What is my personal code of ethics that will guide me on my journey as a cybersecurity
professional? As I am currently in school aiming for a degree in Cyber Security and possibly a Cyber Security certification in the future, this course has helped me realize that I have elevated myself towards a higher level of responsibility than I could have ever imagined prior to taking this class. I learned that the knowledge we are taught in a Cyber Security program are cutting edge technologies and high level training that the responsibilities of this knowledge should not only be respected and followed, but our duty to ethically implement the knowledge and protect it from malicious and illegal use from the best of our abilities. Based on this, all individuals who participate in any cyber security testing should attain a code of ethics. My personal code of ethics does not replace any of my existing ethical behavior, judgment, or even my values as an individual. I intend to use my personal code of ethics to provide guidance and a moral compass in order to give myself a direction in which to proceed through any circumstance or situation where it requires any difficult decision making processes. Establishing and developing one’s own set of values and ethic to guide them in this profession is important because no two people are the same. As discussed in class, things are not simply “right” or “wrong”. Something might be ethically right even though it causes harm and achieving an ethically desirable goal might be limited by ethical constraints. So, what are my personal code of ethics? First, it is to act legally with responsibility and honesty as I implement any knowledge that I have gained and continue to gain. This is important because abusing any information or access that I have gained will lead to extenuating circumstances. Second, is integrity – to tell the truth and provide all that is involved with the necessary information in a timely manner. For example, the scandal with the target breach mentioned in class would be an example of not adhering to this ethic. Target knew that private information including their customers personal information have been breached and failed to notify their customers that their private information has been compromised. Another personal code of ethic is to recognize the degree of responsibility that I have been given through my training and knowledge, respect all contracts and agreements from a unique company, and to treat everyone fairly and with respect. I will also not advance any private interests at the expense of end users, colleagues, or my employer and not abuse my power. I will only use my technical knowledge, user rights, and permissions only to fulfill my responsibilities to my employer. When it comes to not abusing my power, this includes the actions of avoiding and being alert to all circumstances that may lead to conflicts of interests and if a circumstance may occur, to alert my employer right away, to not steal property or resources, to reject any bribery and will report all illegal activity. In the future, I plan to develop my own code of ethics to guide me in the cyber security profession in two main categories. One, is conducting my career with integrity and professionalism. In order to do so, I will not hurt my employees, the property of the company or its reputation with false or malicious action. I also will not use my availability and access to information for personal gains or for others as this would be an act of corporate espionage. I am also obligated to report all system vulnerabilities that may result in significant damage towards the company. And lastly, something that I have learned from my current internship is to also accurately document all procedures, actions, and modifications that I have performed. The second category is to respect privacy and confidentiality. This means respecting the privacy of my coworker’s information by not viewing their information that may include private data, files, and records. It is extremely important for me to respect the confidentiality of my employers and clients. I will also not take any action without permission first when it comes to working with any systems on a network. And lastly, I will not participate in any form of discrimination. Everything discussed based on the two categories of my personal code of ethics have been strongly influenced after taking this course. In all honesty, I was not at all aware of the importance of ethics when it came to a cyber security profession. I just thought it was a computer job that prevents hackers but did not have any clue that it would be more complex ethically speaking. This class has made me realize how much ethics matters when pursuing any career path. How was my set of principles that I would plan to use when handling ethical dilemmas been impacts by what I believed coming into class and what I have learned in class? What I believed coming into class was that I would just follow a simple security protocol when I faced a dilemma at work and call it a day. But after what I have learned in class, I learned that I would be making numerous judgement calls, that I am in a field that has a high degree of trust throughout other departments in the company, that I will be making decisions that will have emotional impact, that I will have to convince others the importance of security, that I will have to defend myself for the decisions I chose to make, and that those decision may have an impact on the freedom and safety of others. All of this I did not have a single thought about when cyber security was ever brought up to me. The quote brought up in the very first lecture in class, “Your beliefs become your thoughts, your thoughts become your words, your words become your actions, your actions become your habits, your habits become your values, your values become your destiny” by Gandhi describes the importance of ethics best. What “soft skills” are likely to be important in adhering to this code while achieving my career goals? One soft skill is collaboration. I believe that in order to adhere to majority of the things I discussed in my personal code of ethics, it is essential for cyber security professionals to have good “people skills” and work well with our colleagues throughout the company in order to successfully achieve a set of goals and objectives. In class, it was discussed that a big part of our job is to prove to others the importance of security. And in other to do so, is to have good communication skills. For example, we may have to present technical security information to those who have no idea what we are talking about. So, in order to translate technical knowledge into I guess you can say a normal conversation, we must have good verbal and also written communication if we were to have to present to others. Another big skill is adaptability. Cyber Security and in general, technology is always changing and in order to perform our best in security, we must keep up with the latest vulnerabilities and make sure we are constantly learning in order to keep our knowledge is other words, updated. Networking is another important skill. This can be used as an opportunity to tap into the experience of the professionals I connect with to gain knowledge in my critical thinking skills and improve my company’s performance. For example, if there were ever a breach in the company, I would have an idea of what to do or what not to do and how to handle this situation because I learned from someone else’s experience. Problem solving skills is extremely important in order to adhere to my own personal code of ethics. Every day we will have the responsibility to diagnose all problems, modeling, and analyzing all data. This responsibility requires attention to detail and solving complex problems in a rapidly evolving environment requires grit and a forward thinking approach. As a cyber security professional, we must be good at facing scenarios that we will have to troubleshoot and in order to troubleshoot, we must have good problem solving skills. I remember when I was interviewed for my internship, problem solving was the main topic of discussion and this is because many people graduate from fine cybersecurity programs however, they are missing a core skill set of problem solving which is having no fear. And I never understood exactly what they meant until this class. This leads to my last soft skill which is attention to detail. I will need to be detail oriented when trying to find the root of a data breach and if I will have to analyze any logs after an attack. And in most cases, when facing these issues, we will have to work fast and under a lot of pressure. There are several other soft skills I can also think of, but these are the ones that stand out to me the most when thinking about what is required to follow my personal code of ethics while achieving my career goals. Are there areas where I think I may struggle? I am sure I will struggle in many areas at first which I have accepted, as long as I learn from them is what is mainly important to me. The best advice I have been given from a current cyber security professional is that it is okay to not know everything. And I strongly believe having this mind set will lead to success in this profession. However, there is one area I already know I may struggle and that is written communication. When the topic of having to be able to discuss technical terms to someone who has no knowledge of such already concerned me. Not only would this be verbally challenging for me, but it would make something that is already too complex to describe more difficult to describe in non technological terms. For example, in the lecture slides about breaches, they discuss how reports can be difficult to create. So, this means not only communicating can already by verbally difficult but also difficult verbally and visually. When encountering a problem in the organization such as a breach, the security team needs to generate a report to present to management of other departments and the executives who may have little to no knowledge of the report you are presenting. The lecture describes two different reports such as the IC3 report, and the Verizon DBIR and discusses what works and what does not work. And like many other departments who have to present projects and data, for some reason I thought cyber security would never have to do such a thing. However, security probably have to present data on the daily basis in order to confirm that systems are secure and monitor them. Being able to present any project of any topic has always been a struggle for me because either one, I am missing information, or two, I did not highlight the significance of the topic I am discussing. So, when generating a report, what I learned from the two examples of reports in class, is that first you want to figure out how you want to get the data you have and find the best way to communicate this to your boss. And one of the best and effective ways to do this is by graphs. Again, I understand this is something I will get better at as I gain more experience and knowledge but based on all soft skills required in cyber security, communication with those outside of not only the information security field but outside any information technology department will be a place that I will struggle. In conclusion, this class helped me realize the importance of developing my own code of ethics that will guide me as a cyber security professional in the future.