Entry 1
Review the NICE Workforce Framework. Are there certain areas that you would want to focus your career on? Explain which areas are most appealing to you and which are least appealing.
Workforce Framework for Cybersecurity (NICE Framework) | NICCS (cisa.gov)
The NICE Workforce Framework breaks cybersecurity into seven categories, each with unique roles. I’m most interested in the Protect and Defend and Investigate areas because they focus on hands-on work like detecting threats, responding to incidents, and performing digital forensics. I enjoy problem-solving and working directly with technology, so these roles feel exciting and challenging. On the other hand, the Oversee and Govern category is less appealing to me since it focuses more on compliance, policy, and management rather than technical work. While those roles are important, I prefer being on the front lines, actively identifying and responding to cybersecurity threats.
Entry 2
How does the principle of empiricism enhance the effectiveness of cybersecurity practices?
Reflect on how empirical data collection and analysis can help identify emerging threats, assess the effectiveness of current security measures, and guide the development of new strategies to protect information systems.
Empiricism makes cybersecurity more effective because it focuses on real evidence instead of assumptions. By collecting and analyzing data, security teams can spot patterns like unusual network traffic or suspicious login attempts that may point to new threats. Looking at this data also helps organizations see whether their current defenses are working—for example, how quickly they respond to incidents or how often vulnerabilities are being exploited. These insights take the guesswork out of decision-making and encourage constant improvement. By learning from past attacks and tracking ongoing trends, teams can build smarter, more practical strategies to protect information systems. In short, empiricism keeps cybersecurity grounded in reality and adaptable to changing risks.
Entry 3
Visit PrivacyRights.org to see the types of publicly available information about data breaches. How might researchers use this information to study breaches and forecast future data breach trends?
I visited PrivacyRights.org and explored the Data Breach Chronology, a powerful database compiling more than 75,000 publicly reported breach notifications across the U.S. since 2005. It offers rich detail, such as breach types (e.g., hacking, portable device loss), the kind of organizations affected (healthcare, financial services, education), the data exposed, when breaches occurred, and when they were reported. By converting fragmented government notifications into a standardized, searchable format, this resource empowers researchers to unravel patterns: temporal shifts in breach frequency, differences across sectors, reporting delays, and even the scale of individual breaches. Scholars could use this data to model trends like the prevailing dominance of hacking or rising incidents in healthcare, forecasting future risks, evaluating regulatory impact, or detecting emerging vulnerabilities. In short, the Data Breach Chronology turns scattered public disclosures into a consistent lens for understanding and anticipating threats, one that can inform strategic planning, policy development, and stronger privacy safeguards.
Entry 4
Review Maslow’s Hierarchy of Needs and explain how each level relates to your experiences with technology.
Give specific examples of how your digital experiences relate to each level of need.
Maslow’s Hierarchy of Needs really shows up in how I use technology every day. At the most basic level, my physiological needs are covered just by having electricity, Wi-Fi, and a working phone or laptop. For safety, I rely on things like two-factor authentication, strong passwords, and antivirus software to keep my information secure. My sense of belonging is met through group chats, social media, and online communities where I can stay close to friends and family. Esteem needs shows up when I earn online certifications or post accomplishments on LinkedIn, boosting my confidence. Finally, self-actualization happens when I use technology to learn new cybersecurity skills and push myself toward my career goals.
Entry 5
Review the articles linked with each individual motive in slide/page #3. Rank the motives from 1 to 8 as the motives that you think make the most sense (being 1) to the least sense (being 8). Explain why you rank each motive the way you rank it.
After reviewing the articles on individual motives for cybercrime, I ranked money first because financial gain is one of the clearest and most common drivers of hacking activity. The examples from HP and BitMart show how hackers can quickly profit from illegal actions, which makes this motive especially powerful. I placed political motives second, since hacktivist groups often coordinate large-scale attacks to advance ideological goals, which can be just as motivating as money. I ranked revenge third because emotional retaliation is a strong and personal motivator, particularly in cases like revenge porn. Recognition came fourth, as some hackers seek prestige or validation from peers or even from organizations they breach. Curiosity was fifth because many young or new hackers act simply to see if they can. Entertainment and boredom followed, since these seem less intentional than financial or ideological reasons. Finally, I ranked multiple reasons last because it represents a mix of motives rather than a single clear driver, making it weaker as a standalone explanation.
Entry 6
Can you spot three fake websites? [Refer Online Security Blogs, Public Awareness Sites, Academic Resources etc., and cite the source].
Compare the three fake websites to three real websites and highlight the features and similarities that identify each fake website as fraudulent.
Several well-documented fake websites demonstrate how fraudsters exploit trust online. For example, spoofed FBI complaint portals like icc3[.]live and ic3a[.]com mimic the legitimate FBI Internet Crime Complaint Center (ic3.gov), while ABCnews.com.co posed as the real ABCNews.com and National Report published fabricated news under the guise of a legitimate outlet. These fraudulent sites typically use deceptive domains, such as slight alterations or unfamiliar extensions, to appear authentic. They also copy the design, branding, and text of legitimate sites but may request sensitive personal information or payments, which genuine sites such as ic3.gov, ABCNews.com, and Snopes.com never do. Another telltale sign is their short lifespan and lack of institutional history, in contrast to the longstanding credibility of official domains. Together, these comparisons highlight that checking URLs, domain history, and information requests are critical steps in distinguishing fake websites from real ones.
Entry 7
Review the following photos through a human-centered cybersecurity framework. Create a meme for your favorite three, explaining what is going on in the individual’s or individuals’ mind(s).
Photo 1: Person using a VPN, most likely in a public place
Meme: “When you’re working at a café and forget that ‘free Wi-Fi’ also means free data for hackers.”
Explanation (Human-Centered Cybersecurity):
This meme highlights a common behavior where convenience trumps caution. The individual’s mindset is likely: “I just need to check a few emails — it’ll be fine.”
Human-centered cybersecurity examines how usability, environment, and human motivation (like convenience and productivity) influence security choices. Public Wi-Fi often feels harmless, but users underestimate the risks of unsecured networks. Designing more intuitive security prompts or automatic VPN connections could help align user goals with safer behavior.
Photo 2: A group of people jumping mid-air
Meme: “When you post your vacation pics in real-time… and your burglar says, ‘Perfect, they’re not home.’”
Explanation (Human-Centered Cybersecurity):
This represents oversharing on social media, a major privacy and security issue rooted in human emotion and social validation.
The people in the photo are likely thinking: “This is fun! Let’s share it now!” rather than, “This might reveal my location.”
Human-centered cybersecurity stresses understanding these psychological motivations. Rather than shaming users, systems and policies should encourage safer sharing practices, such as delayed posting options or reminders about location tagging risks.
Photo 3: Male programmer with multiple monitors
Meme: “Thinks he’s building the next big security app… forgets to lock his screen when he goes for coffee.”
Explanation (Human-Centered Cybersecurity):
Even cybersecurity professionals are human. The individual’s mindset might be: “I’ll be right back, no one will touch it.”
This meme shows how even experts are prone to human lapses like overconfidence, time pressure, or habit, all of which affect real-world security posture. Human-centered cybersecurity acknowledges that secure systems must accommodate human error through design, for example, auto-lock features, reminders, or physical security training that fits into workflow habits.
Entry 8
Watch this video and pay attention to the way that movies distort hackers.Scientists Rate 65 Scenes from Movies and TV | How Real Is It? | Insider – YouTube Links to an external site.https://www.youtube.com/embed/_ojA5OqOKYo?autoplay=1&rel=0&hl=en_US&fs=1
After watching the video, write a journal entry about how you think the media influences our understanding about cybersecurity.
After watching the video, I thought about how much movies and TV shows have shaped the way people see hackers. I know now that most of what we see on screen isn’t realistic, but at a younger age, I didn’t. Back then, I really believed hacking was all about typing super fast, breaking into systems in seconds, and seeing flashy codes and screens like in the movies. It looked exciting and cool, almost like a superpower.
As I got older and learned more about technology, I realized that cybersecurity is nothing like that. Real hacking takes time, patience, and skill. It’s about research, problem-solving, and understanding how systems actually work, not just smashing a keyboard. The media often makes it look simple and glamorous, but in reality, it’s a serious and complex field that requires a lot of knowledge and responsibility.
I think those unrealistic portrayals can give people the wrong impression, especially younger audiences like I once was. Now I understand how dangerous cyberattacks can really be, and I have more respect for the people who work to stop them instead of how “cool” it looked in the movies.
Entry 9
Watch this Video:
Social media and cybersecurityLinks to an external site.https://www.youtube.com/embed/Zbqo7MGVElw?autoplay=1&rel=0&hl=en_US&fs=1
Complete the Social Media Disorder scale Download Social Media Disorder scale
How did you score? What do you think about the items in the scale? Why do you think that different patterns are found across the world?
How did you score?
I answered “Yes” to 4 out of the 9 questions, which places me in the risky usage category. This means that while my social media habits are not necessarily a serious problem, they do have the potential to become unhealthy if I’m not mindful about how much time I spend online or why I use it.
What do you think about the items in the scale?
I think the items in the Social Media Disorder Scale are very accurate and relatable. They touch on some of the most common issues people face today, like losing time, neglecting responsibilities, or using social media as an emotional escape. The questions really make you think about your habits and the reasons behind them. I also appreciate that it’s based on the DSM model, because it helps highlight how social media behaviors can parallel other forms of addiction or dependency, even though most people don’t think of it that way.
Why do you think that different patterns are found across the world?
Different patterns of social media use are found across the world because people’s lifestyles, cultures, and access to technology vary so much. In some countries, social media is a main source of news, connection, and even income, while in others it’s more of a casual form of entertainment. Cultural values also play a role. Some societies emphasize face-to-face relationships more, while others are more digitally connected. Economic factors, age demographics, and even government regulations can influence how people use social media and how dependent they become on it. Overall, social media habits reflect a mix of personal, cultural, and environmental influences that differ from place to place.
Entry 10
Read this and write a journal entry summarizing your response to the article on social cybersecurity
https://www.sciencedirect.com/science/article/pii/S2451958825000831Links to an external site.
After reading the article “A Survey of Social Cybersecurity: Techniques for Attack Detection, Evaluations, Challenges, and Future Prospects” by Mulahuwaish et al. (2025), I gained a better understanding of how cybersecurity extends beyond technology to include human and social behavior. The authors explain that social cybersecurity focuses on protecting people and online communities from threats like misinformation, cyberbullying, and manipulation. What stood out to me most was how attackers now exploit emotions and trust rather than just technical flaws. I also found it interesting that the article highlights the importance of machine learning and data analysis in detecting these social attacks, though the lack of accessible data remains a major challenge. Overall, this article made me realize that true cybersecurity requires not only technical defenses but also awareness of human behavior and social influence. It’s a field that combines technology, psychology, and ethics in a fascinating way.
Entry 11
Watch this video. As you watch the videohttps://www.youtube.com/watch?v=iYtmuHbhmS0Links to an external site., think about how the description of the cybersecurity analyst job relates to social behaviors. Write a paragraph describing social themes that arise in the presentation.
After watching the video about what a cybersecurity analyst does, I noticed that the job isn’t just about technology, it’s deeply connected to social behavior. Cybersecurity analysts need strong communication and teamwork skills because they constantly interact with coworkers, managers, and clients to explain security threats in ways everyone can understand. Trust is another major theme; people rely on analysts to protect sensitive information, so their credibility and professionalism are essential. The video also highlights how collaboration and networking play big roles in the field, as staying connected helps analysts keep up with evolving threats. Finally, I realized that cybersecurity analysts often work under pressure, balancing technical tasks with human relationships. The social side of the job, how analysts communicate, build trust, and handle stress, can be just as important as the technical side.
Entry 12
Read this https://dojmt.gov/wp-content/uploads/Glasswasherparts.com_.pdfLinks to an external site. sample breach letter “SAMPLE DATA BREACH NOTIFICATION” and describe how two different economics theories and two different psychological social sciences theories relate to the letter.
The “Sample Data Breach Notification” letter from GlassWasherParts.com shows how economics and psychology both play a huge role in cybersecurity decisions. From an economic perspective, one theory that connects here is the cost-benefit theory. The company likely weighed the costs of sending out the notification (like legal expenses and customer concern) against the potential costs of staying silent, such as losing customer trust or facing lawsuits. Notifying customers and being transparent was probably the most cost-effective way to protect their reputation and reduce future losses.
Another relevant economic theory is information asymmetry. Before the company disclosed the breach, it had more information than the customers. That imbalance can harm consumers, especially if they’re unaware their data might be at risk. By sending out this letter, the company reduced that gap and gave customers a fair chance to protect themselves.
From a psychological and social science standpoint, trust and reputation theory definitely applies. A data breach damages trust between a company and its customers. This letter’s tone is apologetic, reassuring, and informative which shows the company’s effort to rebuild that relationship and maintain credibility.
Finally, risk perception theory fits too. People react differently to threats depending on how serious they think the risk is. The company carefully worded the letter to reassure readers (“we are unaware of any actual misuse”) while still encouraging them to stay alert. This helps control panic and shapes how customers respond to the situation.
Overall, the letter isn’t just a formality; it’s a mix of smart economic reasoning and psychological understanding. The company’s goal was to protect its bottom line and its relationship with customers.
Entry 13
A later module addresses cybersecurity policy through a social science framework. At this point, attention can be drawn to one type of policy, known as bug bounty policies. These policies pay individuals for identifying vulnerabilities in a company’s cyber infrastructure. To identify the vulnerabilities, ethical hackers are invited to try explore the cyber infrastructure using their penetration testing skills. The policies relate to economics in that they are based on cost/benefits principles. Read this article https://academic.oup.com/cybersecurity/article/7/1/tyab007/6168453?login=trueLinks to an external site. and write a summary reaction to the use of the policies in your journal. Focus primarily on the literature review and the discussion of the findings.
The article “Hacking for Good: Leveraging HackerOne Data to Develop an Economic Model of Bug Bounties” by Sridhar and Ng (2021) explores how bug bounty programs (BBPs) work from both an economic and social science perspective. These programs invite ethical hackers to find vulnerabilities in exchange for rewards, creating a kind of open market for discovering and fixing security issues.
In the literature review, the authors explain that BBPs are essentially a crowdsourcing tool for cybersecurity. Instead of relying only on in-house teams, companies can tap into a global community of ethical hackers. This not only increases the number of eyes searching for vulnerabilities but can also be more cost-effective. The review also highlights that researchers are motivated by more than just money, but recognition, community status, and curiosity play big roles too. Another key point is that while bug bounty programs are becoming more common, many organizations still don’t have clear vulnerability disclosure policies, which can discourage participation from ethical hackers.
In the discussion of findings, the authors used real data from the HackerOne platform to understand how these programs actually perform. They found that increasing monetary rewards doesn’t necessarily lead to a huge increase in valid vulnerability reports, meaning most ethical hackers aren’t just chasing the biggest payouts. The study also showed that program effectiveness tends to decline over time as the easiest bugs get fixed, but expanding the program’s scope can help keep results strong. Interestingly, company size or reputation didn’t significantly affect how many vulnerabilities were found, suggesting that even smaller organizations can benefit from running bug bounty programs.
My Reaction:
What stood out to me most was how the study blends economics and human behavior. The idea that money isn’t the only motivator really aligns with what I’ve seen in cybersecurity communities. Many ethical hackers genuinely enjoy the challenge and take pride in helping secure systems. I also liked that the authors pointed out the “age effect,” meaning that bug bounty programs can lose effectiveness over time unless they’re actively maintained and expanded. That’s a good reminder that cybersecurity policies can’t just be one-time fixes; they have to evolve.
Overall, this article made me think about how bug bounty programs are more than just financial incentives; they represent a balance between economics, trust, and collaboration. They show how social and psychological factors, like recognition and curiosity, can be just as powerful as financial ones when it comes to keeping systems secure.
Entry 14
Andriy Slynchuk has described eleven things Internet users do that may be illegal. Review what the author says and write a paragraph describing the five most serious violations and why you think those offenses are serious.
After reading Andriy Slynchuk’s list of eleven common online mis-steps, I believe the five most serious violations are: sharing someone else’s passwords/addresses/photos without consent, bullying and trolling, faking your identity online, collecting information about kids under 13, and conducting illegal searches or accessing illegal content. These jump out because they can have immediate and lasting impacts on people. Sharing another person’s data can expose them to stalking or identity theft, while cyberbullying leaves emotional scars that may not fade with time. Impersonating someone else online often leads to fraud or manipulation. Gathering data on children breaches laws designed to protect them and puts them at real risk. And illegal searches may seem harmless, but they can lead to criminal investigations or serious consequences. It’s not about being perfect online, it’s about being aware of how quickly a seemingly small click or share can cross a legal or ethical line.
Entry 15
https://www.youtube.com/watch?v=YWGZ12ohMJU Watch this video and describe, What ethical questions did the presentation raise for you? How do you think society should address these ethical concerns?
After watching the presentation, the biggest ethical concern that stood out to me was how easily AI can now distort reality. It’s unsettling to realize that audio or video of someone, even of ourselves, can be fabricated well enough to fool friends, family, employers, or even courts. This raises serious questions about privacy, consent, and trust. If anyone can be impersonated, what does “truth” even mean anymore? I also worry about how criminals can misuse these tools to scam vulnerable people. I think society needs stronger regulations, better verification tools, and more public education so people understand how to protect themselves. Most importantly, we need ethical guidelines and accountability for the companies building these technologies, because without guardrails, the harm could easily outweigh the benefits.