Journal Entries

Journal Entry #1

Within the NICE Workforce Framework I would have to say that the area I would focus on most would be Exploitation Analysis. To me the best part of the cybersecurity world is learning about new exploits and vulnerabilities, learning how they work and then using them to assess security posture, and hardening to defend against them. Within this area you have a wide array of duties, issues that are always new which can keep one engaged and always learning, and those are generally the best parts of any job. Within this area is exponential room for growth and development, both personal and professional.

Journal Entry #2

Cybersecurity is a science. There are many steps that must be followed to reach a desirable outcome. Just as in chemistry or physics, you start with an objective. ‘I want to find a way into this network’. You then form hypotheses, test your methods, evaluate, execute and reevaluate. Both cybersecurity and science rely on testing, facts, and the scientific method. There is continual learning of new methods and exploitations, all driven by data that is gathered and upon which conclusions are drawn. All of which are built upon a strong foundation of studying and learning from previous experiments and scientists. Just like science, you can break down code and exploits to their fundamentals, learning from the smallest building blocks what makes exploits possible.

Journal Entry #3

PrivacyRights.org is a valuable resource within the cybersecurity world. It has detailed insight into breaches that have occurred, and it is a massive resource. Contained within the site are highly in-depth analyses of data breaches, along with detailed reports that allow researchers of cybersecurity to view affected companies and organizations. Contained within the data are factors including scale, targets and what exploitations have occurred. Analyzing massive data sets like this is so valuable within the cybersecurity community, such that security policy can be created by learning from past breaches and mistakes of other defensive approaches. With access to data like this, an organization can be better served to implement stronger defense and better protect customers and consumers.

Journal Entry #4

Maslow’s hierarchy of needs are Physiological, Safety, Love, Esteem and Self-Actualization. Physiological needs are met through our experiences with technology by the resources they can deliver. While technology does not feed us directly, we can through the power of technology order groceries, pay water bills and ensure our physical needs are met. We can have safety through physical mediums like cameras and alarm systems. We can find love and togetherness through social media, and dating applications. We can fill our esteem through social media as well, although that is generally a double-edged sword. We can meet our self-actualization needs through finding work in the technology field.

Journal Entry #5

Of the 7 motives behind cybercrime, the following is my ranking from 1-7, with 1 being the most motivating factor behind cybercrime.

Money
Financial motivations are the number 1 reason for most things in the world. While that is a cynical view, it is also pragmatic. So with that being said, finacial motivations rank number 1, in any field, and that is to include cybercrime.
Political
As discussed for ranking number 1, political motivations usually coincide with financial motivations. I wil lalso say that I think political motivations usually succeed, through technological prowess or just perserverance.
Recognition
This reason may be falling out of the number 3 spot, but for now I think there is still a large group of people online who wish to be recognized. Cybercrimes are a fast track to becoming known.
Entertainment
This motivation ranks closely with recognition. There are plenty of bored people out there who may meaningfully or accidentally get themselves involved in something for entertainement.
Boredom
This is an equivalent motivation to entertainment. Looking for entertainment happenms when you are bored. While not as common as the other rankings, this still is more widely a reason than revenge.
Revenge
This is the lowest ranking motivation to me. While revenge may occur out there, cybercrime is usally not the route most people take.
Multiple reasons
This is both the number 1 and the last ranking. It is the last because I think that most reasons are multifaceted. However, purely ranking the 6 other motivations takes precedent, and thus multiple reaosns becomes ranked last.

Journal Entry #6

When browsing on the internet it is important to be able to tell the signs of a fake website. While nowadays fake websites are almost as convincing as their real counterparts, there are still signs to the trained eyes. The biggest thing to look for is the url. Fake websites will have convincing urls, for example google.org or the like. While these urls look real it can be easily discerned that google is a corporations and not a non-profit organization. Other things to look for are mirrored images, ones that look closely like their real counterparts official logos. And lastly, looking out for sites that have extensive ads or ask you to pay money in suspicious ways.

Journal Entry #7

“When you hire a new intern, and they don’t have a lot of experience but they are trying their hardest”

“When one of the penetration testers brings down the network, and you have a meeting making sure everyone remembers to read the source code before running a msf module”

“When you are on vacation but realize where that missing semicolon is”

Journal Entry #8

The media distorts our view and influences the way we think about cyber professionals in many ways. Some of those ways are they glorify, and vilify, hacking. The media has changed its stance on hacking in a lot of ways, where years ago it was seen as deviant behavior, now in some lights it is cast as hero work. The media also uses hacking as a popular scare tactic, showcasing foreign nation state hackers and framing them as a cause to be feared. As with most professions, the media does not generally have an intensive understanding, and as such only showcases the extremes, be them good or bad.

Journal Entry #9

Regularly found that you can’t think of anything else but the moment you will be able to use
social media again? Yes/No (Preoccupation).
No
Regularly felt dissatisfied because you want to spend more time on social media? Yes/No
(Tolerance).
No
Often felt bad when you could not use social media? Yes/No (Withdrawal).
No
Tried to spend less time on social media, but failed? Yes/No (Persistence).
No
Regularly neglected other activities (i.e. hobbies, sports, homework) because you wanted to
use social media? Yes/No (Displacement).
No
Regularly had arguments with others because of your social media use? Yes/No (Problems).
No
Regularly led to your parents or friends about the amount of time you spend on social media?
Yes/No (Deception).
No
Often used social media to escape from negative feelings? Yes/No (Escape).
No
Had serious conflict with parents, brother, sister (friends, relationships etc.) because of your
social media use? Yes/No (Conflict).
No
In answer to the questions, all of my answers were no. For transparency, this was an easy test
to take because I have zero social media presence. I do not have a single social media profile.
The closest thing I have to a social media presence is the ePortfolio we created in this class.
Now at a certain point in my life I did have facebook, twitter and others, but about 10 years ago I
deleted it all. I found that life became so much better when I had to physically interface with
people I cared about, or had to personally text and call them.
To answer the other question, why are there different patterns around the world, I think that it all
has to do with cultural and geographical differences. In some places, you cannot access certain
social media applications firstly. Secondly, there are places in the world more rural that might
require people to use social media to stay in touch.

Journal Entry #10

On the topic of social cybersecurity, i do agree that it could be considered and emerging topic in need of discussion. Forecasting upcoming cybersecurity events is a must have in defensive and offensive capabilities of cybersecurity personnel moving forward into the future. Information warfare is becoming more and more prevalent, with nation state actors being backed by large sums of money and the tools they need to effectively infiltrate and affect other countries. Social cybersecurity differs in that it involves attacking other humans, unlocking what makes them work. This is a topic that needs to be addressed and laws need to be looking ever forward to combat what changes this type of warfare will bring.

Journal Entry #11

Cybersecurity analysts are considered an entry level job, but should not be. This profession delves into social sciences to understand human behavior. As an analyst, you must understand how humans operate, so that you can provide effective defense and documentation. Learning topics like psychology and sociology can help someone who wants to become an analyst in all of their future career work.

Journal Entry #12

The notice of data breach relates to the economic theory of rational choice because the
company had a duty to relay this information breach to the customers. While this may hurt the
company, it was their duty to inform their customers. The notice also relates the Marxian
economic theory because the attackers who intruded into the systems where attacking those
without the power to stop them. The notice relates to the two social science theories of
neutralization and personality. Neutralization theory suggests that the hackers assumed no one
would be hurt if they stole the money. Personality theories suggest that these are just black hat
hackers out for their own game.

Journal Entry #13

I have known about these bug bounty policies for a while, and have always found them so
interesting. I can’t find the statistic for it, but have always heard the rumors that Google has a
large financial bounty out there for anyone who can break into their servers. I think bug bounties
work great, as no matter how smart a company is, there is generally exceptions to the rules and
they did not hire all of the smartest people. New bugs are found all of the time and having
people who hack for the puzzle chase factor of it are likely to find things the developers
overlooked.

Journal Entry #14

Out of the 11 things that the author details that are illegal and we may not know that, I think the most egregious is sharing passwords, addresses and photos of others. While the other crimes are no less serious, this is particularly harmful to individuals, as opposed to mega corporations. The second most harmful would be collecting information about children under 13, because you are putting children at risk and that is very serious. The next most harmful would be using copyrighted images, because a lot of the time you are copying a small time artist’s work and that can hurt and individual again. Using other people’s internet networks is no small crime, you can put them at risk to other attacks and thus harm them by proxy. The last of the most harmful would be bullying and trolling, again harming individuals is very serious and should not be taken lightly, even if it is conducted online.

Journal Entry #15

ePortfolio

BIOGRAPHY

Meta

Social Media