CYSE 201S
Journal Entries
Journal Entry #1
Workforce Framework for Cybersecurity (NICE Framework) | NICCS (cisa.gov)
After reviewing the NICE Workforce Framework for Cybersecurity, I would be interested
in “Securely Provision” category, particularly roles focused on Risk Management and
Systems Architecture. These areas align closely with my current experience as an
Information System Security Officer (ISSO) and my studies in cybersecurity. I currently
use systems and implementing strategies to mitigate potential threats, which this
category emphasizes.
What I would least be interested in is “Operate and Maintain” category, specifically
positions like Network Operations. While important, I prefer strategic and design oriented tasks. By focusing on risk assessment and security architecture, I aim to
strengthen my expertise in critical, high-level decision-making roles that shape
cybersecurity policies and frameworks.
Journal Entry #2
The principles of science, including empiricism, determinism, parsimony, and objectivity, are
essential to cybersecurity. Empiricism ensures that decisions are grounded in real-world
evidence, such as analyzing data from breaches or identifying vulnerabilities. Determinism
shows how specific actions or events, like poor password practices, can lead to predictable
outcomes, enabling proactive prevention. Parsimony reminds us to keep security systems as
simple as possible to reduce errors and make them more user-friendly. Finally, objectivity helps
cybersecurity professionals make unbiased decisions, focusing on facts rather than assumptions.
By applying these principles, organizations can develop effective security strategies that address
threats while staying adaptable to changes.
Journal Entry #3
PrivacyRights.org provides vital information on data breaches, including the nature of the
breach, the affected entities, and the compromised data types. Researchers can utilize this
database to identify patterns in cyberattacks, such as which industries are most frequently
targeted and what types of data are at greatest risk. Analyzing this data enables researchers to
evaluate how specific security failures occur and to explore trends in attack methods over time.
Furthermore, the site offers insight into how organizations respond to breaches, which can
inform studies on the effectiveness of incident response strategies. By leveraging this
information, researchers can propose actionable solutions to enhance cybersecurity resilience and
better protect sensitive information.
Journal Entry #4
Maslow’s Hierarchy of Needs connects to technology in my life. At the physiological level, I rely on technology for food delivery apps and health monitoring devices on my apple watch when I am exercising. For safety needs, cybersecurity tools and two-factor authentication protect my personal data. Social media and messaging apps fulfill my belongingness needs by helping me maintain relationships and stay connected with family and friends. The esteem level is supported through professional achievements shared on LinkedIn. Lastly, self-actualization is enhanced by learning platforms like YouTube, where I develop new skills and explore my interests. Technology shapes and fulfills needs at every level, blending seamlessly into daily life.
Journal Entry #5
- For Money – Cybercriminals often prioritize financial gain, making this the most
logical motive. From ransomware attacks to credit card fraud, monetary rewards drive a
large portion of cybercrime. - Recognition – Some hackers seek fame or respect within their communities, pushing
them to engage in high-profile cyberattacks. - Political – Hacktivism is a powerful force, with groups targeting organizations or
governments to promote ideological beliefs. - Revenge – Personal grudges can lead individuals to commit cybercrimes, such as
leaking private data or launching attacks against former employers. - Multiple Reasons – Many offenders are driven by a mix of motives, making this
category important but less defined. - Entertainment – Some people hack for the thrill, though this motive feels less
justifiable than financial or ideological ones. - Boredom – While some engage in cybercrime out of boredom, it seems like the
weakest and least compelling reason.
Journal Entry #6
Week 6 – Journal Entry: Spotting Fake Websites
While researching fake websites, I was surprised at how realistic some of them look. I
found three examples of fraudulent websites and compared them to their real
counterparts, noticing key differences that can help identify scams.
- Fake PayPal Site (pay-pal-support.com) vs. Real PayPal (paypal.com)
o The fake site had an extra hyphen in the domain, which is a red flag.
o It lacked HTTPS encryption, making it less secure.
o The page asked for login details immediately, which is common in
phishing scams. - Fake Banking Site (wellsfrgo-login.com) vs. Real Wells Fargo (wellsfargo.com)
o The fraudulent site had a slight misspelling in the domain name.
o It contained poor grammar and unusual fonts, unlike the professional look
of the real bank’s website.
o The contact page had no working customer support links. - Fake Retail Site (amazon-bigdeals.com) vs. Real Amazon (amazon.com)
o The fake store promoted massive discounts that seemed too good to be
true.
o The checkout page did not have secure payment options.
o The URL contained extra words and hyphens, making it look suspicious.
From this, I learned that carefully checking URLs, looking for HTTPS, and verifying
branding details are keyways to avoid fake websites.
Sources:
- IT Governance Blog: How to Spot a Fake Website
- Norton Cybersecurity: Identifying Scam Websites
- Federal Trade Commission (FTC): Online Shopping Scams
Journal Entry #7
Meme 1: “Too Good to Be True”
Image Idea: A person excitedly clicking on an email with the subject line:
“Congratulations! You’ve Won a $500 Gift Card!”
Text:
“Wow! A free gift card? Let me just enter my info real quick!”
Reality: Hackers collecting my credentials like it’s Black Friday.
Relation to Human-Centered Cybersecurity:
This meme represents how phishing scams prey on emotions like excitement and
urgency. I’ve seen so many fake giveaway emails that try to trick people into giving up
their information. A human-centered approach to cybersecurity means educating users
on recognizing these scams before they fall victim to them.
Meme 2: “My Password Strategy”
Image Idea: A person confidently setting their password as “Password123!” and then
looking confused when they get a security breach notification.
Text:
“Who would ever guess my super-secret password?”
Reality: Literally everyone, including hackers.
Relation to Human-Centered Cybersecurity:
I used to think having a simple password was no big deal—until I learned how easy it is
for hackers to crack common passwords. This meme reminds me why strong, unique
passwords and multi-factor authentication (MFA) are so important. A good security
system should also help users create secure passwords without making it frustrating.
Meme 3: “Sticky Note Security”
Image Idea: A sticky note on a computer screen that says “Work Password:
Company123″ while an IT security professional looks horrified in the background.
Text:
Me: “This way, I won’t forget my password!”
Cybercriminals: “Thanks for making my job easy.”
Relation to Human-Centered Cybersecurity:
I’ve seen people do this—writing passwords on sticky notes or saving them in plain text.
It makes me realize that security needs to be convenient for people to actually follow
best practices. Using password managers and encouraging secure habits can help
prevent these everyday security risks.
Journal Entry #8
Watching the video made me realize how much movies and TV distort cybersecurity. Many films depict hackers as typing a few lines of code and instantly breaching systems, making hacking seem fast and effortless, when cyberattacks require careful planning, social engineering, and technical expertise. The media also overhyped certain threats, like making every hacker part of a global crime syndicate, while downplaying real-world risks like phishing attacks or weak passwords. While these portrayals make cybersecurity exciting, they often mislead the public into thinking attacks are only a concern for governments or large corporations. A more realistic portrayal of cybersecurity could help people take personal security measures more seriously.
Journal Entry #9
Social Media and Cybersecurity Reflection
After completing the Social Media Disorder Scale, I scored a 1, which indicates “normative usage.” This suggests that while I do use social media, it has not significantly interfered with my responsibilities, relationships, or emotional well-being over the past year. I feel that I can maintain a healthy balance between my online and offline life.
When reviewing the items on the scale, I thought they were well constructed and addressed key aspects of problematic social media behavior. The questions covered common warning signs such as preoccupation, withdrawal symptoms, and the neglect of other activities, which are consistent with behaviors often seen in addiction-related patterns. I appreciated how the scale didn’t just focus on time spent but also included the emotional and social consequences of excessive social media use.
I believe that patterns of social media use vary globally due to several factors. Cultural differences play a major role, as some cultures may place more value on in-person interactions, while others are more digitally integrated. Access to technology also shapes usage patterns in countries with widespread internet and smartphone availability may see higher engagement levels. Additionally, socioeconomic conditions and mental health awareness influence how people use social media, whether as a tool for connection, escapism, or information. Lastly, social norms and expectations regarding online behavior differ widely across regions, which helps explain these variations.
Journal Entry #10
The article on social cybersecurity highlights how misinformation and cyber
threats are shaping modern conflicts and national security. It emphasizes
that adversaries exploit social media and online platforms to manipulate
public opinion and destabilize societies. One key takeaway for me was the
importance of digital literacy in countering disinformation. As a cybersecurity
student, I found it insightful how the article connects human behavior to
cybersecurity, reinforcing that technology alone isn’t enough—education and
awareness are equally critical. This article broadened my understanding of
cybersecurity beyond technical measures, underscoring the need for a multi-layered approach to defense.
Journal Entry #11
The video “What Does a Cybersecurity Analyst Do?” by Nicole Enesse
provides a detailed look into the responsibilities, required skills, and job
outlook for cybersecurity analysts. One key takeaway is how cybersecurity
analysts must understand both technology and human behavior to protect
organizations from threats. Social engineering attacks, such as phishing,
exploiting human psychology rather than technical vulnerabilities,
highlighting the need for security awareness training. Additionally, the role
requires strong communication skills, as analysts often collaborate across
departments to enforce security policies. This video reinforced my
understanding that cybersecurity is not just about technical defenses—it’s
also about educating and influencing people to adopt safer digital habits.
Journal Entry #12
Student Analysis: Economic and Social Science Perspectives on a Data Breach Notification
As a cybersecurity student analyzing the sample data breach notification from
Glasswasherparts.com, I found it insightful to connect this real-world event to both economic
and social science theories. This incident involved a security breach on a third-party platform
that exposed customer payment information. The company eventually notified users, outlining
the breach and offering guidance. Below, I explain how two economic theories and two social
science theories relate to this scenario.
Economic Theories
- Information Asymmetry
This theory describes a situation where one party holds more information than another in a
transaction. In the case of the breach, Glasswasherparts.com and its platform provider were
aware of the intrusion months before notifying customers. As someone who shops online
regularly, I find this delay concerning because it prevented customers from taking timely steps
to protect their financial information. The lack of immediate transparency left customers
vulnerable and created an imbalance in power and knowledge—exactly what the concept of
information asymmetry highlights. - Negative Externalities
A negative externality occurs when the costs of an action are imposed on others. Here,
customers bore the financial and emotional burden of the breach, even though they had no
role in the platform’s poor cybersecurity measures. As someone studying cybersecurity, I see
how this underscores the importance of companies being held accountable for not just
protecting their own assets, but for preventing harm to others. It also shows how weak
cybersecurity can have widespread, unintended consequences.
Social Science Theories - Social Contract Theory
This theory suggests that individuals give up certain freedoms and trust organizations to act in
their best interest, especially regarding privacy and protection. When customers share their
personal data with a business, they expect that business to act responsibly. From my
perspective, the breach represented a clear violation of this social contract. While the letter
tried to reassure customers and guide them on how to respond, the trust was already damaged
by the delay and the exposure of sensitive information. - Labeling Theory
As a student also studying criminology, I found this theory particularly relevant. Labeling theory
focuses on how society’s reaction can define individuals or organizations. Even if the breach
was technically the fault of a third-party provider, Glasswasherparts.com could be labeled as
negligent or untrustworthy. This label could stick with them for a long time, affecting their
brand and customer loyalty. It shows that beyond just technical recovery, businesses must also
manage public perception
Journal Entry #13
Journal Reflection – Bug Bounty Policies and Cybersecurity Strategy
As a cybersecurity student, reading “Hacking for Good: Leveraging HackerOne Data to Develop
an Economic Model of Bug Bounties” gave me a practical perspective on how policy and
economics work together to strengthen cyber defense. The article showed how bug bounty
programs are not just about hiring hackers—they’re about creating an ecosystem were ethical
hackers, or “white hats,” can contribute to security while being rewarded fairly.
Thoughts on the Literature Review
What really stood out to me in the literature review was how common it is for security
researchers to avoid reporting bugs due to fear of legal consequences. That surprised me. I had
always thought of bug bounty programs as inviting collaboration, but this made me realize the
importance of clearly written policies and formal agreements between companies and hackers.
It’s not enough to say “we welcome feedback”—there needs to be a structure that protects
researchers.
The literature review also linked these programs to economic theories, especially the cost benefit principle. For companies, offering a bounty may be less expensive than dealing with the
aftermath of a breach. That cost-efficiency argument made total sense to me, especially coming
from a background where we’re constantly taught to assess risk versus reward in security.
My Take on the Findings
The findings showed that money isn’t the only motivator for ethical hackers—many do it for
skill-building, job opportunities, or even fun. I can relate to that. As someone who’s taken part
in small Capture the Flag (CTF) challenges, the reward is often just solving the puzzle. But for
companies, knowing that non-monetary factors play a role could help them better design their
bounty programs.
I also learned that older bug bounty programs tend to get fewer valid reports, which was an
interesting pattern. It made me think about how attackers and researchers alike always shift to
newer, more vulnerable targets. So, companies can’t just launch a bug bounty once and expect
it too always work they need to evolve and adapt
Journal Entry #14
After reviewing Andriy Slynchuk’s article on illegal things people often do online, I believe the five most serious violations are hacking into someone’s account, identity theft, online scams, cyberbullying, and downloading or distributing pirated content. I think hacking and identity theft are extremely serious because they invade a person’s private life and can ruin their financial security and mental well-being. Online scams are also a major threat because they take advantage of people’s trust and can cause real emotional and financial damage. Cyberbullying stands out to me because it often leads to long-term psychological harm, and sometimes even tragic outcomes like suicide. Finally, downloading pirated content might seem harmless at first, but it damages industries like film, music, and software development, hurting creators who deserve to be paid for their work. Reading this article made me more aware of how important it is to respect others online and think about the real consequences behind common internet behavior.
Journal Entry #15
After watching Davin Teo’s TEDx talk on digital forensics, I was surprised by how deeply his career intertwines with the social sciences. At first glance, digital forensics sounds purely technical data recovery, investigating cybercrime, and working with machines. But the way Davin explained his work made me realize that understanding human behavior is just as important as understanding technology.
Davin didn’t start off in digital forensics. His journey took twists and turns, including time in corporate environments and different cultural settings, before he found his calling in forensics. What stood out to me was how his experiences with people, not just computers, helped shape his perspective. His work often involves thinking like the person who committed the crime asking questions like: Why would someone does this? What patterns of behavior led to this digital footprint? That’s where the social sciences come in.
Fields like psychology, sociology, and criminology help digital forensics investigators understand motivation, deception, and even social engineering tactics. Davin emphasized that his job is not just about analyzing hard drives it’s about putting together stories and behaviors, kind of like a digital detective. This is really connected to the idea that technological crimes are still very human at their core.
His pathway made me reflect on how important it is to be open to different experiences and disciplines. Just because a career is technical doesn’t mean it lacks a human side. In fact, the best investigators probably need that social science mindset to really be effective. I admire how Davin brought empathy, curiosity, and critical thinking into his career, and it makes me more excited about blending cybersecurity with social understanding in my own path.
Article Reviews
Article Review #1
Article-review-1Article Review #2
Article-review-2