This reflection paper is to certify and summarize my completion of 100 hours. I
will cover (a) Recent work that has been completed and (b) The new knowledge I have
attained thus far.

Since the past 50 hours of work, my group and I have performed a team driven
approach to spread cybersecurity awareness within the local company by visiting 3
small businesses in the Virginia Beach Town Center area. This experience has really
opened my eyes on the social science aspect of cybersecurity and one of its difficult
challenges of human behavior, particularly over-confidence. Over confidence in
cybersecurity has led to many data and privacy breaches due to businesses’
overlooking recommended industry standards provided and recommended by both
CISA and NIST guidelines. Specifically, MFA has been overlooked and dismissed by
businesses with their thought process being that it is unnecessary and that their login
procedures and password length and requirements suffice the minimum-security
requirements.

Meeting with our assigned business, We Insure Things, I have learned that many
small businesses fail to consider cybersecurity risks and understand that cybersecurity
is equivalent to a business plan, a very crucial aspect to the success and failure of a
business; it is the very foundation. Valor Cybersecurity’s Top 10 Checklist has been an
eye-opener for me as I started to discover and learn the many resources available
offered by the NIST. The NIST SP-1300, has been the document I have relied on to
drive our assigned project forward. Each of the categories: Govern, Identify, Protect,
Detect, Respond and Recover, work equally in unison to guide and aid a fundamental
cybersecurity plan and strategy for businesses.

These categories provide a structured approach that enables small businesses to
understand and prioritize their cybersecurity needs comprehensively. By implementing
these standards, our group can help We Insure Things create a more resilient and
prepared infrastructure, reducing risks and ensuring they are better equipped to
respond to potential cyber threats.