Jaden Evans

CYSE 201S

Professor Aslan

6 April 2024

Introduction

Systems administration is usually a back-end job where an individual manages a computer network(s) to assess maintained security and detect threats.  While this career is not usually seen as a social job, systems administrators are still human fighting off human cybersecurity threats.  Due to the innate human factors involved with maintaining a network and fighting off threats, there exists multiple potential views to study the social science aspects of systems administration as a career.

Intrusion Detection Systems

Computer networks receive a lot of network traffic depending on how many operating systems are connected to the network at any given time.  All of the information that flows in and out would more than likely be impossible for a person or a team of people to scan and sort through.  Due to the need for a more automated version of this process, systems administrators often use intrusion detection systems–also known as IDSs–to scan for potential threats (Sommestad, 1).  However, IDSs are not perfect and often have a high ratio of false positives–a fact that makes systems administrators vital assets in improving and maintaining IDS detection of real threats (Sommestad, 2).  The consequence of IDSs requiring system administrators to filter out false reports is that it opens itself to the social science principle of human factors (Yalpi, mod. 4 p. 4-6).  It requires that interfacing with the IDS and the reports it produces must be understandable to humans–which also makes the designers responsible for adhering to parsimony to keep explanations of the interface simple to train people in it (Yalpi, mod. 2, p. 8-9).  With proper interfacing, humans are vital in optimizing the performance of IDSs as their abilities to minimize errors far exceed a program’s due to innate benefits of human factors in cybersecurity (Yalpi, mod. 7, p. 16).  While an IDS can process thirty-times as many alarming scans as a human, the actual chance of the report being a real threat is only an 11% chance while humans can detect real threats at a significantly increased 58% chance (Sommestad, 3.1).  IDSs and the interactions systems administrators have with them are intrinsically tied to social science as the need for parsimony to understand IDSs and human factors heavily influence how IDSs are used and upgraded.

Mental Models

Psychologically, humans tend to find ways to make things easier to process for themselves on a mental level even if it circumvents systems and protocols put in place to maintain security for individuals and companies (Yalpi, mod. 7, p. 12).  In relation to systems administration, systems administrators often use mental models of their systems they make either in their head or among personal circles.  Due to this, a number of “sysadmins” admit that they have a general ignorance of many hardware and software aspects of their networks and systems while not crediting formal education and training for their knowledge of their systems (Hrebec, abs.).  The ability to create and operate effectively off of mental models–a “cognitive representation of how a system operates” (Hrebec, 1.1)–shows the psychological trend of individuals in cybersecurity career paths tend to have “higher self-efficacy, rational decision-making styles and more investigative interests” (Yalpi, mod. 5, p. 19).  The fact that they are noted to rely less on manufacturers and third party support (Hrebec, abs.) and instead trend to be more assertive of their own styles proves that systems administrators follow that cybersecurity professional stereotype (Yalpi, mod. 5, p. 19).  Their willingness to trust “personal contacts” (Hrebec, abs.) over the more conventional forms of support on aspects of their systems they may not be knowledgeable about proves there is a sociological aspect to how sysadmins operate mentally (Yalpi, mod. 8, p. 3-4).  It is a clear example of how technology, even in a professional setting, can cause peer groups to form around it as their shared knowledge of technology aids in maintaining the systems vital to their careers (Yalpi, mod. 8, p. 28).  The mental models systems administrators create to cognitively navigate their systems operate around social science principles of cybersecurity-related psychology and sociology.

Women in Systems Administration

Systems administration is typically a field dominated by cis-males as sysadmins in the workplace (Kaur, abs.).  Much like the cybersecurity field as a whole, women are underrepresented and often considered as a marginalized group within the workforce (Yalpi, mod. 3, 24-27).  There are multiple reasons and challenges that occur for people of differing genders within the sysadmin workforce.  Despite the male-dominated nature of sysadmin work, maintenance work is often considered to be “care work,” something that demands ongoing attention and nurturing which often has a feminized connotation.  Because of the feminized nature of care work, women in the sysadmin work field can often get distracted from their duties as the expectations put on them by coworkers: “you can go a whole week without having anything to account for because you are spending your time trying to help other team members” (Kaur, 2.2).  However, others praise the feminist perspective on the effect of care work on sysadmin work as it is claimed that “IT security demands care, and it demands a feminist perspective.”  Females are not the only gender discriminated against in sysadmin and in STEM fields in general as issues relating to non-binary workers and LGBTQ+ professionals as a whole exist in the field.  Discrimination against these groups are often systematic as the identities of these individuals cause them to face unequal treatment such as harassment and limitations in their career that cis-men do not possess.  An explanation for this is the hyper-masculine culture that dominates STEM fields where masculine and heteronormative people are often seen as more intelligent amongst their equally as capable LGBTQ+ peers (Kaur, 2.3).  This culture is hard to be replaced as female, non-binary, and genderfluid workers are often heavily in the minority as over 70% of these workplaces are male according to data collected from a focus group made up from these genders.  This data does not account for the male-only sysadmin workplaces, though considering most of these individuals report to be the only non-male on their team it is very likely that many exist (Kaur, 3.1, table 1).  Due to the male-majority of these workplaces, many social aspects of systems administration are hindered by the fact that communication is often masculine-oriented in these environments.  Due to the nature of cis-men communication in this setting often not being considered gender-neutral, it can feel condescending, demeaning, and belittling to non-cis-men.  In examples given, it is obvious that non-males in the workplace get pointed out and are looked at with higher expectations given their rarity in the field which serves as another added pressure (Kaur, 4.1).  Due to the lack of diversity within the workplace, female and non-binary sysadmins often feel multiple discriminatory pressures that their heterosexual cis-men colleagues do not face.

Conclusion

Systems administration is not a perfect field to work in, yet there are certainly many different social aspects to consider within different parts of the field.  From the aspects of maintaining IDSs and how human factors inform them to how non-diverse the workplace can be, systems administrators are facing social science problems and trying to find solutions every day.  

References

Sommestad, T., Hunstad, A. (2013). Information management & computer security, 21(1). 30-40. Doi: 10.1108/09685221311314400.

Hrebec, D., Stiber, M. (2001). A Survey of System Administrator Mental Models and Situation Awareness. SIGCPR ’01: Proceedings of the 2001 ACM SIGCPR conference on Computer personnel research, 166-172. Doi: https://doi.org/10.1145/371209.371231.

Kaur, M., Ramulu, H. S., Acar, Y., Fiebeg, T. “Oh yes! over-preparing for meetings is my jam :)”: The Gendered Experiences of System Administrators. Proceedings of the ACM on Human-Computer Interaction, 7(141), 1-38. Doi: https://doi.org/10.1145/3579617.

Yalpi, D. CYSE 201S (Module 2) Principles of Social Sciences and Cybersecurity Diversity and Cybersecurity. Old Dominion University. 8-9.

Yalpi, D. CYSE 201S (Module 3) Strategies to Study Cybersecurity through an Interdisciplinary Social Sciences Lens. Old Dominion University. 24-27.

Yalpi, D. CYSE 201S (Module 4) Cybersecurity and Human Factors. Old Dominion University. 4-6.

Yalpi, D. CYSE 201S (Module 5) Applying Psychological Principles of Cyber Offending, Victimization, and Professionals. Old Dominion University. 19.

Yalpi, D. CYSE 201S (Module 7) Cybersecurity and the Social Dimensions of Data Science. Old Dominion University. 12-16.
Yalpi, D. CYSE 201S (Module 8) Social Dynamics, Social Structures, and Cybersecurity. Old Dominion University. 3-28.