Professional Documents
Culture Documents
Dr. Blakely
Cyb E 234
05/01/2022
When I consider how I know what the right thing to do in the face of a dilemma, I don't
find myself examining a list of rules or set of ideals. Instead, I find that I turn to a handful of
influential factors in my life. These factors affect how I examine and eventually approach a
dilemma in a much more complex manner than a set of rules or even one ethical or moral
ideology. All these factors, and their 'interaction' with each other, push me to approach problems
from a more flexible position than one set of ethical rules might while still maintaining a firm
ethical stance on important ethical issues. These factors include my faith, my past interpersonal
experience, and my education (particularly and mainly this class). In this paper, I will examine
each of these factors, how and what it contributes to my personal approach to ethics in my
career as a cybersecurity professional, and how they affect each other in my decision-making.
The first of the three large factors contributing to my professional code of ethics is my
religious practices upon the public or others I might encounter in my career, it is still the most
influential factor in how I go about my life and make my personal decisions. With that being said,
my faith generally more directly impacts my morals. In lecture 3 (slides 8 & 9), Dr. Blakely went
over the difference between morals and ethics. Morals are more "intrinsic" and affect us
personally, while ethics are more "extrinsic" and are affected and enforced by society. In chapter
one of A Gift of Fire (P. 66), the author suggests that it is good practice to distinguish between
violations of morals and ethics, as they can be used to intimidate those with different views.
While generally, I find this to be true, I think our morals, whether intentionally or unintentionally,
affect how we lean on many of the more complex ethical dilemmas and how we approach
ethical dilemmas overall. One common example of this is the "Trolley Problem" discussed at the
beginning of the semester. While there isn't a particularly clear ethical right or wrong thing to do
in that problem, one's personal convictions often dictate their opinions. All this to say that while
my faith is not the sole driving force of my professional code of ethics, it often determines my
perspective on ethical dilemmas. The in-depth details of my religious beliefs as a Christian are
not particularly important to this examination; we can look at Divine Command Theory (lecture 5,
slide 5) which Dr. Blakely covered briefly in lecture 5. The basic idea is that we are
"commanded" to act a certain way. As mentioned in the aforementioned lecture, many factors
may vary in Divine Command theory, including literality and what topics are not directly
addressed by the religion. In the case of cybersecurity, there is really nothing that is directly or
career.
Though less than other factors of my life, my faith does have some factors that directly affect
my code of ethics. One specific teaching that I follow as best I can and that I would deem quite
relevant to cybersecurity is selflessness. The most controversial and interesting way that
covered multiple cases and situations pertaining to whistleblowing, including Julian Assange,
whistleblowing poses interesting ethical dilemmas. In the textbook A Gift of Fire (chapter 3) it
examines the Snowden case, it reads, "An organization founded by a retired CIA officer gave
Snowden its award for integrity and ethics in intelligence work, and the U.S. government
indicted Snowden for espionage. Is Snowden a hero or a traitor…" (P. 187). Due to my morals, I
tend to side closer with those who put themselves at risk (legal or otherwise). however, others
may lean toward the side of those who have been "whistle blown" especially if they were to find
themselves in that situation and valued self-preservation over selflessness. Both in a situation
like Snowden's or in the case of choosing between doing something that violates my code of
ethics and being fired, not getting promoted, etc. I would choose to follow my code of ethics
even at my own expense. Though I find my faith to push me on a professionally desirable path,
it also can create a struggle in my professional life. My faith and its effect on me can at times
make me less objective in a professional setting if I find something morally wrong, though it is
not breaking any shared ethical boundaries. This is something I must be wary of as I continue
specific decisions in certain situations, it has the greatest weight on my outlook on the ethical
dilemmas I face.
The second large contributing factor is my past interpersonal experiences. This generally
has/will have the smallest impact on professional ethics in regard to cybersecurity. This instead
shapes the way I live out my ethical code on a day to day. One of the main things my past
interpersonal experience influences my code of ethics is where my responsibility for others and
their actions. This is something that I will go more into depth on with its relationship with
cybersecurity later. However, on a more general level, being able to separate your opinions and
responsibility from those around you is an important concept for my ethical code. One example
of this is during our class discussions. Often there were many different opinions on some ethical
dilemmas coming from both myself and my classmates around me. At times, I felt some of my
classmates' opinions, morals, or ethics might get them into trouble later in their careers. Despite
this, we were still able to have productive and interesting discussions. An ethics concept that we
used during our discussions throughout the semester was the difference between relativism and
tolerance. In lecture 3 (slide 20), Dr. Blakely discussed these differences, with relativism being
the idea that there is no real 'right' or 'wrong' and thus we have no right or basis for judging
others, and tolerance being willing to accept others' beliefs even if we don't agree with them.
This difference is a key part of keeping an ethical code while interacting with others in the field
of cybersecurity. Another key thing that my past interpersonal experiences have taught me is
emotional intelligence. Recently while discussing some of the soft skills for this class, we read
about emotional intelligence (as assigned for lecture 25). Emotional intelligence is something
that takes a lot of practice and effort to learn and get better at. Approaching ethical dilemmas
using emotional intelligence gained from past professional interactions is extremely important,
especially when discussing the dilemma with someone who may have less technical knowledge
of the dilemma. This also is a field in which I will likely continue to struggle at times, especially
when trying to empathize with those who have already done something commonly viewed as
unethical and thinking about why they might do so. One quote Dr. Blakely shared in lecture
three that resonated with me and made me continue to consider my emotional intelligence is a
quote from Gandhi, which reads, "Your beliefs become your thoughts, Your thoughts become
your words, Your words become your actions, Your actions become your habits, Your habits
become your values, Your values become your destiny." Overall, my interpersonal experiences
help me apply my faith and education to my professional, ethical code, which I use in my
The third contributing factor, and the most directly applicable to my ethics in my career, is
my education. Though this class is not the only part of my education that has contributed to my
professional code of ethics, it does make up the majority, so for the purposes of now, I will focus
on this class. Although before I came into this class, I already had a general understanding of
my ethics and morals, I have been challenged in identifying the details of my ethical code and
and ideas. The most direct or most quantifiable things that I learned from this course have been
some of the standards, frameworks, and other tools that are used in cybersecurity. Though
these don't have the same personal impact some other parts of this class might, they give me
something to turn to when trying to make decisions about security levels in the cyber-world. For
example, during our time learning about threat modeling. Dr. Blakely had us read the overview
of and discuss in class the ATT&CK framework from MITRE (lecture 19). Now that I know of this
framework, if I am ever at a point in my career where I must decide for a business what we need
to do for our cybersecurity, even though I don't have every item in this framework memorized, I
do know where to turn to when considering security, This framework as well as other tools
taught by Dr. Blakely including the Ethical OS, the CCPA, and more, will help me in my career to
know where my boundaries are as a cyber security professional. Preventing me from perhaps
overstepping and infringing on privacy as we discussed with CCPA, or under securing what
aspect of cybersecurity and building my professional ethics that I will need to improve upon, as
my understanding and memory of the specifics of many of these tools are still lacking. Another
thing that has affected how I view cyber ethical dilemmas is a higher understanding of the
different consequences of the right, wrong, or any decision in cybersecurity. One topic we
discussed in lecture 15 (slide 13) was the different types of cyber-attackers and their
intent/capability. Previously, even if I knew there was a difference between the different types of
cybercriminal actors, I would never have considered how they line up with each other in terms of
how drastic their intent and capabilities were. Inversely, some types of cybercrime that one
might see as harmless or even well-intentioned can still be damaging. One example of this
outlined in chapter 5 of A Gift of Fire is a hacker who used Boeing's systems to access another
system. However, Boeing still had to spend significant time and resources to ensure that no
malicious activity had occurred. Learning about examples and events like these has opened my
eyes to another truth of the world: the systems I will be working within my career are not just a
set of computers. They are a business that provides for its users and can often be the livelihood
of those running it, and I am ethically responsible for using tools and understanding of
cybersecurity to protect them. This leads to the other half of the things I've learned from this
class.
While I did have a personal foundation and understanding of some cybersecurity and
ethical concepts, I had little to no foundation in viewing those in the context of the working or
business world. This class has opened my eyes to how the business world fits into my ethics
and how my perspective might be different from others, and how to deal with that. In lecture 27,
Dr. Blakely discussed some business ethics. One concept he introduced was a "Wicked
Problem," which, loosely, is defined as a problem that can't be fixed or solved due to the factors
of the problem. This is generally because there isn't really one solution to the problem.
we have to find a balance between usability and security. We can see the different solutions or
decisions that cybersecurity engineers come to for the "Wicked Game" that is cybersecurity in
our very own class discussions. One interesting example of this was in our discussion in lecture
25. We were asked about how to deal with management that either doesn't care or doesn't
understand the dangers of some cyber issues in the business. While I might be more inclined to
push back against this management that is ignoring security, some of my classmates in these
discussions were quicker to accept it as they saw themselves as no longer at fault for anything
that happened. While learning about some of these business security ideas has been useful, the
discussions we had in class definitely challenged and grew my understanding of the ethical
issues that can arise and the different ways of dealing with them. Finding solutions on how to
find a balance between usability and security and communicating the dangers present at any
level of security to those with less expertise can be a challenge both ethically and functionally.
Luckily this is another area in which this class has helped inform my ability to act ethically in the
working world. Over the last few lectures of the semester, Dr. Blakely has taught us about "Soft
Skills" as they apply to our job as cyber security professionals. Though I knew that soft skills are
useful in the workplace, I never thought about how they relate to cybersecurity itself. I think this
part of the class will have a significant impact on my professional ethics. Knowing where my
ethical responsibilities start and stop and how to properly communicate what I know as part of
my ethical responsibility are both skills I have learned from the material of this class. A good
summary of what I got out of the soft skills is in lecture 27 (slide 14). In this lecture, Dr. Blakely
discussed what our job is (as Cybersecurity Professionals). He suggests that it is our
professional, ethical responsibility to maintain our expertise on security, advise the best course
of action to those in charge, and do our best to persuade them to do the secure thing. I had not
put much thought into the idea of someone of authority in business possibly ignoring cyber
security risks and what I would do in such a situation. So this part of the class filled in several
Overall, I have grown my professional ethics from my faith, my interpersonal experiences, and
my education in this class. All three of these working together in different ways have shaped
both who I am and how I will act in the working world. With my faith driving my personal position
with others and doing so in an ethical manner both in and outside of my career and the
cyber-world, and my knowledge from my education in this class (in conjunction with the rest of
my cybersecurity knowledge and education) driving my day to day understanding of ethics and
my actions in my career as cyber security professional working with others in and outside of my
industry and expertise. While between these three, I don't find a set list of ethical do's and
don'ts, they certainly shape my decision making and guide me toward the ethical decisions,
even in situations new to me, helping me continually grow as a person and a cybersecurity
engineer.