel, A., & Goe, W. R. (2021). Performing social engineering: A qualitative study of information security deceptions. Computers in Human Behavior, 124, 106930. https://doi.org/10.1016/j.chb.2021.106930