Abstract
Thesis Project Portfolio
Applied Technology and Security Assessments in Real Business Environments
(Technical Report)
Constructing Security: A Sociotechnical Analysis of Digital Authentication
(STS Research Paper)
An Undergraduate Thesis
Presented to the Faculty of the School of Engineering and Applied Science
University of Virginia • Charlottesville, Virginia
In Fulfillment of the Requirements for the Degree
Bachelor of Science, School of Engineering
Kevin Joseph Jelinek
Spring, 2026
Department of Computer Science
Table of Contents
Sociotechnical Synthesis
Applied Technology and Security Assessments in Real Business Environments
Constructing Security: A Sociotechnical Analysis of Digital Authentication
Prospectus
Sociotechnical Synthesis
My technical project aimed to evaluate how modern cyber security standards are
practically handled by real companies. The goal was to identify if there were any common
shortcomings in the implementation of these standards and what items might have led to them.
My STS paper was about the application of the “Social Construction of Technology” to digital
authentication throughout history. Both of these projects ultimately showed that cybersecurity,
while deeply rooted in technical specifications, is a deeply human centered ecosystem. Together,
these projects demonstrated that many cybersecurity vulnerabilities emerge from the tension
between the technical security requirement and human needs.
Going into my technical research project, I expected to find technical exploits but instead
I saw far more issues emerge due to organizational factors. The H-TEC Solutions findings were
due to common service misconfigurations. The SVS findings resided in an old, but running,
intern project that left hardcoded credentials in a repository. Additionally, there were once again
misconfigurations in the related image upload mechanism. Both case studies showed major
companies failing to properly monitor authentication and credential systems. These findings
were almost all largely nontechnical in nature. They resulted from factors like a lack of oversight
or monitoring, time pressures, forgotten systems, and more. Ultimately, the technical paper
showed, in the most direct way, that real organizational security failures come largely from
nontechnical factors.
My STS research paper was directly inspired by the finding of the technical paper. It was
clear that human factors were deeply rooted in the application of cybersecurity systems, but I felt
it was necessary to additionally examine how human factors played into the development of said
technology. Digital authentication systems have a long history of development, but I found that
sociotechnically the systems that survived were ultimately guided by sociotechnical pressures of
the involved parties. Specifically, I observed a longstanding pattern of successful technologies
effectively managing the tradeoffs between usability and security. This pattern applied from the
very first password schemes all the way through modern Multi Factor Authentication schemes.
What varied over time was the social groups involved. In the early days of digital authentication,
systems had smaller user bases and more intrinsic trust. As time went on, and technological
adoption became commonplace, systems needed to support ever increasing numbers of users
while paying attention to each social group's needs.
On a higher level, the pattern of compromise between security and convenience applied
both to the development of digital authentication technologies and their implementations. The
password paradigm in digital authentication always had flaws like password reuse and reliance
on human memory, but it persisted because people found it convenient. Similarly, when
implementing the middle layer between an application and its database, it can be very convenient
to simply hard code critical information for testing, but it runs the risk of being forgotten about
and leaving a sitting vulnerability in a real system. Ultimately, the combination of these two
papers shows that going forward, it is critical to design both our technologies, and
implementation plans, with respect to not just technical specifications, but also the humans that
will be involved.
