As of December 2025, I recently obtained my PhD. in forensic psychology. You might be asking yourself, “why would someone in cybersecurity get a degree in forensic psychology?”
Great question.
This may come as a surprise, but there is a growing world in the psychology realm that focuses entirely on the role that the digital world plays in human psychology. The study of psychology in the cybersecurity space is known as “cyberpsychology”. This is a relatively recent term when compared to other terms in the realm of psychology, but it’s emerging at institutions at the undergraduate level as recently as this year. Cyberpsychology is slowly gaining awareness in the U.S., but it has a long way to go (hence the degree in forensic psychology instead!).
I am motivated by a desire to better understand those around me, and why they do what they do. I want to understand how all types of individuals think (I know, that’s a lofty goal!). Understanding how different kinds of people think helps us better coexist and collaborate with them. In the case of both ethical hackers and cybercriminals, identifying psychological patterns can be an important part of securing your assets. So, here we are.
Oftentimes, when someone hears the word “hacker”, their mind flashes to the Hollywood imagery of a loner in a basement in a black hoodie, hunched over a computer displaying long lines of code. As someone who works in cybersecurity and interacts with hackers every day, I can assure you that Hollywood has got it all wrong. The good hackers and the bad hackers have the same skills. The difference is their mindset or motivations. In this blog, I’m seeking to change public perceptions about hackers and challenge you to think differently about what hacking actually means and how it can positively or negatively impact people and organizations.
Of the participants, the most communicated motivation was the a stable, lucrative and personally rewarding career. They noted specifically the predictable income and long-term career growth that the industry offers. Additionally, participants cited the fact that cybersecurity issues are never going away; rather, the demand is increasing for skilled cybersecurity professionals, and will continue to do so, especially with the advancement of AI. If you want to attract knowledgeable and motivated ethical hackers to protect your team, it’s important to understand how these core career goals matter. When your organization offers clear career mapping, competitive compensation, perks like unlimited vacation and quality healthcare, you’ll reduce turnover in positions that require deep institutional knowledge. This also allows you to invest in long-term roles rather than relying solely on short-term contractors or reactive hiring. Additionally, when organizations that clearly communicate security as a core business rather than a financial burden, they are signaling to their employees that their unique skill set is valued and future proofed.
Beyond careers, moral reasoning was also a central factor that distinguished professional hackers from the malicious attackers. Participants communicated a clear ethical boundary, from stating the classic “treat others how you want to be treated”, to simply not wanting to commit a crime and go to prison.
Companies that have a strong moral backbone cultivate a security culture that attracts ethical security professionals. Organizations can reinforce moral alignments by establishing clear codes of conduct, ethical guidelines, encourage responsible disclosure, practice ethical decision-making, and showcase compliance with legal frameworks. Engaging in these efforts with reduce the likelihood of insider threats, as well as make employees feel confident in their organization and leadership teams.
The final theme was curiosity. Curiosity is an intrinsic motivation to understand how something works. Or, in the case of hackers, how it can be broken and then improved. In the sample study, curiosity was described by all as a lifelong trait that emerged early in childhood through experimentation with TVs, computers, video games, and other forms of technology. This was a way for the individual to engage in an intellectually stimulating activity that satisfied a deep desire to uncover the inner workings of a complex problem. In the world of professional hacking, individuals get to feed their curiosity every day. Not only is illegal hacking unethical, but it is also social isolating and removed a sense of collaboration and camaraderie amongst fellow hackers. Ethical hacking encourages continuous learning and peer engagement, which is evident with events such as DEF CON and RSAC. If you walk into IoT Village at DEF CON, you’re met with ethical hackers all around the world who are actively learning how to break and fix everything from lightbulbs you may have in your own home, all the way to industrial espresso machines.
To foster curiosity further within your organization, you need to create an environment in which creativity is encouraged and celebrated. You should encourage things like experimentation, even for ideas that may not necessarily be likely to succeed. Organizations that understand and support curiosity-driven individuals will benefit from more adaptive and forward-thinking security teams. When creativity is encouraged, your staff will be more likely to engage in continuous skill development, experiment with new tools and concepts, and potentially identify vulnerabilities sooner.
Understanding hacker psychology requires you to move beyond the Hollywood stereotypes and focus instead on the motivations that drive human behavior. By now, I hope I’ve made the case for why psychology needs to be a part of your security strategy, but here are a few more things to keep in mind before the end of the blog. This sample study found that ethical hackers are not defined solely by technical expertise. Rather, it is a combination of factors made up of practical needs, a moral compass, and intellectual curiosity. Organizations that recognize and intentionally support these motivations will be better at building high-quality security teams. Additionally, leaders who design security programs around an understanding of these human factors gain a considerable advantage compared to their competitors, as they are providing clear career paths, aligning company ethics to build trust, and fostering an environment in which curiosity thrives, which can lead to early threat detection for clients, and also fosters room for growth. As cyber threats continue to evolve, so must our understanding of those engaging in but also defending against these attacks. When we build programs around the psychological motivations of our teams and invest in human-centered efforts, we are doing more than reducing future risk. We’re building strong teams capable of protecting and defending critical assets, while also cultivating a space where ethical hackers are supported, challenged, and trusted.
Conducting a sample study with a variety of ethical hackers helped me better understand the people I work with every day. This was a personally rewarding process that taught me a lot about the world of ethical hacking, but also what absolute geniuses I get to work alongside every day. It also helped me nurture my own curiosity and further develop my own hacker mindset. But I’ve got good news for you…you can do this too! At ISE, we believe that adopting the hacker mindset leads to some of the most creative and meaningful solutions to not only security challenges, but to a wide range of business dilemmas. To learn more about the hacker mindset and how curiosity helps shape it, check out Inner Hacker, written by ISE’s Executive Ted Harrington.
Do you think that your systems can be made more secure by having ethical hackers take a crack at it? Let’s talk about it.