Sofia J. Reyes-Villanueva
Diwakar Yalpi
Cybersecurity and the Social Sciences
20 November 2024
Career: Penetration Tester
A Penetration tester (or pen testers for short), are professionals who perform simulated cyberattacks on a company’s computer systems and networks to help identify security vulnerabilities and weaknesses before any cybercriminals have the chance to exploit them. Even though they are simulated, pen testers are still given a specific set of rules every simulation, and have to be very careful to not break a rule that could get federal law involved.. Different jobs a penetration tester may have are conducting vulnerability assessments, report vulnerabilities, advice about security best practices, and play, design, and conduct the pen tests. Some types of pen testing include: Application pen tests, Network pen tests, Hardware pen tests, and Personnel pen tests. In this paper it will be explained how pen testers can depend on social sciences research, and how the social science principles are used in it. Along with their daily routines in their careers and relation to marginalized groups and society in general.
A way social science plays a role in pen-testing is social engineering. Social Engineering are attacks that are performed under the human element of security. Different ways social engineering attacks are performed are by phishing, impersonating, USB drops, and Tailgating. By doing a test on social engineering, it “can show who a company is susceptible to the attacks” and can “Test user’s security awareness during their normal day” (Allen, 2022). The study of human behavior reflects on the decision-making process, reactions, and susceptibility to being manipulated is needed in order to perform effective and useful pen tests that can accurately predict or reflect future threats. A principle ten testers must strictly follow is ethical neutrality, adhering to ethical standards when conducting research or a test. Testers must protect the rights and stick to the policies given to them when conducting the tests in order to avoid any legal law, especially if they comprise a database in the company that was off-limits during the test.
Penetration testers play a critical role in making sure that digital systems are secure for everyone, including marginalized groups. Social Science principles assist pen-testers understand the vulnerabilities encountered by marginalized communities, address accessibility issues, and identify and address any biases in security measures that may disproportionately affect particular communities. Penetration testers help to make the inter more equal and inclusive place by becoming aware of how cybersecurity practices affect society. The study of cyber threats affecting underserved populations is one particular area where social science plays a crucial role. According to research, some groups may be more susceptible to particular kinds of cyberattacks, therefore penetration testers should consider these aspects when performing assessments. By doing this, they improve digital systems’ security while simultaneously fostering a more fair and just online environment.
To sum up, penetration testing incorporates social sciences deeply and is not just a “technical practice”. Penetration tester’s everyday tasks relate to the ideas we learned in class about human behavior, ethics, communication, and cultural sensitivity. These workers have to negotiate the intricate relationship between technology and society while taking into account how their job affects marginalized groups, we can have a “human firewall that is as resilient as any technical barrier” (MMukherjee, 2023)
Works Cited
Allen, J. (2022, November 22). Social Engineering penetration testing: Attacks, methods, & steps. PurpleSec. https://purplesec.us/social-engineering-penetration-testing/
Mukgerjee, A (2023, June 11). Understanding social Engineering penetration testing. Evolve Security Automation and Orchestration by Threat Intelligence.