Nicaela Bungubung

CPR E 234
May 2, 2021
Final Paper

Final Term Paper

What is my personal code of ethics that will guide me on my journey as a cybersecurity

professional? As I am currently in school aiming for a degree in Cyber Security and possibly a
Cyber Security certification in the future, this course has helped me realize that I have elevated
myself towards a higher level of responsibility than I could have ever imagined prior to taking
this class. I learned that the knowledge we are taught in a Cyber Security program are cutting
edge technologies and high level training that the responsibilities of this knowledge should not
only be respected and followed, but our duty to ethically implement the knowledge and protect it
from malicious and illegal use from the best of our abilities. Based on this, all individuals who
participate in any cyber security testing should attain a code of ethics.
My personal code of ethics does not replace any of my existing ethical behavior,
judgment, or even my values as an individual. I intend to use my personal code of ethics to
provide guidance and a moral compass in order to give myself a direction in which to proceed
through any circumstance or situation where it requires any difficult decision making processes.
Establishing and developing one’s own set of values and ethic to guide them in this profession is
important because no two people are the same. As discussed in class, things are not simply
“right” or “wrong”. Something might be ethically right even though it causes harm and achieving
an ethically desirable goal might be limited by ethical constraints. So, what are my personal code
of ethics? First, it is to act legally with responsibility and honesty as I implement any knowledge
that I have gained and continue to gain. This is important because abusing any information or
access that I have gained will lead to extenuating circumstances. Second, is integrity – to tell the
truth and provide all that is involved with the necessary information in a timely manner. For
example, the scandal with the target breach mentioned in class would be an example of not
adhering to this ethic. Target knew that private information including their customers personal
information have been breached and failed to notify their customers that their private information
has been compromised. Another personal code of ethic is to recognize the degree of
responsibility that I have been given through my training and knowledge, respect all contracts
and agreements from a unique company, and to treat everyone fairly and with respect. I will also
not advance any private interests at the expense of end users, colleagues, or my employer and not
abuse my power. I will only use my technical knowledge, user rights, and permissions only to
fulfill my responsibilities to my employer. When it comes to not abusing my power, this includes
the actions of avoiding and being alert to all circumstances that may lead to conflicts of interests
and if a circumstance may occur, to alert my employer right away, to not steal property or
resources, to reject any bribery and will report all illegal activity.
 In the future, I plan to develop my own code of ethics to guide me in the cyber security
profession in two main categories. One, is conducting my career with integrity and
professionalism. In order to do so, I will not hurt my employees, the property of the company or
its reputation with false or malicious action. I also will not use my availability and access to
information for personal gains or for others as this would be an act of corporate espionage. I am
also obligated to report all system vulnerabilities that may result in significant damage towards
the company. And lastly, something that I have learned from my current internship is to also
accurately document all procedures, actions, and modifications that I have performed. The
second category is to respect privacy and confidentiality. This means respecting the privacy of
my coworker’s information by not viewing their information that may include private data, files,
and records. It is extremely important for me to respect the confidentiality of my employers and
clients. I will also not take any action without permission first when it comes to working with
any systems on a network. And lastly, I will not participate in any form of discrimination.
Everything discussed based on the two categories of my personal code of ethics have been
strongly influenced after taking this course. In all honesty, I was not at all aware of the
importance of ethics when it came to a cyber security profession. I just thought it was a computer
job that prevents hackers but did not have any clue that it would be more complex ethically
speaking. This class has made me realize how much ethics matters when pursuing any career
path. How was my set of principles that I would plan to use when handling ethical dilemmas
been impacts by what I believed coming into class and what I have learned in class? What I
believed coming into class was that I would just follow a simple security protocol when I faced a
dilemma at work and call it a day. But after what I have learned in class, I learned that I would
be making numerous judgement calls, that I am in a field that has a high degree of trust
throughout other departments in the company, that I will be making decisions that will have
emotional impact, that I will have to convince others the importance of security, that I will have
to defend myself for the decisions I chose to make, and that those decision may have an impact
on the freedom and safety of others. All of this I did not have a single thought about when cyber
security was ever brought up to me. The quote brought up in the very first lecture in class, “Your
beliefs become your thoughts, your thoughts become your words, your words become your
actions, your actions become your habits, your habits become your values, your values become
your destiny” by Gandhi describes the importance of ethics best.
What “soft skills” are likely to be important in adhering to this code while achieving my
career goals? One soft skill is collaboration. I believe that in order to adhere to majority of the
things I discussed in my personal code of ethics, it is essential for cyber security professionals to
have good “people skills” and work well with our colleagues throughout the company in order to
successfully achieve a set of goals and objectives. In class, it was discussed that a big part of our
job is to prove to others the importance of security. And in other to do so, is to have good
communication skills. For example, we may have to present technical security information to
those who have no idea what we are talking about. So, in order to translate technical knowledge
into I guess you can say a normal conversation, we must have good verbal and also written
communication if we were to have to present to others. Another big skill is adaptability. Cyber
Security and in general, technology is always changing and in order to perform our best in
security, we must keep up with the latest vulnerabilities and make sure we are constantly
learning in order to keep our knowledge is other words, updated. Networking is another
important skill. This can be used as an opportunity to tap into the experience of the professionals
I connect with to gain knowledge in my critical thinking skills and improve my company’s
performance. For example, if there were ever a breach in the company, I would have an idea of
what to do or what not to do and how to handle this situation because I learned from someone
else’s experience. Problem solving skills is extremely important in order to adhere to my own
personal code of ethics. Every day we will have the responsibility to diagnose all problems,
modeling, and analyzing all data. This responsibility requires attention to detail and solving
complex problems in a rapidly evolving environment requires grit and a forward thinking
approach. As a cyber security professional, we must be good at facing scenarios that we will
have to troubleshoot and in order to troubleshoot, we must have good problem solving skills. I
remember when I was interviewed for my internship, problem solving was the main topic of
discussion and this is because many people graduate from fine cybersecurity programs however,
they are missing a core skill set of problem solving which is having no fear. And I never
understood exactly what they meant until this class. This leads to my last soft skill which is
attention to detail. I will need to be detail oriented when trying to find the root of a data breach
and if I will have to analyze any logs after an attack. And in most cases, when facing these
issues, we will have to work fast and under a lot of pressure. There are several other soft skills I
can also think of, but these are the ones that stand out to me the most when thinking about what
is required to follow my personal code of ethics while achieving my career goals.
Are there areas where I think I may struggle? I am sure I will struggle in many areas at
first which I have accepted, as long as I learn from them is what is mainly important to me. The
best advice I have been given from a current cyber security professional is that it is okay to not
know everything. And I strongly believe having this mind set will lead to success in this
profession. However, there is one area I already know I may struggle and that is written
communication. When the topic of having to be able to discuss technical terms to someone who
has no knowledge of such already concerned me. Not only would this be verbally challenging for
me, but it would make something that is already too complex to describe more difficult to
describe in non technological terms. For example, in the lecture slides about breaches, they
discuss how reports can be difficult to create. So, this means not only communicating can
already by verbally difficult but also difficult verbally and visually. When encountering a
problem in the organization such as a breach, the security team needs to generate a report to
present to management of other departments and the executives who may have little to no
knowledge of the report you are presenting. The lecture describes two different reports such as
the IC3 report, and the Verizon DBIR and discusses what works and what does not work. And
like many other departments who have to present projects and data, for some reason I thought
cyber security would never have to do such a thing. However, security probably have to present
data on the daily basis in order to confirm that systems are secure and monitor them. Being able
to present any project of any topic has always been a struggle for me because either one, I am
missing information, or two, I did not highlight the significance of the topic I am discussing. So,
when generating a report, what I learned from the two examples of reports in class, is that first
you want to figure out how you want to get the data you have and find the best way to
communicate this to your boss. And one of the best and effective ways to do this is by graphs.
Again, I understand this is something I will get better at as I gain more experience and
knowledge but based on all soft skills required in cyber security, communication with those
outside of not only the information security field but outside any information technology
department will be a place that I will struggle. In conclusion, this class helped me realize the
importance of developing my own code of ethics that will guide me as a cyber security
professional in the future.