Journal Entries


Week-1 Journal Entry
Work Role Categories
Looking at the NICE Workforce Framework with my career goals in mind, a few areas stand out. Since I’m interested in catching criminals and stopping cyberattacks, the “Investigate” category, especially the “Cybercrime Investigation” work role, seems like a perfect fit. It’s like being a digital detective, using tech skills and a deep understanding of criminal behavior to track down cybercriminals and bring them to justice.
I’m also drawn to the “Protect and Defend” category, specifically the “Insider Threat Analysis” work role. It would be fascinating to use my knowledge of social engineering and human behavior to uncover hidden threats within organizations. Plus, it aligns with my interest in cyber criminology.
The “Oversee and Govern” category has a lot to offer someone interested in Cybersecurity Program Management. Roles like “Cybersecurity Policy and Planning” and “Cybersecurity Workforce Management” would allow me to develop and implement strategies to strengthen an organization’s security posture.
While I recognize the importance of technical skills, areas like “Implementation and Operation” or “Design and Development” don’t appeal to me as much. My strengths lie in understanding the human element of cybersecurity and using that knowledge to combat cybercrime.
Overall, the NICE Framework shows just how diverse cybersecurity careers can be. With my passion for catching criminals and protecting others, I’m confident I’ll find a fulfilling path that aligns with my interests and skills.


Week-2 Journal Entry

Integrating Scientific Principles into Cybersecurity
The foundational principles of science; empiricism, determinism, parsimony, and objectivity are pivotal in strengthening cybersecurity. Empiricism, learning from experience, encourages a data-driven approach where past security incidents inform future defenses. By analyzing breaches and attack patterns, organizations can identify vulnerabilities and adapt their strategies accordingly.
Determinism focuses on cause and effect, guiding professionals to understand the root causes of security issues rather than just addressing symptoms. This leads to more effective prevention by tackling the initial triggers of attacks, much like stopping the first domino to prevent a cascade.
Parsimony, or simplicity, advocates for streamlined systems. Simpler security infrastructures are easier to manage, have fewer vulnerabilities, and reduce the likelihood of human error. By eliminating unnecessary complexities, organizations decrease potential weak points and enhance efficiency.
Objectivity demands unbiased decision-making based on factual evidence. In cybersecurity, this ensures that policies and responses are guided by actual risks and effectiveness, not by assumptions or trends. This builds reliable and trustworthy defenses.
By embodying these scientific principles, organizations can create robust, adaptive, and efficient security systems. This approach not only fortifies defenses against current threats but also establishes a solid foundation to tackle future challenges in the ever-evolving digital landscape.


Week-3 Journal Entry

PrivacyRights.org is a valuable resource for researchers studying data breaches. Their chronological database provides detailed information on various aspects of breaches, such as the type of breach (e.g., hacking, insider threat), the number of records compromised, the organization affected, and the specific types of data exposed. Researchers can use this data to spot trends, like which industries are more vulnerable to certain attacks, and see if bigger companies have worse breaches than smaller ones. This helps researchers figure out better ways to protect data, make smarter security rules, and improve cybersecurity for everyone. Plus, they can combine this data with other sources, like vulnerability databases and threat intelligence reports, to get a more complete picture of how data breaches happen and how to prevent them.


Week-4 Journal Entry

Maslow’s Hierarchy of Needs helps me understand how technology fits into my life as I transition from a 35-year-old Navy submarine veteran and test engineer to a cybersecurity professional. At the base level, technology helps me meet my physiological needs by allowing me to easily connect with my family and friends while I’m busy with school at ODU. Video calls, messaging apps, and social media help me stay close to them even when I’m focused on my studies and career change.
Technology also addresses my safety needs by giving me the tools to protect my personal information and financial security. With password managers, encryption software, and VPNs, I can keep my online accounts and sensitive data safe from cyber threats, which gives me peace of mind as I navigate the digital world.
As for love and belonging, online communities and forums have been great for connecting with other veterans, cybersecurity professionals, and ODU students. These platforms foster camaraderie and shared experiences, which are invaluable as I navigate this new chapter of my life.
Technology helps me meet my esteem needs by enabling me to learn new cybersecurity skills and gain knowledge. Online courses, certifications, and interactive learning platforms help me build confidence and competence in this new field, validating my decision to pursue this career path.
Finally, technology supports my self-actualization by giving me the means to achieve my career goals and contribute to society. By mastering cybersecurity skills, I can use my unique experience and expertise to protect organizations and individuals from cyber threats, fulfilling my potential and making a positive impact on the world.


Week-5 Journal Entry

  1. Financial gain is the most obvious and widespread reason for cybercrime. Think of it as the digital version of robbery. From massive ransomware attacks that cripple companies to simple phishing emails trying to trick individuals, money is the primary goal. Criminals, whether large organizations or individuals, are consistently seeking financial profit online. Cybercrime can be very lucrative, and for some, it seems less risky than traditional crimes, making it a highly attractive option. The sheer scale of financial losses from cybercrime worldwide confirms that money is the most significant driving force.
  2. Following closely is the understanding that cybercriminals often have “multiple reasons” for their actions. It’s rarely just one simple thing that pushes someone into cybercrime. Instead, many factors can overlap. Someone might be motivated by money, but also by the thrill of the challenge, the desire to impress their peers in hacking communities, or even a sense of political or ideological purpose mixed in. Recognizing this complexity is important because it shows us that cybercriminals are not all the same; their motivations are often a mix of different desires and goals.
  3. Political motivations are another significant driver, especially for certain kinds of impactful cybercrime. “Hacktivism” is a prime example: individuals use hacking skills to promote political messages or disrupt organizations they oppose. Governments and nation-states also engage in cyber operations for political reasons like spying or causing disruption. While maybe not as common as financial crime in sheer numbers, politically motivated cyberattacks can have huge consequences, affecting elections, international relations, and social stability. For those driven by strong beliefs, political cybercrime is a powerful way to make a statement or achieve a goal.
  4. The desire for recognition within hacking circles is also a strong motivator. Imagine a competitive online world where reputation is built on technical skill. For some cybercriminals, especially in hacking communities, the main goal is to impress their peers and gain respect. Successfully pulling off a complex hack or discovering a new vulnerability becomes a way to earn status and bragging rights. This need for recognition can push individuals to engage in cybercrime, particularly in hacking-related activities, as a way to prove themselves and climb the social ladder within their chosen community.
  5. Revenge is a powerful emotion that fuels certain types of personal cybercrimes. Think of “revenge porn,” cyberstalking, or online harassment. These actions are often driven by anger, hurt feelings, or a desire to get back at someone. In these cases, cybercrime becomes a tool for individuals to inflict emotional pain or damage reputations. While revenge might not be the driving force behind massive cyberattacks, it is a significant factor in understanding cyber offenses that happen between individuals, often stemming from personal conflicts and intense emotions.
  6. Entertainment, in some cases, can be a starting point for cybercrime, though it’s less of a primary driver for serious offenses. Some people, especially those who are tech-savvy and curious, might begin exploring hacking or online manipulation simply for fun or the challenge. It’s like a game to them at first. However, while entertainment might spark initial interest, it’s less likely to be the main reason behind large-scale or truly harmful cybercriminal activities. It’s more of a potential entry point that could lead to other, more serious motivations later on.
  7. Finally, boredom is probably the least convincing primary motivator for cybercrime when we look at the big picture. While boredom might play a small role in minor online misbehavior, especially among younger people – like petty cyberbullying – it’s hard to believe that boredom is the main reason behind major cyberattacks. Saying someone commits serious cybercrime primarily because they are bored seems to oversimplify things. Boredom might be a contributing factor in some less consequential online offenses, but it’s unlikely to be the core driving force behind the widespread and damaging problem of cybercrime.


Journal Entry #6
Spotting fake websites can be tricky because they’re designed to look real, but there are usually telltale signs. Think of fake bank sites: they might copy the real bank’s look but use a slightly off website address, like changing bankofamerica.com to something like bankofarnerica.com. Security tips online warn about these sneaky web addresses. These fake sites often have mistakes in the website name, don’t give you good contact info, and rush you to enter your personal details right away. Real bank sites, on the other hand, use the correct address and don’t pressure you for info immediately. It’s the same with fake online stores. They might tempt you with crazy cheap deals and messy websites, unlike big names like Amazon that have polished sites and clear company info. Even fake government sites try to trick you, like pretending to be the IRS and demanding urgent payments in weird ways. Fraud experts online point out these scams too. Basically, fake websites often give themselves away with little clues in their web address, design, and pushy requests.

Works Cited
Federal Trade Commission. “How to Recognize and Avoid Phishing Scams.” Consumer Information, https://consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams. Accessed 23 Feb. 2025.
Norton. “Fake E-shops: How to spot fake online shopping sites.” Norton Security Blogs, https://us.norton.com/blog/online-scams/fake-e-shops. Accessed 23 Feb. 2025.
Fraud Magazine. Fraud-Magazine, https://www.fraud-magazine.com/fm-home.aspx. Accessed 23 Feb. 2025.


Journal Entry #7

Memes based on Human-Centered Cybersecurity Framework
Meme #1: Photo # 7

Meme #2: Photo # 3

Meme #3: Photo # 16

These memes effectively illustrate key principles of human-centered cybersecurity by highlighting the frustrations users experience when security measures are not designed with human needs and behaviors in mind. Human-centered cybersecurity stresses that effective security systems and practices must be usable, meaning they are easy and intuitive for people to integrate into their daily tasks. Furthermore, they should be understandable, ensuring that security information and interfaces are clear and comprehensible to the average user, not just technical experts. Finally, supportive security measures should facilitate human workflows and goals, rather than creating obstacles or unnecessary burdens. The memes then exemplify common pitfalls when security design neglects these human-centered principles. Meme #1, based on Photo #7, demonstrates Security Overload and Usability, showing how excessive security warnings and complex interfaces can overwhelm users, leading to alert fatigue and errors. Meme #2, using Photo #3, illustrates Password Complexity and Workarounds, where unrealistic password rules drive users to insecure practices like sticky notes and weak passwords in favor of convenience. Lastly, Meme #3, referencing Photo #16, highlights the Lack of Understandability and Communication, showing how technical jargon and complex explanations can alienate non-technical users, ultimately hindering understanding and compliance. In essence, these memes collectively underscore the critical importance of designing security with a human-centered approach. 
Works cited
“Male It Specialist Stands Beside The Row Of Operational Server Racks, Uses Laptop For Maintenance. Concept For Cloud Computing, Artificial Intelligence, Supercomputer, Cybersecurity.” iStockphoto, https://www.istockphoto.com/photo/male-it-specialist-stands-beside-the-row-of-operational-server-racks-uses-laptop-for-gm1141225032-305659479. Accessed 28 Feb. 2025.
“Person Using Macbook Pro on White Table.” Unsplash, https://unsplash.com/photos/person-using-macbook-pro-on-white-table-AvSFPw5Tp68. Accessed 28 Feb. 2025.
“The Young Dangerous Hacker Breaks Down Government Services By Downloading Sensitive Data And Activating Viruses. A Man Uses A Laptop Computer With Many Monitors.” Unsplash, https://unsplash.com/photos/the-young-dangerous-hacker-breaks-down-government-services-by-downloading-sensitive-data-and-activating-viruses-a-man-uses-a-laptop-computer-with-many-monitors-mxn_SzTwdBU. Accessed 28 Feb. 2025.


Journal Entry #8
Movies definitely shape how we see cybersecurity, and often not for the better. The video showed how unrealistic Hollywood hacking is – all fast typing, dramatic breaches, and instant access. This creates a myth of cybersecurity being about lone geniuses or dramatic villains battling with code. In reality, cybersecurity is much more nuanced, often mundane, and heavily reliant on human behavior, not just technical wizardry. This media distortion can be harmful, leading the public to underestimate real threats like phishing or overestimate the power of complex hacking. It also misrepresents cybersecurity professionals, often making them seem like either superheroes or shadowy criminals, rather than the everyday people working to protect our data. This skewed perception hinders real cybersecurity awareness and action.


Journal Entry 9
I scored a 0 on the Social Media Disorder Scale, answering “No” to every question. This score suggests my social media usage is “normative,” meaning it doesn’t show signs of being problematic. The scale’s questions seem like a decent starting point for identifying potential issues, covering areas like constant thoughts about social media, feeling negative without it, and letting it negatively impact other areas of life.
However, my all-“No” response highlighted that the scale only focuses on potential negatives. It doesn’t consider the positive aspects of social media, like connecting with others or learning. It’s a useful checklist, but not a complete picture, and entirely reliant on self-reporting. Globally, usage varies greatly. Access to technology is key. Different cultural communication norms, economic conditions (like job searching), and political systems (censorship, monitoring) significantly influence use. The popularity of different apps, plus education, age, and language also play a role. It’s a complex mix of factors shaping how social media is used and whether it causes problems, making this a useful tool, but far from a complete picture of global usage.


Journal Entry 10
This article by Beskow and Carley was really eye-opening. It explains that “social cybersecurity” is different from regular cybersecurity, it’s about using technology to influence people and society, not just hacking computer systems. The authors argue that this kind of information warfare is a major threat today, potentially weakening a country by creating distrust and division even before a physical conflict begins. They call this new fast-paced threat an “information blitzkrieg.”
The article points out how technology makes this easier than ever. The internet lets attackers influence people from anywhere, and since information is so decentralized now (blogs, social media), it’s easier for bad actors to spread messages and harder for people to tell what’s true. The authors mention specific tactics, like the “BEND” model (different ways to manipulate info and networks) and using bots to spread messages automatically and widely.
What really stood out to me is the idea that the “human domain” people’s beliefs, trust, and social connections, is the real target. This connects directly to what we learned in Module 10 about social factors in cybersecurity. It’s clear we need new ways to defend against this, including better education for everyone, smarter policies, and understanding the social side of these threats, not just the technical side.


Journal Entry 11
The video about the cybersecurity analyst job showed that it’s not just about computers; it involves a lot of interaction with people, connecting well with our Module 10 discussions. A big part of the role is guiding and training users, sometimes acting like a help desk. This means good communication skills are crucial, especially for explaining tech issues clearly to non-experts. The video also highlighted networking and being involved in the professional community as important, showing that collaboration matters. Even talking about salaries and job competition in different cities touches on the social side of the career. So, while tech skills are vital, the video emphasizes that social skills like communicating, training, and networking. These are essential for cybersecurity analysts.


Journal Entry 13
This article on bug bounty economics was really interesting. It explained that companies use these programs mainly because there’s a shortage of cybersecurity experts and because having more people look at code helps find more bugs – which makes sense. The findings were surprising, though. Hackers don’t seem very motivated by money (they’re “price inelastic”), meaning even companies without huge budgets can benefit. It was also unexpected that a company’s size or fame doesn’t really affect how many bug reports they get, which is great news for smaller businesses.
However, the research did suggest that finance and retail companies get fewer reports, possibly because hackers can make more money selling those bugs illegally. It also found that older programs get fewer reports over time as the easy bugs are fixed, but that new programs starting up don’t seem to hurt the existing ones much yet. A big takeaway was that even this detailed study couldn’t explain most of why some programs get more reports than others, showing there’s still a lot to learn about what motivates ethical hackers. Overall, it strongly supports bug bounties as a useful tool, especially for smaller companies, but highlights the complexity of hacker motivations.


Journal Entry 14

Based on the Clario article listing potentially illegal online activities, five stand out to me as the most serious due to their direct potential to harm others. Sharing personal details like passwords, addresses, or photos without consent is incredibly dangerous because it can lead to real-world stalking, harassment, or identity theft, violating personal safety and privacy. Cyberbullying and trolling are also high on the list because the psychological damage inflicted on victims can be severe and long-lasting, sometimes even leading to tragic outcomes. Faking an identity online, especially with the intent to deceive or defraud, is serious as it fundamentally breaks trust and can be used to manipulate or scam vulnerable individuals. Collecting information about children under 13 without parental consent is extremely serious; it violates laws like COPPA and places children at significant risk of exploitation. Lastly, recording VoIP calls without consent strikes me as a major breach of privacy, violating the basic expectation that private conversations remain private. These five actions involve direct harm, privacy invasion, or the exploitation of vulnerable people, making them particularly concerning.


Journal Entry 15
Davin Teo’s TEDx talk on digital forensics offers a valuable perspective on how this technical field connects deeply with the social sciences. While digital forensics involves analyzing data from devices, its core purpose is often understanding human actions and motivations. This requires applying principles from criminology to analyze potential criminal behavior and motives, and psychology to interpret digital evidence in the context of human intent or deception. Presenting complex findings in legal settings also demands strong communication skills and an understanding of law and ethics, ensuring evidence is clear and admissible. Teo’s work across different countries further highlights the relevance of understanding diverse legal systems and cultural contexts, touching on political science and international relations.
Reflecting on Davin Teo’s career path, it’s interesting that he transitioned from accounting and IT audit into forensic technology. This shows that the field values strong analytical skills and process understanding, which aren’t limited to just computer science backgrounds. His journey underscores the interdisciplinary nature of digital forensics. He also emphasized the importance of global teamwork in his practice, pointing to the sociological aspects of collaboration needed for complex investigations. His career path illustrates how adapting technical skills to understand the human element behind digital evidence is key to success in this evolving field.