Cyber Security and the Social Sciences
Journal Entries
Austin Hildenbrand
Professor: Dr. Yalpi
1/23/2025
Prompt – Review the NICE Workforce Framework. Are there certain areas that you would want to focus your career on? Explain which areas would appeal the most to you and which would appeal the least.
The NICE Workforce Framework focuses on seven broad categories in the cyber domain, including:
- Secure Provision (SP): Focused on designing, building, and implementing secure systems and architecture.
- Operate and Maintain (OM): Ensures systems and networks remain secure and operational.
- Protect and Defend (PR): Detects, analyzes, and responds to threats and attacks.
- Analyze (AN): Investigates cybersecurity events and threats.
- Collect and Operate (CO): Performs specialized collection and operations using technical capabilities.
- Investigate (IN): Analyzes cyber incidents to gather evidence and identify malicious activities.
- Oversee and Govern (OV): Focuses on management, compliance, and policy roles.
I have a specific plan I wish to follow involving my career and the NICE Workforce Framework. I want to start my career in a government role, in which I focus on the grunt work of Protection and Defense of a system or operation. I think this would be a great start to my career, because I am able to learn the technical issues a system faces and how to resolve the issues. Later, in my career, I want to shift into a Govern and Oversee role. I want to start a pen testing business that works with private sector companies and incorporates government contracts. This is my end goal. I want to be my own boss and help others find vulnerabilities in their systems / operations.
1/30/2025
Prompt – Explain how the principles of science [Empiricism, Determinism, Parsimony, Objectivity etc.,] relate to cyber security?
Cyber security, much like science, seeks to establish a structured understanding of complex topics to predict, prevent, and mitigate threats in an evolving digital landscape. The principles of science are used from a cyber security perspective because of the approach that cyber security individuals take. The seven principles of science include: Relativism, Objectivity Empiricism, Determinism, Parsimony, Skepticism, and Ethnic Neutrality. Each of these principles has different advantages and disadvantages in complex situations, but all focus on mitigating threats. From a broader perspective, the principles of science provide a disciplined, methodical framework for cyber security. They guide professionals toward evidence-driven, objective, and efficient approaches to problem-solving. As cyber threats continue to evolve, applying these timeless scientific principles ensures that defenses remain adaptive, logical, and resilient.
ole, in which I focus on the grunt work of Protection and Defense of a system or operation. I think this would be a great start to my career, because I am able to learn the technical issues a system faces and how to resolve the issues. Later, in my career, I want to shift into a Govern and Oversee role. I want to start a pen testing business that works with private sector companies and incorporates government contracts. This is my end goal. I want to be my own boss and help others find vulnerabilities in their systems / operations.
2/6/2025
Data Breach Research Usage
Prompt – Visit PrivacyRights.org to see the types of publicly available information about data breaches. How might researchers use this information to study breaches?
PrivacyRights.org provides extensive amounts of raw data that are compiled into graphs and tables. This database tracks data breaches across the United States. It is public information on annual reports of data breaches. Businesses and researchers can use this information in many different ways. When looking at reports of data breaches there are two main topics that can help harden a system or business in general. These four points are Risk Management and Policies. Businesses can utilize research findings based on the reports to develop robust risk management strategies. Regarding the effects of different data breaches, PrivacyRights.org offers insights into the impact of each data breach. This information can then be used to develop priority management policies. Information gained from the reports can inform policymakers in making legislation aimed at improving data protection and breach notification requirements.
2/13/2025
Maslow’s Hierarchy of Needs Analysis
Prompt: Review Maslow’s Hierarchy of Needs and explain how each level relates to your experiences with technology. Give specific examples of how your digital experiences relate to each level of need.
Maslow’s Hierarchy of Needs states that people use technology for many distinct reasons that fall under these categories: Self-actualization, Esteem needs, Belongingness and love needs, Safety needs, and Physiological needs. On a specific, personal level, I use technology for educational and social media purposes. These two cultural institutions would relate to self-actualization and love needs/belongingness. Other levels of Maslow’s Hierarchy include esteem needs like cyber-bullying, security needs like CCTV (Closed-Circuit Television), and physiological needs like heart monitors/pacemakers. While I may not use technology for all these purposes at once, I have used them at least once before. Technology is used everywhere in modern day America, causing humans to not realize the usage reasons for different situations.
2/13/2025
2025 Cyber Crime Motive Ranking’s
Prompt – Review the articles linked with each individual motive in the presentation page or slide #4. Rank the motives from 1 to 7 as the motives that you think make the most sense (being 1) to the least sense (being 7). Explain why you rank each motive the way you rank it.
Rank 1 – Financial Gain: Money
Rank 2 – Multiple Reasons
Rank 3 – Political
Rank 4 – Revenge
Rank 5 – Recognition
Rank 6 – Entertainment
Rank 7 – Boredom
From a United States citizen’s perspective, money controls all, because the country is structured in a capitalist format. Money is ranked first because of its usage and ability to change an environment. In a world where everything costs money, money controls everything, from medical bills to a whole country’s economic value. I put Multiple Reasons second because it can include any motives. This motive can incorporate Money (Rank1) and Boredom (Rank 7). Next is Political gain, which is quite common and can lead to larger outcomes from cybercrime, causing its placement at Rank 3. Revenge and recognition can be a strong emotion and can cause individuals to not think ahead of their actions. Clouded judgement is understandable because I can relate to the feeling. Entertainment and Boredom are similar, as both motives are meant to gain positive stimuli. Boredom is an unjustifiable motive, though, because there are many other positive stimulations that do not require breaking the law.
2/27/2025
Identifying Fraudulent Websites
Prompt: Compare the three fake websites to three real websites and highlight the features that identify them as fraudulent.
Image 1:
In this example, the difference between the two websites is the URL misspelling. The easiest way to tell if a website is fake, is looking for misspellings. Fraudulent websites are not able to have the same URL as mainstream websites, so looking for misspellings in the URL should be the first step in identifying a fake website.
Image 2:
Many search engines have built in security precautions for fraudulent websites. In this example, the search engine is giving a warning that the site is not secure. In many cases, this kind of message results in a fake website trying to obtain restricted information.
Image 3:
This example shows a login attempt. Many fraudulent websites that require users to login will have an input box that allows many kinds of characters. For example, if I am supposed to enter my SSN in an input box for a website, then I should not be able to type letters of the alphabet into the input box. Legitimate websites will only allow the characters necessary for the appropriate input box.
3/4/2025
Prompt: Review the following photos through a human-centered cybersecurity framework. Create a meme for your favorite three, explaining what is going on in the individual’s or individuals’ mind(s). Explain how your memes relate to Human-centered cybersecurity.
Using all three images, the meme highlights the collaboration between humans and their ability to work together to achieve a goal. The human factor in cybersecurity can be the biggest vulnerability or the most beneficial component. In this case, the gentleman is struggling to write his code and asks his supervisor to help him with an issue. Once the supervisor walks over, he instantly realizes his mistake and fixes it. This simulates common issues within the code of looking at it for so long that a person can miss something easily.
3/27/2025
Prompt:
Complete the Social Media Disorder Scale.
How did you score?
What do you think about the items in the scale?
Why do you think that different patterns are found across the world?
My score from the Social Media Disorder Scale indicates “risky usage.” While I am self-aware of my usage in social media, I still fall victim to large amount of usage, which can affect social and interpersonal issues. There is always room for improvement, but I am happy to see that I am not on the problematic side of the scale. I consider myself an outlier, compared to my peers. Many people that are my age in the United States let social media consume them and control their actions. My parents taught me well at a young age to live in the real world and not let negativity from social media bother me. Other areas in the world have limited access to social media, so there is not enough usage in those people’s lives for it to have a negative effect on them. Another reason that different patterns are found across the world is culture. Americans tend to divide themselves based on physical and personality traits creating a negative effect from social media, while other people around the world invite kindness and acceptance in each other, creating a positive effect from social media.
4/3/2025
Social Cybersecurity, An Emerging National Security Requirement (Summary)
This Article, written by Lt. Col. David M. Beskow, U.S. Army and Kathleen M. Carley, PhD, focuses on the significant impact that social cybersecurity has on ongoing wars and new strategies. With a deep analysis on how social cybersecurity is pivoting cybersecurity needs, this article performs informational guidance and a call to action for the United States government. Traditional cybersecurity attacks involve humans hacking technology, while social cybersecurity attacks involve humans using technology to hack other humans. The decentralization of online information creates a widespread outlet for attackers to use and gain information. It facilitates the entry of external actors with minimal attribution and allows anonymity to be relatively easy to accomplish. Information is used to attack, disrupt, distort, and divide the society of the enemy, creating a new requirement of defense. The article urges the DoD (Department of Defense) to engage in new protocols and safety systems because of the dramatic changes that the modern world wars are experiencing.
4/3/2025
Write a paragraph describing social themes that arise in cybersecurity analytical job domains.
Cybersecurity analysts monitor network systems and interact, in a helpdesk environment, with users who are victim to cyber-attacks. Entry-level job roles in cybersecurity vary depending on the employer and what they need. Basic interactions with users allow the analyst to gain information about cyber-attack trends and how others conduct/respond to cyber-attacks. Being able to understand how the attack was performed and what kind/amount of damage was victim to the attack is essential in understanding how cyber actors think. Understanding the actor is one of the best ways to stop the attack from happening. From a social science standpoint, many researchers and scientists develop theories on why cyber actors commit crimes, but almost all of the information used in these studies comes from data that analysts provide. Analytics is the backbone of all scientific theories and concepts related to cybersecurity.
4/10/2025
Prompt: Read this article https://academic.oup.com/cybersecurity/article/7/1/tyab007/6168453?login=trueLinks to an external site. and write a summary reaction to the use of the policies in your journal. Focus primarily on the literature review and the discussion of the findings.
The article “Hacking for Good: Leveraging HackerOne Data to Develop an Economic Model of Bug Bounties” explores the tension between bug bounty programs and the skepticism that organizations have with third-party researchers, drawing attention to the fact that 93% of companies in the Forbes Global 2000 lack a formal Vulnerability Disclosure Policy (VDP). Without such policies, security researchers face legal uncertainty, often deterring them from reporting vulnerabilities. In fact, a survey of HackerOne’s top researchers revealed that nearly 25% had, at some point, withheld a vulnerability report due to liability concerns. This chilling effect not only stifles collaboration but also leaves organizations blind to critical weaknesses in their digital infrastructure.
The article’s literature review frames this issue within a broader historical and economic context. Early bug bounty programs were often seen as experimental or risky but increasing cyber threats and notable breaches have shifted the narrative. The authors emphasize how VDP’s serve as a legal and procedural bridge between ethical hackers and organizations.
Drawing from a substantial dataset provided by HackerOne, the authors develop an economic model to better understand the behavior of ethical hackers. Their findings reveal that reward size, program responsiveness, and communication clarity all play significant roles in determining hacker participation. While it may be intuitive to assume that larger bounties yield better results, the study shows diminishing returns at high reward levels.