Journal Entries

Week 1

As someone with a huge interest in red teaming, I would say that I most fit into the protect and defend section, but I could also go into analysis. These two categories are what interest me the most and what I have been working towards mastering. They interest me because being able to break into a system and be able to report on how someone can fix their vulnerabilities not only proves to me I know what I’m doing but also allows me to know that I helped someone become safer. The one that I have the least interest in is “oversee and govern.” I like the more hands-on approach rather than the managerial career. 

Week 2

The principles of cybersecurity and science are closely related. Using the terms in the lecture 

Relativism: This principle relates to how cybersecurity professionals must tailor every security system to the organization’s needs. Every environment is different, and you will encounter different threats that need different protections.

Objectivity: This principle means that cybersecurity professionals have to be able to observe raw data and situations that aren’t based on speculation. We need to be able to work with facts, data, and evidence rather than speculation. This allows us to make incident reports with only accurate data rather than baseless thoughts. 

Parsimony: This principle means that we usually choose the least complex solution. This allows us to maximize security while minimizing the project’s cost.

Skepticism: This principle relates to how cybersecurity professionals must question everything and seek evidence before taking it as a fact. Looking through all reports and systems to make sure that all evidence is valid helps maximize errors within later security features.

Ethical Neutrality: This principle means that cybersecurity professionals must remove their moral bias to find the truth sometimes. Regardless of why hackers hack or why they do it, we must focus on baseline security measures to improve defensive measures.

Determinism: This principle suggests that every event is caused by another. This can show us patterns and vulnerabilities based on previous events and incidents.

Week 3

On PrivacyRights.org, the amount of information on data breaches is extensive. First, the site has a heatmap of just the United States on hotspots for breaches. In my general area, I can see that I am in the main hotspot for breaches. Next, the site has the last two decades of reported breaches. There are at most 14 states that report and give this information out. After this, I can see the spread of what breach impacted what. Most known affect impacts are focused on hacking, financial business institutions, and medical providers. The other biggest sections are either from unknown breach methods or do not have specified data attached to them. Now, in the second to last section, it has a spread of data availability across all states that report these breaches. It is broken up into two sections: “Source Data Availability” and “Processed Data Coverage.” Lastly, the site has a chronological order of all reported data breaches from January 16, 2025, to June 21, 2006.

Week 4

Review Maslow’s Hierarchy of Needs and explain how each level relates to your experiences with technology. Give specific examples of how your digital experiences relate to each level of need.

Physiological: Nowadays you can get anything you need, whether food from your local grocery store or another country. Websites like Doordash or Sugio Mart help people get food and drinks from around the world to the door using a couple of taps from their phones. In my experience, trying to find food has been significantly amplified by these websites, to the point where when I’m hungry, I open Doordash to see what’s open.

Safety: With technology, we can get help and safety way faster than looking around. We have the option to call the police or order private bodyguards. In my experience when my house was on fire, being able to connect with a 911 operator to get help 

Belonging and love needs: With the internet, we can now connect with people all around the world. Now, with sites that focus on helping people meet others with the intent of dating, it is more probable to find someone you click with. Sites like Hinge, Tinder, and BlackPeopleMeet help people get in contact with each other. I know many people who have met and dated people by meeting them through these sites.

Esteem needs: With a new wave of self-help, more and more companies are coming out with online therapy sessions. Companies like BetterHelp, TalkSpace, and Teen Counseling help. During COVID, I signed up and had sessions through BetterHelp when it first came out, and it has improved my outlook on myself and life greatly.

Self-Actualization: With new AI technology, more and more companies are advertising an all-new way to plan out workout plans. Skipping the coaching sessions and giving an ever-growing workout plan using your height, weight, and other information to keep your plan tailored to you. On my phone, I have an app called Fitbod that has helped track my workouts and give me other workouts to try.

Week 5

  1. For Money
    1. I think this would be the most logical choice because, in most cases, money has led many to ignore rules, laws, and even personal ethics to get a financial surplus. 
  2. Political
    1. I chose this to be second due to the overwhelming nation-state attacks happening worldwide and even right now. Almost all first-world countries are sending out spyware and using APTs to gain something from other countries.
  3. Recognition
    1. This is third due to a wide variety of amateur and professional hackers using this tier to either push themselves or a movement/ideology.
  4. Multiple reasons
    1. This one came off a little ambiguous, but having multiple ideas for an attack is probably planned out more and requires a bit more time and effort to pull off.
  5. Revenge
    1. This is lower on the tier list because not many times does someone actively go out and attack a hacker, and they retaliate by using the internet. Not to say that it doesn’t happen, but I just think that it is not as much as the others.
  6. Boredom
    1. This is second to last because, in my experience, just trying out random things on the spur of the moment seems more human and realistic than hacking things randomly for fun.
  7. Entertainment
    1. This is dead last because of the risk of any stunt like this. It is reckless and unsafe to others and the hacker and could lead to major felonious consequences.

Week 6

Finding fake websites that are like the original website was kind of hard.

  1. This one was kind of like amazon.com, but it was in a different language and was slow. 

amazan.com/page/bouncy.php

  1. This one was supposed to be a message board trying to rip off Steamcommunity. This one had lots of ads and pop-ups and the wrong color from the original forum.
https://steamcommunurty.com/id/7656130712521645
  1.  This one just had stock images and pop up ads every where.
https://ebay.store-vfd.cyou/

Week 7

Obj: Review the following ten photos through a cybersecurity human systems integration framework. Create a meme explaining what is going on in the individual’s or individuals’ mind(s).

This picture goes along with the training framework in mind. Being able to not only teach your coworkers but managers and seniors in different departments can make a better system for workplace security.

Week 8

I think that the media lacks the perception of the amount of effort from not only the person but the computer when it comes to hacking, and how attentive you need to be sometimes. In the video, she talks about how most hacking styles are more focused and time-consuming rather than fast-paced, knowing all the information on hand. Which is very contrary to the media.

Week 9

Tobi-Goldfus-Social-Media-Disorder-Scale.pdfDownload Tobi-Goldfus-Social-Media-Disorder-Scale.pdf

My score was 1/9

I think that different patterns are formed due to other cultures and life values worldwide.

Week 10

The article “Social Cybersecurity: An Emerging National Security Requirement” by Lt. Col. David M. Beskow and Dr. Kathleen M. Carley introduces the concept of social cybersecurity, showing its importance to the growing need in national defense. The author tells us in the article that cyber warfare has expanded from just technical attacks and shifted into mass manipulation and changing human perspectives. Social cybersecurity looks at these tactics to understand how they try to change and reshape public perspective and opinion. 

Week 11

A cybersecurity analyst is usually needed 24 hours, so there are around-the-clock shifts for this position. It is an entry-level position that can pay as much as and even over 100k per year. Usually deals with incident identifiers and responders, much like a help desk. This position can usually be able to work from anywhere in the world. Some ways you can become an analyst are passing certifications such as CYSE+, Sec+, or getting a degree in IT, cybersecurity, and comp sci.

Week 12

Summary: Breach Notification Context

The sample breach letter is a formal notice to customers informing them that unauthorized access to personal data (things like credit card information and birthdays) may have occurred due to a cyberattack. It outlines what happened, what information may have been exposed, what steps are being taken to mitigate the damage, and to recover systems.

  • Cost-Benefit Analysis (CBA)

This theory examines the trade-offs between the costs of action versus inaction.

  • The letter demonstrates that the company weighed the cost of notifying customers (reputational damage, legal exposure, remediation) against the cost of not informing them (potential lawsuits, loss of trust, regulatory penalties).
  • Information Asymmetry

This theory describes a situation where one party has more or better information than the other.

  • Before the breach notification, the company had more information about the breach than the customers.
  • The letter serves to correct this imbalance by disclosing the breach, empowering customers to take protective actions
  • Social Contract Theory

This theory revolves around the idea that individuals and institutions agree to mutual obligations for the greater good.

  • Customers trust companies with their personal information under the assumption that it will be protected.
  • The breach letter represents a fulfillment of the company’s part of the social contract—being transparent when that trust has been violated, 
  • Risk Society Theory (Ulrich Beck)

This theory posits that modern societies are increasingly organized around managing risks, especially those created by technological advances.

  • The letter reflects the growing role of cybersecurity in managing modern risks. It frames the data breach as an unfortunate but manageable event, offering services and guidance to help mitigate further personal risk for customers.
  • It highlights how societies and companies now must structure policies and communication strategies around digital risk management.

Week 13

Summary Reaction to Bug Bounty Policies

Bug bounty policies show a new approach to vulnerability discovery by paying ethical hackers to test systems for weaknesses in exchange for money. The article details a growing number of research examining these programs through lenses such as economics, cybersecurity risk management, and labor dynamics. One of the key themes in the literature is how organizations balance money and costs to attract skilled hackers without overpaying or flooding the system with low-quality reports. Studies show that well-structured programs can reduce overall risk by uncovering zero-day vulnerabilities that might otherwise go undetected.

The article talks about three main incentives for participants: money, reputation, and skill development. It also raises ethical and economic concerns around whether such programs might encourage hackers to hoard vulnerabilities, or to misuse the information if rewards are perceived as too little.

The article also talks about a framework to improve the effectiveness of bug bounties. This includes better aligning the goals, managing expectations, and ensuring fairness in payouts. Findings suggest that programs should focus on a clear understanding of what they want, transparent rules, and consistent communication to avoid conflicts and improve trust among participants.

What stands out most is the connection of economics and ethics, is how organizations use money to address security problems while managing trust-based relationships with hackers.

Week 14

OBJ: Andriy Links to an external site.SlynchukLinks to an external site. Links to an external site.has described eleven things Internet users do that may be illegal. Review what the author says and write a paragraph describing the five most serious violations and why you think those offenses are serious.

  1. Collecting Information About People Younger Than 13
    1. Whether it’s companies or random people online, I think that it is heinous to try and make an impression on children that could warp their view of reality, especially if it’s to keep them online. 
  2. Bullying and Trolling
    1. I put this at number 2 because, as someone who often sees discourse online, I know how far people can take things like bullying and trolling. Not having direct consequences for your actions is an incentive for these people who do these actions and can cause major harm to the bullied person.
  3. Faking Your Identity Online
    1. I put this at number 3 due to the rampant amount of scams on the internet nowadays. Tricking people into clicking links or filing information that can ruin their personal lives.
  4. Recording a VoIP Call Without Consent
    1. I put this at number 4 because this can be used to either scam people using vishing or be used to blackmail people who said something that they thought could be confidential. 
  5. Using Torrent Services
    1. Lastly, number 5, using torrent services can take away money from people who worked hard to try and make a living off of what people are illegally downloading. Causing the artist to lose money on something they want to pursue as a career.

Week 15

After watching the TED Talk, I realized that digital forensics is an interesting and interdisciplinary field. It doesn’t just require pure technical skills, but also some social science aspects. I think that his pathway from an accountant curious about IT to working his way up the ladder to a top 4 accounting firm by working on IT and accounting. Then being reached out to do digital forensics in Australia. Not a standard path at all, but it shows that anyone can succeed in progress through if enough time and effort are put into it.