Journal Entry #1:
The NICE Workforce Framework for Cybersecurity offers a detailed structure for organizing cybersecurity roles and skills across seven key areas: Analyze, Collect and Operate, Investigate, Operate and Maintain, Oversee and Govern, Protect and Defend, and Securely Provision. Among these areas, I am most drawn to Protect and Defend, which focuses on identifying and responding to cybersecurity threats. Roles like Cyber Defense Analyst or Vulnerability Analyst catch my eye because they involve proactive measures to safeguard systems and respond to real-world threats. The dynamic and high-stakes nature of this work excites me, as it requires continuous learning and problem-solving. Another area I find interesting is Securely Provision, which includes designing and implementing secure systems. I am particularly interested in roles like Cloud Security Specialist or Security Architect, as these combine creativity with technical expertise to build secure environments and prevent vulnerabilities during development.
Journal Entry #2:
In cybersecurity, key scientific principles are important in shaping security practices. Empiricism highlights the importance of real-world data in identifying and addressing security threats, relying on observation and experience to guide decision-making. Determinism helps professionals understand cause-and-effect relationships, enabling them to track security breaches to the main source and predict future outcomes. The principle of Parsimony ensures that security solutions are working without problems that could be avoided, for example utilizing proven encryption methods rather than over-complicating systems. Objectivity ensures unbiased analysis during threat assessments, audits, and incident responses, making decisions based on evidence rather than assumptions. Falsifiability encourages testing and validating security measures, ensuring they can withstand real-world scenarios and identifying potential weaknesses. Replicability ensures results across different environments, confirming the reliability of security measures like vulnerability scans or penetration tests. Predictability is for cybersecurity professionals to anticipate future threats, using data and patterns to proactively address vulnerabilities.
Journal Entry #3:
I would say researchers could possibly use data from PrivacyRights.org to study data breaches by recognizing patterns such as the several types of breaches. For example, hacking, and physical theft, the industries affected, and the volume of records compromised. By comparing the breach frequencies over time or by region, they can spot out sequences and assess how certain factors such as (company size or security practices) impact the possibility of a breach. To sum everything up, researchers can evaluate the effectiveness of breach notification laws or public awareness campaigns based on breach data. This helps inform strategies to mitigate future risks.
Journal Entry #4:
Maslow’s Hierarchy of Needs can be similar to technology and digital experiences. Access to the internet and smart devices complete our daily basic needs, for example e-commerce (online shopping) or communicating. To make sure your information is safe online and everywhere else make sure you use cybersecurity measures like strong passwords, antivirus software, and two-factor authentication help protect personal data and financial information. The love and belonging level is supported by social media, video calls, and messaging apps keep people connected despite physical distances. Esteem needs are met through professional networking platforms, online courses, and digital certifications that boost confidence and career growth.
Journal Entry #5:
Hackers have various motives, some more understandable than others. The most rational motive is financial gain, as cybercriminals often exploit vulnerabilities for monetary rewards. Recognition follows closely, as some hackers seek fame or credibility, sometimes even leading to ethical hacking careers. Political motives, such as hacktivism, can be controversial but are often ideologically driven. Multiple reasons rank in the middle, as many hackers act based on overlapping incentives. Revenge, while personal, is unethical and often harmful. I would say hacking out of boredom is reckless, while doing it purely for entertainment is the least justifiable, as it disregards ethics entirely.
Journal Entry #6:
Identifying fake websites is important to keeping our personal information safe and avoiding scams. Fake websites often copy legitimate ones but have minor changes that can help users spot fraud. One example is a fake PayPal login page, where scammers create counterfeit sites such as “www.paypai.com” instead of the legitimate “www.paypal.com.” These fraudulent sites often lack security certificates (missing “https”), contain spelling errors, or use low-quality images (Memcyco). Similarly, counterfeit retail websites, like “BestBuy-Discounts.com,” claim to offer incredible deals but lack the credibility of the official “www.bestbuy.com.” These fake sites often have poor design, missing contact information, and request unusual payment methods (ForestVPN). Another example is phony banking websites, where fraudsters replicate sites like “Chase-Secure.com” instead of the authentic “www.chase.com.” These sites often contain slight misspellings in the domain name, lack proper security certificates, and immediately prompt users to enter sensitive information (IdentityGuard). To avoid falling victim to these scams, users should verify the URL for accuracy, ensure the presence of “https” in the address bar, check for reliable contact information, and remain skeptical of deals that seem too good to be true.
Journal Entry #7:
Journal Entry #8:
I would say the media often distorts the reality of hacking, making it seem either overly glamorous or absurdly simple. In movies and TV shows, hackers are often portrayed as typing frantically while random code streams down their screens, gaining access to secure systems in seconds. In reality, hacking requires extensive knowledge, patience, and planning. These exaggerated portrayals create misconceptions about cybersecurity, making it seem either like an unstoppable force or an easy skill anyone can master overnight. This can lead to misunderstandings about real-world threats, making people either overly paranoid or too careless about their online security. While some films do a better job of portraying hacking accurately, most prioritize drama over realism, shaping the public’s perception in ways that can be misleading.
Journal Entry #9:
I scored a 0 on the scale, which it indicated a normative social media usage. I found the questions to be well-designed because they effectively highlight how many people heavily rely on social media and how much its used in their daily lives. The questions made me reflect on how social media usage can vary from person to person. Different patterns of social media usage are seen across the world because most platforms use algorithms that connect people with similar interests and behaviors. These algorithms shape how people engage with content, leading to distinct usage patterns depending on regional preferences and cultural differences.
Journal Entry #10:
This Military Review article emphasizes how humans are still cybersecurity’s weakest link, with social engineering tactics like phishing exploiting psychological vulnerabilities, especially in military contexts. It argues that effective defense requires cultural change training personnel to recognize threats and adopt a zero trust mindset alongside technical solutions. While the military-focused analysis is strong, the discussion could be expanded to civilian sectors for example, healthcare and finance. And include data on training effectiveness. The piece underscores that cybersecurity is a socio-technical challenge: future strategies must blend behavioral psychology for example, why users ignore warnings with tools like simulated attacks to build resilience across industries.
Journal Entry #11:
In this video about the cybersecurity analyst role highlights a plethora of important social themes that intersect with technical responsibilities. Much of the job revolves around human interactions such as analysts must collaborate with IT teams, communicate threats to non technical stakeholders, and educate employees about security risks like phishing. The presentation shows that just technical skills aren’t enough, analysts need strong interpersonal abilities to explain complex concepts clearly and convince others to follow security protocols. Social engineering threats are discussed as a major concern, showing how attackers exploit human psychology rather than just technical vulnerabilities. The video also touches on the social dynamics of security operations centers, where teamwork and information sharing are important for rapid threat response.
Journal Entry #12:
The data breach notification letter from Montana’s Department of Justice can be looked at through both economic and social science viewpoints. Economically, the letter follows the idea of information asymmetry. It helps fix the knowledge gap between the company and affected customers by sharing important details, like what data was exposed and when the breach happened. By being transparent, the company lets consumers take steps to protect themselves, which helps avoid more damage. This is similar to how markets require disclosure to prevent unfair information gaps. The letter also shows a cost benefit analysis, where the company probably thought about the cost of sending notifications and offering credit monitoring versus the possible costs of fines, lawsuits, or damage to its reputation.
From a social science perspective, the letter connects with social contract theory, which says businesses have an unwritten duty to keep user data safe and act responsibly if a breach happens. The notification and credit monitoring offer show the company’s effort to honor this responsibility and maintain trust. The letter also ties into labeling theory, where it frames the affected people as “victims” of a cybercrime, which can affect their future actions, like signing up for credit monitoring or being more careful with personal data. At the same time, the letters sincere tone helps shape the company’s image as responsible rather than careless, showing how labels can affect both how consumers react and how the company is viewed. I would say these theories together show that breach notifications serve practical, economic, and social purposes, as well as impact people’s perceptions.
Journal Entry #13:
Bug bounty programs are a way for companies to improve cybersecurity by paying ethical hackers to find weaknesses in their systems. These programs are cheaper than hiring full-time security teams because they let so many people test the system. To keep in mind, there are some problems with this model. Hackers, especially those who find dangerous bugs, often don’t get paid enough and rely on building a good reputation instead. Also, people in developing countries may be left out due to language barriers and legal issues.
From a policy standpoint, bug bounties are a business friendly way to handle cybersecurity, but they raise concerns about fairness and responsibility. They shift the risk to independent hackers while companies control when and how they disclose security flaws. This shows a problem between saving money and making sure hackers are treated fairly.
Journal Entry #14:
The article from Clario talks about ethically wrong online activities that can get you in some big trouble with the law. Five activities that were mentioned really stand out to me because they can hurt people and have big consequences. To start it off, downloading pirated stuff like movies or games is illegal because it breaks copyright rules and takes money away from the people who made them. Second, cyberbullying and online harassment can seriously hurt someone’s mental health, and in some cases, even lead to self-harm many places have strong laws against this now. Third, hacking into someone’s account or computer without permission is a big crime because it invades their privacy and can mess with personal or even national security. Fourth, sharing private pictures or videos of someone without their permission is very harmful and illegal it can ruin someone’s life. Last but not least, online scams and phishing tricks people into giving away money or personal info, often targeting people who don’t know what’s happening. These actions are serious because they hurt real people and break real laws, and that’s why they can lead to big punishments.
Journal Entry #15:
Davin Teo gave a TEDx talk about his career in digital forensics, and his journey is pretty interesting. He started off as a accountant, but later switched to a career in digital forensics.
Even though digital forensics is all about technology, Davin pointed out that understanding people is super important. A lot of the work in forensics involves figuring out what people did online, why they did it, and how that affects the evidence. He compared it to the show CSI which demonstrates the work of digital forensics. He also mentioned that he had to take digital pictures when he went to investigate stuff so he can replace everything how it was. This means that skills from social sciences, like psychology, are useful in this field.
His story teaches us that you don’t need to have a strictly technical background to be successful in tech jobs. Sometimes, other skills like understanding human behavior and thinking creatively can be just as valuable.