Reflective Essay

Carter Hendrick

IDS – 493

Professor Carin Andrews

11/28/25

Reflective Essay

Intro: During my time at ODU I have formed a lot of opinions, and since I have been in my internship I realized how important IT is as a foundation before learning cybersecurity. It almost does not make sense to learn cybersecurity before knowing a little bit of IT first, but it has given a different and interesting perspective in learning IT. Because I have been working towards a degree in cybersecurity I have learned much more about the philosophy used to secure and recover systems and can identify weaknesses in IT infrastructures that may not be obvious when someone is learning IT before cybersecurity. The artifacts included in my portfolio are pieces that have helped me realized some of the architecture that is used in java programs, weaknesses in computers through ethical hacking, and the policy behind the American cybersecurity mindset.

Java Projects: I have started learning Java more in depth with my IT-205 class which is surprisingly challenging for someone who thought they already knew how basic coding worked. The class has been very fun and slightly humbling. Java is used in many web applications so knowing how to code in java is beneficial for making websites and breaking into them.

Identify largest Integer: This is a beginner code I wrote and wanted to include to first show off the basics of java and my capabilities at the beginning of my class. I think as important as impressive projects are that its also important to show where I started so my ability to learn quickly can shine.

Grade Calculation Program: This program is not the most complicated but shows the basics of calculation with with java using inputs and being output into a formatted end product that documents the different aspects of the user input in a way that is mathematically sound and easily readable.

ATM w/Array Lists: This is my most complicated program so far, it is a replication of an ATM using array lists and the index to contain account information that can be called to by matching the PIN number of a pre-existing account and pull that information to be displayed and edited. The information is stored in an array list so each spot of the index within the array lists contains an accounts information. The reason I put this code in my portfolio is because it serves as a great example of some weaknesses that more complicated programs tend to have. First, its as simple as guessing someones PIN to get into their account to withdraw money. While this is a very basic example the principle is there and there are many services that still only use a password to protect very important information instead of adopting two factor authentication. Even without manually guessing passwords there are many tools that brute force passwords for you and find which passwords work with each user. Programs similar to this are also vulnerable to dictionary attacks if they fail to include numbers and special characters in their password.

Linux Projects: Linux has been the backbone of my hands on work experience, other than windows devices Linux has been my most used and worked on platform. The assignments I listed are all from my CYSE 301 techniques and operations class. Despite that I have other Linux projects I am either in the process of working on or are sitting idle such as my home lab and a travel laptop I intend to take over as my professional pen-testing laptop.

Using Wireshark: Wireshark is a program I regularly use to monitor traffic going through either public and private networks, this assignment displays that I know the basics of Wireshark and how to use it to get the information I want. This assignment displays the methods used to pick up on ICMP traffic and TCP streams to find packets that contain things like login information, which is usually what someone like me is looking for with Wireshark. Although there are many more uses to Wireshark, this is how I have been taught to use it so far. For legal reasons I would like to state that in my time using Wireshark I have never captured packets for malicious purposes, only to be used for network monitoring and pen testing.

Windows XP Exploit: This was one of my favorite assignments that taught me how to use payloads and payload delivery methods to gain remote control of an end users device. More specifically I researched ways to gain access to the root user within the windows XP environment and crafted a payload specifically to gain control and elevate access. This was done through Metasploit, and after the payload was created I hosted the connection link on an Apache website and simulated the user clicking the link which then gave me the connection I needed for my payload to access the end users device and elevate my access to root level, allowing me to do whatever I wanted on another device.

Password Cracking: As I mentioned earlier with one of my java projects, there are still a lot of programs that are susceptible to simple password cracking. Simple meaning that as long as I have the etc/psswd file I can put it in a tool that does all the hard work for me. Knowing how to do this and how to troubleshoot the tool itself can be very important. Even with small amounts of information and a basic word list, free and readily available tools can be used to get what a threat actor wants.

Policy Analysis: I know that when being involved with ethical hacking and pen-testing that the tester typically writes reports about their findings. I believe that including my own written work analyzing Cyber policies will show my abilities to understand what actions should be put in place to secure a system from the policy side and physical system side.

National Cybersecurity Strategy 2023: My analysis of the 2023 National Cybersecurity Strategy mostly goes over pillar two of the strategy which involves Americas plans to involve their allies in collaboration and creating of future security systems that will put those involved ahead of the curve. This pillar also states that America intends to give an incentive to companies who can afford much better cybersecurity and backups for their information to act as shields for everyday people, drawing the attention of larger hacker groups and nations so general public will not be targeted.

Policy Analysis of FISMA: The Federal Information Security Management Act, which is now the Federal Information Security Modernization Act stating that all three letter organizations within the government and any organizations working directly with the government have to abide by NIST rules of information security. This sets a baseline of security for all organizations, even those not involved with information security which is very important. They handled this by giving a time period for all organizations and partners to become compliant, and if they didn’t then they would face financial penalties. This included paying back any damages that the government may have taken that would have been prevented had an organization or partner been compliant.

How Effective is FISMA: This was my critical look at FISMA and how well it actually worked after being implemented, which turned out to be that it did not work as well as I had originally anticipated. I especially wanted to include this piece in my portfolio because I think it shows my ability to research, cross examine results, report back with clarity, and have new ideas on how to improve the situation.

Conclusion:

These artifacts all exemplify some of what I think are my greatest strengths while also highlighting things I am currently trying to improve on and do more of such as Java programming and Linux projects. I fully intend to continue working on projects like these and update my portfolio as I do, showing where I came from and where I am now. There is a lot more to learn about IT, Cybersecurity, and programming so I hope that my portfolio also becomes a handbook for those subjects that others can look to for inspiration or to learn directly from me.