Journal entry 1: The NICE Workforce Framework
Having learned about the NICE Workforce Framework, the area that I would like to
specialize in my career is Program/Project Management. I like this area because it involves
planning, organizing, and ensuring that projects are completed successfully. Leadership and
team management are strengths that I enjoy, and project management would allow me to apply
these abilities to manage individuals and keep things in motion. My least favorite field is Design
and Development. Even though I realize it’s important to create systems and tools, I’m less
interested in the technical process of creating software or in programming. I would prefer to
concentrate on planning and project management as opposed to designing or programming.
In general, I am most drawn towards the management facet of cybersecurity, where I get to
combine leadership and safety, and least drawn towards the technical development and design
end.
Journal entry 2: How does the principle of empiricism enhance the effectiveness of cybersecurity practices?
The empiricism principle helps to support cybersecurity by utilizing tangible evidence for decision making as opposed to speculation. By collecting data and analyzing past attacks, organizations are able to anticipate attack k patterns and emerging threats before they spread. Empirical data also allows security teams to experiment and measure the effectiveness of existing defenses rather than speculate. For example, logs and intrusion attempts can be used to detect vulnerabilities that have not been encountered before. This empirical approach signifies that the strategies are continually being revised to address evolving threats. Overall, empiricism enhances cybersecurity as it makes it proactive, responsive, and based on tested outcomes instead of speculation
Journal Entry 3: Research PrivacyRights.org to see the types of publicly available information about data breaches. How might researchers use this information to study breaches and forecast future data breach trends?
PrivacyRights.org’s “Data Breach Chronology” contains publicly accessible data such as the number of records leaked, the type of information leaked, like names, addresses, and Social Security numbers, date of data breach, organization, and how the breach was done. Analysts can then use that data to identify trends over time, like which industries are hit hardest, what kind of information is most frequently targeted, or which kinds of breaches are increasing. From those trends, they can forecast where breaches will increase, inform policy recommendations, and help organizations gauge and maximize security spending
Journal entry 4: Maslow’s Hierarchy of Needs
Maslow’s Hierarchy of Needs can be applied to how I use technology on a daily basis. On the
physiological level, technology supports the satisfaction of primary needs through food delivery
applications or fitness watches. For safety needs, I employ antivirus software and password
security to protect my information online. On the love and belonging level, social media and
messaging applications help me build relationships with friends and family. The esteem level is
experienced when I am successful at completing online learning modules or having followers on
social sites. Finally, self-actualization is experienced when I use technology for creativity, like
doing digital artwork or writing assignments, where I am able to express my full potential.
Journal entry 5: Rank the motives from 1 to 8 as the motives that you think make the most sense (being 1) to the least sense (being 8).
The most logical cybercrime motive is financial, since most hackers target profit through theft or scamming. The second motive is political, as they desire to spread ideologies or attack governments. Revenge is the third motive, as resentful feelings can spur cyberbacklash. Recognition is the fourth motive, as fame is hackers’ motivation. The fifth motive is curiosity, as it satisfies teenager experimentation. There follow multiple motives as hackers mix purposes. Entertainment comes seventh since committing crimes for enjoyment appears illogical. Boredom comes last since it normally results in petty mischief, not full-scale attacks. Generally, greed and power are behind most cybercrimes, followed by less plausible impulsive motives.
Journal entry 6:
Three examples of fake websites are scam versions of the FBI’s IC3 portal, fake university login
pages, and counterfeit retail stores. The real IC3 site is ic3.gov, while fake ones use misspelled or
unusual domain names to steal personal information (CISA, 2024). Fake university pages copy
school logos but appear on strange URLs and trick users into giving their passwords (Norton,
2024). Counterfeit retail websites replicate popular brands, advertise huge discounts, and hide
their contact details (FTC, 2024). In contrast, legitimate websites have secure HTTPS
connections, professional designs, correct spelling, and visible contact details. The main red flags
for counterfeit websites are unusual web addresses, urgent messages, and demands for personal
or financial data.
References:
CISA (2024); Norton (2024); FTC (2024)
Journal entry 7:
Photo #4
(Person using public Wi-Fi at a coffee shop, totally focused on their laptop)
Meme Caption: Free Wi-Fi hits different until your data does too.
Explanation (Human-Centered Cybersecurity):
This meme highlights how convenience bias and trust in familiar environments lead users to
take unnecessary risks. The person values quick internet access over security, forgetting that
public networks are vulnerable to eavesdropping. It reflects a common human tendency to
underestimate invisible cyber threats when physical surroundings feel safe.
Photo #7
Someone covering their webcam with tape or a sticky note
Meme Caption: Trust issues: 99% with people, 1% with my webcam.
Explanation (Human-Centered Cybersecurity):
This meme focuses on privacy awareness and perceived control. The user shows a heightened
awareness of surveillance but takes a simple, low-tech step—taping the webcam—to feel
secure. It connects to human-centered cybersecurity by showing how emotions like fear and
mistrust motivate defensive behaviors, even when the technical risk might be minimal.
Photo #10
An employee leaves their computer unlocked while walking away
Meme Caption: BRB leaving the door to my digital house wide open.
Explanation (Human-Centered Cybersecurity):
This meme demonstrates security fatigue and habitual neglect. The individual probably knows
the policy (“Lock your screen when you leave”), but daily routines, distractions, or
overconfidence cause lapses in judgment. From a human-centered lens, it shows how security
depends as much on behavioral design and workplace culture as on technology itself.
Journal entry 8: Media and Cybersecurity
I learned through watching the video how easy it is for Hollywood and TV to make
hacking appear so much more exciting than it really is. They show hackers clacking away on the
keyboard, breaching systems in a second or two, and using bright screens full of code. In reality,
cybersecurity takes patience, focus, and skill. I think that the media creates the false
impression, which makes hacking easy or even cool. But some of these scenes are capable of
making one interested in technology or making one go study cybersecurity. For the most part,
the media controls how we view hackers but never presents the complete picture.
Journal Entry 9:
Once I had watched the video, I started thinking about how social media affects both our
online security and our personalities. When I took the Social Media Disorder Scale, my score
showed that I use social media a lot, but not in an unhealthy way. There were a few questions
that made me think, like how often I check my phone or how weird I feel when I am offline. I
think different patterns throughout the world stem from how people use social media some for
business, others strictly for fun. Culture, technology, and lifestyle all play a big part in that.
Journal Entry 10:
Today I read an article about social cybersecurity, which exposes how human behavior and
social networks feature prominently in online security. The authors explained that cyber threats
are not limited to hacking or malware, but also include misinformation and manipulation through
social media. I found it interesting how technology and psychology connect in this field, showing
that people can be targeted just like computers. This article made me understand that real
cybersecurity requires both technical defenses and social awareness to keep communities safe
online.
Journal Entry 11:
The video shows that being a cybersecurity analyst isn’t all about computers; it’s also about
people. Analysts study how users behave online to protect them from scams, hacking, and data
leaks. A big theme is trust-understanding how people can be tricked into giving up information.
Another theme is education, since analysts must teach others how to stay safe. This occupation
joins social awareness with technology, proving that human behavior plays a major role in
building a secure online world.
Journal Entry 12:
he sample data breach notification explains that attackers had placed malware on the
company’s website and collected customer information, such as names, addresses, phone
numbers, and payment card details. Looking at this through economics, the incident relates to
both cost-benefit analysis and agency theory. Cost-benefit analysis shows up in how the
company weighs damage to its reputation and the legal risks against the cost of responding,
notifying customers, and hiring cybersecurity experts. Agency theory comes up because the
company relied on a third-party platform provider, and that provider’s failure created
consequences for both the business and its customers. When an “agent” fails to protect data
properly, then the “principal” must bear the ramifications, which in this case is what happened.
Some psychological and social science theories explain the company’s response, too. The
breach directly relates to the aspect of trust and risk perception, where customers naturally feel
anxious when they learn that their personal information may have been exposed without their
knowledge for months. The company tries to rebuild such broken trust through transparency
about what happened and by giving customers steps they can take themselves to protect
themselves. The situation also relates to organizational legitimacy theory, dealing as it does with
how companies keep their reputation and social approval. A data breach threatens that
legitimacy, so the notification letter is a repair strategy whereby the company shows
responsibility, cooperation with investigators, and efforts to prevent future incidents. These
theories jointly reveal how cybersecurity events aren’t just technical failures but economic,
social, and psychological challenges that shape how companies respond and customers
subsequently feel.
Journal Entry 13:
Bug bounty policies allow firms to pay white hat hackers for discovering vulnerabilities in
their systems, and the literature review of the article provides the reasons why such an idea has
grown so fast. Researchers comment that most organizations lack sufficient in-house
cybersecurity skills and thus rely on external experts who like challenges and wish to test their
skills. The review also sets the record by stating that bug bounty programs seem to function
much like an economic system, where companies weigh the cost of paying rewards against the
benefits of fixing problems before real attackers find them. Past studies indicate that money is
an important motivator, but nonfinancial motivations such as reputation, curiosity, and
community also play a key role in determining hackers’ participation.
The discussion of findings has explained that increasing the bounty payments does not
greatly raise participation. They determined that most hackers are not strongly driven for more
money, which surprised me because I had expected higher rewards to attract more participants.
Another important finding is that small companies get as much benefit as big ones. The amount
of valid reports they receive about vulnerabilities isn’t strongly influenced by the company’s size
or fame. The study also shows that older programs slowly receive fewer valid reports as time
goes on; this is because the easiest bugs get discovered first. This indicates that bug bounty
programs must be updated or expanded over time to remain effective.
Overall, I think the article really shows that bug bounty programs are useful but not a
panacea. I was impressed by the motivation beyond money, making the hacker community
more collaborative rather than just a marketplace. At the same time, these findings made me
realize that companies can’t rely on bug bounties alone, they need good internal cybersecurity
practices and regular updating to keep the program meaningful. The article helped me
understand how economic thinking and human behavior both shape cybersecurity policies and
why careful planning is necessary for these programs to truly protect an organization.
Journal Entry 14:
After reviewing the list, the five most serious online violations are using copyrighted
images, sharing other people’s personal information, faking your identity online, collecting
information about children, and bullying or trolling. Using copyrighted images is serious because
it takes someone else’s creative work without permission, that is a form of digital theft. Sharing
another person’s passwords, photos, or address is even more dangerous because it puts their
privacy and safety at risk. Faking your identity online is a major offense since this may be used
to scam people or manipulate them into revealing sensitive information. Collecting information
about children is extremely serious because it could expose minors to predators or other
detrimental situations. Finally, bullying and trolling are serious violations because damage to
mental health can create long-lasting emotional harm. These offenses count because they don’t
just break rules, they can cause real-world consequences for people’s safety, rights, and well
being.
Journal Entry 15:
The video raised a number of ethical questions in my mind, including deepfakes and AI in general. How could these technologies be used to deceive people? One of the big concerns, of course, is that someone can take your face or your voice and use it to scam someone or damage your reputation. It also begs the question as to who is responsible when this technology is used in harmful ways: is it the person who created the AI, the platform that allowed it, or the criminal who used it? I think it really calls for more rules in society, more tools to identify fake videos and protect people’s identities. We also need more public education about the realism of deepfakes, so people understand what the risks are. If people understand the risks, they can be more careful online. Overall, the video shows AI can be useful, but we must address these issues to keep people safe.