Capstone Reflection
Introduction
In my whole time at college, I have gained valuable information and experience in the cybersecurity field. From learning what cybersecurity even is, to windows management, to learning how to ethically hack, all of it has contributed to growing my knowledge in the cyber world. The most important courses I took that resonated with me the most were Linux System for Cybersecurity, Cyber Techniques and Operations, and a Python class I took at my community college before I came to ODU. I learned different skills within these classes, such as penetration testing, networking, and writing scripts. The first two classes that resonated with me the most contributed the most knowledge to me, and I feel as though they helped me in figuring out what I wanted to do career wise, which is to be a red team operator. I also knew I wanted to be in this field because in my opinion, cybersecurity is the most important job when it comes to the internet. According to Abi Tyas Tunggal, “Cybersecurity is important because it protects all categories of data from theft and damage.” (Tunggal, 2025). This includes sensitive data like health information, banking information, and personal details about someone. While all cyber courses I took throughout my years in college have helped me, most of my knowledge comes from my own behalf. The most intriguing part of cybersecurity to me is hacking, learning how it works, and how one can defend themselves from it. That is why most of the artifacts I showcased are from my own research and learning. Most of my knowledge in hacking came from YouTube and reading various kinds of credible forums and courses. In this reflection, I will discuss the skills and artifacts I chose, why I chose them, and how they will help me in my future and career in the cybersecurity world.
Ethical Hacking
The first skill I will discuss is ethical hacking. Since my goal career wise is to be a part of the red team, learning how to ethically hack is one of, if not, the most important skill in being a part of the red team. According to Sentinel One, who is one of the top leading companies in AI security, state that the “Red teams are groups of security professionals who simulate real-world attacks to test an organization’s defenses.” (Sentinel, 2025). What this means is that someone who is a part of the red team will find vulnerabilities in a company’s devices. This can be devices such as their servers, network, computers, and any other technology they have. When they do find vulnerabilities, they exploit it and then report it to show what they found. This is a very important career because it allows a company to fix what vulnerabilities were able to be exploited before a real attacker tries to exploit them.
Phishing Attack
This first artifact I chose in my skill of ethical hacking is showing how a phishing attack works. A phishing attack is when the perpetrator tries to trick a victim into revealing sensitive information. This can include login credentials, banking information, and other confidential information. In my example, I showed a phishing attack that involved a fake website I made that replicated a real website. When someone logins to the fake website I created, it redirects the real website, but on my end, I now have their login details, which I can then use to login and steal whatever I want. In many companies, the IT department will send fake emails to employees of the company and try to trick them into clicking a fake link. This is why it is important to never click on links from emails that seem weird, or from a sender you do not recognize.
Password Cracking
The second artifact I chose in my skill of ethical hacking is showcasing how I can crack passwords in a password-locked zip file. I learned how to do this in my Linux System for Cybersecurity class. It works by using a program called John the Ripper, which finds the password hash of the zipped file. Once the password hash is found, the program will then crack the hash, which then reveals the password to the locked file. After doing this assignment, I found that the best way to protect files from being cracked this easily is to use a long and complex password, such as using uppercase and lowercase letters, numbers, and special characters.
SQL Injection
The third artifact I chose in my skill of ethical hacking is showcasing how a SQL injection works. An SQL injection is a type of attack that injects malicious SQL code into different applications and websites. In my example, I used a program called Burp Suite that allows me to intercept requests that go from the web browser to the server. When I try to login with fake credentials in the example website, it doesn’t let me in, but in Burp Suite, that is where I can modify the code of the login page, which is where I inject the malicious code. After injecting, I can then login to the websites database with admin permissions and alter whatever I want. Doing this project on my own, I found that this is one of the main reasons why websites have very secure login pages, because basic SQL injections will not work in highly secured websites, such as government websites.
Networking
The second skill I will discuss is networking. According to Offenso Hackers Academy, they describe cybersecurity networking as “a set of practices for maintaining and protecting sensitive data from unauthorized access and hostile attacks.” (Offenso, 2024). In the cybersecurity world, you can’t secure a network without knowing how it works. Furthermore, you can’t hack networks without understanding the different kinds of protocols they run off of. This is why I have compiled some artifacts to show how I am able to scan different IP addresses and find out what ports they run off of, as well as finding out what ports are vulnerable to allow me to attack and exploit them.
Scanning IP’s
The first artifact I chose in my skill of networking is showcasing how I am able to scan different devices connected to my network, as well as what ports are open in these devices. The program I used for this was Angry IP Scanner. What this program does is scan all devices connected to my network, pings them, and then tells me which devices responded to the ping. What I learned by doing this is that this program can potentially be dangerous in a public setting because if I were connected to a public Wi-Fi, and I scanned which devices are online, if port 445 was open on one of the devices, I could view all the files that are in their computer.
Packet Sniffing
The second artifact I chose in my skill of networking is showcasing how I am able to sniff packets that come across my network. The program I used to do this is called Wireshark. I learned how to use Wireshark in my Cyber Techniques and Operations class. In the example, I showcased me clicking on a website and logging in to the website. On Wireshark’s end, I went through the different kinds of packets it sniffed. One of those packets is the one where I clicked the login button. In Wireshark, I can view the login credentials from the packet itself. I learned that this is the reason why most websites use the HTTPS protocol instead of HTTP. HTTPS is more secure than HTTP, and the website I was on was using the latter, which allowed me to view those sensitive details.
Scanning for Vulnerabilities
The third artifact I chose in my skill of networking is showcasing how I was able to scan and spot vulnerabilities in my network. The program I used for this is called Nmap. I learned how to use Nmap in my Linux System for Cybersecurity class. Nmap is a network scanner that can be used for a range of reasons and is essential to know how to use in the cybersecurity field. In my example, I didn’t find any vulnerabilities in my network. What I learned by doing this is that if I were in a bigger setting, like an office, they would have more servers and networks running, which means there’s a bigger chance that they have vulnerabilities. This allows me to figure out which vulnerabilities they have, and then I exploit it.
Python
The third skill I will discuss is Python. It is essential to learn and know how to script in Python in the cybersecurity field. According to Anastasia Grishina, “Python is used to write code to identify potential vulnerabilities in networks and applications, automate security tasks, and develop ML models for threat detection.” (Grishina, 2025). This means that Python is needed to deter people like me from accessing a company’s database and devices. The following artifacts show scripts that include malicious attacks and a simple python script that creates databases.
DoS Script
The first artifact I chose in my skill of Python is showcasing a script I made that serves as a simple DoS attack. A Denial of Service (DoS) attack is a type of attack that floods and overwhelms a device with traffic, making it unavailable for users until the traffic gets filtered out. Writing this script, I learned that if I were to run this script on multiple devices, it would turn into a DDoS attack, which is a Distributed Denial of Service attack, which overwhelms the website even more since the attack is distributed across more platforms.
Shutdown Script
The second artifact I chose in my skill of Python is showcasing a remote shutdown script I made. In this script, when you enter the IP address in the target value, it forces a shutdown to that IP address. Creating this script, I learned that if I went to the command prompt and used the command ARP -a, it would allow me to find all the IP addresses that are connected to the same network I’m on. In a public setting, this can be dangerous because I can shut down anyone’s computer that is using a public network.
Database
The third artifact I chose in my skill of Python is showcasing a database I learned to create in the Python class I took in community college. The database resembles that of a car dealership database. When someone wants to find information about a car, they look up the model in my database, and the program will then show the data about the car, such as price, transmission, drivetrain, and other information. In this project, I learned various Python terms, such as if else statements, different kinds of values, and learning how to import in Python.
Conclusion
To sum everything up, watching various informational YouTube videos and learning about different areas of the cybersecurity field helped me complete these school assignments and helped me do my own cyber projects. From learning different protocols, to learning how hackers can breach systems, all of this will hopefully help me get into the cybersecurity work force and become a part of the red team. In my Linux classes, learning hands on helped me the most to understand and complete these projects. I am currently taking the IDS 300W course, and it has helped me learn how different disciplines interact with each other and work as one unified whole. It’s important to be an interdisciplinary thinker in the cybersecurity field because real security problems involve learning how the technology works, what makes attackers want to hack, and how to mitigate these attacks. Understanding multiple disciplines also helps detect the threats, make better decisions, and create effective security solutions. According to Vaishnavi, “That’s why the field of cyber security is made up of many different specializations, each with its own purpose and skills.” (Vaishnavi, 2025). In my career, I want to learn all the different areas of cybersecurity, that is why I focused my learning on not just ethical hacking, but learned about networking and coding in Python.
References
Grishina, A. (2025, August 12). Python for Cybersecurity: How to Protect Your Business from Threats. Softteco. https://softteco.com/blog/python-for-cybersecurity#:~:text=Python%20is%20widely%20used%20in,traffic%20and%20detect%20suspicious%20activities.
Offenso. (2024, September 13). The importance of networking in cyber security. Offenso Hackers Academy. https://offensoacademy.com/the-importance-of-networking-in-cyber-security/#:~:text=Cybersecurity%20networking%20is%20a%20set,communication%20or%20data%20terminal%20equipment.
SentinelOne. (2025, September 7). What is a Red Team in cybersecurity? https://www.sentinelone.com/cybersecurity-101/services/what-is-a-red-team/
Tunggal, A. T. (2025, December 1). Why is cybersecurity important?. UpGuard. https://www.upguard.com/blog/cybersecurity-important#:~:text=Cybersecurity%20is%20important%20because%20it,governmental%20and%20industry%20information%20systems.
Vaishnavi. (2025, July 4). What are the different fields in cyber security? A beginner-friendly guide to specializations in 2025. Web Asha Technologies. https://www.webasha.com/blog/what-are-the-different-fields-in-cyber-security-a-beginner-friendly-guide-to-specializations