Career Paper

Cybersecurity Professional Career Paper: Network Security Analyst

Student Name: Diego Saldana 

School of Cybersecurity, Old Dominion University 

CYSE 201S: Cybersecurity and the Social Sciences 

Instructor Name: Diwakar Yalpi

Date: 04/14/2026

I have chosen Cybersecurity Analyst, or Information Security Analyst as they can also be known. This job mainly entails all the infinitesimal details that goes into the daily defense and maintenance of a company or government’s information technology systems. These jobs range from technical work inside the systems themselves both physically and logically, to administrative work performing regular patches and updates to various systems, to social work training employees both new and old in order to ensure that the weakest link of an information system, the people who use it, are as up-to-date on their basic security know-how as they can be. With the world’s rapidly increasing reliance on digital information systems the black market for criminal intelligence and cyber skills has grown at an exponential rate alongside it, requiring more cyber analysts than ever in order to defend systems that can be critical to commerce, infrastructure, and national defense. These individuals form a barrier that maintains the instantaneous convenience and efficiency that provides so much to our society at large. In this paper I will discuss the general job overview and social science principles that pertain to jobs in this field, as well as the key concepts of this course as they apply to the career. I will also describe how cybersecurity disproportionately affects marginalized groups.

The role of information security analyst is not entirely focused around the technical aspects of defending IT systems, it is also about protecting the people who interact and rely on these systems on a daily basis. This includes equipping them with the basic skills to defend themselves from threats whenever possible rather than relying on the analyst’s ability to fix a problem once an incident has occurred. Much of the social aspect of this career path is the study of understanding and predicting user behavior in a way that allows the analyst to bolster cybersecurity posture through insights formed from various fields of psychology and sociology. This can include things as basic as implementing efficient password policy based on user behavior that won’t cause friction to users that will potentially create more issues in the future (i.e. shadow IT) or having a general understanding of inherent cognitive biases, such as urgency and authority, that can lead to a successful social engineering attack through phishing. All of this knowledge combined with the technical knowledge of the field allows analysts to design complex systems that feel intuitive to users through a human-centered approach. The better the understanding of these interactions between human and computer, the slicker and less fatiguing a system can be for end users. Technologies that have arisen from these studies include SSO (single sign on which allows users to sign in once and then authenticate their information to other various services through the originally supplied credentials, like Google services!) and MFA (like the codes sent to your phone to keep your accounts safer than just a password). These links between human and machine can also be studied to enhance user training by creating programs that help better retain cyber awareness information through courses that users find fascinating or potentially even entertaining. The social aspect of the field also pertains to how the response to a security incident occurs. Rather than focusing on the technical aspect of an incident, an analyst may focus on why a user made a mistake that caused the incident, whether training needs to be updated or implemented differently or more often, and how the general organizational culture influenced the outcome of user behavior. This helps address the root cause of an incident rather than focusing on the symptoms (i.e. the breach itself).

The utmost important key concept that this course expounds upon is the ironclad connection between user behavior and technology and the sociological and psychological concepts that underpin each and every interaction. Analysts use these concepts in order to assess organizational risk through employee interactions with their various systems such as password habits, email behavior, and response to authority in the work environment. Through this multitude of interactions it allows the analyst to “acquire the pulse” of the general culture so to speak, whether employees feel the squeeze of deadlines, are under-trained in cyber awareness, or are overly trusting because of complacency. Having this knowledge allows the analyst to tailor systems that can influence the culture in a way that hardens the general posture of the organizations systems, both technical and human. These include policies that employees are reasonably able to follow with requiring user workarounds due to increased operational friction. Policies that account for user ease of access and understanding have the positive effect of promoting ethical behavior and accountability in the workplace which in turn leads to the analyst having an easier time of maintaining organization-wide regulatory compliance. For example, an analyst may observe user behavior in a specific group or department that they believe puts that group at a higher risk of social engineering attempts. Knowing this, the analyst can tailor simulated phishing emails in order to test the response to this type of attack. From the data gleaned from the artificial attack the analyst can then tailor tutelage or specific technological systems (email filtering, etc.) for that group that needs further training in order to ensure that all parties are meeting regulatory compliance standards.

Marginalized groups are at a significant disadvantage in terms of their general level of cybersecurity and cyber awareness. In order to design systems that are fair and inclusive, analysts must be aware of the greater risk that these communities face and why. Marginalized communities often lack access to the same level of technology that non-marginalized groups have fairly easy access to. This can include more expensive technologies that offer a significantly better level of baseline security (think iPhone over an extremely cheap android alternative). These systems that they have access to come with inherent security gaps due to outdated or unsupported systems that no longer receive security updates. Marginalized groups are often targeted disproportionately by fraud, identity theft, and social engineering scams as a result of the lack of resources for them to defend themselves. This group often tackles financial insecurity, language barriers, and a general lack of cyber awareness that makes them easier targets to criminals. The lack of protections combined with factors like being financially disadvantaged leads to them not only being an easier target, but also a target to which the blow that a cybercrime can inflict may be unrecoverable for. These groups also often find themselves as targets of greater levels of digital surveillance by both criminals and institutions which can lead to misuse of data collection that leads to profiling or discrimination. Privacy breaches that these individuals or groups may experience can often lead to more severe consequences due to the lack of finances or legal protections. By taking all of these factors into consideration analysts can begin to create bespoke systems, or tailor existing systems, in order to better fit the needs of these communities. Security technologies that work on lower cost devices, or slower networks overwhelmingly benefit these populations. Even something as simple as a low cost or free VPN that has become so much more common today has great impact on the security of these people. The easier these technologies are to implement (such as many VPNs from my earlier example only requiring a basic installation from an app store and being one touch to activate) the more they assist in protecting a class of people that do not otherwise have the means of defending their data and right to their privacy. In an effort to diversify the field in order to more rapidly address these inequalities, the STEM field in general has made great strides in assisting these vulnerable minorities to become cyber professionals themselves so that they may create systems with greater knowledge of what these systems need to protect and how for the people that they know best. These efforts include scholarships and mentorship programs aimed at expanding access, initiatives supporting digital equity and workforce diversity, and programs encouraging women and minorities to join the fields of STEM and cybersecurity.

Cybersecurity professionals, especially those in the Information Security Analyst field, play a vital role in defending the systems that modern human civilization has come to rely on in order to support our ever burgeoning population. There is a reason that the government made it a federal level felony to tamper with computer systems in an unauthorized manner over twenty years ago. These systems control the drinking water of towns, the cards that people use to pay for everything, and the ability for insurance to maintain databases that allow access to healthcare. Each of these industries has specific legislation that provides guidance and frameworks for the maintenance and security of these crucial systems. Cybersecurity professionals are the wall that stands between attackers with a huge variety of motives and the billions of people who rely on systems that they don’t even know exist. In hospitals these individuals ensure the safety and validity of the Protected Health Information. In financial systems they defend against frequent cyberattacks that plan to steal the money of hardworking citizens. And in governmental positions they defend the infrastructure that allows a large country to survive such as power infrastructure and water purification systems. Regulations such as HIPAA regulate the protection of personal health information, while others such as the General Data Protection Regulation (GDPR) protect general individual data from unauthorized theft or use. All of these policies form a framework of trust that allows people to live without needing to worry that their information is at risk of theft by those who would use it for unscrupulous purposes.

Source 1: The article by the US Bureau of Labor Statistics gives perhaps the most concise description of the job role of an Information Security Analyst. “Information security analysts plan and carry out security measures to protect an organization’s computer networks and systems”. Through this description and the expected job growth of 29% (Much faster than the average of all occupations, mind you) the level of importance of the field can be better inferred. The systems that underline all of our lives are only growing larger, more complex, and more necessary and with that they become even bigger targets to those who wish to exploit them for any reason, be it monetary or political.

Source 2: This article sums up the role perfectly. “A cybersecurity analyst is a trained cyber professional who specializes in network and IT infrastructure security. The cybersecurity analyst thoroughly understands cyberattacks, malware, and the behavior of cybercriminals, and actively seeks to anticipate and prevent these attacks…” While it acknowledges the technical aspect of the job it also maintains the importance of the social psychology aspect of understanding the behavior of the cybercriminal. This field is all about the psychology of both the end users and the cybercriminals who seek to exploit them and finding the razor-thin balance between securing the system from those criminals without introducing friction to your coworkers.

Source 3: This article amplifies the notion that cybersecurity specialists of all kinds, including analysts, are not just technical workers, but essential defenders of modern society’s digital infrastructure. It explains how through a combination of their daily responsibilities and fields of knowledge (psychological studies, sociological studies, technical studies, various specializations) they directly support the safety and stability of systems that people rely on every day, including their finances, medical records, and day to day business operations. These individuals protect not only the data they are tasked to oversee, but also public trust and organizational reputation. Their work has real-world consequences for individuals and the communities they live in. And that is why I have chosen to work in this field myself.

References:

“What Does a Cybersecurity Analyst Do?” Western Governors University, 15 July 2025, www.wgu.edu/career-guide/information-technology/cybersecurity-analyst-career.html.

Coding Temple. “What Does a Cybersecurity Analyst Do? Daily Responsibilities & Career Path Overview.” Coding Temple, 20 Aug. 2025, www.codingtemple.com/blog/what-does-a-cyber-security-analyst-do/.

“Information Security Analysts.” U.S. Bureau of Labor Statistics, U.S. Bureau of Labor Statistics, 28 Aug. 2025, www.bls.gov/ooh/computer-and-information-technology/information-security-analysts.htm.