Journal Entries

Journal Entry 1

Review the NICE Workforce Framework. Are there certain areas that you would want to focus your career on? Explain which areas would appeal the most to you and which would appeal the least.

After reviewing the NICE Workforce Framework, I find that I’m most interested in the
areas of Protect and Defend and Analyze. The Protect and Defend category aligns with my
background in cybersecurity, as it focuses on securing information systems and preventing
breaches. I am passionate about protecting organizations from cyber threats and ensuring data
integrity. The Analyze area also appeals to me, as it involves interpreting data to understand
security risks and trends, which is crucial for making informed decisions in cybersecurity.
On the other hand, the Operate and Maintain category would appeal the least to me.
While it’s important for system operations to run smoothly, I find the more tactical and strategic
aspects of cybersecurity to be more engaging, such as protecting systems and analyzing threats.
These roles are important but do not excite me as much as those in defense and analysis.

Journal Entry 2

Explain how the principles of science relate to cybersecurity.

The principles of science are foundational to cybersecurity as both disciplines rely on systematic methods to solve complex problems. One key scientific principle that directly applies to cybersecurity is observation and data collection. In science, careful observation and collection of data are crucial for understanding phenomena and making informed decisions. Similarly, in cybersecurity, collecting and analyzing data from networks, systems, and threats are essential to identifying vulnerabilities and developing strategies to protect information. For instance, logging network activity and monitoring systems are practices grounded in scientific observation, enabling cybersecurity professionals to detect anomalies or potential attacks. 

Hypothesis testing and experimentation are also central to both fields. In science, hypotheses are tested through controlled experiments to validate or invalidate theories. In cybersecurity, professionals conduct penetration tests and vulnerability assessments to test the resilience of systems against attacks. These experiments help identify weaknesses in security protocols and allow organizations to address these vulnerabilities before they are exploited by malicious actors. By systematically testing these hypotheses, cybersecurity experts can improve the defense mechanisms in place. 

Another relevant principle is analysis and pattern recognition. In scientific research, identifying patterns in data is essential for drawing meaningful conclusions and predicting future outcomes. Cybersecurity professionals use similar methods to analyze network traffic, system behavior, and attack patterns. Recognizing patterns, such as repeated unauthorized access attempts or unusual network behavior, allows security teams to predict and prevent potential cyberattacks. By detecting these patterns early, cybersecurity measures can be adjusted to protect sensitive data more effectively. 

The scientific process also emphasizes reproducibility and peer review. In science, experiments must be reproducible, and findings should be subjected to peer review to ensure their validity. In cybersecurity, solutions and defense strategies must be rigorously tested across different environments to ensure their effectiveness. For example, security patches and updates are tested in simulated environments before they are rolled out to production systems. Additionally, cybersecurity professionals frequently collaborate and share insights with peers to improve defense tactics, much like scientists refine theories through peer-reviewed research. 

Modeling and simulation are other scientific methods closely tied to cybersecurity. Scientists use models to simulate complex systems and predict outcomes. In cybersecurity, professionals use simulations to model potential attacks and test how systems will respond under threat. This helps identify vulnerabilities and evaluate the effectiveness of security controls before they are implemented in real-world scenarios. Tools such as firewalls and intrusion detection systems rely on these models to detect malicious activity and prevent attacks from succeeding. 

Finally, both science and cybersecurity involve continuous adaptation and evolution. Science is constantly evolving as new discoveries are made, and similarly, cybersecurity must adapt to emerging threats and technological advancements. As attackers develop new tactics, cybersecurity strategies must evolve to counter these threats. Just as scientific theories are refined over time based on new data, cybersecurity practices must also adapt to keep up with the rapidly changing landscape of cyber threats. 

In essence, the principles of science—such as data collection, hypothesis testing, pattern recognition, reproducibility, simulation, and adaptation—are integral to the practice of cybersecurity. By applying these scientific principles, cybersecurity professionals can develop more effective defenses and respond proactively to the dynamic nature of cyber threats. 

Journal Entry 3

Visit PrivacyRights.org to see the types of publicly available information about data breaches. How might researchers use this information to study breaches?

Privacy Rights Clearinghouse’s Data Breach Chronology is an invaluable resource for researchers studying data breaches. With over 70,000 incidents spanning nearly two decades, this comprehensive database offers detailed information on breach types, affected entities, and compromised data. Researchers can analyze trends over time, assess the effectiveness of security measures, and identify vulnerabilities across various industries. The extensive collection of breach notification letters provides insights into organizational responses and regulatory compliance. By leveraging this data, scholars can contribute to the development of more robust data protection strategies and inform policy recommendations to enhance cybersecurity practice

Journal Entry 4

Review Maslow’s Hierarchy of Needs and explain how each level relates to your experiences with technology. Give specific examples of how your digital experiences relate to each level of need.

Maslow’s Hierarchy of Needs provides a useful framework for understanding how technology plays a role in fulfilling different aspects of human motivation. According to Maslow, human needs are structured in a five-tier model, with lower-level needs requiring fulfillment before higher-level growth can occur. Here’s how each level relates to my experiences with technology:

  1. Physiological Needs (Basic Survival Needs)
    Technology helps meet basic needs such as food, water, and shelter. Online grocery delivery services and restaurant apps like Instacart and DoorDash provide convenient access to food, while smart home devices regulate living conditions for comfort (Simply Psychology, 2023).
  2. Safety Needs (Security & Protection)
    Cybersecurity plays a key role in ensuring safety. Strong passwords, multi-factor authentication, and antivirus software protect personal data. Additionally, smart security systems like Ring cameras and emergency alert apps enhance physical safety (Verywell Mind, 2023).
  3. Love & Belonging (Social Connections)
    Social media, messaging apps, and video calls help maintain relationships with friends, family, and colleagues. Platforms like Discord and LinkedIn foster social and professional connections, reducing feelings of isolation (Positive Psychology, 2023).
  4. Esteem Needs (Recognition & Achievement)
    Technology enables personal and professional growth through certifications, online courses, and achievements in digital spaces. For example, earning my Cybersecurity Specialist certification and sharing it on LinkedIn boosted my confidence and credibility in my field (Simply Psychology, 2023).
  5. Self-Actualization (Personal Growth & Fulfillment)
    Technology allows me to pursue passions such as interdisciplinary research, creative projects, and skill development. Whether working on my AI in cybersecurity research, exploring game development, or engaging in self-improvement, technology serves as a tool to achieve my highest potential (Verywell Mind, 2023).

References

Journal Entry 5

Review the articles linked with each individual motive in the presentation page or Slide #3. Rank the motives from 1 to 7 as the motives that you think make the most sense (being 1) to the least sense (being 7). Explain why you rank each motive the way you rank it.

To rank the motives from most to least plausible based on the articles linked with each motive, I would need to review the specific articles or presentation you mentioned, but I can provide a general outline of how I would approach this task based on common cybercrime motives. Here’s how I might rank them:

  1. Financial Gain
    This would be ranked #1 because financial gain is one of the most common and rational motives behind cybercrime. Hackers and cybercriminals can profit through various methods such as ransomware, credit card fraud, identity theft, and other schemes. It makes the most sense because it’s the most direct and often successful method of achieving personal or group objectives.
  2. Political or Ideological Motives
    Ranked #2, cyberattacks motivated by political or ideological beliefs (such as hacktivism) are common and make sense in a world where digital platforms are increasingly used for social activism, protests, or political gain. Groups like Anonymous demonstrate this type of cybercrime.
  3. Revenge or Personal Vengeance
    This motive would be ranked #3. While it may not be as common as financial gain, personal grudges or revenge against individuals or organizations can certainly drive people to commit cybercrimes, such as doxxing, data breaches, or cyberstalking.
  4. Corporate Espionage
    Ranked #4, corporate espionage involves stealing trade secrets or sensitive data from competitors. This makes sense as a motive since it offers financial or strategic benefits to those who can successfully pull it off. However, it tends to be less common compared to personal financial gain.
  5. Curiosity or Thrill-Seeking
    This would rank #5. While some hackers are motivated by the challenge or thrill of breaching systems, this motive doesn’t always lead to criminal intent. It’s more common among novice hackers or “white hat” hackers, though some may cross into illegal activities.
  6. Cyberbullying or Harassment
    Ranked #6, cyberbullying and harassment are serious issues, but they are more emotionally driven and can often be personal. While this is a notable motive, it doesn’t have as broad a scale or global impact compared to financial or political motives.
  7. Revenge Against Employers or Former Colleagues
    Ranked #7, this is a more niche motive but still relevant. It might make sense for disgruntled employees to seek revenge by stealing or exposing company data. However, it’s a less widespread or systemic form of cybercrime than the others.

I would rank these motives based on the likelihood of occurrence, scale, and impact. Financial gain, political ideology, and personal revenge stand out as the most prominent and impactful, while more specific or niche motives like revenge against an employer tend to rank lower.

Journal Entry 6

Can you spot three fake websites and compare the three fake websites to three real websites, plus showcase what makes the fake websites fake?

Identifying fake websites is crucial to protect yourself from online scams and data theft. Let’s compare three fake websites with their legitimate counterparts to highlight key differences and help you recognize red flags.

1. PayPal Phishing Site

  • Fake Website: paypa1.com
  • Real Website: paypal.com

Indicators of the Fake Site:

  • URL Anomalies: The fake site uses the numeral ‘1’ instead of the letter ‘l’ in “paypal,” a tactic known as typosquatting. Always double-check the URL for subtle misspellings or character substitutions. memcyco.com
  • Lack of HTTPS: Legitimate sites like PayPal use HTTPS (https://) to encrypt data. The fake site may use HTTP (http://) or have an invalid certificate. Look for a padlock icon in the address bar as a sign of a secure connection. digicert.com

2. Apple ID Phishing Site

  • Fake Website: apple-support.com
  • Real Website: apple.com

Indicators of the Fake Site:

  • Misleading Domain Name: The fake site incorporates “apple” and “support” to appear legitimate but isn’t an official Apple domain. Official Apple support pages are subdomains of apple.com (e.g., support.apple.com). memcyco.com
  • Design and Content Quality: Fake sites often have poor design, low-quality images, or grammatical errors. Authentic Apple pages maintain high design standards and professionalism. bbb.org

3. Netflix Credential Harvesting Site

  • Fake Website: netflix-login.com
  • Real Website: netflix.com

Indicators of the Fake Site:

  • Unusual Domain Structure: The fake site adds “-login” to the brand name, which isn’t used by the official site. Be cautious of additional words or hyphens in the domain that differ from the official URL. memcyco.com
  • Requests for Unnecessary Information: Fake sites may ask for details that legitimate sites wouldn’t, such as Social Security numbers or full credit card information during login. Always question why certain information is required.

General Tips to Identify Fake Websites:

  • Check the URL Carefully: Look for misspellings, extra characters, or different domain extensions (e.g., .net instead of .com). digicert.com
  • Look for HTTPS and a Padlock Icon: Secure sites use HTTPS and display a padlock icon in the address bar. However, some fake sites also use HTTPS, so this shouldn’t be the sole indicator of legitimacy. digicert.com
  • Assess Design and Content Quality: Poor grammar, low-quality images, and unprofessional design can signal a fake site. Legitimate companies invest in high-quality web design. bbb.org
  • Use Website Checker Tools: Services like Get Safe Online’s “Check a Website” can help verify a site’s legitimacy before you interact with it. getsafeonline.org

By staying vigilant and paying attention to these details, you can protect yourself from falling victim to fake websites.

Works Cited

“5 Recent Examples of Fake Websites.” Memcyco, 5 months ago, https://www.memcyco.com/5-recent-examples-of-fake-websites/.

“How to Identify Fake Websites.” DigiCert, 2 months ago, https://www.digicert.com/blog/how-to-identify-fake-websites.

“BBB Tip: How to Identify a Fake Website.” Better Business Bureau, https://www.bbb.org/all/spot-a-scam/how-to-identify-a-fake-website.

“Free Website Scam Checker – Check a Website.” Get Safe Online, https://www.getsafeonline.org/checkawebsite/.

Journal Entry 7

Review the following ten photos through a cybersecurity human systems integration framework. Create a meme explaining what is going on in the individual’s or individuals’ mind(s).

HSI Connection:
This meme highlights the human factors in cybersecurity—particularly user behavior and password hygiene. Despite knowing best practices, many individuals reuse weak passwords, making them vulnerable to cyber threats. HSI focuses on designing systems that encourage better security habits without overwhelming the user.

HSI Connection:
This meme reflects the cognitive workload and usability aspect of cybersecurity human systems integration. Most users don’t fully read or understand privacy policies due to their complexity and length, leading to uninformed security decisions. Improving how privacy policies are presented (e.g., summaries, visuals) aligns with HSI goals of enhancing user comprehension and decision-making.

HSI Connection:
This highlights the risk perception and user behavior aspect of cybersecurity HSI. Many users underestimate the consequences of poor password hygiene until they experience a security breach. HSI solutions could involve password managers, multi-factor authentication, and better user education to encourage safer practices.

HSI Connection:
This image highlights the work environment and human factors in cybersecurity. Working remotely in an unsecured location (like a rooftop) raises concerns about physical security, screen visibility (shoulder surfing), network security (public Wi-Fi risks), and ergonomic issues. Cybersecurity professionals must consider secure workspaces and encrypted connections when accessing sensitive data outside traditional office settings.

HSI Connection:
This highlights usability, system reliability, and human performance in cybersecurity. Unexpected updates or security patches can disrupt workflows, leading to frustration and potential security workarounds, like postponing updates (which increases vulnerability). HSI emphasizes designing security measures that balance protection with user convenience, ensuring updates don’t hinder productivity at critical moments.

HSI Connection:
This relates to social engineering, phishing awareness, and human decision-making in cybersecurity. Cybercriminals exploit emotions like excitement to trick users into clicking malicious links or downloading malware. HSI emphasizes the need for user training, intuitive security alerts, and awareness programs to help individuals recognize and avoid online scams.

HSI Connection:
This photo illustrates user behavior, privacy awareness, and the risks of oversharing on social media. While engaging with apps like Instagram, users may unknowingly expose personal information, which can lead to data breaches or social engineering attacks. HSI focuses on the importance of designing apps with better privacy controls and providing education on protecting personal data to reduce vulnerability in everyday use.

HSI Connection:
This image highlights security practices and human trust in technology. Even with robust security measures like two-factor authentication (2FA), users often have doubts about their own cybersecurity due to a lack of understanding of risks or overconfidence in system protections. HSI stresses the need for user-friendly security protocols and training that increase both user confidence and awareness of best practices to avoid vulnerabilities from human error or overestimating system security.

HSI Connection:
This scenario focuses on the human factors of cybersecurity education, particularly the misalignment of expectations and understanding. Students might be more interested in learning the practical aspects of hacking or bypassing security systems, but they must first grasp fundamentals like network security protocols. HSI emphasizes the importance of engaging educational methods that balance practical skills with an understanding of security principles to ensure that students don’t just focus on vulnerabilities but also on ethical behavior, system protection, and resilience.

HSI Connection:
This scenario underscores the privacy risks and unintentional data sharing that come with modern technology. While taking a photo, location data (via GPS) can be embedded into the image’s metadata, unknowingly sharing the user’s location. HSI stresses the need for privacy controls, user awareness, and system design that limits automatic location sharing unless explicitly allowed by the user. This situation highlights the balance between convenience and security in personal devices.

Journal Entry 8

Watch this video and pay attention to the way that movies distort hackers.

Hacker Rates 12 Hacking Scenes In Movies And TV | How Real Is It? – YouTubeLinks to an external site.

  • After watching the video, write a journal entry about how you think the media influences our understanding about cybersecurity

Media Influence on Cybersecurity Perception 

The way Hollywood portrays hacking in movies and TV shows has significantly shaped public perception of cybersecurity, often in ways that are misleading or exaggerated. After watching the video “Hacker Rates 12 Hacking Scenes In Movies And TV,” media depictions of hacking tend to be overly dramatic, unrealistic, and sometimes outright absurd. These portrayals create misconceptions about what hacking entails and can contribute to misinformation about cybersecurity. 

One of the most common distortions in media is the idea that hacking happens in seconds. Movies frequently show hackers rapidly typing on a keyboard while green code flashes across multiple screens, instantly bypassing highly secure systems. Hacking is a slow and methodical process that requires extensive research, social engineering, and technical knowledge. It is not just about guessing passwords or breaking into systems with a single command. 

Another misleading aspect is the overuse of visual effects and high-tech user interfaces. Real-world cybersecurity professionals use standard command-line interfaces and tools rather than futuristic, holographic displays. The exaggerated visuals give the impression that hacking is more about flashy technology than deep technical expertise and patience. 

Additionally, the portrayal of hackers themselves is often unrealistic. In movies, they are frequently depicted as either lone geniuses working in dimly lit rooms or cybercriminal masterminds pulling off impossible heists. While there are certainly skilled individuals in cybersecurity, real-world hacking is usually a collaborative effort, often conducted by teams rather than solitary figures. 

These distorted portrayals can have real-world consequences. For one, they contribute to fearmongering by making hacking seem like an unstoppable force that can penetrate any system instantly. This can lead to unnecessary panic about cybersecurity threats while also downplaying the importance of fundamental security practices, such as strong passwords and multi-factor authentication. On the other side, some people may underestimate cybersecurity threats, believing that real hacking only happens in high-stakes government scenarios rather than being a risk for everyday users. 

While movies and TV shows are meant for entertainment, it is important to recognize that their depictions of cybersecurity are not always accurate. A more informed public would benefit from realistic portrayals that emphasize the complexity of hacking, the importance of cybersecurity measures, and the ethical dilemmas that cybersecurity professionals face. As cybersecurity threats continue to evolve, media should strive to provide a more balanced and educational perspective rather than relying on outdated stereotypes and Hollywood tropes. 

Journal Entry 9

Watch this Video:Social media and cybersecurityLinks to an external site.

Complete the Social Media Disorder scaleLinks to an external site..  How did you score?  What do you think about the items in the scale?  Why do you think that different patterns are found across the world?

I completed the Social Media Disorder (SMD) Scale and scored 4 out of 9. This suggests that while I may have some problematic tendencies with social media use, it’s not necessarily a full-blown addiction. Still, it made me reflect on how often I reach for my phone out of habit rather than necessity.

The items in the scale were interesting because they closely mirrored addiction criteria, like withdrawal, preoccupation, and conflict with responsibilities. While I think the scale does a good job identifying problematic behaviors, it doesn’t consider the context—someone could use social media frequently for work, school, or staying connected rather than as an unhealthy escape.

I also found it fascinating that social media disorder patterns vary worldwide. Culture plays a big role—some societies encourage constant digital interaction, while others place more value on in-person relationships. Technology access also affects usage; wealthier countries with widespread internet tend to have higher social media engagement, while places with restrictions (like China) experience different online behaviors. Even economic and social factors shape how people interact with social platforms.

Overall, this exercise made me more aware of my social media habits. I wouldn’t say it significantly affects my daily life, but it’s something to keep an eye on. Maybe setting limits or taking breaks more often wouldn’t be such a bad idea.

Journal Entry 10

Read this and write a journal entry summarizing your response to the article on social cybersecurity

 https://www.armyupress.army.mil/Journals/Military-Review/English-Edition-Archives/Mar-Apr-2019/117-Cybersecurity/b/Links to an external site.

The article on social cybersecurity emphasizes the interconnectedness of technology, society, and cybersecurity. It argues that social vulnerabilities, such as human behavior, are often the weak points exploited by cyber-attacks, making social aspects of cybersecurity just as crucial as technical defense. It advocates for a multidisciplinary approach, integrating sociology, political science, and technology to defend against these threats. The article also highlights the importance of understanding societal values and trust when addressing cybersecurity challenges.

Journal Entry 11

Watch this videoLinks to an external site.

As you watch the video https://www.youtube.com/watch?v=iYtmuHbhmS0Links to an external site., think about how the description of the cybersecurity analyst job relates to social behaviors.  Write a paragraph describing social themes that arise in the presentation.

The video about the cybersecurity analyst role delves into how social behaviors significantly shape the profession. Analysts must continuously collaborate, demonstrating that effective communication within teams is key to tackling cyber threats. The role also stresses how human behavior impacts security, as attackers often exploit social engineering tactics, such as phishing or deception. As cybersecurity professionals protect networks and data, they must balance technical expertise with understanding human vulnerabilities. Thus, the role intertwines technical proficiency with social awareness, making the human aspect essential to cybersecurity defense. This highlights a deep interaction between technology and social behaviors in safeguarding against cyber threats.

Journal Entry 12

Read this https://dojmt.gov/wp-content/uploads/Glasswasherparts.com_.pdfLinks to an external site. sample breach letter “SAMPLE DATA BREACH NOTIFICATION” and describe how two different economics theories and two different social sciences theories relate to the letter.

Analysis of the Data Breach Notification Letter

The Sample Data Breach Notification letter from Glasswasherparts.com illustrates several economic and social science theories. Two economic theories—Rational Choice Theory and Laissez-Faire Economic Theory—help explain the business decisions leading up to the breach and the government’s role in handling the situation. Additionally, two social science theories—Neutralization Theory and Social Contract Theory—highlight the ethical and societal implications of the breach.

Economic Theories

Rational Choice Theory posits that individuals and businesses make decisions by weighing costs and benefits to maximize their advantage (Becker, 1976). In the letter, the company explains that the breach occurred due to malware on their platform provider’s systems, suggesting that outsourcing their e-commerce operations was a calculated decision based on efficiency and cost-effectiveness. However, this choice introduced vulnerabilities, underscoring the trade-offs businesses face when outsourcing cybersecurity risks.

Laissez-Faire Economic Theory advocates for minimal government intervention in business operations, allowing the free market to regulate itself (Smith, 1776). The company states that law enforcement was involved only after the breach occurred, reflecting a reactive approach rather than proactive government regulation. This aligns with laissez-faire principles, where regulatory bodies intervene mainly in response to crises rather than enforcing strict preventative measures.

Social Science Theories

Neutralization Theory explains how individuals or organizations justify unethical behavior to neutralize guilt (Sykes & Matza, 1957). In the letter, the company shifts responsibility by attributing the breach to its platform provider and mentioning that law enforcement requested a delay in notifying customers. By deflecting blame, the company attempts to maintain its reputation and lessen the perception of negligence.

Social Contract Theory argues that society functions based on mutual agreements between individuals and institutions (Rousseau, 1762). Customers trust businesses to protect their sensitive information when conducting transactions. The data breach represents a violation of this trust, damaging the implicit social contract. The notification letter serves as an effort to restore trust by informing customers about the breach and offering guidance on protective measures.

References

Becker, G. S. (1976). The economic approach to human behavior. University of Chicago Press.

Rousseau, J. J. (1762). The social contract.

Smith, A. (1776). The wealth of nations.

Sykes, G. M., & Matza, D. (1957). Techniques of neutralization: A theory of delinquency. American Sociological Review, 22(6), 664-670.

Journal Entry 13

A later module addresses cybersecurity policy through a social science framework. At this point, attention can be drawn to one type of policy, known as bug bounty policies. These policies pay individuals for identifying vulnerabilities in a company’s cyber infrastructure. To identify the vulnerabilities, ethical hackers are invited to try explore the cyber infrastructure using their penetration testing skills. The policies relate to economics in that they are based on cost/benefits principles. Read this article https://academic.oup.com/cybersecurity/article/7/1/tyab007/6168453?login=trueLinks to an external site. and write a summary reaction to the use of the policies in your journal. Focus primarily on the literature review and the discussion of the findings.

Bug bounty programs (BBPs) have emerged as a strategic cybersecurity approach that incentivizes external researchers to identify vulnerabilities in an organization’s cyber infrastructure. These programs are rooted in economic principles, particularly cost-benefit analysis, as companies assess whether paying ethical hackers for discoveries is more cost-effective than experiencing a breach (Marotta et al., 2021).

The literature review on BBPs highlights several key factors that influence their effectiveness. First, the scope of BBPs is critical, as defining clear objectives ensures that researchers focus on areas of highest concern, optimizing resource allocation and addressing the most critical vulnerabilities. Additionally, the timing of crowd engagement plays a role in the efficiency of vulnerability discovery, with strategically planned programs yielding better security outcomes (Marotta et al., 2021).

Another critical factor is the quality of vulnerability submissions. Organizations must establish clear guidelines to ensure reported issues are well-documented and actionable. Furthermore, firm-researcher communication is essential for maintaining trust and efficiently resolving vulnerabilities. The motivation of ethical hackers also influences the program’s success, as factors such as monetary rewards, recognition, and the challenge itself drive participation (Marotta et al., 2021).

The discussion on BBPs also acknowledges potential challenges. While these programs can significantly enhance security, they require careful management to avoid inefficiencies. Issues such as defining clear program scopes, ensuring fair compensation, and maintaining transparent communication channels are pivotal to their success. If managed effectively, BBPs serve as a proactive approach to cybersecurity, allowing organizations to leverage external expertise to strengthen their defenses while maintaining cost-effectiveness (Marotta et al., 2021).

References

Marotta, A., Martinelli, F., Nanni, S., Orlando, A., & Yautsiukhin, A. (2021). A survey on cyber security bug bounty programs: Investigating the best practices, security threat coverage, and impact. Journal of Cybersecurity, 7(1), 1-22. https://doi.org/10.1093/cybsec/tyab007

Journal Entry 14

Andriy Links to an external site. SlynchukLinks to an external site. Links to an external site. has described eleven things Internet users do that may be illegal. Review what the author says and write a paragraph describing the five most serious violations and why you think those offenses are serious.

In his article “11 Illegal Things You Unknowingly Do on the Internet,” Andriy Slynchuk outlines several online behaviors that are surprisingly unlawful. Among these, the five most serious violations include collecting information about children under 13, faking your identity online, engaging in cyberbullying or trolling, recording VoIP calls without consent, and using someone else’s Wi-Fi without permission. Collecting data on minors without parental consent directly violates the Children’s Online Privacy Protection Act (COPPA) and puts children at risk of exploitation, identity theft, and other long-term consequences—making it one of the most egregious offenses. Similarly, impersonating someone online or creating fake identities can constitute fraud and be used to commit scams, harassment, or even cyberstalking, all of which erode public trust in digital spaces. Cyberbullying and trolling, while sometimes dismissed as harmless, can have devastating emotional and psychological effects, especially on young or vulnerable users. These behaviors often escalate into criminal harassment and can result in serious legal consequences. Recording VoIP calls without the other party’s knowledge violates wiretapping laws in many states and is a major breach of privacy. Lastly, accessing someone else’s internet network without permission may seem minor, but it constitutes theft of service and can be exploited to commit more serious cybercrimes anonymously, implicating the network owner in illegal activity. These offenses are serious not only because of their legal ramifications but because they threaten the safety, privacy, and well-being of individuals and communities online.

Journal Entry 15

  • Digital Forensics | Davin Teo | TEDxHongKongSalon– YouTubeLinks to an external site. Watch this video and think about how the career of digital forensics investigators relate to the social sciences. Write a journal entry describing what you think about the speaker’s pathway to his career.

After watching Davin Teo’s TEDx talk on digital forensics, I was really struck by how his career connects to both technology and social sciences in unexpected ways. Teo’s pathway into digital forensics wasn’t some straight, obvious line — it was shaped by curiosity, problem-solving, and a strong understanding of human behavior. What stood out to me was how he emphasized that behind every digital crime is a person making decisions, leaving behind traces of their actions. This ties directly to social sciences because understanding why people commit digital crimes, how they think, and what patterns they follow is just as important as the technical work of recovering data or cracking encrypted files.

Teo made it clear that digital forensics isn’t just about computers; it’s about people. Investigators in this field need to read between the lines, consider motives, and understand social interactions — both online and offline — to build a full picture of what happened. His career shows how critical social science concepts like psychology, sociology, and criminology are when it comes to interpreting digital evidence and behavior. I think it’s a perfect example of how tech careers are becoming more interdisciplinary, blending technical skills with a deep understanding of human nature and society. Teo’s story reminded me that careers in cybersecurity and digital forensics aren’t just about machines — they’re about people too.