Journal Entry I

The order in which I want to focus my career, first to last, are investigation, design and development, cyberspace intelligence, implementation and operation, protection and defense, cyberspace effects, and oversight and governance. The investigation category is my first option because I want to be on the front lines of gathering critical information that can be used for prosecution.  Design and Development is my next option because I would love to design, implement, and improve a company’s cybersecurity architecture. My last option was oversight and governance because I would rather interact with systems or information directly than plan and manage. 

Journal Entry II

Parsimony relates to cybersecurity because being able to explain something in its simplest elements demonstrates a keen understanding. Using this principle helps develop effective security systems and helps teach important security concepts to inexperienced individuals. Empiricism relates to this field because the experience gained from using our senses tells us what parts of a security system need to be changed to remain effective. Determinism relates to this field because issues with a security system may often result from a separate root cause or past incident. Learning the relationship between common symptoms of various threats will allow you to find and neutralize the root cause efficiently. The principle of objectivity relates to cybersecurity because facts and data should be used to make changes to a security system.

Journal Entry III

Publicly available information on data breaches is invaluable for researchers and other cybersecurity professionals. Sharing this information promotes the cooperation of cybersecurity professionals and can be used to refine security frameworks across industries. Researchers can learn what forms of data are most sought after and which threats specific organizations commonly face. They can learn the most common attack methods and signs associated with them. This information can also inform them of attack types that resulted in the greatest losses and took the longest to identify. An organization can use this information to implement justifiable countermeasures and prepare response plans for each scenario. The goal is to mitigate threats, risks, and vulnerabilities with the most significant potential impact before an attack.

Journal Entry IV

Although not limited to, my phone has become a physiological need in my everyday life and functions. It serves as a real-time communication device, allows me to get food, and tracks my health. I ensure the safety of my technological devices with cases, passwords, adblockers, VPNs, biometrics, and multi-factor authentication. Technology and social media give me an absurd amount of opportunities to communicate with people I know and connect with others who share interests and beliefs to establish a sense of belongingness. Technology has helped build my self-esteem through success in video games, frequent communication with others on social media platforms, and even finding potential romantic partners. Technology has helped me with self-actualization by serving as a foundation for educational materials on digital drawing and piano tutorials. 

Journal Entry V

1. Multiple reasons- Without knowing the specific reasons I put this first. It could be a mixture of the other motives listed, so it was an easy choice for me.
2. Revenge- This is at the top of my list because it can be a rare opportunity for an individual to cause equivalent damage to a powerful entity. Rich organizations may avoid legal repercussions because of their connections with government entities. Being wronged by one of these organizations and watching a corrupt legal system fail would motivate anyone. Although, this motive seems the riskiest in terms of getting caught.
3. For money- It is nearly impossible to get by in today’s world without proper financing. So, I can understand why an individual might resort to a cyberattack for money to get by. 
4. Political- Governments run countries and govern people. There is no shortage of corruption in governments across the world. There are numerous reasons why an attacker might be politically motivated such as corruption, war, and religion. 
5. Recognition- I see being an inspiration and being known by other attackers for your skills as a fair motive. With this recognition, you could work along with or lead others with similar motives. Also, living a double life and being known by many others for success under an alias seems exciting. 
6. Entertainment- This motive makes more sense than boredom to me because I have heard many cybercriminals speak of the thrill that comes along with completing an attack after putting in countless hours. What they have worked on for so long digitally finally has real-world implications. However, similar to boredom, entertainment can be found through anything.
7. Boredom- I ranked this last because boredom can be cured by anything a person enjoys. An individual’s mind would have to be seriously twisted for committing cybercrime to be the only way to cure their boredom. 

Journal Entry VI

Fake websites, which make up 20 percent of the entire web, generate billions of dollars in fraudulent revenue (Abbasi et al., 2010). One of the most distinguishable signs that a website is fake is poor design, layout, and buttons that don’t work. It also also important to look for any subtle changes in the uniform resource locator and atypical extensions. Also, major websites today typically have an SSL certificate which ensures a secure, encrypted connection. Any type of major website that might manage personally identifiable information such as emailing, e-commerce, banking, or social media should be HTTPS. Some more specific website information that might hint towards a fraudulent website include lack of contact information, poor grammar, different language, and deals that are too good to be true.

Journal Entry VII

This meme relates to human-centered cybersecurity because tech departments focus on being up-to-date with all information security advancements and vulnerabilities. However, humans are the weakest link and efforts can seem wasted when the rest of the company ignores recommended practices.

This meme relates to human-centered cybersecurity because he met someone without verifying their identity. He is about to realize that the person he thought he was communicating with does not exist and goes from an offender to a victim.

This meme relates to human-centered cybersecurity because, despite training, many fell victim to a phishing email. However, despite this disadvantage, the information security team protected the confidentiality and integrity of company data.

Journal Entry VIII

The field of cybersecurity is broad and complex. The media often oversimplifies related subjects to appeal to a wider audience knowledge base. Without this, too much screen time would be spent explaining associated concepts, and most of the audience would get bored quickly. Although media portrayals of cybersecurity concepts might give audience members an incorrect understanding, I consider mentioning them enough for individuals interested in exploring the truth behind them. Portrayals of such concepts might be half-baked but I consider normalizing them in this media-driven age more important. The media often focuses on extreme cyberattacks because they garner more attention. However, this can confuse the public making them think that only large business entities are susceptible to these attacks. 

Journal Entry IX

I completed the social media disorder scale and received a score of two. The questions on this scale show how detrimental and impactful social media can be on our mental state. They also show that people can be so enveloped in their online lives that real-world social connections can suffer. I have partaken in social media since middle school but have noticed how much more addictive newer ones have become such as Instagram reel and TikTok. Luckily I’m surrounded by friends who like myself notice how these apps waste your time and we have supported each other in quitting them. I think that different patterns across the world can be attributed to things such as different cultures, religions, wealth, and hardships. Ultimately, I think that some individuals use social media less because they have to focus more on surviving and some develop deeper real-world social relations because of their culture or religion.

Journal Entry X

Information and how it is gathered plays a pivotal role in warfare throughout all of its stages. Today, keeping critical information private while spreading it to the necessary sources is more challenging due to the new paths/forms it can take. The right information at the right time can be used for psychological warfare, disrupting communication, counterintelligence, and spreading disinformation to name a few. Social cybersecurity “is an emerging scientific area focused on the science to characterize, understand, and forecast cyber-mediated changes in human behavior, social, cultural, and political outcomes, and to build cyber-infrastructure needed for society to persist in its essential character in a cyber-mediated information environment under changing conditions, actual or imminent social cyber-threats.” Humans are the weakest link when it comes to networks and the information they hold so it is only natural they would be targeted. To better prepare ourselves for future conflicts, our leaders must understand this discipline and its impacts to minimize the fracturing effect it can have on nations. Today bots leverage machine learning. artificial intelligence and themselves automate social media tasks to create positive, nuisance, or malicious effects. Also, they have become so advanced with capabilities such as manipulating tweet timing that it is hard to identify and dispose of these automated accounts. 

Journal Entry XI

Cybersecurity jobs can be found everywhere so the social themes vary drastically. The highest pay for these positions can be found in the cities where high diversity, growth, interactions, and pace of life exist. Graveyard shifts also pay more if isolation and being the last line of defense better suits you. Some communication is still necessary in this role to communicate updates with workers of the differing shifts. The themes of lifelong learning, adaptability, diversity, and team dependency are highly present in these types of jobs. Diversity in this field is needed to establish a wide range of experiences, perspectives, and approaches. Team dependency is sought after to solve complex threats that require different skill sets and to adequately respond to attacks promptly. There are a ton of opportunities to expand your cybersecurity network such as tech meetups, cyber competitions, and engagement on professional platforms.

Journal Entry XII

This sample breach letter relates to the Lassez-fare economic theory because a governmental entity likely stepped in and forced the company to send out this letter. This specific theory suggests that the government should not intervene in the economy except to protect an individual’s inalienable rights. The government stepped in when citizens’ personally identifiable and financial information was exposed to ensure the equal treatment of all victims. It also relates to the Marxian economic theory because the company, an entity with power, may have neglected proper security measures or sold its customers’ data for financial purposes. The company exploited those without power, its customers, by not protecting their data with the proper safeguards. The citizens alone are relatively powerless in this scenario and have to place their trust in governmental bodies to punish the company for its negligence.

It relates to the social contract theory because the individuals conducting business with this organization surrendered certain rights to a powerful body in exchange for protection and order. Customers should be able to expect the protection of their data when conducting business with a company. They surrendered personal information knowing this and should be granted protection/order from the company and government. It also relates to symbolic interactionism which deals with how people create meaning through interactions and symbols which shape their understanding of the world and behaviors. Their interactions with this company and ideas of customer trust will shape their understanding of the government’s role and impact how they do business in the future.

Journal Entry XIII

Most large companies do themselves harm by not implementing vulnerability disclosure policies which allow security researchers to submit bugs to organizations without fear of being sued. Large organizations need to overcome their skepticism about using bug bounty hunters and utilize this cost-effective means to improve security posture. This lucrative market is beginning to catch traction like never before with support from Rod Rosenstein, the US Deputy Attorney General, and websites offering compensation. Incorporating such policies can allow organizations to outsource the search for these bugs to freelance workers for significantly cheaper than the legal repercussions of a breach. It also frees up its cybersecurity department from taking on this daunting task allowing them to put their attention elsewhere ultimately improving the overall security posture. Furthermore, it gives opportunities for bug bounty hunters to prove their skills opening up possibilities for recruitment by large organizations. Such policies also allow companies of all sizes to derive value from bug bounty programs. If companies were to increase the need for bug bounty hunters and offer fair compensation it could potentially stop them from pursuing illegal means for monetization. Hackers are commonly motivated by non-monetary factors and more skilled hackers are more price-elastic compared to unseasoned ones. All industries are not treated equally with financial, retail, and healthcare receiving fewer reports all of which are easier to maliciously monetize. 

Journal Entry XIV

The five most serious violations are sharing others’ information, collecting information about children, faking your identity online, bullying and trolling, and using other people’s internet networks. Exposing someone’s personal information can make them a target for harassment, stalking, or other types of harm. Collecting the information of children is wrong because they are exceptionally vulnerable to exploitation and manipulation. Although a fake identity can be used with good intentions, it’s more commonly used for scams and fraud. Bullying and trolling online can have real-world effects such as anxiety and depression. Using other’s internet networks could get them in trouble depending on what is accessed and gives access to their sensitive information.

Journal Entry XV

Davin Teo states that when he started working, digital forensics was something you had to fall into because no classes were available. He started in accounting but soon after began helping with IT roles in the office and moved to Australia, where he worked for the first digital forensic practice. This is where he found his niche and has been working in this field ever since. He follows the digital footprints of individuals, which requires social and psychological skills in addition to technical ones. Some comparisons to digital forensics and accounting include meticulous attention to detail and understanding financial behavior. Unquestionably, many skills from his prior career can be utilized in his current role.