Career Paper

April 22, 2025 agran029 Article Review/Papers

Aria Grant

CYSE 201S

Professor Trinity Woodbury

April 28, 2025

Career Paper: Cybersecurity Engineer

Cybersecurity engineers are the forefront of defense and information security in both the private and public sectors. These individuals set the standards and training required to ensure information security within the organization. They are often tasked with the creation, implementation, and enforcement of cybersecurity training within organizations. This training is often lead by the security mindset of the engineer, which has been described by some professionals “… in terms of three interlocking habitual mental processes: un-conscious monitoring for anomalies and potential threats, deliberate investigating of systems to identify security flaws, and evaluating the relative risks of those flaws once discovered.” (Schoenmakers et al., 2023). This mindset is translated into training grounded within the psychological principle that human errors and behavior are the cause of the majority of cybersecurity incidents. The way individual engineers may determine to do their training and other job functions are partially determined by where they are located in the world. Due to social forces, mainly wealth and wealth disparity, engineers may have differing tools to work with. Wealthier nations will more commonly have more advanced and robust networks that are more available and able to respond to incidents. Nations that are not as wealthy and the cybersecurity engineers within them will not have access to the same advanced networks, tools, and security available as those in wealthier nations. This was specifically noted in a study published in 2018 regarding the cybersecurity incident responses within the Ecuadorian financial sector finding similar results to a similar study conducted within the United States, “The four biggest barriers to ensure information security in the US financial sector are: increasing sophistication of threats, emerging technologies, lack of sufficient budget, and lack of visibility. In Ecuador, our respondents report that the major internal barriers to respond to security incidents are: small size of their security teams (which can be linked to budget), lack of visibility, inadequate internal coordination, technology updating, lack of training, and lack of awareness.” (Catota et al., 2018). These barriers cause increased security opportunities due to the lack the tools, resources, and education available. Cybersecurity engineers are additionally responsible for informing, training, and the continuance of social cybersecurity. Social cybersecurity is an emerging area primarily focused utilizing social science techniques to properly identify, counter, and measure changes within human behavior. This is primarily due to the increased relevance and frequency of social engineering as a means of obtaining private data. Social engineering is the act of purposefully manipulating or deceiving a victim through psychological manipulation to gain access to a computer system or sensitive information. A recent study in 2023 found that, “…the frequency and severity of losses depend on the business sector and type of cyber threat: the most significant cyber loss event categories, by number of events, were related to data breaches and the unauthorized disclosure of data, while cyber extortion, phishing, spoofing, and other social engineering practices showed substantial growth rates.” (Shevchenko et al., 2023). The increase in social engineering is an important role and focus within modern cybersecurity practices due to the increase in both quantity and quality of social engineering attempts. Cybersecurity engineers are the leaders and first line of defense for cybersecurity operations within organizations. They infer their knowledge, experiences, and tools available to create the best security policy for each organization to follow in order to ensure technological and informational security.

References

Catota, F. E., Morgan, M. G., & Sicker, D. C. (2018). Cybersecurity incident response capabilities in the Ecuadorian financial sector. Journal of Cybersecurity, 4(1). https://doi.org/10.1093/cybsec/tyy002

Schoenmakers, K., Greene, D., Stutterheim, S., Lin, H., & Palmer, M. J. (2023). The security mindset: characteristics, development, and consequences. Journal of Cybersecurity, 9(1). https://doi.org/10.1093/cybsec/tyad010

Shevchenko, P. V., Jang, J., Malavasi, M., Peters, G. W., Sofronov, G., & Trück, S. (2023). The nature of losses from cyber-related events: risk categories and business sectors. Journal of Cybersecurity, 9(1). https://doi.org/10.1093/cybsec/tyac016

Journal Entry #11

April 15, 2025April 15, 2025 agran029 Journal Entry

Cybersecurity analysts jobs are very closely intertwined with social behaviors. Communication is a necessity and a cybersecurity analyst could not do their job without communication. Additionally, cooperation is key. Without all of its parts, a machine cannot run properly, the same is true in cybersecurity settings. Even if it is seen as an entry level position, a cybersecurity analyst, is as important as the Cybersecurity director. Creating the correct workplace culture is also imperative to an easier cybersecurity analyst job and workload. Fostering a learning environment for those not within cybersecurity creates an environment where people want to learn and lessens incidents.

Article Review #2

April 15, 2025April 15, 2025 agran029 Article Review/Papers

Aria Grant CYSE 201S

Professor Trinity Woodbury

4 April 2025

Article Review: “Prevalence and Trends of Depression among Cyberbullied Adolescents – Youth Risk Behavior Survey, United States, 2011-2019”

The study utilized the research to answer the questions of whether adolescents who cyberbullied display increased prevalence or trends towards depression, and how that data compares to other adolescent individuals who are not cyberbullied. They further separated these groups based on biological sex and race/ethnicity to understand if any variations can be seen with these categorizations. The study is related heavily to psychology due to the question specifying depression as a mental illness to focus on. Psychology helps to explain how depression exists, how it varies from adolescent to adult, and patterns in depression diagnosis over the years of studies. Additionally, sociology is another important factor within this study that specializes in why bullying as a whole takes place, the reasons cyberbullying is more prevalent than physical or in-person bullying, and the reasons why any bullying happens at all. The study utilized CDC data from 2011 to 2019 to ‘produce a nationally representative sample of students in grades 9-12.’ (Nicholson et al., 2023) The schools were selected from a list that remained proportional to each school’s enrollment, which resulted in a ‘71% response rate, with a sample size of 70,923.’ (Nicholson et al., 2023) The researchers further utilized CDC guidelines to parse through the information received from the participants to ensure that the numbers would remain consistent. Marginalized groups were individually accounted for when utilizing these methods from the CDC and showed trends for each group. This research is extremely essential because of the increased use that social media has seen over the years and how this may affect adolescents, specifically with depression. Understanding how adolescents have been affected by cyberbullying that has become more prolific within the past decade. Adolescents’ perception of online spaces is an important influence on how they will interact in online spaces. Just the feeling of being unsafe increases the chances of being victimized in online spaces. This dynamic takes greater effect when additionally analyzing the way individuals understate or do not understand how differently individuals can act in online spaces compared to real-life situations, creating a paradigm in which individuals feel comfortable until they are victimized. This study provides an important foundation for further research to be conducted upon in regards to the effects and trends of cyberbullying.

References

Nicholson, Jason, et al. “Prevalence and Trends of Depression among Cyberbullied Adolescents – Youth Risk Behavior Survey, United States, 2011 – 2019 .” International Journal of Cybersecurity Intelligence and Cybercrime, vol. 6, no. 1, 31 Mar. 2023, https://doi.org/10.52306/znrr2381.

Week 10 | Discussion Board

April 15, 2025April 15, 2025 agran029 Discussion Board

I believe that one of the largest reasons for individuals not reporting cybercrime is the evident lack of prosecution and punishment. This can be directly seen with the enforcement rate of cybercrime. Of the reported cybercrime incidents, it is estimated that only 0.31% were enforced with the rule of law. However, the estimated rate of cybercrime incident reporting is around one in six, meaning that the effective estimate for cybercrime enforcement is closer to 0.05% (Eoyang et al., 2018). This makes nearly all cybercrime effectively decriminalized, if there is an almost zero chance of repercussions, then there is no point there fighting it. Another reason could be social impact, such as feeling shamed or less than for being victimized. This could be seen in certain instances, such as a social media account being taken over, having explicit images being used as leverage, or just general embarrassment from being victimized. One final reason for individuals not reporting cybercrime could be fear of backlash from the perpetrator, especially if something of importance or sensitivity is being used as leverage. Individuals may decide for themselves that involving the proper authorities is not worth the risk of tarnishing a person’s reputation and social standing.

Eoyang, M., Peters, A., Mehta, I., & Gaskew, B. (2018). To Catch a Hacker: Toward a comprehensive strategy to identify, pursue, and punish malicious cyber actors. In Third Way (p. 7). https://thirdway.imgix.net/pdfs/override/To_Catch_A_Hacker_Report.pdf

Week 8 | Discussion Board

April 15, 2025April 15, 2025 agran029 Discussion Board

The first research question that researchers may address is the impact and evolution of social engineering within cybersecurity spaces. With the increase of social engineering, there has been a noticeable shift in the public’s attitude towards unknown numbers, senders, or others alike. An environment of innate distrust in many spaces, especially in the digital landscape. This distrust has also leaked into other areas of public interest due to the ways in which social engineering is commonly performed, such as impersonation, phishing, and false authentication. Social engineering has also changed the cybersecurity landscape because you cannot have complete security without ensuring proper training for all individuals. Another possible research question is how the advancement of cybersecurity and the increased reliance on technology have changed how warfare is fought. Countries have long understood that crippling infrastructure is critical in stopping an adversary, with the advance of technology and cybersecurity they can now cripple infrastructure without risking their soldiers safety. Adversaries could bring down power grids, take down internet access, or even gain access to dams and their flow of water. This has created an entire new field of warfare that all countries must participate in if they want a chance of succeeding.

Week 7 | Discussion Board

April 15, 2025April 15, 2025 agran029 Discussion Board

Reuben Paul has immersed himself fully within the cybersecurity culture by always staying up to date and participating in larger, community events such as conferences. He made the point in multiple ways that you are way more vulnerable than people realize. Public Wi-Fi, shoddy infrastructure, and poor design all make a cybercriminal’s job easier. Anonymity also plays a larger role because many people can find solace hiding behind a screen by allowing some so disconnect the direct line of action from the victim(s), which also plays into the cyberbullying that has exploded as technology has become more accessible.

Week 6 | Discussion Board

April 15, 2025April 15, 2025 agran029 Discussion Board

The human firewall is something that I have heard many times in many different ways. Human firewalls, the education and training of individuals about current cyber threats and ways to not be taken advantage of, are among the most important things. Individuals are much too easy to coax information out of with the right mix of anonymity, wording, and perceived authority. My current employer has bi-weekly information about phishing attempts that have been spotted and caught so that all employees are aware of anything new that may be going on.

Week 5 | Discussion Board

April 15, 2025April 15, 2025 agran029 Discussion Board

The two theories that explain cybercrime the most are the Psychodynamic theory and Behavioral Theory. The psychodynamic theory states that early experiences can influence behavior throughout life. These experiences tend to be more jarring or have noticeable long-term effects, such as being relentlessly cyberbullied or being exposed to adult materials at a much too young age. As someone who has had some more standout things happen in my childhood, I could understand how it could drive individuals in certain directions. The behavioral theories state that these behaviors or ideas are learned from those around us, such as family, school, peers, media, or well-known figures. If all individuals surrounding you were stating the same ideological things, you are bound to question if you are truly wrong because of not being in the in-group.

Week 4 | Discussion Board

April 15, 2025April 15, 2025 agran029 Discussion Board

Victim precipitation, which looks at what actions victims took that may have led to their victimization, can be seen in many ways within the cyber world. A victim’s actions of clicking phishing links, visiting unsecured websites, and downloading harmful files, believing they are good. Additionally, a victim within cyberspace does not need to be actively doing things to be engaging in victim precipitation. Victims of cyber-based victimization can passively precipitate through inaction, like not updating devices regularly or using old and outdated devices that were broken years ago.

Week 3 | Discussion Board

April 15, 2025April 15, 2025 agran029 Discussion Board

One of the simplest and most effective ways to increase security with the human aspect of organizations is frequent, repeated security training. This can make an impactful difference due to a more cyber-aware workforce being less likely to be susceptible to otherwise without the training. Additionally, it is very cost-effective and not resource-heavy. A different method with phishing simulations can also be useful. In many workplaces now it is common to get regular emails from within the company poised as a phishing email and links. This can help provide more immediate results and work on the training more personally for those caught. One other way to reduce errors and improve security could be implementing least privilege access. Regularly going through the privileges of individuals and removing ones that are unnecessary can help improve security by limiting what those accounts are capable of. This creates an environment where if a security event were to happen and an account is compromised, it is more likely that the account does not have the privileges needed or wanted by an attacker. Other ways of improving the security could include strong password rules, multifactor authentication, and by creating a security policy that everyone can understand.