Introduction
My name is Steven Day, and I am a cybersecurity major here at ODU. I have a background in electronics starting in the Navy where I was taught electronics from the ground up and finished with the SPY 1-D radar courses. I have spent the last 10 years working as a systems engineer for a few companies and have decided to take that knowledge and switch it to a new career path. I am currently taking the CYSE 201S course, Cybersecurity and the social sciences. This course merges the social sciences with the everyday activities involving cybersecurity and the evolving technological landscape, choosing to see things in a different light and evolving the method of thought.
Impactful Photos, Hobbies and Life
Baseball Adventures with the children
Supporting kids in Gymnastics and sports photography
Hiking with the kids
Journal Entry #1
After Reviewing the NICE Workforce Framework, there are a few that really stand out as career paths. These are in accordance with the framework “Investigate”, which would involve Digital forensics and threat hunting. Digital forensics would involve investigative work and piecing together digital evidence, and it often involves working on intriguing and challenging cases. The idea of having to piece together evidence and working a puzzle and figuring out important information seems very intriguing. For me, I think most of the areas would work well with my personality besides oversee and govern. This idea seems a little bit more on the boring side of the cyber field and may deter me continuing more in depth work. For my future in any career, I want something that reached my creative side as well as my intellectual side. My real goal is to get a career far away from “Analyst and Support” and something that leans more toward the idea of “Protect and defend”. At this point in my career I just find that many of the jobs will be enticing but I will have to consider the pros and cons of all positions available and make a decision to best suit the situation. The one group that sits in the middle of intriguing and boring would be “Operate and maintain”, this would be more active on current situations and daily routine that could bring up more action at the end of the day.
Journal Entry #2
Explain how the principles of science relate to cybersecurity
The principles of science emphasize cybersecurity by providing a systematic and evidence-based approach to understanding and addressing the ever-evolving world of digital threats. In cybersecurity, observation and evidence play a pivotal role in identifying and responding to security incidents. Security professionals formulate a hypothesis about potential vulnerabilities and conduct analyses, like the scientific method, to evaluate their assumptions. Much like scientists use models to represent complex systems, cybersecurity experts use predictive modeling to anticipate and mitigate cyber threats. Evidence-based decision-making is key in cybersecurity, where risks are assessed and managed through rigorous analysis of security data and trends. The need for continuous learning and adaptation is a fundamental aspect of science, and is mirrored in cybersecurity, where staying ahead of new technologies and emerging threats is crucial. Additionally, collaboration and information sharing among cybersecurity professionals enhances the peer review process in science, a collective and community-driven effort to enhance the security of digital systems. Overall, the principles of science provide a solid foundation for the systematic, analytical, and evidence-driven approach essential to securing digital environments.
Journal Entry #3
Visit PrivacyRights.org to see the types of publicly available information about data breaches. How might researchers use this information to study breaches?
Researchers can learn a lot about data breaches by looking at information that’s already out there for everyone to see. When data breaches happen, details about them are often made public, like what kind of data was exposed and how it happened. Researchers can gather and analyze this public information to understand the patterns and trends of different data breaches. By studying these details, they can figure out common tactics used by cyber attackers, identify vulnerable areas in systems, and come up with better ways to prevent future breaches. It’s like detectives looking at clues from past cases to understand how crimes happen and how to stop them.
Journal Entry #4
Review Maslow’s Hierarchy of Needs and explain how each level relates to your experiences with technology. Give specific examples of how your digital experiences relate to each level of need.
When correlating CYSE201S and Maslow’s Hierarchy of Needs I find a few different areas that resonate with my digital experiences. My physiological needs are met through the ability to fund the lifestyle that I am accustomed to. Over the many years in the technical industry, I have made multiple years well over the six-figure mark and have become very secure in my housing, food, and all biological needs. Safety in the eyes of Maslow regards physical and emotional safety and security, which can easily be met through the extensive work I’ve done over the years. Due to the influx of money due to a very extensive career, I have been able to fund multiple homes, find time to spend with family in times that I truly needed it, and feel at peace with the situation and current living conditions. Love and belongingness were met many times through the years.
As I have worked in many companies and my previous time in the military, the need for the community I have created was through the bonds I’ve made with the coworkers and friends I have established in the areas where I have lived and worked. Due to my military life, I have lived in 5 states over the past 15 years and have made many social groups that fulfilled these needs. The esteem needs found fulfillment in the recognition gained through the successful completion of complicated tasks throughout my time in the military and personal career and emphasized the dedication and ambition of my work with great success. Self-actualization seems to be the hardest task for me to accomplish. I have found that the realization of my potential and fulfilling my capabilities has been more drawn out than the others. As I built my reputation as a talented technician, I have found the growth of self-actualization a hard endeavor due to past downfalls, though in time things have been getting better. In this digital educational landscape, all aspects of my technical career intricately align with the fundamental human needs outlined by Maslow, and I am excited about this new transition.
Journal Entry #5
Rank the motives from 1 to 7 as the motives that you think make the most sense
(being 1) to the least sense (being 7). Explain why you rank each motive the way you rank it.
Ranking each individual motive would be complex due to the difference in instances that they have occurred and the context that created the motive. However, these are how I would rank these motives given the potential for establishing a clear motive for most crimes. First, I would rank recognition as the top motivator, due to the typical essence of human existence. As people go through life, everyone wants to be recognized and have their name out to the world and feel accomplished, all in different ways. Second, money would be considered the next motivator due to the very need to move yourself further in life. Many people who strive for a better life will find the easiest way to do it would be through criminal actions, no matter the consequences. Third, I believe a political motive would cause an increase in crime, especially due to our current state of affairs. As people want to push a certain political position the increase in hacking instances, as people are trying to sway the elections and push for their ideal scenario. Fourth, I would consider entertainment as the next cause to the increase in cyber crime, due to the aspect that the people attempting these attacks would have fun just spending time using and honing in their skills and find it as a way to have fun. Fifth, I would say that a build of multiple reasons would factor into the increase and causation of cyber crimes.
Everyone has their own situations in life that create the actions that are attempted and it would only make sense that multiple reasons would cause the downfall of ones actions. Sixth, I believe that revenge would be counted so low, due to the fact that, though many people seek revenge, many people do not have the means or skills to actually accomplish these goals and the actual percentage of people committing these crimes that know what they are doing would be very low. Finally, the seventh reason that i believe that people would resort to committing these cyber crimes, or crimes in general would be boredom. Though, I am not saying it doesn’t happen but I believe that typically people want some time of gratification or have some reasoning to their actions. It seems less believable to me that boredom would be a leading cause in these efforts.
Journal Entry #6
How can you spot fake websites? Compare three fake websites (don’t access those sites, of course) to three real websites. What makes the fake websites fake?
Spotting fake websites can be easy and involves attention to several key elements. First, examine the website’s URL for unusual domain names, misspellings, or extra characters while also checking for HTTPS in the URL to ensure secure connections. Second, assess the website’s design and content quality; fake websites often have poor design, low-resolution images, and grammatical errors in the text. Look for contact information like a physical address and phone number, as fake websites may be missing these details or only offer a contact form. Last, be cautious of unrealistic offers, urgent prompts, or requests for sensitive information, which are common tactics used by fake websites to deceive visitors.
Comparing Fake and real websites
Paypal.com BBC.com Amazon.com
Paypa1.com secure-accounthelp.com globalnewsupdatez.com
The distinction between the real websites (Paypal.com, BBC.com, Amazon.com) and the corresponding fake websites (Paypa1.com, secure-accounthelp.com, globalnewsupdatez.com) lies in several key aspects. Firstly, fake websites often employ deceptive tactics in their URLs, using misspellings or variations of well-known domain names to mimic legitimate sites like PayPal and BBC, as shown in the Paypa1.com example. Secondly, the design and content of these fake websites are typically of lower quality, featuring amateurish layouts, generic graphics, and poorly written text compared to the polished appearance and professional content found on genuine platforms like Amazon. Additionally, the intent behind these fake websites is often malicious, aiming to deceive users into providing sensitive information through phishing attempts or spreading misinformation disguised as credible news. The lack of proper security measures such as HTTPS encryption further exposes these fake sites, highlighting the importance of verifying website authenticity and exercising caution when navigating online.
Journal Entry #7 Human Systems Integration.
These memes represent their own insight into this topic, starting with a dog that will fix the human error problem. (Meme 1) As technology finds that not only are technical issues a problem but understanding that the human error issue is constant in the everyday world. As people are not as receptive to the knowledge and understanding of their role in security and safety of data, usually disregarding or not taking full advantage of the pertinent training that is usually provided.
(Meme 2) With this idea in mind, the likelihood of any individual using a easily decrypted key, or password, is high. It is known that people typically find passwords that have some type of meaning in their life which can be used to easily remember what their passwords are. It is also very common for individuals to not have a set schedule to change their passwords on a regular basis to keep their information safeguarded.
(Meme 3) As cybersecurity professionals work on the job and do their best to safeguard their data, the constant flow of people in and out of a company and the constant human involvement in the everyday processes, it is shown in the picture as a slight remark toward that idea. There will always be work to do in providing the best security and data safety, which will keep job security thriving, hence why the person in the picture is viewing the city below, a city filled with people that drive the everyday battle of human error going.
Journal Entry #8
After watching the video titled “Hacker Rates 12 Hacking Scenes in Movies and TV | How Real Is It?” on YouTube, I can understand fully the impact that media representations have on shaping our understanding of cybersecurity. The video provided an analysis of hacking scenes in a few popular movies and TV shows, revealing how these portrayals are often far from reality.
One key takeaway from the video is the number of unrealistic depictions of hacking in mainstream media. Many of the hacking scenes reviewed were deemed highly exaggerated or outright implausible by the expert hacker, highlighting the disconnect between cinematic portrayals and the actual complexities of cyberattacks.
This depiction underscores how the media can distort our perceptions of cybersecurity. When we’re exposed to glamorous, high stakes hacking scenarios on screen, it can create an altered impression of what cybersecurity is. The video illuminated the gap between Hollywood’s idea of hacking as a flashy, quick-paced endeavor and the painstaking, methodical work that real cybersecurity professionals engage in to combat cyber threats.
These media representations can inadvertently sustain myths and misconceptions about cybersecurity. Scenes of hackers effortlessly breaching highly secure systems with a few keystrokes contribute to a perception that cybersecurity is solely about individual hackers outsmarting security measures, rather than a field involving risk management, policy development, and proactive defense strategies.
Journal Entry #9
While answering the questions on the Social Media Disorder scale, I found that almost all of the answers were No. I have no problem staying away from social media and actually removed myself from much of it. The items presented on the scale seem to be beyond my understanding and was not something that I would have considered as a problem, due to not having these issues. The questions asked baffle me and I don’t completely understand how people get to that point.
I do believe that depending on the area geographically and socially, the patterns will change depending on the social media usage.
Journal Entry #10
Read this and write a journal entry summarizing your response to the article on social cybersecurity
“Social Cybersecurity: Applying Social Psychology Principles to Enhance Online Security” from the Military Review archives was an enlightening article to read. The article presented a compelling argument for integrating social psychology into cybersecurity strategies, emphasizing on the critical role of human behavior in mitigating cyber threats. It dives into concepts like security fatigue and the influence of social norms on cybersecurity practices, highlighting the need to complement technical solutions with a deeper understanding of human behavior. This perspective impacted my perspective, as it underscores the importance of fostering a security-conscious culture that goes beyond mere compliance with rules. Moving forward, I’m intrigued to explore practical applications of social psychology principles in strengthening cybersecurity measures within organizations and communities.
Journal Entry #11
After watching the video titled “What does a Cybersecurity Analyst Do? Salaries, Skills & Job Outlook,” several social themes related to behaviors and interactions within society become apparent. One notable theme is the emphasis on collaboration and teamwork in the field of cybersecurity. The video underscores the importance of cybersecurity analysts working closely with colleagues from various departments, including IT, risk management, and compliance, to effectively address security threats. This highlights a broader societal value placed on cooperation and collective problem-solving, reflecting the need for individuals to collaborate across disciplines to achieve common goals.
Another social theme highlighted in the presentation is the significance of communication skills in cybersecurity roles. The video emphasizes the importance of cybersecurity analysts being able to communicate technical concepts and security issues clearly to non-technical stakeholders, such as executives and clients. This underscores a broader societal trend towards effective communication and the ability to bridge the gap between technical expertise and business understanding, essential skills in today’s interconnected world.
Journal Entry #12
The sample data breach notification letter from Glasswasherparts.com can be analyzed through the lenses of different economic and social sciences theories to understand its impact and implications on affected individuals and the broader society. As I dug deeper into economic and social science theories, I found a few that relate to this letter.
The first economic science I would reference is Information Asymmetry, in which this breach notification exemplifies the concept of information asymmetry, where Glasswasherparts.com possesses critical information (the data breach) that its customers do not initially have. This letter aims to reduce this information gap by transparently informing customers about the breach, its potential impact, and the steps being taken to mitigate risks. The company acknowledges the importance of sharing relevant information with affected parties to enable informed decision-making and restore trust. This aligns with economic theories emphasizing the significance of reducing information asymmetry for efficient market functioning and maintaining customer relationships.
The second economic theory I would reference is Game Theory. The breach notification process can be analyzed through game theory, specifically in terms of strategic decision-making in response to the breach. Glasswasherparts.com must anticipate and respond to various reactions from affected customers and other stakeholders. The company’s decisions regarding compensation, remediation measures, and communication strategies are influenced by considerations of how different parties might respond to these actions. Game theory provides a framework to understand how each party’s decisions and actions impact outcomes for the overall system, highlighting the complex dynamics at play in the aftermath of a data breach.
The first social science theory I would reference is Social Exchange Theory. Whereas social exchange theory examines relationships as transactions involving the exchange of resources, including trust and support. In the context of the breach notification, Glasswasherparts.com seeks to maintain its relationship with customers by offering assurances, support, and remedies in response to the breach. The theory helps explain how affected customers evaluate the costs (e.g., potential risks due to the breach) and benefits (e.g., company’s response and support) associated with continuing their relationship with the company. Understanding these dynamics is crucial for managing customer perceptions and maintaining trust.
The second social science theory I would reference is Social Identity Theory. Social identity theory emphasizes how individuals derive identity and belonging from group memberships. The breach notification affects customers’ social identity as consumers of Glasswasherparts.com. The company’s acknowledgment of affected individuals as valued customers and its efforts to address their concerns reflect an understanding of social identity dynamics. By acknowledging and mitigating the impact of the breach on customers’ social identities, Glasswasherparts.com aims to rebuild trust and preserve positive customer relationships.
Journal Entry #13
After reading the article “Ethical hacking and the legitimacy of bug bounties: An empirical and normative assessment of the practice,” I have seen a few insights into the use of bug bounty policies within cybersecurity and their implications from a social science perspective.
The literature review provided a comprehensive overview of bug bounty programs, highlighting their emergence as a strategic approach for organizations to harness external expertise in identifying vulnerabilities within their cyber infrastructure. The review discussed the evolution of bug bounties and their integration into broader cybersecurity strategies, highlighting their potential benefits in compared to traditional security measures.
One piece of information that stood out that was discussed in the article is the effectiveness of bug bounty policies in incentivizing ethical hackers to participate in identifying vulnerabilities. The discussion of findings revealed that bug bounties can foster a collaborative system between organizations and the cybersecurity community, enhancing trust in cybersecurity practices.
The article also dove into the economic principles underlying bug bounty policies, particularly the cost/benefit analysis organizations use when deciding to implement their programs. This reflects a realistic approach where organizations weigh the potential costs of security breaches against the investment in bug bounty rewards, showing the intersection of cybersecurity with economic consideration.
Journal Entry #14
Andriy Slynchuk has described eleven things Internet users do that may be illegal. Review what the author says and write a single paragraph describing the five most serious violations and why you think those offenses are serious.
Andriy Slynchuk’s identification of potentially illegal activities by Internet users highlights several grave violations that can have significant consequences. Among the eleven behaviors listed, the five most serious violations include hacking into computer systems without authorization, distributing copyrighted materials without permission, engaging in online fraud or scams, participating in online child exploitation, and engaging in cyberbullying or harassment. These offenses are serious due to the harm they can inflict on individuals, businesses, and society as a whole. Hacking compromises cybersecurity, leading to data breaches and financial losses. Unauthorized distribution of copyrighted materials undermines intellectual property rights and creative industries. Online fraud and scams erode trust in digital transactions and can result in substantial financial losses for victims. Online child exploitation is a heinous crime with devastating impacts on victims and their families. Cyberbullying and harassment cause emotional distress and can lead to serious psychological harm. It is imperative for Internet users to understand the gravity of these offenses and uphold ethical behavior online to foster a safe and lawful digital environment.
Journal Entry #15
Davin Teo’s TEDx talk on digital forensics shows a connection between this technical field and the social sciences. His career journey reflects a subtle approach that goes beyond data extraction, highlighting the need for a deep understanding of human behavior and societal contexts. Teo’s pathway, transitioning from computer science to specializing in digital forensics, underscores the importance of interdisciplinary skills
What struck me most was Teo’s emphasis on the role of psychology and sociology in digital investigations. He highlighted how digital evidence can provide profound insights into individuals’ motivations, relationships, and intentions. By weaving together technical expertise with insights from the social sciences, Teo demonstrates how effective digital forensics requires an understanding of both technology and human nature.
Teo’s career trajectory serves as a great example of how digital forensics investigators can leverage social science principles to navigate complex investigations successfully. This perspective inspires me to explore the intersection of technology and human behavior further, recognizing the value of interdisciplinary approaches in addressing contemporary challenges in cybersecurity and digital investigations.
Article Review #1
Understanding the Use of Artificial Intelligence in Cybercrime
References
Parti, K., Dearden, T., & Choi, S. (2023). Understanding the Use of Artificial Intelligence in Cybercrime.
International Journal of Cybersecurity Intelligence & Cybercrime, 6(2). Retrieved from
https://doi.org/10.52306/
Article Review #2
“Juvenile Hackers: An Empirical Test of Self-Control Theory and Social Bonding Theory”
Sinchul Back, S. S. (2018, August). Juvenile Hackers: An Empirical Test of Self-Control Theory and Social Bonding Theory. International Journal of Cybersecurity Intelligence and Cybercrime (IJCIC), 1-17. Retrieved from International Journal of Cybersecurity Intelligence and Cybercrime (IJCIC). https://vc.bridgew.edu/ijcic/vol1/iss1/5/
Career Paper
Impactful video on the Science of Human Hacking