CYSE 201S

Career Paper

Gavin Jones

Cybersecurity Career Professional Paper

Introduction

Cybersecurity is becoming a field that is popular by demand, and rightfully so. Today, we live in a world that is not just tech savvy, but one that is heavily reliant on technology for day to day operations. From education, to medicine, to farming, one can find technology ever present in just about any and every occupation imaginable. As a result, cybersecurity positions are in high demand. 

Information Security Specialist and Social Science

One such position would be that of an Information Security Specialist. This position involves some important work. Often, many envision cybersecurity positions as being one that is behind a desk, little to no interaction with others, and a bit mundane. Some of the many roles and responsibilities include implementing security training, researching new security risks, highlighting security weaknesses and formulating a plan to address ways to strengthen those weaknesses, as well testing/maintaining firewalls and antivirus software. This is an imperative position because it protects others from  threats.  As the digital landscape grows, the importance of cybersecurity positions become increasingly important in safeguarding individuals and organizations from evolving cyber threats. Because of this, cybersecurity specialists must be equipped with social science research and principles.

Information Security Specialists play a valuable role in safeguarding digital assets and ensuring the availability, confidentiality, and integrity of information. The primary focus of this position is to ensure security from cybersecurity threats, there is another facet to this position as well. Social science research and principles are also a pivotal part of this position. Information Security Specialists have to understand human behavior. They have to understand how people interact with technology and how they utilize it. By analyzing the social science aspect, individuals in this position can utilize this information to anticipate potential cybersecurity threats, while also developing training courses to prevent them, helping to equip others with awareness, and decrease vulnerability. 

The other side of the social science aspect is helping to ensure inclusivity, accessibility, and equity. Marginalized groups often face increased vulnerability to cybercrimes due to limited access to resources, education, and awareness. This speaks to social stratification. This principle helps social scientists understand the inequalities and disparities that exist in societies. It explores how access to resources, opportunities, and privileges are distributed among different social groups. Social scientists analyze social stratification to identify patterns of social mobility, examine the effects of social inequality on various aspects of life, and explore policies and interventions aimed at reducing these disparities. Understanding social stratification is crucial for addressing social injustices and promoting a more equitable society. Another point for consideration is diversity in cybersecurity. Understanding these vulnerabilities is important in developing inclusive and equitable prevention measures, while ensuring the safety and security of marginalized groups in virtual spaces. In addition to the security aspect, Information Security Specialists can assist in advancing understanding of emerging cybercrime trends and vulnerabilities in virtual environments. Doing so can provide insight for law enforcement agencies, policymakers, and cybersecurity experts to develop targeted strategies for crime prevention. Additionally, these positions can focus on enhancing public awareness, creating a safer digital environment for individuals, while contributing to the overall security and well-being of society in the face of evolving technological challenges. Effectively communicating risks to users and stakeholders is also a crucial part of information security. 

Social science principles related to ethics and privacy are important in the development of security policies and practices. Information security specialists navigate the ethical dimensions of their work by analyzing the broader societal implications of security measures. This includes respecting privacy rights, avoiding unnecessary surveillance, and ensuring that security practices align with ethical norms and legal frameworks. As touched on above, social science research helps Information Security Specialists understand cultural differences and the impact of cultural norms on security practices. It is important to consider cultural sensitivity as an essential component in a globalized digital environment. Specialists strive to align security measures with cultural expectations to ensure that security practices are not perceived as intrusive, inequitable, or incompatible with local norms.

Information Security Specialists also consider how individuals may respond psychologically or emotionally during a security threat. They have to understand the social science component that relates to human reactions to threats, distress, and perception and how these reactions may morph into different forms of response such as fear, stress, and uncertainty. As a result, those in these positions help to inform response plans, related training, policies, and consultation. Specialists also focus on soliciting feedback from users and promoting collaboration to inform future work and areas for improvement. Information Security Specialists interact with users to understand their concerns, suggestions, and challenges. This collaborative approach aids in refining security measures, ensuring that they align with user needs and are more likely to be accepted and adopted. Social science research plays a major role in contributing to the development of security policies that incorporate the human element. Information Security Specialists help to create policies that are culturally and socially appropriate, but also technically sound. This entails acknowledging issues of trust, transparency, and accountability. Information Security Specialists depend heavily on social science research and principles to bridge the gap between human behavior and technical solutions.

Conclusion

In conclusion, cybersecurity is a booming field. It is one that is in high demand and one that pays a handsome salary. It is also a field that requires a lot. The same is to be said about the career of an Information Security Specialist. It is important to remember that while the primary focus of this field and this position is security. However, so much more is involved. Social science research and principles play a pivotal role in the world of cybersecurity. They impact accessibility, inclusivity, equity, vulnerability, policies, decision-making, privacy, training, response, and so much more. Social science research empowers information security specialists to take into account socioeconomic variables that could influence the availability of technology and cybersecurity resources. This understanding is instrumental in creating security measures that are inclusive, bridging the digital gap and advocating for fair and unbiased cybersecurity practices. The role of an Information Security Specialist is multifaceted, but also very necessary. 

Works Cited

“Cyberattacks, cyber threats, and attitudes toward cybersecurity policies”

Journal of Cybersecurity, Volume 7, Issue 1, 2021

https://doi.org/10.1093/cybsec/tyab019

Journal Entries

Journal Entry 1-One of the areas that i would like to focus my career on would be Information Security Specialist. I think this area appeals to me the most because I like that I would be the companies main point person for security and ensuring that data remains secure against unauthorized access.One of the areas that appeals to me the least is IT Auditor I haven’t done much research on it but the stuff I have seen doesn’t really intrigue me.

Journal Entry 2- Just as in science, cybersecurity relies on empirical data and observations. Security professionals use data and evidence to understand cyber threats, identify vulnerabilities, and develop effective countermeasures. Science and cybersecurity both emphasize the importance of continuous learning. In the ever-evolving landscape of cyber threats, professionals must stay updated with new technologies and attack techniques, similar to how scientists adapt to new discoveries. Data analysis is crucial in both fields. Cybersecurity experts analyze large datasets to detect abnormal behavior, potential breaches, or trends in cyberattacks. Scientific principles of data analysis can be applied to extract meaningful insights. The principles of science provide a structured and systematic approach that can be applied effectively in the field of cybersecurity to understand, mitigate, and respond to cyber threats.

Journal Entry 3- To conduct data breach studies, researchers typically rely on datasets of known breaches, incident reports, compromised data, and other relevant sources. They also need to adhere to ethical guidelines and data privacy regulations when handling sensitive breach information. Researchers can study the impact of data breaches on individuals, organizations, and economies. This includes analyzing the financial losses, reputational damage, and legal consequences associated with different types of breaches. By examining breach data, researchers can assess the effectiveness of security measures and identify areas where improvements are needed. This can inform the development of better cybersecurity practices and technologies.

Journal Entry 4-Physiological needs: Technology plays a significant role in meeting our basic physiological needs.One way technology met my physiological needs is providing me access with food delivery services or medical delivery services like delivering allergy medicine.

Safety Needs: Technology contributes to safety through home security services. Technology has helped me with safety through emergency alert apps, and transportation safety.

Belongingness and Love Needs: Social Media and communication technologies help me connect with others.

Esteem Needs:  Technology can boost self-esteem by providing opportunities for achievement and recognition. It has done that for me with social media likes and online portfolios.

Self Actualization: Technology provides access to resources, information, and tools that enable individuals to pursue their passions and self-actualize. The ways technology has helped me with self actualization are online courses and career networking platforms.

Journal Entry 5- 1. Political- This notice makes the most sense because I have seen cases where someone just gets mad and hacks you out of angry 

2. Entertainment- This motive makes sense because there are some people that get enjoyment out of hacking 

3. Revenge- This also makes sense because people show their true colors when they’re angry so i can see this happening a lot 

4. Boredom- This motive makes sense because once again people get enjoyment out of doin it 

5. Recognition- This makes a lot of sense because people do a lot of stuff for fame so someone would hack a famous person just for the world to announce they were hacked and then get enjoyment out of it 

6. For money- This makes some sense because I can see how you could profit off of it 

7. Multiple reasons- It can be numerous reasons why someone hacks or it can be just because they want to see other people miserable 

Journal Entry 6-Fake websites commonly exhibit traits like subpar design, spelling and grammar mistakes, questionable URLs, absence of contact details, and solicitations for sensitive data such as passwords or credit card information. This is why you always have to confirm  the authenticity of a website before sharing personal  information. I like to buy so, my example are sneaker websites. 3 real websites include Goat, Flight Club, and Stadium goods. 3 fake websites include Temu, DHgate, and Eyes.

Journal Entry 8-The media significantly influences how the public views cybersecurity by emphasizing cyber threats, breaches, and offering details about preventive measures. Yet, it can also fuel misinformation or sensationalism, impacting people’s perceptions of the seriousness and characteristics of cybersecurity risks. Balanced and accurate reporting is essential for cultivating a deeper comprehension of cybersecurity issues. Misinformation and disinformation can spread rapidly on  these platforms, causing panic and confusion during crises. False or misleading information can also undermine public trust in authorities and institutions. The media has sum positives too, it can report on cybersecurity threats and educate the public about safe online practices, helping individuals and organizations protect themselves from cyberattacks. 

Journal Entry 9-I didn’t meet the criteria to be diagnosed as a “Disordered social media user”. I think the items on the scale are very common and a lot of people go through these things when using social media. I think every social media user goes through different phases or patterns when using social media, like trying to give it a break, or trying to reduce their social media usage. The reason I don’t think I see any of these items on the list is because I only use social media for what I need so I don’t overuse it.

Journal Entry 10-Social cybersecurity is a growing aspect of national security that impacts all forms of future warfare. It involves understanding and predicting cyber-mediated changes in human behavior, society, culture, and politics, with technology enabling manipulation of beliefs and ideas. Information warfare has become a significant type of conflict, with information used to shape narratives, disrupt, distort, and divide societies and values. Weakening trust and consensus can give an advantage in future conflicts. Social cybersecurity is different from traditional cybersecurity as it focuses on humans using technology to manipulate other humans. It’s a multidisciplinary field that blends various sciences, using tools like network analysis and machine learning to study and address the issue.

Journal Entry 11-Safeguarding the sensitive data of individuals and organizations is a top priority in cybersecurity, carrying social implications concerning privacy and trust. When cybersecurity analysts engage in penetration testing and hacking to identify vulnerabilities, ethical considerations emerge, requiring responsible and ethical behavior within legal boundaries. Cybersecurity professionals play a pivotal role in combating cybercrime by collaborating with law enforcement agencies to investigate and prevent cyberattacks. The challenging nature of the job can affect analysts’ work-life balance, becoming a social concern related to job stress and mental well-being. In the cybersecurity field, there is an effort to address diversity and inclusion matters by creating opportunities for underrepresented groups. These social themes underscore the broader impact and responsibilities associated with the role of a cybersecurity analyst in today’s interconnected world.

Journal Entry 12-1. Monetary Policy (Economic Theory):**

   – **Theory:** Monetary policy involves the control of money supply by central banks to achieve economic goals, such as controlling inflation and stabilizing the economy.

   – **Relation to Social Sciences:** Sociologically, the impact of monetary policy on income distribution and social inequality can be analyzed. For instance, policies affecting interest rates may have implications for borrowing and wealth distribution.

2. Symbolic Interactionism (Sociology):**

   – **Theory:** Symbolic interactionism focuses on how individuals create and interpret symbols to communicate and make sense of the world. It emphasizes the importance of micro-level interactions in shaping social reality.

   – **Relation to Economics:** This sociological theory can be related to economics by exploring how economic transactions and decisions are influenced by symbolic meanings attached to goods, money, and economic activities.

These connections illustrate how economic and social science theories can intersect, providing a more comprehensive understanding of the complex dynamics that shape both economic and social structures.

Journal Entry 14-The five most serious violations are Using Copyrighted Images, Sharing passwords addressees or photos of others, bullying and trolling, faking your identity, and using other peoples internet networks. Using copyrighted images without permission is a serious violation because it infringes on the rights of the copyright holder. It can lead to legal consequences, including fines or legal action. Respecting copyright protects creators’ intellectual property and encourages a fair and creative online environment. Sharing passwords, addresses, or photos of others without their consent is a serious internet violation as it compromises individuals’ privacy and can lead to various harms. It may result in unauthorized access to personal accounts, identity theft, stalking, or harassment. Respecting others’ privacy online is crucial for maintaining a secure and ethical digital environment. Bullying and trolling on the internet are considered severe violations as they foster a negative online atmosphere. These actions can deeply impact victims psychologically, causing emotional distress and, in extreme cases, self-harm. Additionally, such behaviors go against the core principles of respectful online conduct, disrupting the constructive use of the internet for communication and collaboration. Various platforms and communities implement stringent measures to curb bullying and trolling, aiming to create a safer online environment for users. Faking your identity on the internet is a serious violation because it often involves deceptive practices, such as identity theft or fraud. This can lead to various negative consequences, including financial losses for individuals and damage to their reputation. It undermines the trust within online communities and platforms, as genuine communication relies on authentic identities. Additionally, impersonating others can have legal implications and is generally considered unethical in digital spaces. Utilizing someone else’s internet networks without consent, commonly known as unauthorized access or “piggybacking,” is a significant internet violation. This can result in legal repercussions, as it violates the rights of the network owner and may be considered unauthorized utilization of their resources. Furthermore, it poses a threat to the security and functionality of the network, possibly exposing sensitive information to unauthorized individuals. It is crucial to uphold the limits of digital networks for the preservation of a secure and lawful online environment.
Journal Entry 15-I like how the speakers explained his actual job description because I also had that thought when I heard the word forensic. It is very interesting how he started his career. He started off with just a common IT job and as he kept working he got more interested in accounting and got himself into one of the big 4 accounting firms

Article Reviews

  • Article Review #2

“Understanding the Use of Artificial Intelligence in Cybercrime”

International Journal of Cybersecurity Intelligence & Cybercrime, Volume 6, Issue 2, 2023

https://vc.bridgew.edu/cgi/viewcontent.cgi?article=1170&context=ijcic

Introduction

The article delves into the influence of technological advancements on criminal activities, particularly focusing on the utilization of artificial intelligence (AI) in cybercrimes. Criminals exploit AI technologies for various illegal activities, including generating fake images and enhancing cyberattacks. The discussion revolves around two award-winning papers from the 2023 International White Hat Conference, shedding light on specific cybercrime challenges related to AI. Relationship to Social Sciences Principles: The topic of cybercrime, artificial intelligence, and victimization in the metaverse intersects with several principles of the social sciences, including sociology, psychology, criminology, and technology studies. It looks at human behavior, criminal motivation, and how all of it is impacted by technology that is rapidly evolving. 

First Study

The first study, titled “Victimization by Deepfake in the Metaverse: Building A Practical Management Framework,” investigates personal cybervictimization within the metaverse (Parti, 1). By conducting interviews with experts, the study identifies key themes related to deepfake crimes. It highlights that younger individuals are often targeted, with motivations ranging from financial gain to sexual gratification. The study suggests implementing criminal procedures, police enforcement, and psychological support programs to counter this escalating threat.

Second Study

The second study, “Harnessing Large Language Models to Simulate Realistic Human Responses to Social Engineering Attacks: A Case Study,” explores the use of GPT-4 large language models to mimic human responses to social engineering attacks (Parti, 2). The research puts human personality traits into categories and finds that individuals displaying traits like being naive and impulsive are more vulnerable to such attacks. This information can be invaluable in designing more effective cybersecurity systems.

Conclusion

In summary, these studies offer significant insights into emerging cybercrime trends. Both studies utilize qualitative research methods. The first study conducts semi-structured interviews with experts, using thematic analysis to identify patterns and themes in expert testimonies. The second study uses case study methods, utilizing GPT-4 large language models to simulate target responses to social engineering attacks, categorizing human personality traits and assessing vulnerability. The studies indirectly relate to marginalized groups. Marginalized groups often face increased vulnerability to cybercrimes due to limited access to resources, education, and awareness. Understanding these vulnerabilities is important in developing inclusive and equitable prevention measurses, while ensuring the safety and security of marginalized groups in virtual spaces.  Both studies contribute to society by advancing our understanding of emerging cybercrime trends and vulnerabilities in virtual environments. They provide insight for law enforcement agencies, policymakers, and cybersecurity experts to develop targeted strategies for crime prevention. These studies enhance public awareness, creating a safer digital environment for individuals, while contributing to the overall security and well-being of society in the face of evolving technological challenges. By understanding the motivations of criminal activities and proposing preventive measures, these research findings contribute to the enhancement of criminal justice policies and provide valuable guidance for future criminological studies.

https://docs.google.com/document/d/1NbTXwpgMmDZnEQwQrm8dP2eNDHr0QOLSHEtke4ZPm64/edit?usp=sharing

  • Article Review #1

“Cyberattacks, cyber threats, and attitudes toward cybersecurity policies”

Journal of Cybersecurity, Volume 7, Issue 1, 2021

https://doi.org/10.1093/cybsec/tyab019

This study analyzed how information regarding cyberattacks affect how people feel about stricter internet safety rules. This was tested by showing over a thousand people in Israel fake news reports about different kinds of cyberattacks, some serious and some not so serious. The results showed that when people heard about cyberattacks, they were more likely to support strict internet rules. What was interesting is that the type of attack also mattered. If people heard about a really dangerous cyberattack, they supported rules that made the government tell everyone about these attacks. On the other hand, if they heard about less harmful attacks, they supported rules that made sure the government kept a close eye on things. So, what people think about internet safety rules depends on the kind of cyberattacks they know about and how they perceive these attacks.This relates to the social science principle of cognitive dissonance. With this concept, discomfort arises when someone holds belief, or values that are contradictory or when their actions contradict their beliefs. In this instance, people are swayed on how they feel about cyberattacks, based on their perceptions and how the media reports it.

The article referred to a tested hypothesis. To test the hypothesis, a controlled survey experiment was conducted. This experiment exposed participants to simulated news reports about major cyberattacks. For the experiment to work, original video clips were professionally produced. The lethal treatment group viewed a feature report discussing several lethal cyberattacks that had taken place against Israeli targets, while the nonlethal treatment group broadcast a collection of stories pertaining to nonlethal cyber incidents. The control group did not watch any news report. They utilized the medium of video news reports for their experimental manipulation since experiments in recent years have shown how broadcast videos and media reports of major attacks arouse strong emotions among viewers, which in turn trigger reevaluations of positions on policy positions and political attitudes related to issues of security [35, 59, 60]. The experiment aimed to test ideas about how people react to news about cyberattacks. As a result, a pretend news experiment was created.Some people watched fake news videos about really serious cyberattacks in Israel that caused harm and even death. Others saw videos about less harmful cyber incidents, like problems with smartphones and credit card fraud. This was done to see how these different types of news affected people’s opinions about internet security. 

Overall, the study used an experiment to show that when people hear about different types of cyberattacks, they become more worried about cyber threats and tend to support strict internet security rules. Specifically, exposure to cyberattacks that cause serious harm has a similar impact on people’s attitudes as conventional terrorism does. The research was conducted in Israel to understand why individuals support strict cybersecurity policies. The findings revealed that exposure to cyberattacks with lethal consequences increased people’s fear of cyber threats more than attacks that cause economic damage or nonlethal harm. The experiment and research also shed light on those that were easily swayed by the video or “fake news”. It was those that were less educated and lower socioeconomic status.

In my opinion, the article touched on examples of illustrative problems in social cybersecurity. Perception and those that appear influential, can cause the spread of disinformation. The biggest social contribution is the fact that this article highlighted the question of whether or not the government should be in charge of enforcing strict regulations regarding cybersecurity.This is especially concerning for those that have greater perceptions, feel more vulnerable, and look to the government for protection.

https://docs.google.com/document/d/1tr4z05c-BCQLSnplOgmBPYt7-1Gs-AtIySL25BAnhlc/edit?usp=sharing