Week 1 journal entry

“Review the NICE Workforce Framework. Are there certain areas that you would want to focus your career on? Explain which areas would appeal the most to you and which would appeal the least.”

week 2 journal entry

The principles of science, like empiricism, determinism, parsimony, and objectivity, are super important in cybersecurity. Empiricism is about using evidence and data, which helps when analyzing threats or testing security solutions. Determinism focuses on cause and effect, so it’s useful for figuring out what causes vulnerabilities or predicting attack patterns. Parsimony means keeping things simple, which is great for designing systems that are easier to manage and less likely to have errors. Objectivity makes sure decisions are fair and unbiased, especially when investigating hacks or choosing the best security tools.

By following these principles, cybersecurity experts can create strategies that actually work, protect systems better, and adapt to new threats as they come up. It’s all about being smart and scientific in keeping systems safe.

week 3 journal entry

PrivacyRights.org provides a lot of useful information about data breaches that researchers can use to study how and why they happen. By looking at the data, they can find patterns, like which industries get hacked the most and what types of attacks are common, such as phishing, malware, or insider threats. Researchers can also see how these breaches affect businesses and individuals, leading to financial loss, identity theft, or new security regulations. This information helps cybersecurity experts come up with better ways to prevent future attacks. They can also compare different industries, like healthcare and finance, to see which ones are most at risk and why. By analyzing trends over time, researchers can even predict future threats and recommend stronger security measures. Overall, PrivacyRights.org is a valuable resource for understanding cybersecurity risks and improving data protection.

week 4 journal entry

week 5 journal entry

I think the most reasonable motive for cybercrime is (1) money because a lot of hackers want to make a profit by stealing data, committing fraud, or using ransomware. It makes sense since money is a big motivator for people in general. (2) Revenge comes next because some people hack out of anger, like getting back at an ex or a former employer. (3) Political motives are also pretty common since hacktivists use cyberattacks to push their beliefs or protest against governments. (4) Recognition is another reason, as some hackers just want to prove how skilled they are and get attention. (5) Multiple reasons come next since many hackers don’t just have one motive, they might want money, revenge, and recognition all at once. (6) Entertainment is a weaker motive, but some hackers do it just for fun. Finally, (7) boredom seems like the least convincing reason. It’s hard to believe someone would commit cybercrimes just because they have nothing better to do.

week 6 journal entry

Identifying fake websites is crucial to protecting personal information. One common tactic used by scammers is typosquatting, where they create URLs with slight misspellings or character substitutions. For example, a fake website like “www.paypa1.com“ replaces the letter ‘l’ with the number ‘1,’ making it look similar to the legitimate “www.paypal.com.” Another example is “www.amaz0n.net,” where the ‘o’ is replaced with ‘0,’ and the domain extension is changed from “.com” to “.net” to trick users into thinking they are on “www.amazon.com.” Similarly, “www.goggle.com“ is a deceptive misspelling of “www.google.com.” These fraudulent websites often lack HTTPS encryption, use poor design, or contain misleading trust seals. To avoid falling victim to such scams, always verify URLs for correct spelling, check for HTTPS security, and look for official trust seals that can be authenticated. (DigiCert, Wikipedia)

week 7 journal entry

week 8 journal entry

week 9 journal entry

I scored a 1 on the Social Media Disorder scale, which means I have regular usage of social media but don’t seem to experience any major problems with it. I think that’s a pretty balanced place to be because I use social media to stay connected with friends, check out what’s going on in the world, and pass time when I’m bored, but it doesn’t take over my life. Some of the items on the scale really made me think about how easy it is for people to get addicted to social media without even realizing it. For example, questions about losing track of time or feeling stressed when you can’t check your social media seemed like things that could happen to anyone if they’re not careful.

I also think it’s interesting that different patterns of social media usage are found around the world. In some places, people might rely on social media more because it’s their main way to stay in touch with others or get news and information. In other places, people might use it less or in different ways depending on their culture or how much access they have to the internet. Overall, social media has a lot of positives, but it’s clear that it can also cause issues if you’re not paying attention to how much time you spend on it or how it affects your life. That’s why it’s important to stay aware and make sure that social media doesn’t become a problem.

week 10 journal entry

The article talks about how cyber threats don’t just attack computers, they also mess with people’s minds and society. It explains how things like fake news and online manipulation can cause chaos and even affect national security. The author says we need to combine cybersecurity and social science to stop these threats. I thought it was really interesting because it shows how hackers don’t just steal data; they also trick people into believing lies. It made me realize how important it is to think critically about what we see online.

week 11 journal entry

The video explains that being a cybersecurity analyst isn’t just about working with computers, it also involves a lot of teamwork and communication. Analysts have to work with different people in a company, from IT teams to managers, to keep everything secure and respond to cyber threats. The job also requires constant learning because hackers are always coming up with new ways to attack, so staying updated on the latest technology and trends is crucial. Analysts also have to think like the attackers to stay ahead of them, which means they need strong problem-solving skills. Another big part of the job is protecting people’s personal information, which helps keep businesses and communities safe. It also emphasizes how cybersecurity is all about trust, and without it, people could lose confidence in digital systems. It really shows how cybersecurity isn’t just a tech job, it also has a big social impact, making sure people feel secure and safe in a digital world.

week 12 journal entry

The sample data breach notification letter from Glasswasherparts.com shows how economics and social science ideas connect to real-world problems. One economic theory that relates to the letter is cost-benefit analysis. This is when a company decides if the cost of doing something, like improving cybersecurity, is worth it compared to the possible losses from something bad happening like a data breach. In this case, it seems like the company didn’t invest enough in security, and now they’re dealing with the consequences, which probably cost more in the long run. Another economic theory is externalities. That’s when a company’s actions affect other people who weren’t directly involved. The data breach hurt the customers by putting their personal information at risk, even though they didn’t do anything wrong. This shows how the company’s decision had negative effects on others.

From a social science perspective, one theory that fits is neutralization theory. This is when people or companies try to make their actions seem less bad. In the letter, the company says they aren’t aware of any actual misuse of the information, which might be their way of downplaying the situation to avoid blame. Another social science theory that connects is crisis communication theory. This theory is about how organizations deal with bad news and try to keep people’s trust. In the letter, the company explains what happened, what they’re doing about it, and gives people steps they can take to protect themselves. This shows they’re trying to manage the situation and keep their reputation. Overall, the letter is a good example of how both economic and social science theories apply to real cybersecurity problems.

week 13 journal entry

Bug bounty programs are designed to address the growing cybersecurity concerns by engaging freelance hackers to find vulnerabilities within companies’ systems. These programs offer companies a cost-effective way to identify weaknesses in their cyber infrastructure, especially for smaller organizations that may not have the resources to hire full-time security experts. The article discusses how bug bounty programs help by leveraging a global network of ethical hackers who bring diverse skill sets and perspectives, making it easier for companies to detect issues that internal teams might miss. Additionally, the growing trend of bug bounty programs has led to the rapid increase in payouts, with major platforms like HackerOne paying out hundreds of millions of dollars to researchers. However, the article also highlights the challenges in measuring the effectiveness of these programs, particularly due to factors such as industry differences and program age. The research presented in the article suggests that even small companies with fewer resources can still derive significant cybersecurity benefits from participating in bug bounty programs, which is encouraging news for organizations that struggle to compete with larger, well-funded corporations in the cybersecurity space.

week 14 journal entry

In the article by Andriy Slynchuk about illegal things people do online, there are five violations that seem the most serious to me. First, collecting information about children is a big deal because it can lead to kids being targeted or exploited, which is really dangerous. Second, faking your identity online can cause a lot of harm, like tricking people or stealing their money. Third, sharing other people’s passwords, addresses, or photos without asking them is a huge invasion of privacy and can lead to bullying or identity theft. Fourth, cyberbullying and trolling are serious because they can hurt people emotionally and even lead to depression or worse. Lastly, using unofficial streaming websites might not seem that bad, but it’s actually illegal and can infect your device with viruses. These things are all serious because they don’t just break the law they can really hurt people in real life.

week 15 journal entry

After watching Davin Teo’s TEDx talk, I thought it was really interesting how he ended up working in digital forensics. He actually started out in accounting, which isn’t something you usually think would lead to a career in tech. I liked how he showed that you don’t always have to take a straight path to find your career — sometimes different skills can still help you get where you want to go.

I also realized that digital forensics connects a lot to the social sciences. It’s not just about computers and hacking; it’s also about understanding people. Like, when someone commits a cybercrime, investigators need to figure out why they did it, what their patterns are, and what kind of behavior to look for. That’s where things like psychology and sociology come in.

Another thing Teo talked about was ethics. He made it clear that digital forensics isn’t just about finding evidence — it’s about being fair and thinking about the people behind the data. I thought that was really important because sometimes people forget there’s a real person on the other side of the screen.

Overall, I thought Davin Teo’s story was cool because it showed that you can bring different experiences into a career, and that digital forensics isn’t just about technology — it’s about people too.

Article Review #1

Impact of Cybersecurity and AI’s Related Factors on Incident Reporting
Suspicious Behavior and Employees Stress

David Knoepp
February 16, 2025
BLUF
This study looks at how cybersecurity measures and AI-related factors affect employees’ stress
levels and their willingness to report suspicious activity. It also explores how cybersecurity
training can help reduce stress and improve reporting behavior. The findings show that proper
training makes employees more likely to report incidents and feel less stressed about
cybersecurity threats.
Introduction
Cybersecurity is a big deal in today’s digital world, and it’s important to understand how it
impacts people in the workplace. This article, written by Vimala Venugopal Muthuswamy and
Suresh Esakki, focuses on how AI and cybersecurity policies affect employees’ stress and their
decision to report suspicious activities. The study is useful because it connects cybersecurity with
psychology and workplace behavior, which are key areas of social science.
Research Questions & Hypotheses
The main question this study asks is: How do AI-related cybersecurity factors influence
employees’ stress and their likelihood of reporting suspicious behavior? The researchers
hypothesize that AI-driven cybersecurity systems can either increase or decrease employee
stress, depending on how well employees understand and interact with these technologies. They
also predict that cybersecurity training will help reduce stress and improve reporting.
Research Methods
This study used a survey-based research method. Employees from different organizations were
asked about their experiences with cybersecurity, AI technologies, and their willingness to report
security threats. The researchers used statistical analysis to find patterns in the responses and
determine how different factors affected employee stress and reporting behavior.
Data & Analysis
The researchers collected survey responses from employees in various industries. They analyzed
the data using statistical models to see if there were connections between AI-driven

cybersecurity factors, employee stress levels, and incident reporting. The results showed that
employees who received proper cybersecurity training felt less stressed and were more likely to
report suspicious behavior. On the other hand, employees who didn’t get enough training felt
more overwhelmed and avoided reporting incidents.
Connections to Course Concepts
This study connects several social science concepts we’ve talked about in class, like
organizational behavior, workplace stress, and the psychology of decision-making. It also ties
into cybersecurity ethics, since employees play a major role in keeping systems safe. The study
highlights the importance of cybersecurity training, which aligns with the idea that awareness
and education are key to reducing risks.
Impact on Marginalized Groups
The study doesn’t focus specifically on marginalized groups, but its findings are still relevant.
Employees in lower-paying jobs or those with less access to technology training may struggle
more with cybersecurity stress. If companies don’t offer proper training, these employees might
feel more anxious about making mistakes, which could discourage them from reporting security
threats.
Societal Contributions
This study is important because it shows that good cybersecurity training can make workplaces
safer and less stressful. When employees understand AI-driven security systems, they’re more
likely to take action against threats instead of ignoring them. Companies can use these findings
to create better training programs, which will help prevent cyberattacks and protect sensitive
information.
Conclusion
Overall, this study provides valuable insights into how cybersecurity and AI affect employees in
the workplace. It shows that training plays a big role in reducing stress and improving security
reporting. The findings suggest that companies should invest more in cybersecurity education to
create a safer and more informed workforce.
References
Muthuswamy, V. V., & Esakki, S. (2023). Impact of Cybersecurity and AI’s Related Factors on
Incident Reporting Suspicious Behavior and Employees Stress: Moderating Role of
Cybersecurity Training. International Journal of Cyber Criminology.

https://cybercrimejournal.com/menuscript/index.php/cybercrimejournal/article/download/330/99/637

Article Review #2:

Cybersecurity when Working from Home during COVID-19: Considering
the Human Factors
David Knoepp
April 6, 2025
Introduction
The COVID-19 pandemic changed the way people work, with many businesses shifting to
remote work. This created new challenges for cybersecurity, as employees worked from home
with less oversight. The article “Cybersecurity when Working from Home during COVID-19:
Considering the Human Factors” by Monica T. Whitty and others, published in the Journal of
Cybersecurity in 2024, looks at how human factors affect cybersecurity when people are working
remotely. (academic.oup.com)
Connection to Social Science Principles
This study connects to social science ideas because it focuses on how people’s actions and
behaviors impact cybersecurity. It shows how employees’ attitudes and their understanding of
security practices can affect how safe the work environment is. The article looks at how
individuals, within their work culture, contribute to or reduce cybersecurity risks.
Research Questions and Hypotheses
The article asks: How do human factors influence cybersecurity for people working from home
during COVID-19? The researchers believe that because many workers were not trained
properly, and because home environments are less secure, the risk of cybersecurity issues
increased.
Research Methods
The researchers used surveys and interviews to collect data. The surveys were given to remote
workers to learn about their experiences with cybersecurity at home. The interviews gave the
researchers deeper insights into the specific challenges people faced, like not having secure
systems or understanding security measures.
Data and Analysis
The data collected from surveys were analyzed using statistics to find patterns, like whether
employees who received more training had fewer security issues. The interviews helped the
researchers understand the personal experiences behind the numbers. They identified common
themes, like people’s frustrations with balancing work and personal life in a digital world.

Connection to Course Concepts
The article connects to the concepts we’ve learned in class about how human behavior affects
cybersecurity. The PowerPoint presentations from class emphasized that cybersecurity is not just
about technology but also about how people use it. This article shows that people’s actions—like
using weak passwords or clicking on suspicious links—can make cybersecurity harder to
maintain.
Implications for Marginalized Groups
The article also talks about how marginalized groups might be more affected by cybersecurity
risks. For example, some people may not have access to the latest technology or security
training. The article suggests that businesses should make sure all employees, regardless of their
background, have the resources they need to stay secure while working from home.
Contributions to Society
This research helps society by showing that cybersecurity isn’t just about technology, but also
about people. By understanding human behaviors and challenges, businesses can create better
security policies that protect everyone. This can help reduce the number of cyberattacks, which
would make the digital world safer for everyone.
Conclusion
The article by Whitty and others teaches us that human factors play a big role in cybersecurity. It
reminds us that, especially in remote work environments, we need to focus on both technology
and people to keep things secure. The study gives good advice on how to improve cybersecurity
practices in the future, especially as more people continue working from home.
References
Whitty, M. T., et al. (2024). Cybersecurity when working from home during COVID-19:
Considering the human factors. Journal of Cybersecurity, 10(1). (academic.oup.com)

career paper

David Knoepp
Cybersecurity Career Professional Paper
CYSE-200: Cybersecurity, Technology & Society
April 13, 2025
Cybersecurity Awareness and Training Specialist: A Career That Helps People Stay Safe Online
BLUF (Bottom Line Up Front):
Cybersecurity Awareness and Training Specialists help people learn how to stay safe online.
They use ideas from social science, like how people think and act, to teach good cybersecurity
habits. They also make sure everyone, including people from marginalized groups, can
understand and follow safety practices.
Introduction
When most people think about cybersecurity, they think of computers, coding, or hacking. But
there’s a very important side of cybersecurity that’s all about people. That’s where Cybersecurity
Awareness and Training Specialists come in. Their job is to help others learn how to avoid
online dangers like scams or phishing emails. To do this, they use ideas from social sciences—
like psychology, sociology, and communication. This paper talks about how this career uses
those ideas, how it connects to what we’ve learned in class, and why it’s important to society and
to people from different backgrounds.
How Social Science Is Used
This career depends a lot on understanding how people think and behave. For example, people
don’t always follow security rules, even when they know them. Awareness specialists use
psychology to figure out why. They know that if people feel confident and understand the risks,
they’re more likely to follow the rules. They also use ideas from sociology to understand how the
culture of a workplace affects how people act. If a company cares about cybersecurity, the
employees will probably care too.
One example of social science in action is when specialists use surveys or focus groups to learn
what kind of training works best. This helps them create better programs that actually work in
real life. It shows how social science research is important for solving real problems in
cybersecurity.
Class Concepts That Fit This Career

There are several ideas from class that connect directly to this job:
Human Factors – People are often the biggest weakness in cybersecurity. This job is all about
fixing that.
Social Engineering – Awareness training teaches people how to spot scams and tricks from
hackers.
Risk Communication – The job involves explaining dangers in a way people can understand.
CIA Triad – The work supports confidentiality, integrity, and availability by teaching smart
habits like strong passwords and being careful with emails.
These ideas are part of what we’ve learned in class, and they are used every day by people in this
career.
Helping Marginalized Groups
Not everyone learns or understands technology the same way. That’s why this career is
especially important for marginalized groups, like people who speak different languages, have
disabilities, or don’t have a lot of experience with technology.
Here are some problems these groups face:
Language barriers – Some people can’t understand the training if it’s only in English.
Accessibility issues – Training videos or materials might not work well for people with vision or
hearing problems.
Lack of trust – Some communities don’t trust government or company messages due to past
experiences.
Training specialists have to think about all these things and find ways to include everyone. That
might mean making videos with subtitles, writing in simpler language, or working directly with
community leaders to earn trust.
How the Job Helps Society
This job matters a lot to everyone in society. It’s not just about helping one company. When
people know how to protect themselves, fewer cyberattacks happen. That means schools,
hospitals, banks, and more can run safely.
Cybersecurity Awareness and Training Specialists make a big impact by teaching people how to
be safe online. Their work supports public safety, national security, and helps protect people’s
personal information. They also help people feel more confident using technology, which is
really important today since we use the internet for almost everything.

Conclusion
Cybersecurity Awareness and Training Specialists do more than just talk about rules—they help
people understand them and follow them. They use social science ideas, like how people think
and act, to create better training. They also make sure their programs include everyone,
especially people who might normally be left out. This career is a great example of how social
science and cybersecurity work together to keep people and information safe.
References
Hadnagy, C. (2018). Social Engineering: The Science of Human Hacking. Wiley.
Wash, R. (2010). Folk models of home computer security. Proceedings of the Sixth Symposium
on Usable Privacy and Security.
Parsons, K., McCormac, A., Butavicius, M., & Ferguson, L. (2019). Human factors and
information security: individual, culture and security environment. Australian Department of
Defence.