Career Paper

Posted by tzywi001 on

Cybersecurity Professional Career Paper: Penetration Tester

Student Name: Travis Zywicki

School of Cybersecurity, Old Dominion University

CYSE 201S: Cybersecurity and the Social Sciences

Instructor Name: Diwakar Yalpi

November 14, 2025

BLUF

Penetration Testers do more than hunt for flaws in security, they also uncover how different people behave. They find weaknesses in both the systems and the worker’s habits, by doing this they help companies stay ahead of emerging cyber threats. I will look at how social science tools, core cybersecurity ideas, and how marginalized groups get impacted by penetration testing. All of these shape the work penetration testers do.

Introduction

Cybersecurity is essential in this new era of technology. Hospitals, banks, governments, and businesses all face constant attacks. Penetration testers stand right at the forefront. A penetration tester will act as a malicious attacker, poke the defenses, and find holes that they can exploit. Penetration testing is not all done on a computer, penetration testers lean hard on social science. They need to know how people think as individuals, how people think in groups, and how culture affects threat response. In addition, they have to find out who is most at risk, especially people from a marginalized community. I will talk about how penetration testers rely on social science principles to understand how humans act, apply key cybersecurity concepts in practice, and social awareness all come together in the daily tasks of penetration testers.

Social Science Principles in Penetration Testing

Social science isn’t just background reading for pentesters, it’s one of the core aspects of the job. Psychology, sociology, and behavioral science all matter. Social engineering attacks focus mainly on psychological manipulation. Attackers know how to exploit your sense of authority, scarcity, reciprocity, and fear. If a pentester wants to mimic an attacker as well as possible, they have to know how to exploit these things too. They craft phishing emails, fake scenarios, and impersonate people of authority to expose weak points in security.

Human computer interaction also plays a big role. If a security prompt is confusing, or a log in page is messy, people will make mistakes. Psychological factors like sensory adaptation, and cognitive overload help explain why employees tune out warnings or may click the wrong thing. Social science also helps pentesters understand how people act in a group.

Almutairi and Alghamdi (2022) point out that most security incidents aren’t just about broken software or confusing software, they’re about people not knowing or caring enough about security. Pentesters will use this information to train employees, and close the exploit the real hacker is looking for.

Applying Key Concepts in Penetration Testing

Every day, pentesters use theories in their work. Human behavior is always at the center. Simulated phishing attacks, pretexting, or staff impersonation attacks work because pentesters understand how people think under stress or act towards authority. Self control theory explains why an employee might fall for an obvious phishing email.

Cyberpsychology is another huge piece. Alexandra Michel’s “Psyber Security” talks about how the digital world changes human behavior. Pentesters use this to spot weak security aspects like a bad login screen or a confusing security prompt, or anything that could potentially open the door for a hacker. 

The way pentesters work often mirrors social science research. For example, red team operations where the testers act as undercover observers, blending in to spot risks others might miss. Phishing tests and changes to different variables are quasi experiments, tracking how people react to different strategies. Archival research, like combing through old breach reports, helps pentesters see patterns and helps them predict where hackers might attack next. 

Marginalization and Cybersecurity

Cybersecurity threats affect marginalized groups the most. People with limited digital skills, immigrants who may not speak English the best, and people with less income are all easier targets. These groups of people are more likely to click on a phishing email, or online scams because they don’t have the same cybersecurity knowledge as everyone else. In the work space, this problem runs deep. According to Almutairi and Alghamdi (2022), more than 60% of employees don’t understand the basics of social engineering threats. Pentesters have to work with these groups to design specific training programs. Pentesters can’t only design training for people who already know their way around tech. The field itself is becoming more diverse. When teams have members from different backgrounds, they are better at spotting specific scams that target specific groups of people.

Career Connection to Society

Penetration testers help keep society running smoothly. They protect backbone systems like hospitals, utilities, schools, and banks. What they discover shapes policies, creates better employee training, and leads to stronger security policies. As threats get more complex, governments rely on pentesters to keep critical systems safe and make companies follow laws and international data protection standards.

Conclusion

Penetration testing isn’t just coding an exploit, it’s about understanding how people behave. By mixing knowledge from psychology, and cybersecurity, pentesters can find weaknesses that software might miss. Their work boosts security awareness, protects those who are most at risk, and helps society’s essential systems work.

References 

Shi, P., Qin, F., Cheng, R., & Zhu, K. (2019, July 1). The Penetration Testing Framework for Large-Scale Network Based on Network Fingerprint. IEEE Xplore. https://doi.org/10.1109/CISCE.2019.00089

Almutairi, B. S., & Alghamdi, A. (2022). The Role of Social Engineering in Cybersecurity and Its Impact. Journal of Information Security, 13(04), 363–379. https://doi.org/10.4236/jis.2022.134020

Li, Y., Wang, Y., Xiong, X., Zhang, J., & Yao, Q. (2022). An Intelligent Penetration Test Simulation Environment Construction Method Incorporating Social Engineering Factors. Applied Sciences, 12(12), 6186. https://doi.org/10.3390/app12126186

Leave a Reply

Your email address will not be published. Required fields are marked *