Workforce Framework for Cybersecurity (NICE Framework)
Old Dominion University
Jacob Asare: Cybersecurity Undergraduate
CYSE 201S
Professor: Diwakar Yalpi
August 30, 2025
The NICE Cybersecurity Workforce Framework offers a comprehensive roadmap for career development in cybersecurity. As a Cybersecurity major, I would focus my career on areas within the Protection and Defense (PD) and Implementation and Operation (IO) categories of the NICE Cybersecurity Framework. The real-time defense roles like Threat Analyst and Incident Responder in PD appeal to me due to the fast-paced nature and the need to protect systems under pressure. Additionally, IO roles such as SOC Analyst and Security Administrator are ideal for fresh graduates like me and provide valuable hands-on experience in operational security and incident response. While Design and Development (DD) category is important, I find it less appealing at this stage, as my interests lie more in defending systems than developing them.
The principles of Empiricism effectiveness of Cybersecurity, data collection, and analysis
Old Dominion University
Jacob Asare: Cybersecurity Undergraduate
CYSE 201S
Professor: Diwakar Yalpi
September 4, 2025
Empiricism enhances cybersecurity practices by emphasizing evidence-based decision-making. Empirical data collection and analysis allow professionals to identify emerging threats by observing real-world incidents and patterns, rather than relying on assumptions. For instance, data on cyberattacks, malware behavior, and system vulnerabilities provide a clear understanding of current risks. Empirical research also enables the assessment of existing security measures’ effectiveness, helping to identify gaps and refine strategies. Moreover, by continuously gathering data from real-world cyber incidents, cybersecurity experts can develop new, targeted strategies and adapt to evolving threats, ensuring more robust protection for information systems. Thus, empirical methods provide actionable insights for improving cybersecurity practices.
Journal Entry 3
Researchers can use publicly available information from data breaches to gain insights into the patterns and vulnerabilities that lead to security failures. PrivacyRights.org provides detailed records of breaches, including the type of data exposed, the breach’s cause, and the organizations involved. By analyzing this data, researchers can identify recurring trends, such as the most common types of breaches (e.g., hacking, insider threats) and the industries most affected by these types of cyberattacks. This information can help forecast future trends in cyberattacks and inform preventive measures. Additionally, tracking the response times and the severity of breaches allows for improving organizational and policy-level defenses against future risks.
Reference:
PrivacyRights.org. (n.d.). Data breach reports. Retrieved September 8, 2025, from https://privacyrights.org
Journal Entry 4
Maslow’s Hierarchy of Needs
Maslow’s Hierarchy of Needs relates closely to my experiences with technology, especially in cybersecurity. At the physiological level, internet access and devices are essential for my work and learning. Losing access causes anxiety and disrupts my productivity. For safety needs, cybersecurity is crucial, as protecting devices from viruses and attacks ensures both personal and professional security. The belongingness level is met through networking with peers and participating in online forums, where we exchange knowledge and build a sense of community. Lastly, at the esteem level, overcoming cybersecurity challenges and gaining certifications like I did obtained my CompTIA Security+ boost my confidence. Positive recognition from colleagues enhances my self-esteem and respect in the cybersecurity field.
Journal Entry 5
RANKING OF CYBERCRIME MOTIVES
- For Money
- This is the most common and rational motive behind cybercrime. Many cybercriminals target individuals, companies, and even crypto exchanges simply to profit. Financial gain is a clear, understandable driver, whether through ransomware, data theft, or fraud.
Example:
2. Political (Hacktivism)
- Cyberattacks are increasingly being used as tools of protest, warfare, or political statement. While controversial, political motives are often driven by ideology, injustice, or government conflict, making them highly “sensible” in terms of motivation, even if illegal.
Example:
3. Revenge
- Revenge is a powerful emotional motivator, especially in personal relationships or workplace conflicts. While not justifiable, it’s understandable that when people feel wronged, they turn to hacking or cybercrime as retaliation.
Example:
4. Recognition
- Seeking fame or recognition, especially in hacking communities or among peers, is a common driver among young or skilled hackers. Many want validation or to prove their abilities to others, sometimes even to organizations like NASA.
Example:
5. Curiosity
- Curiosity — particularly among young or tech-savvy individuals, is a motive that, while innocent in intention, can lead to serious crimes. It’s somewhat understandable, especially in teens or early-career programmers.
Example:
6. Entertainment
- Committing cybercrime for “fun” is less sensible and often more reckless. It reflects a lack of understanding of the consequences. It’s usually tied to immaturity or thrill-seeking behavior.
Example:
7. Multiple Reasons
- While this is realistic that hackers may be driven by multiple motives like money and recognition, it is hard to judge or rank clearly. It feels less focused and more opportunistic, which is less “sensible” compared to more direct, single motives.
Example:
8. Boredom
- Boredom as a motive is the least sensible and most careless. It reflects a dangerous lack of understanding about the consequences of cybercrime. This motive often leads to harm without purpose or direction.
Example:
Final Ranking Summary
| Rank | Motive | Reason |
| 1 | For Money | Most common and rational |
| 2 | Political | Ideologically driven, impactful |
| 3 | Revenge | Emotionally understandable |
| 4 | Recognition | Desire for fame or respect |
| 5 | Curiosity | Innocent but risky |
| 6 | Entertainment | Immature, thrill-seeking |
| 7 | Multiple | Unclear, mixed intentions |
| 8 | Boredom | Most careless and unjustifiable |
How to Spot Fake Websites Using Trusted Comparison Methods
Old Dominion University
Jacob Asare: Cybersecurity Undergraduate
CYSE 201S
Professor: Diwakar Yalpi
October 4, 2025
Three fake websites I selected include ic3fbi.org (a spoof of IC3.gov), ajbsr.com (American Journal of Biomedical Science and Research), and wulfeniajournal.at (a hijacked version of the real wulfenia.at journal). These mimic real sites like ic3.gov, predatoryjournals.org, and wulfenia.at. Red flags include misleading domains, fake SSL certificates, poor design, unverifiable contact info, and false claims. Real sites use official domains (such as .gov, .org, .edu, etc.), verified SSLs, clear contacts, and consistent design. Fraudulent sites exploit urgency, fake trust seals, or academic names to mislead users. Verified sources such as IC3.gov, Cybernews.com, and csrc.nist.gov (NIST Computer Security Resource Center) document these patterns. Comparing domains, design quality, and SSL info helps spot fake websites effectively.
The table below summarizes this discussion.
Real vs Fake Website
| Fake Website | Real Website | Type |
| ic3fbi.org | ic3.gov | Government site spoof |
| ajbsr.com (American Journal of Biomedical Science and Research) | predatoryjournals.org (as a watchdog listing legit vs predatory) | Academic/publishing fraud |
| wulfeniajournal.at | wulfenia.at | Hijacked academic journal |
Journal Entry 7
A Visual Analysis of the Human Element in Cybersecurity
Old Dominion University – School of Cybersecurity
Jacob Asare: Cybersecurity Undergraduate
CYSE 201S
Professor: Diwakar Yalpi
October 13, 2025
My favorite three photos are #10, #12, and #14. Photo #10 shows a female engineer in a red-lit server room with the caption: “When the server goes down at 2 AM…and you are the server,” reflecting her stress and responsibility. This highlights the human burden in securing infrastructure. Photo #14 shows a team of cybercriminals operating from behind their screens with the caption: “They said ‘work from home’ didn’t say whose home,” capturing the mindset of cybercriminals who exploit human vulnerabilities and highlighting the importance of user awareness. Photo #12 depicts a programmer surrounded by monitors with: “99 bugs in the code… patch one, 127 bugs in the code,” showing frustration with ongoing security flaws caused by human error. All these memes illustrate core aspects of human-centered cybersecurity, the need for usable security tools, employee training, and designing systems that account for human behavior and limitations. They emphasize that people, not just technology, are central to effective cybersecurity strategies.
Journal Entry 8
“Scientists Rate 65 Scenes from Movies and TV | How Real Is It? | Insider”
Old Dominion University
Jacob Asare: Cybersecurity Undergraduate
CYSE 201S
Professor: Diwakar Yalpi
October 23, 2025
After reviewing the video entitled “Scientists Rate 65 Scenes from Movies and TV, How Real Is It? Insider,” I observed that media portrayals of cybersecurity often blend realism with dramatization, influencing public perceptions.
In the video, cybersecurity expert Keren Elazari analyzes scenes from various films and TV shows, providing insights into their accuracy. For instance, she highlights that the hacking scenes in “Mr. Robot” are among the most realistic, accurately depicting the technical aspects of hacking. Conversely, she critiques the hacking sequence in “Swordfish” as highly unrealistic, emphasizing the exaggerated and stylized portrayal of hacking in that film.
These analyses underscore how media can both inform and mislead audiences about cybersecurity. While realistic portrayals can enhance understanding, exaggerated depictions may contribute to misconceptions, affecting how the public perceives the complexities of cybersecurity.
Journal Entry 9
Social Media Disorder Scale (SMD Scale)
Old Dominion University
Jacob Asare: Cybersecurity Undergraduate
CYSE 201S
Professor: Diwakar Yalpi
October 23, 2025
I scored 0 on the Social Media Disorder Scale, indicating normative social media use with no signs of problematic behavior. I think the items in the scale cover a comprehensive range of behaviors associated with social media addiction, such as preoccupation, withdrawal, and conflict, which makes the tool useful for identifying potential issues. However, some questions might be subjective, depending on personal interpretation of feelings and behaviors. Also, I think different patterns of social media use worldwide likely arise due to cultural, social, and technological factors. For example, societal norms, access to technology, and attitudes toward social media vary across countries, influencing how people interact with these platforms and their risk for problematic use. Additionally, differences in mental health awareness and reporting may affect results globally (van den Eijnden, Lemmens, & Valkenburg, 2016).
Reference:
van den Eijnden, R. J. J. M., Lemmens, J. S., & Valkenburg, P. M. (2016). The Social Media Disorder Scale. Computers in Human Behavior, 61, 478–487. https://doi.org/10.1016/j.chb.2016.03.038
Journal Entry 10
Social Cybersecurity
Old Dominion University
Jacob Asare: Cybersecurity Undergraduate
CYSE 201S
Professor: Diwakar Yalpi
October 31, 2025
After reading “A Survey of Social Cybersecurity: Techniques for Attack Detection, Evaluations, Challenges, and Future Prospects,” I gained a deeper understanding of how social cybersecurity focuses on the human and social dynamics of cyber threats. The paper’s discussion of detection techniques for cyberbullying, misinformation, and cybercrime highlighted the importance of proactive, data-driven defenses. I found the evaluation of public datasets and analytical tools particularly valuable for advancing research. The authors also identified key challenges, including data quality, evolving social behaviors, and ethical issues. Overall, the article broadened my perspective on cybersecurity by emphasizing collaboration between technology and social science to build safer digital communities in the future.
Journal Entry 11
Social Connections and Opportunity in Cybersecurity
Old Dominion University
Jacob Asare: Cybersecurity Undergraduate
CYSE 201S
Professor: Diwakar Yalpi
November 1, 2025
The presentation on cybersecurity analysts highlights several social themes related to modern work and community behavior. It reflects the growing social value placed on technology skills and adaptability in a rapidly changing job market. The speaker emphasizes networking, community involvement, and volunteering, showing how social connections and collaboration are essential for career success in cybersecurity. The video also touches on social mobility and opportunity, portraying cybersecurity as an accessible field where motivated individuals can enter without traditional degrees. Additionally, it reveals how lifestyle choices, such as willingness to work night shifts or relocate, affect professional and social well-being, connecting individual ambition with broader social and economic dynamics.
Journal Entry 12
Economic and Psychological Analysis of a Data Breach Notification
Old Dominion University – School of Cybersecurity
Jacob Asare: Cybersecurity Undergraduate
CYSE 201S
Professor: Diwakar Yalpi
November 9, 2025
The GlasswasherParts.com breach letter illustrates multiple theories. Economically, it reflects moral hazard, as the breach occurred on a third-party platform whose insufficient security show how agents may take less care when they do not bear full risk. It also demonstrates prospect theory/loss aversion, since the notice emphasizes potential losses from compromised payment card data, motivating customers to act by contacting their banks and monitoring statements. Psychologically, it illustrates the theory of planned behavior, by giving clear instructions that shape attitudes, perceived control, and intentions to protect themselves. Additionally, it reflects protection motivation theory, as the letter highlights both the severity and probability of identity theft and provides actionable coping responses, prompting protective behaviors.
Journal Entry 13
Evaluating the Effectiveness of Bug Bounty Policies in Cybersecurity Economics
Old Dominion University – School of Cybersecurity
Jacob Asare: Cybersecurity Undergraduate
CYSE 201S
Professor: Diwakar Yalpi
November 9, 2025
Sridhar and Ng (2021) provide a comprehensive analysis of bug bounty programs, supporting their use as a cost-effective means for enhancing cybersecurity. Drawing from HackerOne data, the study finds that bug bounty programs are generally successful in identifying vulnerabilities, with ethical hackers motivated more by intrinsic factors than financial rewards. The literature review underscores the scarcity of empirical research in this area, with prior studies lacking sufficient data to determine the factors influencing the effectiveness of these programs. The authors’ findings show that company revenue and brand profile have minimal impact on the number of reports, though companies in sectors like finance and healthcare tend to receive fewer valid reports. Furthermore, the study highlights that older programs see fewer valid reports over time, which could be mitigated by expanding the codebase available for testing (Sridhar & Ng, 2021).
Reference
Sridhar, K., & Ng, M. (2021). Hacking for good: Leveraging HackerOne data to develop an economic model of Bug Bounties. Journal of Cybersecurity, 7(1), tyab007. https://doi.org/10.1093/cybsec/tyab007
Journal Entry 14
Five Serious Illegal Online Activities and Their Impact
Old Dominion University – School of Cybersecurity
Jacob Asare: Cybersecurity Undergraduate
CYSE 201S
Professor: Diwakar Yalpi
November 13, 2025
Andriy Slynchuk highlights several illegal online activities, but the five most serious I have selected are using unofficial streaming services, sharing passwords or photos of others, bullying and trolling, recording VoIP calls without consent, and collecting information about children. Below are the reasons why they are serious. Using unofficial streaming services violates copyright laws, undermining the entertainment industry’s revenue. Sharing personal information or photos without permission invades privacy and can lead to identity theft or harassment. Bullying and trolling can cause significant emotional harm and mental health issues. Recording VoIP calls without consent breaches communication privacy laws, potentially exposing sensitive information. Collecting information about children without proper authorization is a severe violation, risking exploitation and endangering minors’ safety. These offenses have far-reaching consequences on individuals’ privacy, security, and well-being, making them particularly serious.
Reference
https://clario.co/blog/illegal-things-you-do-online/
Journal Entry 15
Ethical Reflections on AI and Deepfakes
Old Dominion University – School of Cybersecurity
Jacob Asare: Cybersecurity Undergraduate
CYSE 201S
Professor: Diwakar Yalpi
December 3, 2025
Hofmann’s presentation raises profound ethical questions about truth and accountability in our digital age. The ability to clone voices with just 30 seconds of audio and create convincing deepfakes challenges our fundamental trust in evidence. Who bears responsibility when AI-generated content causes harm, the creator, the platform, or the AI itself?
The presentation highlights that deepfakes can be weaponized for political disinformation, CEO fraud, and personal defamation, forcing us to question whether video evidence still holds validity.
Society should address these concerns through multiple approaches such as implementing mandatory watermarking for AI-generated content, establishing legal frameworks that hold bad actors accountable, and investing heavily in digital literacy education. We must develop verification technologies while teaching people to question digital content critically. The presentation emphasizes becoming a “human firewall” by combining technological solutions with human awareness and skepticism to protect ourselves in this evolving landscape.
Reference
Dark Side of AI – How Hackers use AI & Deepfakes | Mark T. Hofmann |