Journal 2 01/29/2026
The principle of empiricism directly and pragmatically enhances cybersecurity practices through the rapid adaptation and ability to iterate that empirical data collection supplies. Empirical data provides a direct cause and effect relationship between security measures and their effect on network security, availability, and integrity. An administrator can pull from the data that empirical research yields in order to determine the effectiveness of a new or old security measure, such as how many instances of piggybacking a mantrap may have stopped within the month of its installation, or how many users have experienced issues under a new password management policy. If empirical data can be collected regarding certain security flaws, such as a poor password management policy or poor physical security measures it allows those weaknesses to be rectified appropriately before they can be exploited by a potential threat.
Journal 3 02/09/2026
The details and information offered publicly by organizations such as PrivacyRights is extraordinarily valuable to cybersecurity researchers as it provides great insight into potential attack vectors and threat surfaces that attackers use in order to infiltrate various businesses. In one of the particular attack archives I observed through the website that involved Hot Topic on July 3rd and 6th of 2024, credential stuffing using a list of valid customer credentials was used in order to breach the security of the Hot Topic rewards account database and obtain a plethora of customer information including names, birth month and year, and the last four numbers of the card associated with the account. Knowing this about the attack, the first question that a researcher can begin building upon is how was the list of valid credentials that was sold to the attackers by an unknown third party obtained? Much of what we study in cybersecurity mirrors the old saying, “The first step to solving a problem is admitting that there is a problem to be solved”.
Another attack I observed was that of JB Autosports which occurred over a lengthy period of time between August 1st, 2015, through November 9th, 2015, in which data was targeted and stolen from the checkout page of the website including full card information, names, and addresses. An issue like this is important to observe and learn from as businesses continue to expand their presence in the online space. It allows researchers to forecast potential data breaches by observing the security flaws in JB Autosports website that may allow a similar attack to happen on another site sometime in the future.