Review the NICE Workforce Framework. Are there certain areas that you would want to focus your career on? Explain which areas would appeal the most to you and which would appeal the least.

Secure Software Development seems like the best option for me since it seems like the most familiar and interesting one. As someone who likes to develop web applications as a hobby, this role seems very close to that. I’m fairly knowledgeable about important coding principles, data structures and logic, and the ability to quickly learn new concepts by reading documentation. These could easily carry over to such a role like this. What I like about this role is the feeling of creating something tangible. I’m able to see the immediate result of something like a vulnerability being fixed, or the software simply running smoothly. Another positive aspect about the role that I envision, is the pride in seeing many people use the software, that I wrote, while also feeling safe.

The least appealing option seems like Cybersecurity Workforce Management. A lot of the mentioned tasks require dealing with people. Examples include, “Allocate and distribute human capital assets”, “develop recruiting, hiring, and retention processes”, and “establish waiver processes for cybersecurity career field entry and training qualification requirements”. I’m way more interested in the technical details of cybersecurity as a technology rather than the workers involved with the field. Its a job that requires an understanding and interest in human psychology in the context of jobs, and also leadership skills, aspects that aren’t my strong suit. Also its a job that seems to create rules that serve as the basis for firing a worker or rejecting a candidate. As someone more likely to be on the other end of this job, I’d feel guilty losing someone their job.

Explain how the principles of science relate to cybersecurity.

Relativism

In some way or another, every industry works with valuable and sensitive data on the internet. This makes this data vulnerable to hackers. Thus, they all must rely on the same cybersecurity principles to protect their data. Since nearly every industry relies on cybersecurity, everything is related to each other by the fact that they all have data that needs to be protected by the work of cybersecurity professionals.

Objectivity

Cybersecurity professionals must act objectively when doing research. The goal of research is to simply gain knowledge, not share an opinion. One barrier they must overcome is to avoid making value judgements, which is a judgement of whether something is good or bad, because such judgements may influence them to make false conclusions. Instead of being driven by facts, value judgements are driven by feelings. Feelings do not change whether something is true or false. Only the client who hires the professional is able to make such judgements. They determine what needs the most protection and what doesn’t. The professional only can determine what is the best way to enforce those protections.

Parsimony

This principle is the most important for the sharing of domain knowledge. In order to inform others of the latest cybersecurity knowledge, cybersecurity professionals must explain the concepts as simple as possible to each other. Without this, the field of cybersecurity may never advance, since advancements are only possible if everyone understands the concepts behind it so that they can collaborate to create something new. After all, it is a race against time with hackers and if such advancements in knowledge are inaccessible to the researchers behind particular systems, then those hackers may be able to take advantage of those systems before the new knowledge is understood and applied.

Empiricism

Empiricism is the principle is that true knowledge can only be verified by one’s senses. Cybersecurity professionals must make decisions based on empirical knowledge since sensitive data and potentially lots of money are at risk. By doing the opposite – making decisions based on assumptions or guesses – these blindspots in knowledge are left open for hackers to take advantage of. This principle leads professionals to ask themselves whether or not their protections are actually effective or not, and to measure their effectiveness in order to verify their practices are objectively safe.

Skepticism

An important principle in cybersecurity is to always remain skeptical toward all knowledge. For if there is one important skill that a hacker relies on, its manipulation. Manipulation can only be countered with skepticism. For instance, hackers rely on scams to trick people into inadvertently exposing their sensitive data. The target or professional must be skeptical towards the contents of the scam before taking action. This ensures that the user takes an action that won’t activate the hacker’s trap, and instead they may recognize it as a scam.

Ethical Neutrality

This principle is important for getting cybersecurity professionals to be mindful of and reduce harm when conducting their work, while still being objective of course. Ethical neutrality is what separates cybersecurity professionals from hackers. Such professionals have an obligation to protect the rights of individuals by protecting their data. Hackers, on the other hand, act without ethical neutrality when they steal data, since they violate the code of ethics that the professionals follow.

Determinism

Determinism states that all events are the product of prior events. Cybersecurity professionals use this principle in order to create models that allow them to predict future threats. There are many different types of attacks hackers use, and they also depend upon the context in which they are used. Using this principle, professionals must pay attention to warning signs of these attacks in order to be able to anticipate them. For instance, if the potential victim is a political organization, then the hackers might have an ideological issue with the organization. Possibly, they are just trying to send a message. Thus, the professional must enforce extra protections on the live broadcasting systems.

The organization that owns the website is a non-profit that was formed in 1992. It’s goal is to ensure privacy for everyone’s data by informing people of their relevant rights, policies, and how to access information. Their site summarizes complex data privacy laws and tells us what we can do to protect our information. Thus, it can tell researchers how they can use such laws to their advantage. Specifically, it tells them how they can be notified of a data breach. Some states have laws that require them to notify people, that their data has been breached, by mail. The site also tells them the best way they can react to a data breach to minimize harm caused by the hackers. For instance, it mentions that companies offer credit card and identity theft monitoring for customers. Overall, the site assumes the user may have a data breach in the future and explains how they can be prepared for one.

Citation:

An on-the-ground look at consumer impacts of data breaches: Speech at the National Academies of Sciences Forum. Privacy Rights Clearinghouse. (n.d.). https://privacyrights.org/resources/ground-look-consumer-impacts-data-breaches-speech-national-academies-sciences-forum

Digital technology allows us to fulfill our physiological needs in the form of applications and platforms. They can provide important information about nutrition like nutrition.gov, which helps Americans make sure they get the vitamins and nutrients they need to survive. They can also help in finding the nearest restaurants, grocery stores, food banks, or homeless shelters. Food delivery apps like DoorDash allow us to deliver food from far away places.

Digital technology offers passwords to protect our information and means to access and use money online. Another way it offers safety is through consumer surveillance systems. I use blink cameras along with the blink app, which alerts to tell me who is at the front door or backyard of my house.

Messaging applications like Discord, Apple messages, Zoom, and Gmail allow us to communicate with friends and family from anywhere in the world. They ultimately bring us closer, despite us being far away.

Social media platforms lets us fulfill our esteem needs by giving us the ability to express our selves. They allow us to express our opinions and talents. They also allow others to respond and like our comments, which can make us feel valued.

Self-actualization is the process of becoming self-fulfilled, which can be achieved by striving for personal goals. Through digital technology, actualization can be achieved using productivity apps like Todoist, Google Calendar, and Notion to keep track of my goals. Teletherapy services that allow me to speak to therapists who can help me remove mental roadblocks that prevent me from achieving my goals.

Individual motives for cybercrimes ranked most likely to least likely, from 1 to 7:

1. Multiple Reasons – In the field of criminology, there is never a single reason for someone to commit a crime. Humans are way too complex and multi-dimensional to only have one reason to do any behavior, let alone a crime. Maslow’s Hierarchy of Needs model shows this, as it states that we have five types of needs, or motives that drive us to do things. We have multiple reasons for doing something because its essential to our survival that we cover as many of our needs as we can.
   
2. Boredom – I believe cybercrime mostly stems from this emotion. Boredom is an emotion that drives all of us to do activities that make us feel less bored. I got into my hobbies, like programming, because of boredom. For others, boredom caused them to commit cybercrimes, which is not something that anyone can easily do. It requires them to learn a lot of difficult, dry, and inaccessible technical knowledge. So for something to want to learn something like this, they probably were really bored.
   
3. Entertainment – This motive is a subset of the boredom motive because we engage in entertainment to avoid the boredom in our lives.
   
4. Money – Money is something we all need to survive and to buy the things that we want. So it makes sense why it would be a motive for hackers. While most people and my classmates would say money would be the number one motive for hackers, I don’t fully agree. I might be wrong about this, but I believe that Cybercriminals know that hacking is an unstable way to make money, since there is always a risk of getting caught. With the skills that they have, they know it’s much easier and safer to attain money through a tech job, maybe in the cybersecurity field, but of course, they’ll still do hacking on the side. So since they could easily attain money from a normal job, I don’t believe it would be the highest motivator. I placed this motive and the ones above it at the top of this list because they are all common to the human experience. Not everyone is motivated by the bottom three.
   
5. Political – This kind of motive is held by those who have strong political beliefs, and want to enforce those beliefs through cybercrimes. I placed this lower in the list since not everyone has a strong belief in an ideology. Politically-driven cybercrimes usually occur in international conflicts between opposing countries. For instance, countries like Russia and China are constantly committing cybercrimes on American systems. This motive is also held by individuals who are dissatisfied with the state of their country.
   
6. Revenge – I believe this isn’t a common motive for cybercrime simply because of the fact that it is personal; There’s a risk of the hacker exposing their identity by retaliating, and of course the risk of the victim retaliating. If the victim remembers the person that they slighted in the past and the details of the attack, then the victim may know who attacked them and why. Then the victim may expose the hacker’s identity to the law enforcement, or inflict cybercrimes back onto the hacker.
   
7. Recognition – Although there have been some notable cases of recognition being a motive, this is probably the rarest motive because it is the riskiest. By doing cybercrimes out of recognition, the hacker is putting a target on their back, causing law enforcement to focus on catching them. Hackers must be hidden to get away with a cybercrime, and by trying to gain recognition, they are doing the opposite.