Journal Entry 1

• Review the NICE Workforce Framework. Are there certain areas that you would want to focus your career on? Explain which areas would appeal the most to you and which would appeal the least.

Using the NICE Workforce Framework. I would like to focus my career in the Protect and Defend category. With my internship at MITRE, I have been exposed to all these categories in some way shape, or form. Oversee and govern, with Training, Education, and Awareness. I have worked on the development of Tabletop Exercises which are used to test the effectiveness of Incident Response Plans. The Securely Provision category with Test and Evaluation, Risk Management. I was exposed to this by developing a Tuning sheet for detecting and tuning noise within a Security Operations Center. Although I have been exposed to these categories, I would like exposure to the Analyze and Collect and Operate domain. That scope is the real piece of Cyber Ops. I feel those two areas are the real forerunner of the piece and the hands-on aspect I would like to get into. Investigate, Operate, and Maintain do not appeal to me the most. But they are very fundamental pieces of cyber security and should not go unnoticed. These are the very backbone of IT organizations but for me, I would like to be hands-on, and these roles aren’t really fitting for me if that were something I would like to do.  

Journal Entry 2

• Explain how the principles of science relate to cybersecurity

The principles of science relate to cyber security because of the steps analysts and researchers must take to fully understand cyber-attacks and threats. When looking to mitigate attacks or prevent vulnerabilities data must be collected, analyzed, and tested so that professionals can make decisions with better regard to the protection of data. From a real-world experience, I have had to personally research the Advanced Persistent Threat known as Deep Panda, where the insurance health provider Anthem had 78.8 million of personal identification information extracted from their corporate data house. This includes social numbers, addresses, names, and email addresses. With the research and data, I collected I was able to understand that this started from a simple phishing attempt on the system admin. So, the result of human error was the culprit and allowed the adversary to laterally move along the network and give privilege escalation to other infected computers. With this information, I was able to utilize other software to replicate this attack on a victim machine and extract data the same way, then I was able to apply it to a Tabletop Exercise so I could make cyber professionals aware of such an attack and test the effectiveness of our own incident response plan. So, with data collecting, analyzing, testing, and decision-making. The principles of science apply to cyber security in every way.

Journal Entry 3

• Visit PrivacyRights.org to see the types of publicly available information about data breaches. How might researchers use this information to study breaches?

Using this website researchers will be able to study breaches from a time frame from 2005 up until 2022. With this, a researcher can study trends and consistencies with the breaches. Such as what type of breach was the most recurring or which state experienced the most breaches. I was able to see that from September 2020 to February 2022 California had the most breaches. Also, able to see that hacking was the 2^nd most type of data breach with the first being by unknown meanings that may require more research. I was also able to see that the medical sector was the most targeted organization which came to my surprise as I expected financial services to be the most targeted. I believe as this website is updated you can also see if corporations are taking cyber security measures by noticing a decrease in the number of reported breaches that they have. Overall, this is a great website researchers can use to study breaches where they happen, what type of breach is happening, and who is being most targeted.

Journal Entry 4

• Review Maslow’s Hierarchy of Needs and explain how each level relates to your experiences with technology. Give specific examples of how your digital experiences relate to each level of need.

Maslow’s Hierarchy of Needs is a chart with a hierarchy of our needs which suggests that when our lower needs are met, we can then focus on meeting our upper level of needs. There are five levels to this hierarchy. From top to bottom, Physiological needs could be food, water, warmth, and rest. Safety needs such as security and safety. Belongingness and love needs like friends or relationships. Esteem is like prestige and accomplishment. Self-actualization is our full potential. It breaks these into 3 groups safety needs and physiological needs into basic needs, belongingness, and esteem needs into psychological needs. With self-actualization into self-fulfillment.

For me with basic needs, it is hard to imagine a time without technology me because it has played an important part in my life from people, I have met gaming and the ease of access for me to do things. In a way, technology has become a part of my basic need because of how much I rely on it rather its for studying or doing homework I sort of need technology to get through my day.  For safety, it is important to be safe online. I receive a lot of spam or pop-ups from websites that may not necessarily be safe. If I were to click on these links, I could compromise my whole computer or home network. It fits my psychological needs because of the friends I make online and how easy it is to communicate with people who are far away from me. It fits others’ esteem needs online because sometimes people will look on the internet and feel better about themselves and troll online. I personally don’t do that, but I do see it every day. It fits my self-actualization needs because of the things that I can do with technology from coding to overclocking my computer so it can run faster. If I wanted to, I could run an online business. I can learn languages. The possibilities are endless when it comes to being successful or learning with technology.

Journal Entry 5

• Review the articles linked with each individual motive. Rank the
  motives from 1 to 7 as the motives that you think make the most sense
  (being 1) to the least sense (being 7). Explain why you rank each
  motive the way you rank it.

1. Political https://economictimes.indiatimes.com/magazines/panache/new-generation-of-angry-youthful-hackers-join-the-hacktivism-wave-adding-to-cyber-security-woes/articleshow/81707844.cms

I rank the political motives such as hacktivism as the motive that does make a lot of sense. I can see the reasoning behind them doing cybersecurity attacks. To spread awareness about a cause if peaceful and potentially nonharmful means are not working. They also could seek to leak harmful data or expose a corporation to their wrongdoings.

• For Money https://threatresearch.ext.hp.com/sex-drugs-and-toilet-rolls-how-cybercriminals-spend-their-money-infographic/

I would rank this one higher than 1 if more than 50% was spent on investments or reinvestments. But this falls at two. Personally, if I were engaged in hacking for financial gain this is where I would put my money. With that, these hackers would not even need to hack anymore.

• Entertainment https://9to5mac.com/2021/07/19/man-behind-linkedin-scraping/

I put entertainment as 3 because it he’s just doing it for fun but I’m not sure why he is selling the data. But it seems like mindless fun and LinkedIn should do something to prevent such a thing from happening as there is already a debate about the fact that if this is a crime or not since this data is “technically” publicly available.

• Recognition https://www.theregister.com/2021/06/30/bradley_niblock_election_ddos/

In this situation, I sort of mix it with bored because he was just doing this to do this. I don’t think he gained any recognition from this. But all it took was a script kiddie for him to cause 250,00 connection requests.

• For multiple reasons https://www.infosecurity-magazine.com/news/what-drives-hackers-to-a-life-of/?__cf_chl_jschl_tk__=pmd_c1d89a4695edbd23f2bceb54d70f35ce5e536e86-1626721164-0-gqNtZGzNAfijcnBszQi6

I must put this one at 5 because I believe the other 2 are much worse. This one is just people who have egos. Some of the people enjoy it because they have the skill to do it. So, they put their skills to the test and when they are able to do it they gain a boost to their ego and feel like the man.

6, 7 Boredom and Revenge  https://www.heraldlive.co.za/news/2021-05-31-cyberbullying-and-online-sexual-grooming-of-children-on-the-increase/ ,  https://newsfromwales.co.uk/news/revenge-porn-victims-in-wales-often-feel-let-down-by-the-law-as-cybercrime-slips-through-the-net/

 Both are about the same. But the crimes done with these motives are terrible. Mainly why they rank very low. I guess for the side of cyberbullying under bored it doesn’t make much sense to me but that generally happens not just for children but online internet trolling in general. Boredom in the broader sense with hacking or other stuff still doesn’t make much sense. Revenge hacking in this context from the article is on Revenge porn. Some of it may not be revenge porn and could be people holding photos for ransom. But doing this just makes no sense to me and I don’t really see why people do it.

In general, this all stems and connects to the social sciences of the internet and cyber security. Why do people do what they do online and how.

Journal Entry 7

• Review the following ten photos through a cybersecurity human systems integration framework.
• Create a meme explaining what is going on in the individual’s or individuals’ mind(s)
• Explain how your memes relate to Human Systems Integration.

I made this into a short meme saying another day of training because he is smiling, and I think of this as him hiring personnel.

I chose this for like the usability of software security-wise. I can imagine a guy saying this security software just doesn’t work. As if he completely doesn’t understand it. Discussing how they can improve.

It.

I can see someone hiring this person here and she is very excited about her new hiring looking to better protect the cyberspace.

 This is another one at user usability. Its important for users to have a very easy use of usability when utilizing software. Having complicated applications can cause a impact on the business.

User access is very important, and I feel it’s important that the right people have the right access so monitoring who has access on your network allows for better protection and security.

Cyber awareness is important, I imagine this as a seminar being given on cyber awareness and why it’s important to have this awareness and training to not fall victim.

I see this in an incident response mindset. Being that it’s important to have some form of incident response because everything can fall apart really fast and in an instance.

I find this one very cute and see it like a hiring manager signing on for interviews and meetings for the day to hire new staff to support a brand-new project.

This seems like one of the days a coder is logging on to go over his daily review of the code he has to have completed next week or he will have to stress missing an important aspect.

I feel this guy has had it with this company and no matter where he is, he is always working no matter what.

Journal Entry 8

• After watching the video, write a journal entry about how you think
  the media influences our understanding about cybersecurity
• https://www.youtube.com/watch?app=desktop&v=6BqpU4V0Ypk

 After watching the video, I think it is pretty evident that Hollywood and the media portray cybersecurity in the way of a hacker. Usually in this media the hackers are extremely smart and can hack something in 2 seconds. That’s not the case at least the hacking in 2 seconds. For people on the outside of cybersecurity who just see this movie. It may not be the best influencer for them because then they get into the field, and it is nothing like what they saw in James Bond or any other movie. Overall, I think the media paints cyber security in a light that isn’t bad or negative but just sometimes overly inaccurate. Hollywood should start showing the other aspects of cybersecurity besides just hacking or show a mix of hacking and other aspects.  

Journal Entry 9

Complete the Social Media Disorder scale. How did you score? What
do you think about the items in the scale? Why do you think that
different patterns are found across the world?

For me, it is a 1. I feel it’s a bit accurate for me as I have tried to limit my time on social media in general but have failed. But my social media use hasn’t caused me problems in daily life or for the people around me. I could maybe say there are times when I want to concentrate only on the work, I am doing but instead, I scroll through TikTok or X. I would think different patterns are found throughout the world just based on average need and use of technology. I feel the different patterns could be based on age groups. For instance, the younger generation is more connected with social media than previous generations. So, some areas or countries of the world with an older majority population may have lower results compared to a country with a wide population of younger people who are always on their phones or using technology in some way. This can raise security concerns and just like in the video, a person could be exposing sensitive information and may not just be about a password but could be where they live and all sorts of different information.

Journal Entry 10

• Read this and write a journal entry summarizing your response to the article on social cybersecurity
• https://www.armyupress.army.mil/Journals/Military-Review/English-Edition-Archives/Mar-Apr-2019/117-Cybersecurity/b/CYSE201S 6

This was a very interesting article. I 100 percent agree with the fact that information wars are the main type of war today. Can even argue it was like that before information was the big driver and nations continued to push narratives and propaganda to make their country look better than the other. Having a strong understanding of the social science in cyber security can help spread information a lot faster to the masses. But the thing that I think about is that it’s hard to control a certain narrative with the existence of the internet and everything just being on the internet. But with that like said in the article, truth and untruth are constantly mixed. This leads to the BEND model which describes how a person can manipulate beliefs, ideas, and information. The information maneuver is one and is the manipulation of info and the flow of relevance of info in cyberspace. One example given is misdirection, introducing unrelated topics to change the conversation. The other is network maneuver, which is the manipulation of the actual network itself. Like community building and building a community around certain topic. Overall, this article was very interesting and introduced some new topics and points, I didn’t know like this bend model. Its very important to understand all of this because with new technology like AI people can create Deep fakes and really create false negatives creating a distrust between information, people, and technology.

Journal Entry 11

Watch this video. As you watch the video https://www.youtube.com/watch?v=iYtmuHbhmS0, think about how the description of the cybersecurity analyst job relates to social behaviors. Write a paragraph describing social themes that arise in the presentation.

Cybersecurity analysts deal with a lot of monitoring the network and protecting the network. Being that first line of defense, she says responding to phishing attacks and intrusion detects. Also, with user awareness training these are just a few that deal with interacting in some way with technology or another person. Phishing attacks deal with a person seeking to get something by baiting a person to click that email, usually, we want to reinforce the emails that are coming through to only accept emails from trusted and approved email addresses to prevent that type of scam. Flagging emails as potentially malicious or having ill intent. User training is a part of the “human firewall” where everyone has to be responsible this also can go in hand with victim precipitation, if the users are aware of what to look out for and what not to do we can limit the amount of victims on the network, because they will know not to click that link from a fake email address.

Journal Entry 12

Read this https://dojmt.gov/wp- content/uploads/Glasswasherparts.com_.pdf sample breach letter “SAMPLE DATA BREACH NOTIFICATION” and describe how two economics theories and two different social sciences theories relate to the letter

The two economic theories I feel relate to this letter are Rational choice and Marxian economic theory. I say the rational choice theory because I believe since businesses can choose how much they invest in cyber security or security practices why couldn’t they invest in the creation of their own website with cyber security practices utilized on their own? Some businesses take the cheaper route and let things be third-party controlled and out of their hands but that can come back to bite them. The Marxian I think applies to this because the hacker attacking the third-party company is attacking something out of the consumer’s hand when going after their information. Getting very sensitive data which, they shouldn’t have.

Two different social science theories that I think relate are the neutralization theory and the personality traits of Openness and or Extraversion. The neutralization theory has 5 different actions under it Denial of jury, cyber criminals justify their behavior by saying no humans are hurt physically. Denial of victim, the hacker justifies behavior by saying the individual will learn because of the hack. Denial of responsibility, like an employee justifying committing cyber fraud Condemnation of condemner, individuals who engage in digital piracy and blame to the industry for restricting access to content. Appeal to higher loyalties. Individuals who hack for political motives. I feel like it’s a mix of denial of the victim and denial of jury. Now they did hack for a financial gain as it seems they have gained credit card info. But it seems that because no one is physically harmed why not do it I also think denial victim because now not only will this company learn both companies will learn. New policies will come into place from both companies for future organizations they work with. I can see extraversion coming into play here also this is a personality theory that states that one’s interest is toward the outer world of people and things. Utilizing hacking they are interacting with the things set up by people to gain access to stuff they don’t need, and this fits their characteristic to keep trying new things. Also, openness because hackers are open to new things being criminals. Exploring new challenges and taking them on.

Journal Entry 13

• A later module addresses cybersecurity policy through a social science framework. At this point, attention can be drawn to one type of policy, known as bug bounty policies. These policies pay individuals for identifying vulnerabilities in a company’s cyber infrastructure. To identify the vulnerabilities, ethical hackers are invited to try explore the cyber infrastructure using their penetration testing skills. The policies relate to economics in that they are basedon cost/benefits principles. Read this article and write a summary reaction to the use of the policies in your journal. Focus primarily on the literature review and the discussion of the findings.
• https://academic.oup.com/cybersecurity/article/7/1/tyab007/6168453?login=true

In this article, they discuss findings and reports on Bug Bounties to make an economic model.  A few are that hackers are price insensitive meaning companies with a limited number of resources can get value from utilizing bug bounties and the company’s size doesn’t have an economic impact on the report it receives. They took in several factors that could impact the security researcher supply. Program age, Industry, Brand profile, Bounty Amount, Time to resolution, Revenue, Scope, New programs, and Private vs public programs. But found that Brand profile and Revenue had an economically insignificant impact because a company in the 75^th percentile of revenue data would only get about 0.05 more valid reports per month compared to a company in the 25^th showing that bug bounties are effective for companies of any size. Another factor that had an effect was the industry. Their findings showed that companies in finance and retail received fewer valid reports when compared to other companies in the other category ceteris paribus. The point of this study and article is to show how much hackers cost to do bug bounties and does that affects reports. They found hackers are insensitive, anyone can use bug bounties, Companies in certain industries receive fewer reports, and over time companies would receive less valid reports.

 Overall, this is very interesting because it takes the money value and breaks it down to show that companies can invest in this with no problem. If their findings showed that the amount of money affected the type of findings or reports received it would be a problem, but it doesn’t and companies can invest in this, to grow their cyber security standing.

Journal Entry 14

• https://clario.co/blog/illegal-things-you-do-online/ has described eleven things Internet users do that may be illegal. Review what the author says and write a paragraph describing the five most serious violations and why you think those offenses are serious.

In this 11 illegal things we do online unknowingly, I feel Recording a VoIP call without consent, Faking your identity online, using other peoples internet network, collecting information about children, bullying and trolling. I feel these offenses can cause serious serious harm. I feel the other ones aren’t nearly as serious but revolve around copyright issues. Especially being that collecting information about children assuming this is for ill intent is just wrong and should be punishable, as well as with bullying and trolling as we have seen the repercussions with that. Faking identity online or using other peoples internet networks can be serious offenses but I feel have a more dangerous potential than the ones around copyright. Last being recording a call without consent can have a big problem, because if something said in secret is leaked the repercussion of that can be impactful.

Journal Entry 15

• Digital Forensics | Davin Teo | TEDxHongKongSalon – YouTube Watch
  this video and think about how the career of digital forensics
  investigators relate to the social sciences. Write a journal entry
  describing what you think about the speaker’s pathway to his career.

David Teo – Digital Forensics

According to David Teo, he describes digital forensics as the collection, analysis, and reporting of electronic data to be presented in a court of law. I can see how this is under the umbrella of cyber law. And how collecting data could be for instance connected to the psychology and sociology side because investigators can come to an understanding of behavior and motivation to help them interpret the electronic data collected. I find his pathway into his career very interesting, starting in accounting, he eventually fell more and more into IT due to the need for an IT person. His career in accounting led him to a big firm that started a Digital forensics team, and he joined it. I find his meaning in joining IT and his path very interesting and unique because you never know what may come your way. When it does it could be your opportunity to do something great. So, he leaped and has enjoyed it ever since.