Week 1

Hi, I’m Giao Dinh from Virginia Beach. English is my second languages and I’m still working hard to improve both languages at the same time. This is my second year studying at ODU. My major is Cybersecurity and Accounting for the minor. “Working hard and learning” is my goal, so I can prepare and improve myself in the future. I hope that everyone will (including me) will get a perfect learning during this semester with useful information from professor Pitman.

There are some keywords (about me)

• Vietnam: I was born and grew up in Vietnam
• Movies, TV shows, game shows or any variety show: I will use my spare time to relax with those movies and shows, not game
• 2013: My family moved to live in the U.S.
• Chorus: I am a member of the Catholic church chorus for about five years.
• 2019: I got my Naturalized Certificate.

Week 2

After reading the instruction that you provided for this free writing weekly #2, there is only one thing that I interested in the cybersecurity field is “Cryptography”. It was the reason why I changed my major from Accounting to Cybersecurity. Actually, I feel that I am not really smart enough or intelligent as other people around me. I just don’t have any ideas of what I like to do for my career path in the future. I just registered for Accounting just because I like Math. That’s all, nothing else. After studying at ODU for about a year, I think about my future and what I would like to be. Therefore, I changed major to Cybersecurity. However, I still study hard and won’t give up on my first decision. I will try to complete both (Cybersecurity for Major, minor in Accounting).

After searching for the job, there are three jobs that relate to Cybersecurity:

Jobs	Requirements	How to fulfill/timeline of planning
Cybersecurity Specialist	Education Level: Cybersecurity/Computer Science Degree or relevant DoD accreditation experience required. CompTIA Security+ or ability to obtain certification within 6 months required. Relevant Work Experience: 5 years minimum, 10+ years preferred	– Apply for an internship position during summer-Apply for scholarship from DoD-Complete my Bachelor Degree- Work for DoD after graduating for such amount of time ( 5 to 6 years).-Plan B, if I do not apply a scholarship for DoD and work for them after graduation from college, I will earn a certificate for CompTIA Security+ within six months after I graduate.-(continuing for plan B) I will apply to any company for an internship position or for a non-required work experience position; therefore, I can get more experience from other people- After five years, I can apply to work in the “Cybersecurity Specialist”.
Cyber Security	US Citizenship Security Clearance: TS/SCI Required Education: Bachelors	-Apply for an internship position before graduate-Graduate from college and complete a Bachelor Degree in Cybersecurity- Try to earn two to three certificates of the following:  CISSP, CEH, CISM, CompTIA Security+, GSEC, OSCP, CCSP -Get the TS/SCI by applying for many federal law enforcement careers. Wait for six months to get the result. If I eligible and receive a Top Secret clearance, there will be investigation every five years to maintain it.
Jr Red Teamer/Penetration Tester	-3-5 years of experience in diverse experience in cybersecurity vulnerability assessments with a focus on application security assessments, or equivalent combination of education and work experience. • Ethical hacking experience including experience in Information Security, application vulnerability testing, code-level security auditing, and secure code reviews. • Demonstrate leadership ability.• Working knowledge of various operating systems, tools, and scripting languages such as *NIX, Windows, Kali Linux, Cobalt Strike, Metasploit, Nmap, Nessus, EyeWitness, WireShark, Powershell, Python, etc. • Bachelor’s Degree in a technical specialty such as cybersecurity, computer science, management information systems or related IT field – relevant work and educational experience may be substituted for a degree. • Certifications (One or more required) OSCE, OSCP, GPEN or equivalent Red Team certs • CISSP and CEH are a bonus, but not required	-Apply for an internship position before graduate-Graduate from college and complete a Bachelor Degree in Cybersecurity- Try to earn two to three certificates of the following:  CISSP, CEH, CISM, CompTIA Security+, GSEC, OSCP, CCSP -Apply to work in the position to earn experience after graduate, and continue to study at home for more practice and improve myself

Week 3

If I am a policymaker, I would like to obligate companies with more than 20 employees to follow and implement a minimum set of cybersecurity that required in five sectors (company policy, awareness, training, education, and technology). This will make sure how well they understand those sectors and a chance for them to test themselves if they getting spam mails. This also is a chance for some employees who have known nothing about those. For the requirements of each sector, I hope that each employee of each company could be aware and keep them in a ready zone for any situation that could happen. For the company policy, each of the employees needs to understand all rules, what they need to do or not to do. If there is any confusion, they can ask to get clear. This is a warming for any employee who read it but did not get clear or query of something. To the awareness sector, this will make sure that every employee will get hints on how they will deal if they been attacked by hackers, phishing, or scam emails. This will be biweekly a month or monthly, so everyone can find any help when they are in an incident happens. Every sector needs to be clear and insecure for anyone who tries to take advantage during that time. Any information needs to be secure while testing employees’ awareness. There would be fines to any company don’t follow these sectors and not compliant the policy because this is the way how to make a process of safeguard to protect and make sure everything works properly based on the responsibility of each individual of a group (the whole company, not just a person do well or not).

Week 4

We have already known the importance of technology and how it impacts our life. People have to deal with phishing, hijacking, spam or scam emails, the threat of vulnerabilities if it was exploited by a hacker, and other risks from breaching data, especially from the cyber attack. 

People could make mistakes just in a few seconds by a click a phishing email or a scam link attached to the email. This will allow them access and launch your device easily when you put your guard down. Who will be the first one affected by the attack? Of course, you will be the first one affected by the attack. As you create a chance for the attack, you allow them to access your devices. When they access successful, there will a huge breach of data and other information systems can be used on a negative purpose. It will affect your assets. This will be a huge problem which leads to a negative impact on individuals, businesses, or nations. If you do not aware of how cyber attacks affected, you will fall into the cyber attack’s trap easily and become their attack target. There will be more risks and loss assets occur. The cyber attackers focus more on the weakest link in the data exchange chain from your own devices, data transferred to the loud, reputational damage and attacks via social media, attack on the internet of things (refrigerators, camera, cars, etc.), and government regulation and collaboration.

There are several ways to prevent cyber attacks:

• Learn and understand cybersecurity principles.
• Install, use and regularly update antivirus and antispyware software on every computer used in your business.
• Use a firewall for your Internet connection.
• Download and install software updates for your operating systems and applications as they become available.
• Make backup copies of important data or information.
• Control physical access to your computers and network components.
• Secure your Wi-Fi networks. If you have a Wi-Fi network for your workplace make sure it is secure and hidden.
• Require individual user accounts for each employee.
• Limit employee access to data and information and limit the authority to install the software.
• Regularly change passwords (do not use the same passwords or share the password for someone else); reset your password if needed
• Do not open or click any unreliable links or phishing emails.

Week 5

• I am interviewing people for an information security officer position.
• List at least 5 questions that I want to ask the potential candidates

Before the interview, I would like to let each of the potential candidates to introduce themselves. This is a kind of similar question that most of the interviewer would like to ask: “Can you introduce yourself” or “please, tell me about yourself”. This could be the easiest question but also important on how they introduce themselves to persuade me, the interviewer, to believe in what they said or get attractive on what compliments he or she has done. Therefore, based on the way they introduce, I could see how much confidence and truthfulness they are when they are facing their first problem (the interview). Most of the candidates cannot save their positive face and earn any good credit from the interviewer because they neglect the chance to tell the interviewer how good they are and the reason why they worth and fit for the position they applied for. Based on what they said, I also can make some assumptions about their personality, their skills to solve the problem, and how well they can persuade people to believe and work with them, especially the consumer or with any business partnerships. Next, I want to ask them some questions to see how well they understand the question and give me the right answer that I want to hear from them. 

“Why do you want this job?” Again, when the company is in the hiring process. This is mean my company and I looking for any candidates who have a passion for this job. Therefore, the interview is to create a chance for someone who is willing or loves to work with that company and for the job they applied for. Of course, I want to hear the reason why they love this job. 

“What Challenges Do You Foresee in This Position?” I would like to hear how they would likely to able to effectively utilize their skills and experiences if they were hired for this position because I want to know who would or would not be qualified.

  “What mistakes have you learned from while working as an information security officer?” The important thing is I want to know and hear what they have learned from their mistakes but not the mistakes they have made because I think no one is perfect and mistakes will help people to improve themselves. 

Lastly, “what do you know about our company?” I want to know how serious they are and how well they prepare for this interview. If they know nothing about our company, that means our company is not a priority to them.

Week 6

For the following the sixth week of free-write, this week’s writing topic could be a challenging question for me or other classmates. 

Based on the information and guides from the video, the word cybersecurity is a tool to link the connection and the role of cybersecurity in businesses field, which helps me to think about my business plan in the future near more carefully.

From what mentioned in the video, there are several questions that people have to make sure what strategies they will help them achieve for what they already planned. Thus, they can work on what all needs to be done and fix on if required.

List of my legal ways to make money in cybersecurity:

• Creating reliable applications and adjust the system software that keeps consumer’s information secure
• Yacking the consumer for any incidents that could occur
• Building a strong testing system that identifies and verifies vulnerabilities on software
• Earning skills and profits from the achievements of different projects for a high level of expertise in this field
• Running the process and keep track of all new technology
• Setting clear, strict rules for all policies I make that no signs of mistakes
• Encouraging younger talents with creative ideas to join for strengthening and betterments
• Costs for business will under control of the budget and what I owned
• Using the resources that I the company have and help to promote all possibilities
• Review all the work done in a week and fix it right away to prevent any opportunity cost
• Intuiting in work and gaining a deep, accurate understanding that helps me to operate my business in both disciplines of technology and business
• Training the personnel and testing their skills that reduce any further incidents occurs.
• Yessed, there is nothing easy to start-up business but start as an employee will be the right way to do after graduate

Word Count

323

Week 7

The more challenging, the more people want to involve in. There would be too stressful for the CEO when they deal with a lot of work and their employees. Besides, the CEO also understands the role of cybersecurity is more pressure than what we think. Implementing the goal, this is more difficult for employees who don’t know much about cybersecurity or not able to handle any incidents that happen to their devices, especially breach information and phishing emails. 

There’re three sanctions and three awards for people who willing to help other employees and follow the policy to protect and prevent any chances for a cyber attacker to exploit the vulnerability of my security systems. For sanctions, I will refer to give them a chance to meet with experts in the field of cybersecurity to help them to get more clear on how to protect themselves when they access any websites. Second, they will receive a standard testing by cybersecurity experts of the company. Third, they will be working as a project team for the new products of the company which help people can get rid of headaches from hackers. For awards, there are three following options: a week offs in a year, keep a vote in the competition of the project team, and have a chance to give a speech for the new change of the company to better. 

There are not too many awards and sanctions for the employees, but I hope that people will have a chance to improve themselves and for the whole company (as being a family company rather than enemies in the same area workplace), which can promote the personal responsibility of employees about the level of cybersecurity in a company. This also encourages their workers to come up with innovations and safe cybersecurity practices.

Week 8

From the past, people worked very hard to earn money and achieve their goals to have a convenient life and things for their needs (desired for). To the growth of the nations with the information people learned, they know what is most important to their life. Physical property is not the only thing they work hard to earn, but they also understand that their information and other personal data online need to secure from other harms or attacks from cyber thieves. Therefore, I think people treasure their personal data in the online space more than physical property. However, there will be some exceptions to some people who do not have the opportunity to exposure to information technology or how hazard and loss affect their assets. Especially, with cyber threats, they willing to steal data, damage data, or disrupt digital life in general. 

The strategy is deeper learner practice sharing of different ways from different aspects. The more opportunity your exposure to it, the better you know about it unexpectedly. Create the most protective security system is not enough if the users don’t know how to use it. The most advanced system also can be ruined by its users as well before cyber attacks exploit the vulnerability of the systems. The most traditional ways will be helpful if we use advertising to giving examples and explain easier steps on social media, TV, radio, or just a short advertisement on YouTube videos. We also could use flyers or posters with all the information that could attract the consumers or visitors in the bulletin board of stores, shops, malls, and etc. We will need more free classes for parents, students (high schools or middle schools), and elders (which can include nonspeaking English) to explaining tools and skills that needed when using technology or access to any website (included malicious webs or mails) and sharing experiences and giving solutions. We can make a survey on how much they need us to help them than asking them how well they know about it.

Week 9

According to Jeff Tyson, Chris Pollete, and Stephanie Crawford (2011), Virtual Private Network (VPN) that allowed users to access the remote sites from a private network through the internet.  Because it is a private network, VPN helps to ensure security. Users can access any websites, which were restricted by geographic, and protect their browsing from curiosity on public networks.

Therefore, there are following benefits that users need to know when they using it:

– According to Emmanuel (2017), it is “improved security,” which means users don’t need to worry about their safety and privacy whenever they searching and access any websites.

– He also mentioned VPN is “remote access,” which means users can access their content from a distance if there are restrictions (Emmanuel, 2017).

– Besides, VPN has “different packages of service,” which means users choose a package that they can afford (Emmanuel, 2017).

-However, Pattinson et al. (2020) said that VPN’s services can be work best for working with a group and need to share data for a lengthened period.

-Lastly, they also said that VPN can be “accessing blocked websites or for bypassing Internet filters” (Pattinson et al., 2020). When Internet censorship is applied, there is an expected thing that the number of using VPN services increased.

However, there are downsides of VPNs:

-A slower internet connection

-Illegal use of VPNs themselves-Specific blockades of VPN services (for example by Netflix)

-The logging and potential reselling of your internet habits to third parties

-Free VPNs, but sometimes worse than none at all

Because of the connection to the internet with a VPN is rerouted and encrypted through the VPN server, our internet connection might be slowed down slightly. Therefore, we should check the speed of our VPN when we are trying it out. To some services discourage the use of VPN, we are not supposed to have access to, but it can work if the increased number of VPN services used in countries where Internet censorship is applied. Thought VPN is a secure solution to more safety through the internet, it still illegal to some countries. Depend on which countries and the need for VPN, it works best for us if we know which package of VPN services we choose which have been approved for.

Sources:

Tyson, J., Pollette, C., & Crawford, S. (2011, April 14). How a VPN (Virtual Private Network) Works. Retrieved from https://computer.howstuffworks.com/vpn.htm

Emmanuel, V. (2017, February 13). 5 Significant Benefits of Using A Virtual Private Network (VPN). Retrieved from https://www.lifehack.org/533452/5-significant-benefits-using-virtual-private-network-vpn

Pattinson, Sumit, Laura, B., Louis, C., & Mark. (2020, March14). 8 Advantages of VPN-All You Need to Know. Retrieved from https://www.ibvpn.com/2010/02/8-advantages-of-using-vpn/

Janssen, D. & George. (2020, March 2). Disadvantages of A VPN. Retrieved from https://vpnoverview.com/vpn-information/disadvantages-vpn/

Week 10

1. Title: Marshall County Man Convicted of Federal Cyberstalking and Gun Crime  December 20, 2019

Link: https://www.justice.gov/usao-ndms/pr/marshall-county-man-convicted-federal-cyberstalking-and-gun-crime

Information:

• Gender: Male
• Age: 54
• Country of origin/residence: Byhalia, Mississippi,

2.Title: Florida Man Sentenced to Prison for Extensive Cyberstalking and Threats Campaign  December 18, 2019

Link: https://www.justice.gov/opa/pr/florida-man-sentenced-prison-extensive-cyberstalking-and-threats-campaign

Information:

• Gender: Male
• Age: 35
• Country of origin/residence: Jacksonville and Tamarac, Florida

3.Title: Lincoln Man Sentenced for Cyberstalking  December 10, 2019

Link: https://www.justice.gov/usao-ne/pr/lincoln-man-sentenced-cyberstalking

Information:

• Gender: Male
• Age: 50
• Country of origin/residence: Lincoln, Nebraska

4.Title: Iowa Man Charged With Interstate and Cyber Stalking  December 9, 2019

Link: https://www.justice.gov/usao-ndia/pr/iowa-man-charged-interstate-and-cyber-stalking

Information:

• Gender: Male
• Age: 56
• Country of origin/residence:  Cresco, Iowa

5. Title: Portland Man Sentenced to 33 Months in Federal Prison for Cyberstalking and Anonymous Telephone Harassment  December 2, 2019

Link: https://www.justice.gov/usao-or/pr/portland-man-sentenced-33-months-federal-prison-cyberstalking-and-anonymous-telephone

Information:

• Gender: Male
• Age: 50
• Country of origin/residence:  Portland

6.Title: North Georgia man sentenced for cyberstalking and making a bomb threat to a preschool  November 25, 2019

Link: https://www.justice.gov/usao-ndga/pr/north-georgia-man-sentenced-cyberstalking-and-making-bomb-threat-preschool

Information:

• Gender: Male
• Age: 23
• Country of origin/residence: Jasper, Georgia

7. Title: Anderson County Man Pleads Guilty to Making Threatening Communications, Cyber-Stalking, and Firearm Offenses  November 22, 2019

Link: https://www.justice.gov/usao-edky/pr/anderson-county-man-pleads-guilty-making-threatening-communications-cyber-stalking-and

Information:

• Gender: Male
• Age: 22
• Country of origin/residence: Anderson County, Kentucky

8.Title: Maryland man offers guilty plea for cyberstalking Ohio victims  November 22, 2019

Link: https://www.justice.gov/usao-sdoh/pr/maryland-man-offers-guilty-plea-cyberstalking-ohio-victims

Information:

• Gender: Male
• Age: 32
• Country of origin/residence: Essex, Maryland

9.Title: Topeka Man Sentenced For Cyberstalking, Child Pornography  November 19, 2019

Link: https://www.justice.gov/usao-ks/pr/topeka-man-sentenced-cyberstalking-child-pornography

Information:

• Gender: Male
• Age: 35
• Country of origin/residence: Topeka, Kansas

10.Title: Man Sentenced for Cyberstalking, ID Theft and Computer Hacking  November 8, 2019

Link: https://www.justice.gov/usao-edva/pr/man-sentenced-cyberstalking-id-theft-and-computer-hacking

Information:

• Gender: Male
• Age: 23
• Country of origin/residence: Culpeper County, Virginia

From those cybercrimes above, there are some patterns those men used to harass their victims through social media and texting to harass and causing injury to the victim’s mental and physical health by either way. Some of the victims can be endangered. They use the photos of the victims and sent sexual harassment messages to strangers and to the victim’s relatives because of the victims’ rejection. There are some cases that victims had to deal with emails that put them in reasonable fear of death and serious bodily injury. Another case is calling by saying sexually explicit things. The unexpected case is by comments in on the victim’s personal website which on a purpose to attack the victim.

Week 11

They’re on different parties that everyone has known, Republican and Democratic. For the presidential election 2016, they had their own strategies and plans for their run. To Clinton, she has had a long run on her path of a politician while President Trump was a successful businessman.

On Facebook ad., they compare Clinton as Satan by telling her crimes and lies. However, they did not give any explanation for what she actually did and what she lies for. They also said that she is evil, so everyone should not vote or support her for the presidential election 2016. To President Trump, they changed 180 degrees when they talking about President Trump by stating that he is an honest person and care for the nation.

I understand that what nominees will do and did just for their benefits by telling on someone. They kept tell on others and give a speech that what they can do to if they are selected. If they were used those tricks, it is fine. However, if there were other parties or any organizations from other nations has involved in the presidential election, this was not fair for other nominees and not worth for voters believe. If we putting what Russian did on the ethical scale, they have done the wrong things. If we said about ethics, we should use the way tell on someone.

Most of the people join politics for the purpose, but they have to gain power first. Their decision-making will have more influence. They will have more effects on the economic and social changes. Based on what Russian did, they wanted to have some influences in the presidential election 2016 if Trump is selected. I don’t know what exactly why they have Trump, but at least there must be something. On the question, does this constitute cyberwar? I would say yes because there were hacking incidents during that time. Due to the convenience of technology, the more information they get, the more chance for Trump to win. If they can get more information, they can take advance of it.

Week 12

While focusing on COVID-19 pandemic news, people may not be aware of the growth of cyberattacks.

At home, people have more interaction with technology which create more chance people get used to it. This will lead to further incidents and causing more risks, especially in the next twenty years. The biggest cybersecurity challenge is how to deal with the domestic enemies than foreign cyber attackers. The higher chance of the young talented people approaches technology, the higher risks we will have to handle.  Honestly, we don’t know exactly how much they understand and wonder they have. Depend on how quickly they get used to it, one of them can be the future cybercriminals, hackers, and threat actors, which causes more harm in the future. Reversely, they will be gifted founders, inventors (e.g., Einstein, etc.), or developers in different fields of knowledge, especially in the field of technology. They also can be the influencers of the next generations in the next twenty years.

A hard question for me on how to advise. When faced with future cybersecurity challenges, people do not expect what will be happening. I think we should make a project and set up a two-option plan. First, we can find out more gifted cybersecurity (no limit on the age) which create more chance to exchange skills and information but also help them follow the right path. In addition, this project is used to consolidate and update the cybersecurity system of the nation. The two-option plan is the set up a back door to keep all the data in the same place when there is an incident occurs. We can replace it with fake data and deliver the Novel-built-destroy system secretly to the attackers, which can store the attackers’ data for a fightback. However, I am not sure we will use devices like laptops, desktop, cloud, firewall, hardware or even phone in the future. Our technology could be more advanced. 

However, there could be unexpected things occur that we do not desire, a cyberwar between nations with their citizens through humanity technology-brains (I may over-thinking).

Week 13

In February 2020, Barbara Corcoran, the host of Shark Tank, loses nearly $400000 because her staff was tricked by a phishing email (Gatefy, 2020).

The psychological mechanism was used is an “elaborate email scam” and playing as the role of her assistant to send an email to her bookkeeper. He tried to trick the bookkeeper to make her believe and listen to what he said. Her staff received an invoice for the renewal payment related to real estate investments. There was no “suspicious” when they received and read the email.

Because there was no suspicious of the email, the bookkeeper was easily listened to and sent a large number of bills to that email. Of course, the fraudster was the one who benefited from this manipulation. The consequences of the manipulation for the user are getting what they desire for and easy to draw the bookkeeper into his trap without suspicious on the requested email to the payment of real estate investment. When the transaction complete, it was too late for the bookkeeper to ask the assistant about the transaction.

If the bookkeeper had asked or sent the email back to make sure. At least, she must check the email address to make sure it is correct or just a phone call to her boss, Barbara Corcoran, to make sure because this could not be the first time they work together. However, she must understand the way her boss working. She must stay in guard because no one has been except for social engineers’ attacks.

Preventing any further unexpected occur, this should be more restricted in working through email. Because anyone of her staff could be the next target for social engineers attack or create a chance for attack, they should check the email address first and make sure it is correct. However, the correct email address is not enough. If there were from suspicious sources, they could either ask through phone calls or direct face to face. They also keep updating their antimalware/antivirus. Before making the decision, let think more carefully. Don’t be rash to make a mistake.

Reference:

 10 real and famous cases of social engineering attacks. (2020). Gatefy. Retrieved April 16, 2020 from https://gatefy.com/posts/7-real-and-famous-cases-social-engineering-attacks/

Midterm Project

For the Midterm Project video, we have to find a perfect time that each of us can meet and work on the project. We all agree to meet up on a date to discuss the Debate Statement II assignment and share our thoughts. For this debate statement, we have to find articles that support our debate statement and the benefits of manufacturing autonomous cars, trains, planes. We also discuss how those benefits to our lives and is there any incidents that report about autonomous cars, trains, and planes happened in the US, especially in Virginia. We also search for any laws about autonomous cars, trains, planes. We also research which countries support autonomous cars (driverless cars). We all do the research for this project. One of us keeps all the sources and information from what we found and our thoughts on this project. Then, the next following week, we record the video in the library and turning in the BlackBoard. The video will be shared with everyone in the group through the email.

I thought working in a team is productive and beneficial because we can share information and our thought about the debate assignment clearly. Therefore, we can make sure our project can follow the directions and provide all the information needed for the video record.

Certificates