Cybersecurity Professional Career Paper: Penetration Tester<\/p>\n\n\n\n
Student Name: Travis Zywicki<\/p>\n\n\n\n
School of Cybersecurity, Old Dominion University<\/p>\n\n\n\n
CYSE 201S: Cybersecurity and the Social Sciences<\/p>\n\n\n\n
Instructor Name: Diwakar Yalpi<\/p>\n\n\n\n
November 14, 2025<\/p>\n\n\n\n
BLUF<\/p>\n\n\n\n
Penetration Testers do more than hunt for flaws in security, they also uncover how different people behave. They find weaknesses in both the systems and the worker\u2019s habits, by doing this they help companies stay ahead of emerging cyber threats. I will look at how social science tools, core cybersecurity ideas, and how marginalized groups get impacted by penetration testing. All of these shape the work penetration testers do.<\/p>\n\n\n\n
Introduction<\/p>\n\n\n\n
Cybersecurity is essential in this new era of technology. Hospitals, banks, governments, and businesses all face constant attacks. Penetration testers stand right at the forefront. A penetration tester will act as a malicious attacker, poke the defenses, and find holes that they can exploit. Penetration testing is not all done on a computer, penetration testers lean hard on social science. They need to know how people think as individuals, how people think in groups, and how culture affects threat response. In addition, they have to find out who is most at risk, especially people from a marginalized community. I will talk about how penetration testers rely on social science principles to understand how humans act, apply key cybersecurity concepts in practice, and social awareness all come together in the daily tasks of penetration testers.<\/p>\n\n\n\n
Social Science Principles in Penetration Testing<\/p>\n\n\n\n
Social science isn\u2019t just background reading for pentesters, it\u2019s one of the core aspects of the job. Psychology, sociology, and behavioral science all matter. Social engineering attacks focus mainly on psychological manipulation. Attackers know how to exploit your sense of authority, scarcity, reciprocity, and fear. If a pentester wants to mimic an attacker as well as possible, they have to know how to exploit these things too. They craft phishing emails, fake scenarios, and impersonate people of authority to expose weak points in security.<\/p>\n\n\n\n
Human computer interaction also plays a big role. If a security prompt is confusing, or a log in page is messy, people will make mistakes. Psychological factors like sensory adaptation, and cognitive overload help explain why employees tune out warnings or may click the wrong thing. Social science also helps pentesters understand how people act in a group.<\/p>\n\n\n\n
Almutairi and Alghamdi (2022) point out that most security incidents aren\u2019t just about broken software or confusing software, they\u2019re about people not knowing or caring enough about security. Pentesters will use this information to train employees, and close the exploit the real hacker is looking for.<\/p>\n\n\n\n
Applying Key Concepts in Penetration Testing<\/p>\n\n\n\n
Every day, pentesters use theories in their work. Human behavior is always at the center. Simulated phishing attacks, pretexting, or staff impersonation attacks work because pentesters understand how people think under stress or act towards authority. Self control theory explains why an employee might fall for an obvious phishing email.<\/p>\n\n\n\n
Cyberpsychology is another huge piece. Alexandra Michel\u2019s \u201cPsyber Security\u201d talks about how the digital world changes human behavior. Pentesters use this to spot weak security aspects like a bad login screen or a confusing security prompt, or anything that could potentially open the door for a hacker. <\/p>\n\n\n\n
The way pentesters work often mirrors social science research. For example, red team operations where the testers act as undercover observers, blending in to spot risks others might miss. Phishing tests and changes to different variables are quasi experiments, tracking how people react to different strategies. Archival research, like combing through old breach reports, helps pentesters see patterns and helps them predict where hackers might attack next. <\/p>\n\n\n\n
Marginalization and Cybersecurity<\/p>\n\n\n\n
Cybersecurity threats affect marginalized groups the most. People with limited digital skills, immigrants who may not speak English the best, and people with less income are all easier targets. These groups of people are more likely to click on a phishing email, or online scams because they don\u2019t have the same cybersecurity knowledge as everyone else. In the work space, this problem runs deep. According to Almutairi and Alghamdi (2022), more than 60% of employees don\u2019t understand the basics of social engineering threats. Pentesters have to work with these groups to design specific training programs. Pentesters can\u2019t only design training for people who already know their way around tech. The field itself is becoming more diverse. When teams have members from different backgrounds, they are better at spotting specific scams that target specific groups of people.<\/p>\n\n\n\n
Career Connection to Society<\/p>\n\n\n\n
Penetration testers help keep society running smoothly. They protect backbone systems like hospitals, utilities, schools, and banks. What they discover shapes policies, creates better employee training, and leads to stronger security policies. As threats get more complex, governments rely on pentesters to keep critical systems safe and make companies follow laws and international data protection standards.<\/p>\n\n\n\n
Conclusion<\/p>\n\n\n\n
Penetration testing isn’t just coding an exploit, it\u2019s about understanding how people behave. By mixing knowledge from psychology, and cybersecurity, pentesters can find weaknesses that software might miss. Their work boosts security awareness, protects those who are most at risk, and helps society\u2019s essential systems work.<\/p>\n\n\n\n
References <\/p>\n\n\n\n
Shi, P., Qin, F., Cheng, R., & Zhu, K. (2019, July 1). The Penetration Testing Framework for Large-Scale Network Based on Network Fingerprint<\/em>. IEEE Xplore. https:\/\/doi.org\/10.1109\/CISCE.2019.00089<\/p>\n\n\n\n Almutairi, B. S., & Alghamdi, A. (2022). The Role of Social Engineering in Cybersecurity and Its Impact. Journal of Information Security<\/em>, 13<\/em>(04), 363\u2013379. https:\/\/doi.org\/10.4236\/jis.2022.134020<\/p>\n\n\n\n Li, Y., Wang, Y., Xiong, X., Zhang, J., & Yao, Q. (2022). An Intelligent Penetration Test Simulation Environment Construction Method Incorporating Social Engineering Factors. Applied Sciences<\/em>, 12<\/em>(12), 6186. https:\/\/doi.org\/10.3390\/app12126186<\/p>\n","protected":false},"excerpt":{"rendered":" Cybersecurity Professional Career Paper: Penetration Tester Student Name: Travis Zywicki School of Cybersecurity, Old Dominion University CYSE 201S: Cybersecurity and the Social Sciences Instructor Name: Diwakar Yalpi November 14, 2025 BLUF Penetration Testers do more than hunt for flaws in security, they also uncover how different people behave. They find weaknesses in both the systems… <\/p>\n