Journal Entry #1
Prompt: Review the NICE Workforce Framework. Are there certain areas that you would want to focus your career on? Explain which areas would appeal the most to you and which would appeal the least.

Response:

My top three focuses in my cybersecurity career in the NICE Framework would likely be Oversight and Governance, Implementation and Operation, and Protection and Defense.
The first focus on Oversight and Governance is more of a personality choice. I am the type of person that likes to manage an operation and provide leadership throughout an operation. As a result, I would likely work well in an environment where I am managing cybersecurity tactics and guiding those involved.
In addition to being a leader, I am a very hands-on person who likes to be deeply involved in processes. With cybersecurity, I would also work well in an environment where I am working hard to take a cyber strategy that is in place and execute that to the best of my ability.
Lastly, I would also like to focus on Protection and Defense as defending individuals, organizations, and governments from cyber-attacks is the biggest reason I chose cybersecurity, so I would like to be directly involved in carrying out defense operations.
Design and Development and Investigation are also interesting focuses, however I feel they are heavily reliant on being more creative and I tend to work better with a set plan rather than trying to create the plan. Cyberspace Intelligence is a focus in the NICE Framework that seems less like defending and more like collecting information which is why I don’t find it appealing.

---

Journal Entry #2
Prompt: Explain how the principles of science [Empiricism, Determinism, Parsimony, Objectivity etc.,] relate to cybersecurity?

Response:

The principles of science relate to cybersecurity as networks, programs, and infrastructures are built around these 7 core principles. Relativism applies to cybersecurity when changes to a network such as an update or additional devices are added to a network. These simple changes could possibly affect network speed, vulnerabilities, and other factors to the entire network. Objectivity applies to cybersecurity when determining cyber laws and punishments for breaking those laws, those in charge must be able to fairly decide the consequence for a cybercrime without letting bias effect their decision. Parsimony definitely applies to cybersecurity as it’s essential that cybersecurity policy, guidelines, and standards be simple to understand throughout all users and host on a network in order for cybersecurity operations to run smoothly and efficiently across all members. Empiricism can be viewed through a cyber lens as professionals in the field cannot modify or invent cyber systems that are not proven to actually work in a real network environment. Ethical neutrality is another vital aspect of cybersecurity as it’s important for professionals to remember the ethical boundaries that exist when deciding how to employ cyber tactics without taking away the rights of others. Moreover, Determinism and it’s view on the world apply to cybersecurity because there is practically no way for a cybersecurity event to occur by chance or randomness, therefore everything in cybersecurity has events that caused the next which is important for cyber professionals to remember. Lastly, skepticism is part of what makes cyber professionals the best, because whether it be examining digital forensics or analyzing potential vulnerabilities in a code, it’s always good to double or triple check the information present to ensure that nothing is being missed.

---

Journal Entry #3
Prompt: Visit PrivacyRights.org to see the types of publicly available information about data breaches. How might researchers use this information to study breaches? Enter a paragraph in your journal.

Response:

Researchers could use the public data from PrivacyRights.org to study various aspects of data breaches. For example, the data shows researchers that currently the most vulnerable organizations to cyber-attacks are located within the northeastern portion and south-western portion of the United States. This tells researchers that companies located in highly dense metropolitan areas are likely to be attacked and potentially breached. The website also breaks down which industries are most susceptible to data breaches, as some are more effected than others. For example, a concerning number for researchers is that out of over 72,000 attacks against American private, public, and government companies, the data breach method for 24,750 of known attacks was through network intrusion or malware. Additionally, there have been 15,254 known data breaches on American healthcare companies. This information shows researchers what industries and attack methods are most popular for hackers to target.  Researchers wanting to research specific attack incidents and the fine details can also do so by reading about each specific incident that has been recorded on the website from as recent as the end of January 2025, all the way back to June of 2006. Being able to research into data breaches that occurred 20 years ago and at present time allows researchers to study how the strategies and objectives of data breaches have changed with new technology and opportunity.

---

Journal Entry #4
Prompt: Review Maslow’s Hierarchy of Needs and explain how each level relates to your experiences with technology. Give specific examples of how your digital experiences relate to each level of need.

Response:

Maslow’s hierarchy of needs can easily be shown through technology. The physiological needs in technology include the actual hardware and software itself such as the computer, monitor, keyboard, applications, etc. I would view safety literally as in cyber safety. Cyber safety can be achieved through strong passwords, encrypting data, MFA, and various other safety strategies. Belongingness and love needs is often seen in the social media that we use through technology. We connect with others and develop relationships online through technology. Esteem needs may be achieved through technology when we earn certifications like Security+ or Networking+, which proves to others that we have sophisticated knowledge of technology. The last step of the pyramid is Self-actualization or realizing one’s full potential, which I believe is achieved when we establish ourselves at the top of a company based off our years of experience in technology, and we can possibly even begin to create our own products to help build the future.

---

Journal Entry #5
Prompt: Review the articles linked with each individual motive in the presentation page or Slide #4.  Rank the motives from 1 to 7 as the motives that you think make the most sense (being 1) to the least sense (being 7).  Explain why you rank each motive the way you rank it.

Response:

I believe that biggest motive involved in terms of cybercrimes is often very complex which means the most common is multiple reasons. The next biggest motive is likely for money, as many cybercrimes involve leaking sensitive data which can be sold or used to make billions of dollars globally. The next motive would probably be political, because cybercriminals can use sensitive data that’s leaked to exploit and disrupt governments that they feel are causing harm to them. Revenge is likely next because cybercriminals often hack major company networks to get revenge on large companies that they think are being unfair to its customers and support base. The next likely motive is recognition, because many egocentric hackers may want to receive the spotlight for their ability to disrupt networks and technology so quickly. The second to last motive feels unlikely in modern day but is entertainment, because all though some hackers may find it entertaining, there usually is some other reward for successful hackers other than having fun. The last motive that’s least likely is boredom, because I feel modern day technology has allowed for hackers to do a significant amount of damage that gives hackers more than boredom for a reason to commit cybercrimes.

---

Journal Entry #6
Prompt: Can you spot three fake websites? [Refer Online Security Blogs, Public Awareness Sites, Academic Resources etc., and cite the source]. Compare the three fake websites to three real websites and highlight the features that identify them as fraudulent.
Note: Don’t generate or click on unwanted/fake websites on your web browsers. Use examples from your sources to demonstrate what specific characteristics make these websites fake.

Response:

There are plenty of fake and fraudulent websites across the internet that impersonate real website. One fraudulent website is BedBathClose.com. This website appears to be the actual website for Bed Bath and Beyond, which is bedbathandbeyond.com. The website induces people to click on it because it starts the website name with bedbath, however the website is fake and scams people into putting their personal information (usually credit card) to order something, yet they will not receive that order (Lamb, 2024).

Another example is the fake website BrookShoeOutlet.com. This website pretends to be the website for Brooks Running, however the real website name is brooksrunning.com. Because the website name appears legitimate at the surface, many people might assume they can buy Brooks shoes off of the website, however they will only be giving up their PII when doing so (Lamb, 2024).

Lastly, WilkoClosing.com is a fraudulent website that appears to be a Wilko outlet to end users; however, people have complained that they will order heavily discounted items but then never receive that item. The real website name is simply wilko.com, but because WilkoClosing.com appears to be a sub-website of Wilko, people are deceived and will put their PII into the website as normal, not realizing they are being scammed until it is too late (Lamb, 2024).

What is common amongst all these websites is that they do not have HTTPS and instead are connected through HTTP, which is a major red flag of a fraudulent website because all official online websites should have HTTPS, otherwise it is likely not the real website (Lamb, 2024).

References

Lamb, N. (2024, January 29). List of Scamming Websites: How to Protect Yourself from Shopping Scams. CyberGhost. https://www.cyberghostvpn.com/privacyhub/list-of-scamming-websites/?media_source=CJ_affiliates&channel=External+LPs&affiliate=4938167&utm_source=4938167&cjevent=2a046bbbf3ab11ef813b013b0a82b832

---

Journal Entry #7
Prompt: Review the following photos through a human-centered cybersecurity framework. Create a meme for your favorite three, explaining what is going on in the individual’s or individuals’ mind(s). Explain how your memes relate to Human-centered cybersecurity.
Photo #13, Photo #5, Photo #16

Response:

Journal Entry #8
Prompt: Watch this video and pay attention to the way that movies distort hackers.Hacker Rates 12 Hacking Scenes In Movies And TV | How Real Is It? – YouTube. After watching the video, write a journal entry about how you think the media influences our understanding about cybersecurity.

Response:

What I have realized from watching the video is that Hollywood and the media tend to speed up and over dramatize the process of hacking. They make hacking seem to be something that is done very quickly and rapidly, when in reality the process is usually more drawn out and requires taking a step at a time to eventually hack into the system. Additionally, some media attempts to depict hacking as involving very detailed and engaging maps and diagrams, when the screen is usually more simple and not as visually appealing. Overall, the media forgets to show the complexity and longevity of hacking, which can cause viewers to assume that hacking occurs in a quick and precise manner, with the effects being immediately realized after, which is not entirely accurate. 

---

Journal Entry #9
Prompt: Watch this Video: Social media and cybersecurity
Complete the Social Media Disorder scale Download Social Media Disorder scale. How did you score? What do you think about the items in the scale? Why do you think that different patterns are found across the world?

Response:

I scored a 4 on the scale, which indicates that I engage in risky social media use. I think the items that are on the scale do a great job of encompassing all the different emotional aspects of social media use and therefore is a great measurement of how risky our social media use can be. I think these scoring patterns are different around the world because of how different cultures view social media and privacy. For example, I think many American and Western Culture populations would score high on the scale because there’s a societal drive of individuality and proving yourself to others how popular you are. However, I believe other cultures view privacy and humbleness more important than personal accomplishment and popularity which is why social media use is less important to people in these cultures.

---

Journal Entry #10
Prompt: Read this and write a journal entry summarizing your response to the article on social cybersecurity.  https://www.armyupress.army.mil/Journals/Military-Review/English-Edition-Archives/Mar-Apr-2019/117-Cybersecurity/b

Response:

What has been made clear to me by the article is that the world has transitioned to an environment where physical fighting is no longer the most effect way to attack a country on a large scale. Rather, the most destructive strategy largely involves cyber-attacks. More specifically, these cyber-attacks work to cause disarray in a nation through the spread of disinformation and causing mistrust within the government. Many countries such as Russia and China have already shown the power of cyber-centered attacks as they have criminal groups that work to cause many of these issues in other countries. As a result, the author of the article emphasizes the need for new cyber law policies to be developed that are more modern and adaptable to today’s technological capabilities. Additionally, cyber awareness needs to be spread to people around the country so that potential cyber-attacks focused on spreading disinformation cannot be as effective.

---

Journal Entry #11
Prompt: Watch this video. As you watch the video, think about how the description of the cybersecurity analyst job relates to social behaviors.  Write a paragraph describing social themes that arise in the presentation.

Response:

Many social themes arise throughout the presentation. One of the main themes I gathered from the video was the idea of governance, as a cybersecurity analyst is usually monitoring the flow of traffic in and out of a network for suspicious actions taking place. In a sense, this makes the cybersecurity analyst a police type force within companies. The social theme of diversity to a common goal is also prevalent, because although a cybersecurity analyst does not usually have the skill set and interest of other employees working for the company, all employees share the same common goal of making the most profit while protecting company assets from being harmed. The social theme of trusting others is very prominent, because a security analyst has to make sure their aware of who can and can’t be trusted within a company’s network. 

---

Journal Entry #12
Prompt: Read this https://dojmt.gov/wp-content/uploads/Glasswasherparts.com_.pdfLinks to an external site. sample breach letter “SAMPLE DATA BREACH NOTIFICATION” and describe how two different economics theories and two different psychological sciences theories relate to the letter.

Response:

There are multiple economic and psychological theories that relate to the letter. One of the economic theories expressed in the article is the idea of Cost-Benefit analysis, which in cyber is the theory that companies do not automatically buy every cybertechnology available, but instead determine if cost of buying the technology is worth preventing the potential loss that can occur without that technology, as the goal is to spend as little as possible why still being secure. Another theory found in the letter is the Principal-Agent theory. Although the principle relies on the agent for a service, the letter demonstrates how miscommunication led to the agent failing to secure the company and its security.

Additionally, there are psychological theories present. One of the theories presents is social proof, which is the concept that people tend to follow the actions of others during uncertainty, which is common when it comes to issues relating to cybersecurity. Cognitive Dissonance is another theory present, which is the theory that we feel discomfort when we have conflicting beliefs, or our actions go against our values. This is common in cybersecurity as many people feel they are secure until an attack occurs that leaves victim uncomfortable and unsure of their security.

---

Journal Entry #13
Prompt: A later module addresses cybersecurity policy through a social science framework. At this point, attention can be drawn to one type of policy, known as bug bounty policies. These policies pay individuals for identifying vulnerabilities in a company’s cyber infrastructure.  To identify the vulnerabilities, ethical hackers are invited to try exploit the cyber infrastructure using their penetration testing skills.  The policies relate to economics in that they are based on cost/benefits principles. Read this article https://academic.oup.com/cybersecurity/article/7/1/tyab007/6168453?login=trueLinks to an external site. and write a summary reaction to the use of the policies in your journal.  Focus primarily on the literature review and the discussion of the findings.

Response:

The literature review made several key findings about how and why bug bounty policies are widely used amongst companies. For example, one of their findings is that many ethical hackers participate in bug bounty programs for reasons other than financial benefit, which means companies ultimately save more by paying ethical hackers for their work rather than having these vulnerabilities exploited by a malicious hacker. Additionally, as bounty programs mature, less reports by ethical hackers are received, which shows companies have to continuously reassess their payout policy and determine if it is worth it. Furthermore, financial and healthcare industries tend to receive less reports, due to maliciously exploiting vulnerabilities in these companies can reap far more reward than what companies are willing to pay for ethical hacking, therefore hackers are more likely to not report bugs they find and instead exploit them. Overall, the study has found that bug bounty policies can be a great way for companies to fix vulnerabilities in their technology for a relatively low cost compared to an attack. However, companies need to continue to reevaluate and adjust their payout to ethical hackers in order to keep hackers motivated to report these vulnerabilities ethically rather than exploit them maliciously.

---

Journal Entry 14#
Prompt: Andriy, has described eleven things Internet users do that may be illegal. Review what the author says and write a paragraph describing the five most serious violations and why you think those offenses are serious.

Response:

I believe the five most serious offenses from their list is as follows: Using Unofficial Streaming Services, Bullying and Trolling, faking your identity online, collecting information about children, and illegal searches on the internet.  Using unofficial streaming services is a serious offense because it’s essentially the online version of shoplifting. Bullying and Trolling is a serious offense, especially towards young teens and children, because it can inflict a severe amount of emotional and mental harm on the victim. Faking your identity online is a serious offense because it is the same as identity fraud in any other aspect of law, which is illegal, therefore it could be considered just as severe of a crime. Collecting information about children without parental consent is a serious offense because children can generally not make smart decisions about who, what, and where they share information, therefore their private information should not be obtained. Lastly, illegal searches on the internet are a serious offense because most illegal searches show the intent to commit a much more serious crime such as child sex crimes, violent crime, and financial crimes.

---