Journal Entries

Module 1:

Pursuing a career in cybersecurity incident response strongly appeals to me given the action-oriented critical thinking, tight team collaboration, frontline defense duties, and varied assignments inherent in the role. I’m eager to leverage my analytical abilities and resilience in confronting security threats hands-on by quickly gathering information, implementing creative technical mitigation strategies, coordinating across stakeholders, and directly protecting systems and data in real-time as threats unfold. The ability to have a direct impact on critical security outcomes by tackling ever-evolving threats on the frontlines aligns perfectly with my interests and competencies. I aim to utilize my communication skills to drive unified response efforts across teams as well as apply past learnings while rapidly analyzing and solving complex technical challenges under pressure as no two incidents are ever the same. The tremendous variety and constantly evolving nature of security threats and puzzles to solve makes an incident response career extremely motivating to me.

Module 2:

The principles of science are fundamental to the field of cybersecurity, providing a systematic and empirical foundation for understanding, analyzing, and securing information systems in the digital landscape. The scientific method, with its emphasis on observation, hypothesis formation, experimentation, and analysis, is mirrored in cybersecurity practices. In threat detection, professionals observe patterns and anomalies in network traffic, form hypotheses about potential breaches, conduct experiments, and analyze results, ensuring security strategies are evidence-based. Additionally, the principles of repeatability and falsifiability, integral to scientific inquiry, are directly applied in cybersecurity, where measures must be consistent and subject to rigorous testing for vulnerability identification and rectification. This scientific mindset, characterized by constant testing, learning, and adaptation, is crucial in the dynamic and evolving landscape of cyber threats. Ultimately, these principles underpin a proactive and evidence-driven approach in cybersecurity, enabling the field to anticipate, prevent, and effectively respond to the diverse and sophisticated challenges posed by malicious actors in the digital realm.

Module 3:

Researchers could leverage the comprehensive data breach reports compiled on the Privacy Rights website to conduct in-depth analysis on security incidents, identify trends and patterns in breaches, correlate risk factors leading to breaches, and derive models to predict future breach likelihoods.

The detailed repository captures critical dimensions around publicly disclosed breaches including the organization, industry sector, type and sensitivity of data exposed, root causes of the breach, number of people impacted, consequences faced by the organization, and mitigation best practices. Researchers have a wealth of metadata to perform longitudinal statistical analysis to uncover insightful findings around antecedents and outcomes of security incidents. Risk models can be developed by closely studying correlation of different variables to breach events and severity. Researchers can track changes in breach types, affected industries, emerging vulnerabilities and other shifts across time. Deep qualitative review of breach summaries can identify recurring internal process and system gaps for security best practice recommendations. In essence, the website enables myriad research opportunities through comprehensive breach data warehousing and accessibility.

Module 4:

Maslow’s Hierarchy of Needs provides a framework for understanding human motivation and development, and when applied to technology, each level of the hierarchy can be reflected in our digital experiences. At the foundational level of physiological needs, technology satisfies basic requirements for communication, sustenance, and safety, such as accessing emergency services through smartphones or ensuring food security through online delivery platforms. Moving up to safety needs, digital security measures like two-factor authentication and encryption technologies contribute to a sense of online safety. Social needs are met through social media platforms, connecting individuals globally and fostering a sense of belonging. Esteem needs find expression in the pursuit of online recognition, achievement in video games, or professional success facilitated by digital platforms. At the self-actualization level, technology offers opportunities for personal growth, creativity, and learning, such as through online courses or creative software. In my experiences, technology has seamlessly woven into each layer of Maslow’s Hierarchy, serving as a multifaceted tool that not only fulfills basic needs but also enhances social connections, self-esteem, and personal development.

Part 2:

The video provides an insightful analogy between different types of fishing and various cyberattack techniques that relate to potential victimization. Just as phishing uses deception by posing as trustworthy entities to hook victims, other forms of cyberattacks prey on vulnerable targets in ways evocative of fishing methods.

Spear phishing’s directed targeting of select individuals based on personal details mirrors bait fishing’s increase likelihood of catches from customized bait. Mass spam malware campaigns akin to net fishing cast wide to maximize reach even with lower success rates. Social engineering parallels fly fishing’s skillful manipulation and lures victims through psychological tricks instead of technical exploits. And worms’ self-propagation cracking passwords randomly to spread infect numerous systems resembles trawling’s indiscriminate harvest of marine life through dragnets.

Additionally, the emphasis on hand washing for doctors relates to maintaining high standards of hygiene or “cyber hygiene” through best practices like strong access controls and system hardening to prevent infections from spreading. Just as poor hand hygiene raises healthcare infection risks and epidemics, inadequate cyber hygiene enables threats and vulnerabilities to propagate, highlighting why both doctors and security professionals must uphold disciplined prevention habits. Instilling basic cyber hygiene through training just like proper hand washing techniques arm individuals and organizations to stay protected amidst modern technological and security threat landscapes.

The video artistically connects the idea that just as developments in fishing enabled more advanced captures, cyberattack techniques continue to evolve in sophistication. Maintaining vigilance through strong cyber hygiene is key to sidestepping the variety of traps set by increasingly skilled adversaries using varied attack surfaces and vectors across interconnected systems.

Module 5:

  1. Ideology/Hacktivism – Standing up for political, social or environmental causes seems like the most principled motive. Issues like human rights, corruption, etc. deserve awareness and change.
  2. Revenge – Seeking justice against direct personal wrongs is understandable though misguided. Victims should use proper legal channels.
  3. Ego/Status – Wanting recognition for technical prowess or achievements has some validity but shouldn’t override ethics. Healthy acknowledgment differs from crude boasting.
  4. Financial Gain – Direct profits drive most cybercrime today for basic economic incentives. But illegally obtained wealth causes societal harms.
  5. Sexual Exploitation – Taking advantage of vulnerable groups for sexual gratification is completely unethical and can enable further predators.
  6. Addiction/Vice – Indulging destructive personal vices rarely leads to good outcomes for the hacker or society-at-large.
  7. Amusement – Causing turmoil, embarrassment or harm to random victims purely for twisted entertainment makes little sense morally.

I ranked ideology highest given the selfless motivation tied to greater good, followed by revenge which has some grounding in retributive notions. Ego and financial motives have shades of understanding despite being misaligned behavior. The last three motives involving exploiting targets seem the hardest to justify from an ethical perspective. Of those, amusement seems especially inexplicable as a standalone reason to harm others.

Module 6:

Fake Websites:

  1. 16WMPO.com
  • Amateur logo and web design
  • Registration details are hidden
  • No clear business purpose or contact info provided
  1. 20minuts.com
  • Typo in the domain name
  • Plain text without professional formatting
  • No links work properly – broken site
  1. 24usnews.com
  • Attempts to mimic a real news site but lacks history/reputation
  • Articles are fake and focused on advertising/phishing

Real Websites:

  1. Nike.com
  • Uses real Nike branding and logos
  • Smooth user interface and navigation
  • Working customer service options
  • Longstanding domain with history
  1. Adidas.com
  • Official Adidas branding/trademarks
  • Professional site design and images
  • Real contact info and store locator
  • Domain in use since 1996
  1. Psiexams.com
  • Accurately represents the real PSI exam services
  • Proper company details and contact info
  • Secure certification portal for users
  • Active since 2003 with established reputation

The key differences come down to legitimacy details like proper branding, design, functionality, reputation history, working contact points, and overall transparency. The fakes mimic sources with more brand recognition but lack the heritage, access, or care that true official sites provide.

Module 7:

The meme “Why are there so many password rules? I can never remember them!”

This meme highlights a prospective user attitude of frustration and difficulty around security tool usability – namely complex password requirements. It identifies transparency issues around lack of understanding behind the rationale and value of reasonable password policies.

Cross analyzing similar memes around say, annoyance at 2-factor authentication prompts, relief from biometric logins, or satisfaction with built-in encryption communications can paint a broader picture of user needs. The goal is discerning where security technology acceptance, adoption and compliance excel versus flounder and why – based on assessing emotional sentiment, motivation levels, perceived transparency and more.

Essentially the meme captures a variety of user mindsets to emphasize intersecting factors that influence cybersecurity outcomes when humans interact with protective systems. This facilitates more empathetic, user-centric safeguard designs better aligned with human capabilities and limitations.

Module 8:

The media’s tendency to play up the most dramatic cyber breach cases as representative paired with overly simplistic blaming of hackers as evil masterminds fuels misperceptions of cyber threats being unavoidable, impossible to understand for average users, or down to lone geniuses while glossing over systemic factors; this exaggeration of severity and technical mystification breeds feelings of helplessness and fear disproportionate to realities by omitting critical nuances around probabilistic risks and achievable safeguards, made worse by reporting prone to false binary thinking claiming security is either totally effective or nonexistent – the core challenge remains that balanced analysis with measurable risks/responses struggles for public attention compared to alarming stories boasting jargon-laden proclamations about “mega breaches” defying prevention or privacy being “impossible,” meaning media awareness around its own cognitive biases is key to enabling more disciplined public coverage and informed understanding of practical cyber hygiene.

Module 9:

I would likely score moderately high on personal responsibility aspects like updating devices/software, avoiding risky links, and using complex passwords. However, I may score lower on proactively monitoring financials and backing up data routinely. So perhaps an overall score around 7/10.

The scale seems to capture reasonable habits like staying vigilant against phishing attempts and enabling two-factor authentication. However basic technical issues like backups don’t necessarily correlate directly to consciousness. Varied cultural and economic realities also shape attitudes — and access to security tools.

Patterns found globally often boil down to infrastructure factors enabling cyber hygiene. More advanced digital economies tend to prioritize cyber issues for consumers through regulations, awareness programs etc. Citizens can better safeguard data/rights when companies and governments provide guardrails.

Conversely, developing countries still modernizing technology systems often see cyber as more abstract concern compared to daily living challenges. But increased internet access also fuels collaborations raising consciousness. Overall a balanced approach accounting for socioeconomic divides seems needed to uplift security capacities worldwide.

The video makes a fair argument that quantifying cultural inclinations, while imperfect, allows tracking changes over time. No single number defines aptitude but rather intended to inspire assessments enhancing user-centric safeguards for diverse populations. Defining progress requires measurable baselines — when drawn responsibly.

Module 10:

The article argues that prevailing device and network-centric models provide inadequate cybersecurity. Instead, a “social cybersecurity” lens focused on human vulnerabilities and manipulations better explains systemic breaches. Users are the common factor compromised across incidents.

Cognition gaps enable phishing exploits and other social engineering attacks which overwhelmingly dominate real intrusions. Yet dominant techno-centric paradigms overlook human factors in favor of siloed solutions like antivirus software or firewalls. Psychology of trust determines actual system security.

Core principles of social cybersecurity involve deeply understanding relationships between people and technologies to inform resilient designs grounded in user competencies. This entails acknowledging inherent human biases that undermine objectivity which hackers leverage. Training to make unconscious thinking conscious bolsters analysis of healthy skepticism versus paranoia.

Strategic emphasis must shift from posturing drones and missiles towards nurturing critical thinking and empathy as forces multiplier. Workforce preparedness demands cognitive resilience building to avoid psychological traps from disproportionate realities. Ultimately secure systems arise from secure minds through cognitive security seeking adaptive challenges.

In essence, prevailing cyber conventions fixate on technology but breach pathways flow through people. Prioritizing human dimensions above tools provide durable protection in complex environments.

Module 11:

Economics Theories:

Game theory – The cyber attackers likely assessed the website’s vulnerabilities, potential data value, and inadequate safeguards to determine it was a high-reward target with low risk, tipping the cost-benefit analysis favorably towards hacking them.

Cost-benefit analysis – The company weighing PR damage, liability costs, and customer retention impacts vs the expenses for infrastructure upgrades, security services, and breach notifications may have initially tolerating more risk than ideal. Limited cybersecurity budget allocation enabled the breach.

Social Sciences Theories:

Social engineering – The initial malware likely gained access by exploiting human vulnerabilities like clicking malicious links. Understanding regular platform provider employee behavior enables better safeguarding.

Attribution theory – The letter aims to shape customer attributions for the breach by emphasizing third-party vendor responsibility and delayed notifications from investigators rather than internal security negligence, trying to minimize firm culpability perceptions.

Essentially, the adversary exploited economic incentives and human cognitive limitations to successfully compromise systems indicating where enhanced defenses and user awareness could improve outcomes, while the company seeks to strategically influence post-breach attributions of responsibility via the notification.

Module 12:

Using torrent services to freely download copyrighted media, bullying and trolling others under the cloak of anonymity, fabricating fake identities or websites for deceptive purposes, reusing copyrighted images without authorization, and conducting illegal searches for prohibited goods fundamentally exploit the unchecked freedoms of the internet to enable harm. Torrent piracy robs creators of income and incentive, abusive online conduct affects mental health and discourse, identity deception defrauds victims, copyright infringement deprives artists of control and revenue for their work, while unlawful searches fund dangerous criminal elements. These offenses highlight the need for greater personal and collective responsibility in moderating online behavior as the web’s growing role as the public square and marketplace increasingly impacts livelihoods both creatively and financially. If left unchecked, normalization threatens to undermine both industries and infrastructure enabling access along with the rights and welfare of countless individuals targeted by false information, toxicity, harassment, and predatory business practices. Though enforcing regulations remains challenging, we must thoughtfully balance liberties against damages to conscientiously curb serious abuses, striving for online ecosystems that spur innovation through transparency, diversity and restoration when conflicts persist. The universal nature of access means individual actions compound exponentially – for better or often worse.

The essence is these online offenses exploit freedoms to further deception, abuse, crime, inequality and despair. Their low-risk nature requires social contracts and moral conscience to activate behavioral change towards justice, as technology alone cannot address such embedded human complexities. We all must exercise great care in wielding these unprecedented tools to uplift or destroy.

Module 13:
The individual’s pathway to a career in digital forensics, exemplified by Davin Teo, is noteworthy for its organic evolution and adaptability. Starting in a small accounting firm, the need for an IT specialist opened unexpected doors for him. Rather than viewing this as a challenge, he embraced the opportunity to learn more about IT, running parallel to his work in accounting. This dual focus eventually catapulted him into a role in one of the largest accounting firms, where he became deeply involved in digital forensics. The transition showcased a seamless blend of curiosity, professional demand, and dedication. His ability to efficiently collect substantial amounts of digital data, reducing the time from about five hours to a more streamlined process, reflects a keen mastery of his field. The journey underscores the value of diversifying skill sets and embracing unforeseen opportunities, leading to a successful career in digital forensics.