Cybersecurity and Social Science

Journal 15 - 4/20/2024

On Digital Forensics

Based on the following video: https://youtu.be/Pf-JnQfAEew

The speaker's narrative offers a compelling glimpse into the dynamic evolution of his career trajectory, starting from a background in accounting and gradually transitioning into the realm of digital forensics. His story underscores the fluidity and interconnectedness of different professional domains, illustrating how individuals can pivot and adapt their skill sets to align with emerging opportunities and evolving industry demands.
What stands out in his journey is the pivotal role of curiosity and adaptability. Despite beginning his career in accounting, he remained open to exploring new avenues within the broader realm of information technology (IT). As he delved deeper into IT-related tasks while working in a small accounting practice, his interest in technology grew, eventually leading him to pursue opportunities that allowed him to merge his accounting expertise with IT proficiency.
Moreover, the speaker's transition into digital forensics highlights the interdisciplinary nature of the field. While his initial training may have been in accounting, his foray into IT support within the accounting firm laid the groundwork for his eventual immersion into digital forensic investigations. This interdisciplinary approach enabled him to leverage his analytical skills from accounting alongside technical proficiencies in IT to tackle complex digital investigations effectively.
The speaker's discussion of real-life case studies further underscores the multifaceted nature of digital forensics and its wide-ranging applications. From investigating internal breaches within organizations to uncovering fraudulent financial transactions, his work exemplifies the pivotal role of digital forensics in safeguarding data integrity, ensuring regulatory compliance, and combating cyber threats.
Overall, the speaker's journey serves as a testament to the ever-expanding landscape of opportunities in the digital age. It underscores the importance of remaining adaptable, continuously learning, and embracing interdisciplinary approaches to thrive in rapidly evolving fields like digital forensics. By following his passion and seizing opportunities as they arose, the speaker not only found his niche but also made significant contributions to the field of cybersecurity and forensic investigations.

Moreover, several listed activities aren't always illegal, contrary to the article's sensationalist title. For instance, using torrent services or sharing copyrighted images isn't inherently illegal. The legality depends on the specific circumstances, such as whether the torrented content is copyrighted or what license it is presented under, such as the Creative Commons license, and whether permission has been obtained for its use. Many leading Linux distributions offer their installation media as a torrent. It's misleading to categorize these actions as universally illegal without providing nuance.

Furthermore, the article's treatment of specific topics lacks depth and accuracy. For instance, it states that recording VoIP calls without consent is illegal, which is not entirely accurate. In single-consent states like Virginia, only one party must consent to the recording, making it legal under certain circumstances. Failing to provide such context undermines the credibility of the article.

Among the offenses outlined in the article, five stand out as particularly serious, regardless of the source's credibility. Firstly, collecting information about children without proper consent or safeguards is alarming due to the potential risks to their safety and privacy. Children are vulnerable online, and unauthorized data collection can expose them to various dangers, including exploitation and identity theft. Secondly, sharing the personal information of others without their consent violates their privacy and can have significant repercussions, ranging from harassment to identity theft. Thirdly, engaging in illegal searches, especially those related to criminal activities or exploitation, can have severe legal consequences and threaten public safety. Fourthly, using someone else's internet without permission constitutes theft and undermines the integrity of online networks. This offense violates property rights and compromises internet security and trust. Lastly, bullying and trolling represent severe ethical and societal issues that can have devastating effects on victims' mental health and well-being.

Cyberbullying has been linked to depression, anxiety, and even suicide, highlighting the urgent need to address and combat these harmful behaviors in online spaces. Each of these violations underscores the importance of responsible and ethical conduct online to ensure the safety and security of individuals and communities.

In conclusion, while the article may offer some valuable insights into online legality, its biased presentation, lack of nuance, and questionable motives detract from its overall credibility. Readers should approach such content skeptically and seek more comprehensive sources for information on internet law and safety.

Journal 13 - 3/31/2024

On Bug Bounties

Bug bounty policies represent a novel and practical approach to cybersecurity, as highlighted in the provided article. These policies incentivize ethical hackers to identify vulnerabilities in a company's cyber infrastructure, enhancing overall security. The literature review underscores the significance of bug bounty programs in addressing the acute shortage of cybersecurity professionals globally. By engaging freelance security researchers, bug bounty policies provide companies, especially smaller and medium-sized enterprises, with access to expertise they may struggle to recruit in the competitive cybersecurity landscape.
The discussion of our findings sheds light on the economic implications of bug bounty policies. Despite the traditional notion that larger companies with higher profiles would attract more security vulnerability reports, our research indicates that company size and profile do not significantly impact the number of valid reports received. This finding underscores the democratizing effect of bug bounty programs, allowing companies of varying sizes and reputations to benefit equally from engaging ethical hackers.
Moreover, our study reveals that hackers are price-insensitive, indicating that companies with limited resources can still derive value from bug bounties. This insight challenges the conventional belief that only companies with substantial financial resources can implement bug bounty programs effectively. By demonstrating the cost-effectiveness and accessibility of bug bounty policies, our research advocates for their widespread adoption across industries.
In conclusion, bug bounty policies offer companies a practical and efficient mechanism to bolster their cybersecurity defenses. By leveraging the skills of ethical hackers and embracing the principles of cost-benefit analysis, organizations can proactively identify and address vulnerabilities in their cyberinfrastructure. The findings presented in our journal underscore the inclusive nature and economic viability of bug bounty programs, positioning them as a valuable tool in the ongoing battle against cyber threats.

Journal of Cybersecurity, Volume 7, Issue 1, 2021, tyab007, https://doi.org/10.1093/cybsec/tyab007

Journal 12 - 3/30/2024

On Data Breaches

Journal Reflection: Economics and Social Sciences Perspectives on Data Breach

Economics Theories:

1. Information Asymmetry Theory:
The data breach notice from www.glasswasherparts.com exemplifies information asymmetry between the company and its customers. Information regarding the breach was known to the company and its platform provider for months before customers were notified. This delay in notification could be attributed to various factors, such as the time needed for investigation or concerns about reputational damage. From an economic standpoint, this delay creates a situation where the company possesses crucial information that affects its customers' well-being, yet the customers are unaware of it. This lack of symmetry in information can lead to adverse outcomes, including financial losses for customers who may not take immediate action to protect themselves.

2. Externalities Theory:
The data breach incident can also be analyzed through the lens of externalities in economics. Specifically, it illustrates negative externalities imposed on customers due to the company's security breach. While the company incurs costs associated with addressing the breach, such as hiring cybersecurity experts and cooperating with law enforcement, customers bear the brunt of potential identity theft and fraudulent activities. These negative externalities are not factored into the company's cost-benefit analysis when deciding on cybersecurity measures. This highlights the market failure wherein the costs of inadequate security measures are only partially borne by the party responsible for safeguarding customer data.

Social Sciences Theories:

1. Trust Theory:
Trust plays a fundamental role in business-consumer relationships, and the breach notification undermines this trust between www.glasswasherparts.com and its customers. Trust theory in social sciences emphasizes the importance of trust for the functioning of social and economic systems. The delayed notification and the fact that the breach was discovered months earlier without informing the customers erodes the trust that customers have in the company's ability to protect their sensitive information. Rebuilding this trust will require transparent communication, tangible actions to enhance security measures, and demonstrating accountability for the breach.

2. Victimology Theory:
Victimology theory can be applied to analyze the impact of the data breach on the affected customers. According to victimology, individuals who experience harm as a result of a crime or misconduct undergo a series of emotional, psychological, and financial consequences. In this case, customers whose personal and financial information was compromised may experience feelings of vulnerability, distrust, and stress. Moreover, they may incur financial losses or spend significant time and effort rectifying any fraudulent activities resulting from the breach. Understanding the experiences and needs of these victims is crucial for providing adequate support and redress measures.

In conclusion, analyzing the data breach notification through economics and social sciences lenses provides:

valuable insights into the complexities of cybersecurity incidents
their impacts on stakeholders
the broader societal implications.

It underscores the interconnectedness of economic incentives, information dynamics, social relationships, and individual experiences in shaping responses to data breaches and enhancing resilience against future incidents.

The portrayal of the cybersecurity analyst role in the YouTube video also underscores the importance of social awareness in effectively detecting and mitigating cyber threats. Within threat detection, social awareness extends beyond technical expertise to encompass an understanding of human behavior and social engineering tactics employed by malicious actors. For instance, the mention of responding to phishing attacks highlights the need for analysts to recognize and analyze social engineering techniques used to manipulate individuals into divulging sensitive information. Additionally, the role may involve identifying patterns of suspicious behavior within the network, which requires a nuanced understanding of typical user interactions and deviations from normal behavior. Moreover, providing user awareness training and guidance underscores the role of cybersecurity analysts in fostering a culture of security awareness within organizations, where social dynamics play a crucial role in shaping individuals' attitudes and behaviors towards cybersecurity practices. Therefore, social awareness emerges as a fundamental aspect of the cybersecurity analyst's job, enabling them to effectively detect and mitigate threats by understanding the human element inherent in cyber attacks.

Rhys Ferris

Journal 10 - 3/20/2024

Social Cybersecurity in the DoD

As a former U.S. Marine, reflecting on the article "Social Cybersecurity: An Emerging Science" takes on a profound significance. The nature of modern warfare is evolving rapidly, with social cybersecurity emerging as a critical subdomain of national security. This domain, characterized by manipulating information and human behavior through technology, poses strategic consequences for both conventional and unconventional warfare.
The article underscores the importance of understanding and forecasting cyber-mediated changes in human behavior, social dynamics, and political outcomes. In my service as a Marine, understanding the socio-political landscape was crucial for effective decision-making and mission execution. However, social cybersecurity introduces a new layer of complexity, where technology enables state and non-state actors to manipulate the global marketplace of beliefs and ideas.
The concept of "information warfare" is particularly salient, as highlighted by the Russian propaganda apparatus and its sophisticated information operations aimed at fracturing societies and undermining trust in institutions. The shift towards the human domain in warfare, emphasized by the Arab Spring and other decentralized movements, underscores the need for military leaders to grasp the intricacies of social cybersecurity.
The article's discussion on the forms of maneuver in the social-cyber domain, including information and network manipulation, resonates deeply with me. Using bots as force multipliers in information operations presents a formidable challenge, requiring adaptive strategies to navigate the evolving threat landscape.
Moreover, the article stresses the importance of multidisciplinary approaches and agile policies to address social cybersecurity challenges effectively. As a Marine, adaptability and interdisciplinary collaboration were foundational principles in facing dynamic and complex environments. One unofficial motto of the Marine Corps is "Adapt and Overcome." Embracing these principles in the context of social cybersecurity will be essential for safeguarding national security interests and upholding American values in the digital age.
In conclusion, the article serves as a timely reminder of the evolving nature of warfare and the imperative for military leaders to engage with emerging disciplines like social cybersecurity. We must recognize the critical role of understanding and adapting to technological advancements in safeguarding national security and promoting stability in an increasingly interconnected world.

Scoring a one on the Social Media Disorder Scale (SMD Scale), with my only 'yes' answer being "Often used social media to escape from negative feelings," sheds light on my relationship with social media over the past year. Reflecting on the items in the scale, I find them quite insightful in capturing various dimensions of social media usage that may indicate problematic behavior.
The item that resonated with me the most was using social media to escape negative feelings. While I can relate to occasionally turning to social media for distraction or entertainment during challenging moments, I haven't consistently relied on it as a coping mechanism. This suggests a healthy balance in managing negative emotions without solely depending on social media for relief.
Regarding the other items on the scale, I realize that while I may occasionally desire to spend more time on social media or experience mild dissatisfaction when unable to do so, these feelings don't significantly disrupt my daily life. I haven't encountered persistent conflicts or arguments stemming from my social media usage, nor have I neglected essential responsibilities or activities in favor of spending time online.
Considering why different social media usage patterns are found worldwide is intriguing. Cultural, societal, and individual factors likely play significant roles in shaping people's interactions with social media. For example, cultural norms around technology use, attitudes toward social interaction, and the availability of alternative forms of entertainment may influence how individuals engage with social media.
Additionally, socioeconomic factors, access to technology, and societal pressures may impact the prevalence of disordered social media usage in different regions. Understanding these variations can help tailor interventions and support systems to address the specific needs of diverse populations.
Overall, my score of 1 on the SMD Scale suggests a relatively healthy relationship with social media, characterized by occasional use for leisure and connection rather than as a primary means of coping or escapism. However, it's essential to remain mindful of how social media influences our lives and cultivate habits promoting balance and well-being.

Rhys Ferris

Journal 8 - 2/28/2024

Decoding Hollywood: How Media Shapes Our Perception of Cybersecurity

Hollywood has played a significant role in shaping public perceptions of cybersecurity in a world increasingly dominated by digital technologies. A recent YouTube video featuring clips from movies and TV shows and commentary from a real white hat hacker sheds light on the stark disparities between Hollywood's dramatized portrayals and the realities of cybersecurity.
The Influence of Hollywood:
The video begins with Keren Elazari, a seasoned security researcher, analyzing scenes from various films and series depicting hackers in action. From outdated concepts to exaggerated hacking techniques, Hollywood often resorts to sensationalism for dramatic effect. However, the real-world white hat hacker provides valuable insights, separating fact from fiction.
The Illusion of "Hackertyper.com":
Before delving into the specific scenes, it's worth mentioning hackertyper.net, a website that simulates the stereotypical hacker experience. This site, shown to me by a friend, humorously reflects Hollywood's clichéd portrayal of hacking, complete with flashy code and intense animations.
Breaking Down Hollywood Hacking Scenes:

Star Trek: Discovery Space Probe Hacking:
Hollywood's depiction of a space probe using SQL injections to attack a Federation spaceship in Star Trek: Discovery is deemed unrealistic by the white hat hacker. Using outdated hacking techniques and questionable scenarios receives a low rating of one out of 10 for accuracy.

Mr. Robot's Capture the Flag (CTF) Scene:
Scenes from Mr. Robot featuring hacking competitions at DEF CON are praised for their accuracy. Incorporating real-world hacking challenges and scenarios earns a high rating of nine out of 10, with a minor deduction for dramatic pacing.

Oceans 8 Social Engineering:
Rihanna's character engages in spear-phishing, targeting an individual's interests. While the initial concept is deemed realistic, the portrayal of quickly gaining control of a webcam and breaking a complex password leads to a seven out of 10 rating.

Matrix Hacking Scene:
The Matrix's portrayal of Trinity using Nmap and exploiting an SSH vulnerability receives high praise for its timeliness and accuracy. Using real-world tools and vulnerabilities earns a 9.5 out of 10, with a slight deduction for the theatrical inclusion of gloves.

Girl with the Dragon Tattoo:
Lisbeth's reconnaissance and hardware analysis are commended for their realism. The use of a specialized device and photographic reconnaissance receives a perfect 10 out of 10 for accuracy.

The Social Network:
Mark Zuckerberg's creation of Facemash is analyzed for its realism in depicting the early days of hacking. The accurate representation of hacking processes and challenges earns a commendable nine out of 10.

Fast and Furious 8 Car Hacking:
The hacking of cars in Fast and Furious 8 is based on a real-world demonstration. While deemed realistic for the future, it receives a seven out of 10 for the simplicity portrayed in the movie.

Mission Impossible CIA Hack:
The depiction of hacking into the CIA's servers is critiqued for exaggeration and bogus IP addresses, leading to a six out of 10 rating.

Hackers Movie Ransomware:
The classic movie "Hackers" is praised for predicting the future concept of ransomware. While the portrayal of the Da Vinci virus is accurate, a slight deduction is made for the lack of code visibility, resulting in an eight out of 10 rating.

Conclusion:
Hollywood plays a significant role in shaping public perceptions of cybersecurity, often blurring the lines between fiction and reality. While some portrayals receive praise for accuracy, others highlight the need for a nuanced understanding of hacking in the digital age. As technology continues to sprint forward, the influence of media on our understanding of cybersecurity remains a dynamic and evolving phenomenon.

Fake websites contribute to the proliferation of misinformation online, acting as purveyors of false or misleading content. These deceptive online platforms often present distorted information, sensationalized stories, or fabricated data, eroding the trust users place in online sources. While some fake websites may not engage in phishing directly, they can manipulate narratives, disseminating unreliable information that can have real-world consequences. This spread of misinformation not only jeopardizes the credibility of the digital space but also poses risks to public discourse, decision-making, and societal well-being. As users navigate the vast web of information, critical thinking, fact-checking, and a discerning eye are essential tools to combat the influence of these misleading online entities and foster a more informed online community.
In my search for fake websites, I actually found a teacher's thread about the ones they use to teach the subject. Knowing that they were fake going into it may have reduced some of the fun, but it did keep me safe. I’ll start with the best one: https://www.allaboutexplorers.com/ is a website about every explorer that lived… and more… This site appears well put together. However, it consists almost entirely of made-up information. It does help that the “About” section tells you as much, but few people actually read the About section of a web page. Another one was no longer online, but the Internet Archive (archive.org) held a copy from 2016: https://web.archive.org/web/20160309103943/https://www.weathergraphics.com/tim/fisher/ This one proposes that the Fisher Price Airplane toy was a real airplane in the 1970s, complete with pictures! Again, aside from the ridiculous, cartoonish pictures, the site looks almost believable. I would love to believe that no one would believe this, but I read in the previously mentioned thread that a teacher had a student give a presentation on animal hybrids, like a dog with an eagle head, because they had seen pictures on Facebook… and they were dead serious. Lastly, also only available thanks to the Internet Archive was this site that talked about the issues with the Velcro crop: https://web.archive.org/web/20160418194751/http://www.umbachconsulting.com/miscellany/velcro.htm.

Please excuse me as I bury my face in my hands… have a wonderful day.

Rhys Ferris

Journal 5 - 2/7/2024

Unraveling Cybercrime Motives: A Ranking of Rationality

In today's exploration of the enigmatic world of cybercrime, we aim to dissect the motives that drive individuals to engage in illicit digital activities. From the pursuit of wealth to political activism, the motivations behind cybercrime are as diverse as the digital landscape itself. Let's rank these motives in terms of their rationality, incorporating insights from the provided articles for each:

1. Money:

Topping the list of rational motives is the pursuit of wealth. We are all told growing up that if we work hard, we will be rewarded, but in the current system, that doesn’t always seem to be the case. The article suggests that some individuals, frustrated by the challenges of traditional success, turn to cybercrime as an alternative path to financial prosperity.

2. Multiple Reasons:

Realistically, many cybercriminals operate with a combination of motives. Our article delves into the intricate web of reasons driving individuals to engage in cybercrime. It suggests that a multitude of factors, including financial gain, political ideologies, and personal vendettas, even ego, often intertwine to shape the motivations behind these actions. People are not two dimensional.

3. Entertainment/Boredom:

Surprisingly ranking high, the motive of entertainment or boredom is explored in our article. While I understand this as a motivation for cybercrime, the provided article didn’t make much sense, focusing on the boredom of the victims contributing to their victimization, not on the boredom of the offenders. I do, however, understand the thrill and excitement cybercriminals may experience while outsmarting digital systems.

4. Revenge:

The scorching emotion of revenge takes its place in the ranking, in the article titled "Revenge porn victims in Wales often feel ‘let down by the law’ as cybercrime slips through the net" This emotional motive is explored as a driving force, suggesting that the intense desire for payback can push individuals to engage in cybercriminal activities they wouldn't consider under normal circumstances.

5. Political:

The motive of engaging in cybercrime for political reasons is examined in our next article. It contends that when individuals perceive the system as broken, hacking becomes a form of digital protest. Personally, I draw parallels to historical injustices, arguing that legality doesn't necessarily equate to morality. Slavery was legal.

6. Recognition:

At the bottom of the rationality scale is the motive of seeking recognition. This one makes the least sense to me. I question the logic behind cybercriminals who desire acknowledgment for their activities. It highlights the contradiction in seeking recognition while trying to maintain a low profile, emphasizing the importance of secrecy in the world of cybercrime.

In conclusion, the motives driving individuals to commit cybercrimes are multifaceted and complex. As we strive to understand and address these motivations, it becomes crucial to develop effective strategies for prevention and intervention in the ever-evolving landscape of digital crime.

Maslow's Hierarchy of Needs is a psychological theory proposed by Abraham Maslow in 1943. It is a widely accepted framework for understanding human motivation and the factors that drive behavior. According to Maslow, individuals seek to fulfill these needs sequentially, starting from the bottom of the pyramid and moving upward. As fully integrated as our lives are with technology these days, Maslow's Hierarchy could also be applied to technology. Personally, I interact with technology at a ridiculous level, from the phone in my pocket to my work desk where every item on the desk is designed to interface me with technology, from two screens angled perfectly at my face to the keyboard, mouse, webcam, and scanner, all designed to blur the borders of the real and digital worlds as seamlessly as possible.
At the physiological level, digital technology has evolved into a nearly indispensable requirement, with the loss of internet access or a phone inducing a palpable sense of anxiety and frustration. Looking next at the level of safety needs, cybersecurity plays a crucial role in meeting these requirements, offering a sense of security in the digital realm. Instances such as encountering viruses or hacking incidents evoke reactions akin to threats against personal safety. Social media has become a prominent platform for fulfilling the need for social belongingness, as the number of friends or followers influences one's sense of connection and community. Simultaneously, the digital landscape significantly impacts self-esteem, both positively and negatively, as social media interactions contribute to one's perception of worth and recognition. Self-actualization is challenging in the digital world. My first thought when considering self-actualization within the digital world is the movie "2047: Virtual Revolution," where people spend most of their time hooked into a virtual world. That's not a good idea, so instead, I offer using technology to achieve self-actualization, such as working in a job you love or remote work.
Reflecting on personal experiences with technology provides insights into how these digital interactions align with and reshape the traditional understanding of Maslow's Hierarchy of Needs, highlighting the nuanced ways technology has become intertwined with our fundamental human motivations.

Rhys Ferris

Journal 3 - 1/27/2024

On Privacy Rights

Prior to this assignment, I was not familiar with PrivacyRights.org. I have interacted with a few privacy-minded organizations, but not this one. I liked how they have their information organized as it was easy to navigate. According to their about page, they are a nonprofit organization focused on increasing access to information, policy discussions, and meaningful rights so that data privacy can be a reality for everyone, which seems to be accurate. They mostly have information and a consolidation of articles about privacy rights. One of the privacy organizations that I like and actually support is the Electronic Frontier Foundation (EFF; eff.org). The thing I love about EFF is that they actively fight for our privacy rights. They, of course, inform, but they also take states and organizations to court or write letters, etc. I’m not aware of another organization that has done as much for digital privacy as EFF. One thing that surprised me on privacyrights.org was in the law overview section; they had all of the California laws but didn’t have the Virginia Consumer Data Protection Act (VCDPA), which directly affects us here in Virginia.

The picture was generated by Artificial Intelligence with the prompt "Electronic Frontier Foundation," and I thought it was interesting.

Journal 2 - 1/20/24

On The Principles of Science as They Pertain to Cybersecurity

In his book “The Social Order,” Robert Bierstedt explores the relationship between the social and natural sciences. Bierstedt argued that the social sciences should adhere to the same principles as the natural sciences to achieve a more scientific understanding of human society. These principles include relativism, objectivity, parsimony (or simplicity), skepticism, ethical neutrality, and determinism. I think applying these principles is very important for the social sciences, as they give it something firm on which to stand, beyond hunches and hypotheses. In his book review, Brother D. Augustine wrote that Bierstedt “produces respect for sociological reasoning and leaves the impression that sociology makes positive contributions to science. Indeed, credence is lent to the claim that there are some definite principles of sociology.” (The American Catholic Sociological Review, Vol. 19, No. 2 (Jun., 1958), pp. 161-162). I think that this statement shows how at the time, the social sciences had a reputation for not “mak[ing] positive contributions to science” probably due to this fact. Regarding cybersecurity from a multi-disciplinary view, I think that this inclusion of the principles creates a common foundation upon which we can integrate the sometimes non-deterministic areas of social science with the programmatic ideas of computer science.

Let us walk through the principles and consider their relation to cybersecurity in a multi-disciplinary application. The first is relativism. Cybersecurity is a far-reaching domain and affects and is affected by many others, including information technology, criminal justice, and education. With so much influence in areas that affect our daily lives, objectivity, our next principle, can be difficult. However, the internet does not care about our preferences, nor should we bring them into the discussion. Parsimony, or the principle of simplicity, feels at home in cybersecurity. The “human element” is certainly present here, but much of cyberspace is, well… cyber. Dominated by the simplistic on/off of ones and zeros, causality in a programmatic system may seem mysterious in certain circumstances but is almost always present. One of my favorite anecdotes when the topic of artificial intelligence (AI) comes up, is the challenges of creating an AI that is not racist or misogynistic. Because the vast majority of the internet, which is usually used as the training source of machine learning and AI models, reflects the fallible nature of people, it can be challenging to keep an AI from picking this up, and guardrails must be put up to prevent it. Similarly, we must prevent our shortfalls from entering into our science; we must always remain ethical. Lastly determinism. Determinism poses challenges in understanding human choices, as past decisions absolutely influence current ones but cannot be the sole “determining” factor. While deterministic models acknowledge variability as "the human factor," the dynamic nature of cybersecurity suggests that predicting hacking activities solely through determinism is limited.

Journal 1 - 1/20/24

Intro to Cybersecurity

I enjoyed the videos in Module 1. I absolutely agree that the vast majority of cyber incursions occur because of human error. I was once with an organization where they conducted a Red Team operation. The attacker was able to gain physical access to machines by taking advantage of people who did not secure their ID badges outside, so he took photos and made a fake badge that looked like the original. Then he called the security desk and said that his badge wasn't working since it didn't have any RFID. The security officer let him into the building. Then, they told other employees that they were new hires and needed to do their mandatory cyber training to get access. The employees allowed the attacker onto the network on their account and then left them unattended! The attacker downloaded pre-staged payloads and then began scanning and enumerating the network from within.

Regarding the career opportunities, I am least interested in analysis and all its categories. I am most interested in Protect and Defend and Securely Provision; however, in my career, I recognize I will likely end up in Oversee and Govern, though I want to be there with a solid technical background.