Thomas Nunez

Blakely

CPRE 234

20 April 2022

Term Paper

Coming into this course, I really was not sure what to expect. While I understood the
concept of there being ethical hackers, and unethical hackers, I simply thought this class was
going to teach us what we can and can not do with what we learn. But, to my surprise I learned
so much more than that, I felt as though this class was really meant to prepare me and put me in
the driver’s seat to take control of the career in cyber security that I seek. In doing so it not only
taught me many ways that I can look at and handle issues but also how to apply these skills that I
have learned to the real world and future jobs I may have in the field of cyber security. From
being a part of this course this semester I was able to develop my code of ethics that I will utilize
for the rest of my life and career.

Building off this I learned a lot of different types of ethical approaches throughout this
course, but I think one I will use most is Stoicism. Time after time throughout the course we
were asked discussion questions that I felt hinted towards using logic over emotion which
stoicism is all about. One discussion from class that stuck out to me was, “You are asked to
perform an investigation on another employee who is suspected of sending information to a
competitor. This employee… is actually providing information to a lawyer as part of a potential
lawsuit against the company. What do you do?” (Blakely). While this scenario has many factors
involved such as what kind of information the employee is giving away, or how close you are
with this employee, it really does put you in a tough spot for this scenario, but it is important to
use logic over emotion and determine yourself whether it is correct to tell the company the
employees plan or let the employee do as they wish. In my opinion I think your relationship with
the employee must be disregarded and you must determine whether the information this
employee is giving away could damage the company such as trade secrets, or if it is valid
information that shows the company is doing something wrong. In the field of security there may
be many uncomfortable situations such as this so it is extremely important to ensure that you act
with logic rather than emotion.

While there may be some situations in life where you feel like it may be wiser to go with
your gut and or emotion, I strongly believe that in the world of cyber security it is crucial that
you approach issues logically as often as possible to mitigate potential risks or issues that are
occurring. An example of how acting illogically can impact a company negatively would be the
Target hack and the Home Depot hack. Both companies had very similar attacks but handled
them completely differently, on one hand Target, “confirmed… that the data breach… affected
40 million customers.” (Clay), and did a horrible job at doing so, according to news reports from
2013, Target was shady and not very transparent about informing the public about just how much
was lost, and they also informed most people by sending out robo-calls which the public were
not big fans of either. On the other side Home Depot who had a very similar breach attempted,
“… to aggressively tackle the problem, and has already offered free identity protection services,
including credit monitoring, to customers who used a debit or credit card in a Home Depot
store…” (McGrath). It is apparent that Home Depot acknowledged that they were breached,
accepted that there will be consequences, but went out of their way to make things right, while
Target seemed to play more of a victim role to their customers by being shady about it and not
offering the same help that Home Depot did. Home Depot acted both with logic and emotion by
having sympathy for their customers and helping them. Target acted neither with any logic or
emotion towards their customers. This is an interesting approach and a good example of how
emotion can be used when approaching issues if it is for the better of the people, but it is
important to not be too sympathetic towards others.

Another ethic I strongly believe in and I will use often in my code of ethics is the Kantian
approach. Using the Categorical Imperative which is the supreme principle of morality or as
Johnson said, “All specific moral requirements, according to Kant, are justified by this principle,
which means all immoral actions are irrational because they violate the CI.” (Johnson), will
guide me throughout my career in making rational and moral decisions when any issue arises. It
is clear with the Home Depot and Target breaches which company approached the entire
situation with Kantian ethics, and which did not. Kantian ethics are great for the code of ethics
because it preaches that people should only want to do right in the world and it can save me
down the road from getting in trouble for doing potentially shady unethical things in my career.

An interesting topic brought up in our class textbook A gift of Fire is the importance of
honesty in cyber security, “…one of the most fundamental ethical values (honesty)… The
consequences of some decisions are minor. Others are huge and affect people we never meet.”
(Baase). While it could be argued that honesty is a part of Stoicism as it is “logical” to be honest,
or Kantian as part of the Categorical Imperative, it is extremely important to be honest in this
field about any mistake you may have made as it can cost you future jobs or get yourself in
trouble. An interesting story I have in regards to this was that one of my Mom’s coworkers
accidentally opened a malicious email at her work and her screen ended up going black and she
got locked out of her computer. Rather than reporting it immediately this employee was worried
about getting in trouble and it ended up costing the company hundreds of thousands of dollars.
While this employee was not on the security team it does go to show just how important it is that
people are honest whether in cyber security or in something related to the field. A discussion
from class that I enjoyed that has to do with honesty was, “You are the CIO for an online
services company… It’s become apparent that there is a critical security vulnerability in a public-
facing system… This vulnerability has a good probability of exposing customer data… Your
department has an uptime service level agreement to the company of “four nines”… What do
you do?” (Blakely). The most important ethic that can be brought into this scenario is honesty, I
believe it is better to go to your boss and explain the risk that this vulnerability faces and say that
while you may breach the “four nines” uptime it can save the company a bigger headache down
the road of dealing with a breach. The way I see it is that in the field of cyber security, honesty
must be held above all, I believe that if I have to be honest and it costs me a job, this probably is
not a company or person I want to be working for. For this reason honesty must be regarded as
extremely important in my code of ethics to ensure I am staying true to myself, and keeping
myself out of trouble.

The use of soft skills is imperative for a successful career in cyber security. A quote I
really enjoyed from lecture about soft skills is that without them, “You erect invisible barriers to
your success” (Blakely), I think it is a very interesting way of describing just how important
these are. In cyber security a lot of people may judge books by their cover which is why your
first impression with a potential employer, client, or co-worker can be won and destroyed by
your soft skills. My main soft skills that I think I need to take with me to my future jobs is more
on the side of nonverbal communication. Another quote I liked from lecture was, “We say more
with our bodies than with our voices.” (Blakely), this is especially important because as someone
who may be overseeing or managing very serious intellectual property needs to look like a
strong, well minded person who is not afraid of tackling an issue. Coming into a stressed out
room with good posture, a strong voice, eye-contact, and confident hand gestures or just
confidence overall can motivate others to not only respect you, but respect themselves and get
working.

I think the main thing that I fear about my career in cyber security is the anxiety I can
imagine facing about having a critical error that will either cost me my job, the people that work
around me their jobs, or my company a lot of money. Growing up I have always dealt with
anxiety so I think it will be something that I have to learn to be comfortable with especially in
my career that nothing will ever be one hundred percent secure. An article from class that I
enjoyed, “If We Build It (They Will Break In)”, briefly explained the story of how, “Unknown
parties wiretapped the cellphones of… senior members of the Greek government for a period of
10 months using the law enforcement interface of an Ericsson phone switch built for Greek
Telecom.” (Landau). This helped ease the nerve to know that even when the government has
something built for them to help make the country more “secure”, no matter what is created
eventually a flaw will be found and exploited in that system. While obviously a security
professional must have a strong desire to be perfect, I feel it would be detrimental to that
professional’s mental health and motivation to spend their entire career trying to be absolutely
perfect with constant stress and worry.

Entering this course, I never examined ethics in depth as I have done over this past
semester, and it has been very eye-opening. While most people have some type of ethics in their
heart regardless of whether they know it or not, I think that these ethics do not have the ability to
reach their full potential unless the time is taken to learn about them and understand how to use
them such as we have over the semester and I believe that I have achieved the ability to look at
issues, examine them and see the different approaches I can use to mitigate these issues with
different ethics. With all this in mind I feel as though there is a strict code that security
professionals should live by to have a successful career. Professionals must act logically and put
their emotions away when making decisions if these emotions do not make the situation better,
professionals must act ethically and follow the categorical imperative to ensure that should they
have a situation arise they are doing everything in their power to handle it the right way. Finally,
it is most important that all professionals are honest with how they act and what they do.
 Works Cited

Clay, Kelly. “Forty Million Target Customers Affected by Data Breach.” Forbes, Forbes
Magazine, 19 Dec. 2013, https://www.forbes.com/sites/kellyclay/2013/12/18/millions-of-
target-customers-likely-affected-by-data-breach/?sh=6f9563d37bd3.

McGrath, Maggie. “Home Depot Confirms Data Breach, Investigating Transactions from April
Onward.” Forbes, Forbes Magazine, 8 Sept. 2014,
https://www.forbes.com/sites/maggiemcgrath/2014/09/08/home-depot-confirms-data-
breach-investigating-transactions-from-april-onward/?sh=581836ab1321.

Johnson, Robert, and Adam Cureton. “Kant's Moral Philosophy.” Stanford Encyclopedia of
Philosophy, Stanford University, 21 Jan. 2022, https://plato.stanford.edu/entries/kant-
moral/.

Landau, Susan. “If We Build It (They Will Break in).” Lawfare, 5 Mar. 2020,
https://www.lawfareblog.com/if-we-build-it-they-will-break.

Baase, Sara. A Gift of Fire: Social, Legal, and Ethical Issues for Computers and the
…….Internet. Upper Saddle River, N.J: Pearson Education, 2003. Print.