Introduction

Throughout my cybersecurity education at Old Dominion University, I have systematically developed technical, analytical, legal, and strategic skills essential for the profession. The following four artifacts—each created for a core course—demonstrate my growth in network design (IT 315), ethical hacking (CYSE 450), cyber law (CYSE 406), and cyber strategy (CYSE 425). By linking each artifact to specific lectures, readings, hands-on assignments, and industry best practices, I reflect on challenges faced, lessons learned, and how these experiences have shaped my future practice in private-sector and public-policy contexts.

Artifact 1: Maury High School Network Design

Course: IT 315 – Intro Network & Security (Prof. Kalburgi, 2024)
In IT 315, Professor Kalburgi challenged us to design a wired network for Maury High School, providing two live outlets per classroom/office, all sharing a secured Internet connection with no Internet-facing servers (Kalburgi, 2024). My deliverables included:

1. Cabling Plan & Budget:
   
   • Measured cable runs on a scale-adjusted floor plan (300 ft width) to estimate total Cat6 cabling required.
     
   • Priced cat6 cable, RJ45 outlets, wall plates, and patch panels using Home Depot and manufacturer pricing (Kalburgi, 2024).
     
   • Budgeted $4,500 for cabling materials and $1,200 for termination hardware.
     
2. Equipment Plan & Budget:
   
   • Selected PoE-capable managed switches, purchasing 10 % more ports than outlets (165 outlets → 185 ports) to allow for growth and wireless AP deployment (Kalburgi, 2024).
     
   • Included patch cables, UTP patch panels, and rack-mount trays sourced from Cisco and Ubiquiti catalogs.
     
3. Security Architecture:
   
   • Designed VLAN segmentation—separate student, staff, and guest VLANs—following best practices for network segmentation to limit broadcast domains and enforce access control (eSecurity Planet, 2024) (VLANs: Effective Network Segmentation for Security – eSecurity Planet).
     
   • Implemented inter-VLAN filtering using ACLs on the core switch, blocking unauthorized inter-VLAN traffic (Cisco Learning Network, 2023) (How to configure an ACL to allow selective traffic between VLANs in …).
     
   • Deployed a perimeter firewall with zone-based policies allowing only required outbound services to the Internet.
     

Designing a scalable, secure, and budget-conscious network was challenging because theoretical VLAN and ACL concepts (Stallings & Brown, 2020) needed translation into a coherent proposal. By reviewing Kalburgi’s lectures on switch configuration (Kalburgi, 2024) and applying a systematic “test-then-tighten” approach—first validating connectivity, then incrementally enforcing ACLs—I ensured both functionality and security. This artifact sharpened my network-architecture skills and underscored the importance of aligning technical designs with operational and financial constraints.

Artifact 2: Penetration Testing Report

Course: CYSE 450 – Ethical Hacking & Penetration (Prof. Alam, 2024)
In CYSE 450, Professor Alam led us through hands-on labs culminating in a full penetration-testing engagement against a deliberately vulnerable web application (Alam, 2024). My final report documented:

• Active Reconnaissance & Scanning:
  Employed Nmap and Nikto to map network services and identify outdated server software (OWASP, 2023) (Penetration Testing Methodologies – OWASP Foundation).
  
• Exploitation of SQL Injection & XSS:
  Used SQLMap and tailored payloads, leveraging out-of-band DNS for safe proof-of-concept extraction without destroying target databases (OWASP, 2023) (Penetration Testing Methodologies – OWASP Foundation).
  
• Malware Analysis Lab:
  Conducted static and dynamic analysis of a simulated malicious binary within an isolated VM, using Ghidra and Procmon to identify API-call patterns (Alam, 2024).
  
• Steganography Challenge:
  Extracted hidden messages from image files using Steghide, demonstrating the importance of covert-channel detection (Medium, 2022) (A Step-by-Step Steganography Tutorial with Steghide – Medium).
  

The most difficult aspect was crafting proof-of-concept exploits that demonstrated real risk without irreversibly damaging the lab environment. Alam’s in-class demonstration of safe exploitation techniques (Alam, 2024) and the OWASP Testing Guide (2023) provided a robust framework—reconnaissance, scanning, exploitation, post-exploitation, and reporting—for structuring my assessment. This artifact significantly enhanced my offensive-security toolkit and instilled a deep respect for the ethical responsibilities of penetration testers.

Artifact 3: Privacy-Law Memorandum

Course: CYSE 406 – Cyber Law (Prof. Klena, 2024)
For CYSE 406, Professor Klena tasked us with advising the Governor of Virginia on personal-data protection legislation (Klena, 2024). My memorandum addressed:

1. Privacy Overview:
   Defined privacy and personal data, explained risks of unregulated data collection—identity theft, biometric misuse—and illustrated with examples of fingerprint and facial-recognition data (Solove, 2008).
   
2. GDPR Summary:
   Described GDPR scope, data-protection principles (lawfulness, transparency, data minimization), territorial reach, and enforcement mechanisms (European Parliament & Council, 2016) (The EU’s General Data Protection Regulation (GDPR) in a Research …).
   
3. U.S. State Laws:
   Compared California’s CCPA and Virginia’s Consumer Data Protection Act (VCDPA), highlighting consumer rights to access, deletion, and opt-out of targeted advertising (Virginia OAG, 2023) ([PDF] Virginia Consumer Data Protection Act).
   
4. Policy Recommendation:
   Argued Virginia should enact its own law to protect citizens immediately, then advocate for federal harmonization—balancing state innovation with national consistency (Klena, 2024).
   

Parsing dense legal texts such as the GDPR (European Parliament & Council, 2016) and Brenner’s technology-law analysis (2019) was initially overwhelming. Klena’s annotated lecture outlines on statutory interpretation (Klena, 2024) enabled me to distill complex provisions into practical policy guidance. This memo strengthened my legal-research and policy-writing skills, and underscored the necessity of integrating technical controls with regulatory compliance.

---

Artifact 4: GDPR Implementation Review

Course: CYSE 425 – Cyber Strategy & Policy (Prof. Duvall, 2025)
In CYSE 425, Professor Duvall required a review of GDPR implementation effectiveness across multiple EU member states, informed by scholarly research (Duvall, 2025). My paper:

• Synthesized Six Peer-Reviewed Studies:
  Analyzed success factors from research on GDPR uptake—data breach reporting rates, fines levied, and organizational compliance frameworks (ResearchGate, 2023) (The critical success factors of GDPR implementation: a systematic …).
  
• Derived Policy Implications:
  Recommended unified enforcement guidelines to reduce jurisdictional variance and proposed cross-border data-flow agreements to ease compliance burdens (Voigt & Von dem Bussche, 2017).
  
• Developed an Assessment Framework:
  Combined ethical (consent, autonomy), political (sovereignty, cross-border flow), and social (digital inclusion) metrics to evaluate regulatory impact (Duvall, 2025).
  
• Concluded on Success & Gaps:
  Found GDPR raised global data-protection standards but requires clearer AI profiling guidance and enhanced small-business support (Kuner et al., 2017; Duvall, 2025).
  

This project deepened my strategic-policy acumen by integrating diverse scholarly perspectives and critically appraising their methodologies. Duvall’s lectures on resilience and deterrence theory (2025) guided my framing of GDPR as both a deterrent and resilience-building mechanism. The artifact reinforced how legal frameworks, political objectives, and societal values intersect in cybersecurity strategy.

General Reflection on Learning Growth

The collection of artifacts shows a development path that starts with basic network design and segmentation skills (Kalburgi, 2024) before moving into offensive-security specializations (Alam, 2024), sophisticated legal policy analysis (Klena, 2024), and ultimately strategic leadership abilities (Duvall, 2025). Initially my studies concentrated on tools and configurations but I eventually understood that cybersecurity requires a comprehensive strategy that includes technology, law, and policy.

Through my penetration-testing work (Alam, 2024) I learned technical exploits need to function inside ethical and legal boundaries which Klena’s study of privacy law (Klena, 2024) confirmed. The network-design lab (Kalburgi, 2024) showed me that robust architecture should address operational demands along with regulatory rules which became a focal point in my later GDPR analysis (Duvall, 2025). My combined experiences have shown me how to combine technical precision with adherence to legal standards and strategic planning.

To keep up with the latest best practices and regulations I will maintain integration across these domains by obtaining CISSP certification and engaging with professional organizations like ISC² and ISACA. I intend to guide junior colleagues by imparting my experience in matching technical solutions to legal and policy demands.

Conclusion

The four artifacts—a Maury High School network design project, comprehensive penetration-testing report, privacy-law memorandum, and GDPR implementation review—showcase my evolution from focused technical expertise to a well-rounded cybersecurity professional. Under the supervision of Professors Kalburgi, Alam, Klena, and Duvall I developed competence in design principles alongside ethical hacking techniques and legal analysis methods for strategic policy development. Entering the workforce I bring with me the ability to create secure networks and perform ethical security evaluations while ensuring compliance with regulations and developing policies that integrate security principles with privacy concerns and innovation needs.

References

Alam, M. (2024, February 15). Lecture on penetration‐testing methodology and safe exploitation practices [Lecture]. CYSE 450 – Ethical Hacking & Penetration, Old Dominion University.

California Legislature. (2018). California Consumer Privacy Act of 2018. https://oag.ca.gov/privacy/ccpa

Comer, D. E. (2006). Internetworking with TCP/IP (Vol. 1, 4th ed.). Pearson.

Cisco Learning Network. (2023). Access control lists. Cisco. https://learningnetwork.cisco.com/s/article/access-control-lists

Duvall, L. (2025, January 22). Lecture on resilience and deterrence theory in cyber policy [Lecture]. CYSE 425 – Cyber Strategy and Policy, Old Dominion University.

eSecurity Planet. (2024). VLAN segmentation best practices. https://www.esecurityplanet.com/networks/vlan-best-practices/

European Parliament & Council. (2016). Regulation (EU) 2016/679 (General Data Protection Regulation). https://eur-lex.europa.eu/eli/reg/2016/679/oj

Kalburgi, A. (2024, March 10). Lecture on VLANs, ACLs, and port security [Lecture]. IT 315 – Intro Network & Security, Old Dominion University.

Klena, J. (2024, April 5). Lecture on comparative cybercrime and privacy legislation [Lecture]. CYSE 406 – Cyber Law, Old Dominion University.

Kuner, C., Cate, F. H., Millard, C., & Svantesson, D. J. (2017). The GDPR: Understanding the EU’s new data protection rules. Oxford University Press.

OWASP. (2021). OWASP Testing Guide (4th ed.). https://owasp.org/www-project-web-security-testing-guide/

Singer, P. W., & Friedman, A. (2014). Cybersecurity and cyberwar: What everyone needs to know. Oxford University Press.

Solove, D. J. (2008). Understanding privacy. Harvard University Press.

Stallings, W., & Brown, L. (2020). Computer security: Principles and practice (4th ed.). Pearson.

Veale, M., & Edwards, L. (2018). Clarity, surprises, and further questions in the Article 29 Working Party draft guidance on automated decision-making and profiling. Computer Law & Security Review, 34(2), 398–404. https://doi.org/10.1016/j.clsr.2017.12.004

Voigt, P., & Von dem Bussche, A. (2017). The EU General Data Protection Regulation (GDPR): A practical guide (1st ed.). Springer.

Virginia Office of the Attorney General. (2023). Consumer Data Protection Act (VCDPA). https://www.oag.state.va.us/consumer-protection/privacy/vcdpa