{"id":108,"date":"2025-04-27T15:49:13","date_gmt":"2025-04-27T15:49:13","guid":{"rendered":"https:\/\/student.wp.odu.edu\/ptuni001\/?p=108"},"modified":"2025-04-27T15:49:13","modified_gmt":"2025-04-27T15:49:13","slug":"career-paper-cybersecurity-as-a-social-science-in-security-research-and-reverse-engineeringcareer-paper","status":"publish","type":"post","link":"https:\/\/student.wp.odu.edu\/ptuni001\/2025\/04\/27\/career-paper-cybersecurity-as-a-social-science-in-security-research-and-reverse-engineeringcareer-paper\/","title":{"rendered":"Career Paper: Cybersecurity as a Social Science in Security Research and Reverse EngineeringCareer Paper:"},"content":{"rendered":"\n

Introduction<\/strong> <\/p>\n\n\n\n

Security researchers and reverse engineers do a lot more than write code or investigate malware. Their work depends just as much on understanding people as it does on understanding machines. Social science plays a huge role in their day-to-day, whether it\u2019s figuring out how users interact with software, how attackers manipulate people, or how information spreads across networks. This career paper connects what we\u2019ve learned in class, to the work that security researchers and reverse engineers do. It also looks at how their work affects society and marginalized communities, and the ethical decisions they must make. <\/p>\n\n\n\n

Human Behavior<\/strong> <\/p>\n\n\n\n

Security researchers regularly think about how people behave when using technology. Human-centered cybersecurity, covered in class, focuses on designing tools and systems that work with human behavior instead of against it. For example, a researcher might build a tool that alerts people to risky behavior, but if the alert is too confusing or annoying, users will just ignore it. So, researchers study usability and habits to make sure their tools actually help. <\/p>\n\n\n\n

Understanding social engineering is just as important. Adversaries often go after people or employees, not just systems, utilizing social engineering tactics like phishing, pretexting, and fake links. Researchers analyze these techniques to figure out what psychological tricks are being used. That way, they can train others and build defenses that make people less likely to fall for them. It\u2019s not just about knowing the attack but about understanding why it works on humans. <\/p>\n\n\n\n

Risk Perception<\/strong> <\/p>\n\n\n\n

Risk perception is another major concept. Not everyone sees cybersecurity risks the same way. A company executive might not care about a “low” threat even if it\u2019s technically serious. Meanwhile, a user might panic over something harmless. Security researchers have to explain risks in a way people understand. That means adjusting their language and approach based on who they\u2019re talking to. <\/p>\n\n\n\n

Attacker Motives<\/strong> <\/p>\n\n\n\n

Knowing why attackers do what they do helps security teams fight back. Some are in it for money, others for politics or revenge. Social science helps researchers spot patterns and predict attacker behavior. Understanding how threats spread, like through social media or email, involves looking at social networks and online behavior, not just code. <\/p>\n\n\n\n

Impact on Society<\/strong> <\/p>\n\n\n\n

Security work affects everyone, but not everyone gets the same level of protection. Marginalized communities, like seniors and others that don\u2019t have access to technology, often face greater risks and fewer resources. Research shows they\u2019re more likely to be targeted and less likely to be protected. A good amount of cybersecurity research doesn\u2019t include these groups, which is a problem. Security researchers who keep this in mind can make more inclusive tools and training. <\/p>\n\n\n\n

Ethics in Reverse Engineering<\/strong> <\/p>\n\n\n\n

Reverse engineering comes with big ethical responsibilities. Researchers have to make sure they\u2019re not breaking laws or violating people\u2019s privacy when analyzing malware or software. Even if the goal is good, they need to think about who might be harmed by their actions. That includes deciding when to share findings and how much detail to release. Often, it can be beneficial to hold off on releasing information on a vulnerability until a patch is already built for it. It\u2019s a constant balance between helping the public and not giving attackers more tools. <\/p>\n\n\n\n

Conclusion<\/strong> <\/p>\n\n\n\n

Security researchers and reverse engineers work in a field that\u2019s just as social as it is technical. From understanding human error and attacker behavior to designing better tools and thinking about ethics, their work connects closely with what we\u2019ve studied in this course. Social science helps them make better decisions, communicate clearly, and create more secure systems that protect everyone\u2014not just the most privileged users. As threats grow and tech evolves, it\u2019ll be even more important for cybersecurity pros to think like both engineers and social scientists. <\/p>\n\n\n\n

Works Cited<\/strong> <\/p>\n\n\n\n

Haney, J. (2023, September 28).\u202fNIST Unveils Newly Named Human-Centered Cybersecurity Program | NIST<\/em>. NIST. https:\/\/www.nist.gov\/blogs\/cybersecurity-insights\/nist-unveils-newly-named-human-centered-cybersecurity-program<\/a>  <\/p>\n\n\n\n

Chattopadhyay, A., Carvajal, R., Chaganti, V., & Venkatagiri, S. (2024, August). Where are marginalized communities in cybersecurity research?<\/em> Poster presented at the 2024 Symposium on Usable Privacy and Security (SOUPS), Philadelphia, PA. USENIX Association. https:\/\/www.usenix.org\/system\/files\/soups2024_poster56_abstract-chattopadhyay_final.pdf<\/a> <\/p>\n\n\n\n

\u200c <\/p>\n\n\n\n

Pfleeger, S. L., & Caputo, D. D. (2012). Leveraging behavioral science to mitigate cyber security risk. Computers & Security, 31(4), 597\u2013611. https:\/\/doi.org\/10.1016\/j.cose.2011.12.010 <\/p>\n","protected":false},"excerpt":{"rendered":"

Introduction  Security researchers and reverse engineers do a lot more than write code or investigate malware. Their work depends just as much on understanding people as it does on understanding machines. Social science plays a huge role in their day-to-day, … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":30342,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","wds_primary_category":4},"categories":[9,4],"tags":[],"_links":{"self":[{"href":"https:\/\/student.wp.odu.edu\/ptuni001\/wp-json\/wp\/v2\/posts\/108"}],"collection":[{"href":"https:\/\/student.wp.odu.edu\/ptuni001\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/student.wp.odu.edu\/ptuni001\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/student.wp.odu.edu\/ptuni001\/wp-json\/wp\/v2\/users\/30342"}],"replies":[{"embeddable":true,"href":"https:\/\/student.wp.odu.edu\/ptuni001\/wp-json\/wp\/v2\/comments?post=108"}],"version-history":[{"count":1,"href":"https:\/\/student.wp.odu.edu\/ptuni001\/wp-json\/wp\/v2\/posts\/108\/revisions"}],"predecessor-version":[{"id":109,"href":"https:\/\/student.wp.odu.edu\/ptuni001\/wp-json\/wp\/v2\/posts\/108\/revisions\/109"}],"wp:attachment":[{"href":"https:\/\/student.wp.odu.edu\/ptuni001\/wp-json\/wp\/v2\/media?parent=108"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/student.wp.odu.edu\/ptuni001\/wp-json\/wp\/v2\/categories?post=108"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/student.wp.odu.edu\/ptuni001\/wp-json\/wp\/v2\/tags?post=108"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}