Professional Documents
Culture Documents
O
which many that were surely new to us. Through our lectures, conversations, and the writing of
our own ideas every week, my understanding of decision making, ethically applied problem
solving, and the many imperative soft skills I will need to succeed, has improved drastically. In
my final paper, I will first go over the set of criteria of personal ethics and principles that I will
use to better perform in cyber security, and then I will show the soft skills that this class has
propped up for me in order to show how at all this course has changed my views.
Sitting in lectures and hearing the views of others every week was incredibly important to
me, though I was not surprised to see how different people were politically in both their
reasoning and their ideas, mainly just impressed. This has lent itself to me in a way, because I
know that my first and foremost objective leaving school is to remove bias. This principle will be
the determining factor of my success because the World is too large, and consisting of too many
ideas, to be so objective. If I can properly remove many of my learned biases, as well as the need
for confirmation bias, I will be able to better access that that is around me. We discussed in class
the idea of confirmation bias, in which one only looks for supporting information to prove their
already placed side of an argument. The reason I would like to remove bias from my thinking is
so that another of my core principles, credibility, will be just that. Being credible is irreplaceably
valuable in cyber security. Many of those hiring us are putting everything on the line when
choosing who to handle their security, so I must be someone they can trust. After trust, another
large supporting pillar to my ethical principles is respect. I will many times be faced with
problems in which I could choose an easy way out, choose the money, or choose a path that
could hurt clients. In order to succeed, I must avoid those choices at all costs. If I show respect
towards others, and treat them honestly and in a way that protects them, I will be doing exactly
what security is supposed to do. Lastly, and off the end of respect for others, I would like to talk
about money. As deceiving as it may be, I find it so important to not let it sway my decision
making in the future. We have seen case studies in class of companies abusing money making
schemes, such as the Enron scandal. This felt obviously wrong from start to finish, and nothing
short of disgusting to me. This is not how I want to make money, and I know that if I were to do
anything close to as slimy, I would not be able to sleep at night. After looking at multiple core
values of mine, I would like to quickly show how this class has changed my thinking.
Going into this course, I came with some solid foundational understanding of some of the
ideas we began with. However, the applications of these concepts towards the world of security
was enjoyable and thought provoking. Though I had biases towards one belief system over the
others, this class forced me into considering other options that I previously tossed out the
window. I really appreciated that, as it could be a factor in leaving bias behind me in the grand
scheme of things. This application has laid a newfound disposition for me within the security
lens, and has shown that in security, there is much value to the many different applications of
thought and how to use them in the many different contexts I will find myself in. This class has
not just shown the many reasons to use many different ways of thinking to solve problems, but
has also shown the many soft skills that we will need for our success in the industry.
I want a long, eventful and fulfilling career in cyber security. Due to taking this class (and
well in part to my CPRE 294 class I took this semester) I have a much better understanding of
what soft skills and business skills will benefit me the most. I think the first skill that’ll be to my
advantage in a pressured environment such as security is to maintain a level headed calmness.
This will let me assess any situation I get dropped into. It is a stressful environment with a lot on
the line. Also, I could be doing a job in a new setting weekly if I were to do some form of
contracting, so being able to stay calm and level headed will help narrow in fast on what is
around me to do my job better. This level headedness won’t just be good for me, but for others. I
like to lead, and a leader should be the last person to lose their composure. If I walk onto a scene
and throw up my hands as onlookers watch, they too will begin to break down. Talking about
leadership, this is another skill I value. We had a class discussion over the situation in which you
get called into a meeting to either drop the reporting of well known CVE’s or to leave your
position. I think that you have to take an authoritative position here, even in the midst of two
company leaders. We talked about how that could end up costing you your job, but in the long
run you will be blamed if an attacker uses those vulnerabilities later on and most likely fired for
that. Leadership is how I want to be impactful in the workforce. I don’t like the idea of working
under people, though it will be a necessity for the beginning of my career. I also want to lead in
order to have my ideals and core values at the top, rather than them having less precedence over
important decisions compared to a higher up that I might not agree with. This is because I feel
like the way I handle problems and what I value is something I believe in and is compatible with
good security. Another soft skill that branches off from my beliefs is the ability to plan and
prioritize what must be done. I read an article from a professional hacker about the use of time
management and threat assessment and its large importance. Under the twitter handle,
@TinkerSec, he said that “you will never have enough time to finalize a pen test, you’ll almost
never get through your playbook and strategy. So the number one thing is to understand the
importance of security flaws and the hidden ‘weights’ they each have.” I thought this was a
completely accurate statement on valuing some vulnerabilities over others, as it ties into this idea
of prioritization. Now, if you are on the blue team end of things, you have more time to prepare
for attacks, but prioritization of tasks to do in the middle of an attack is still important. Having
plans for outcomes that are likely to happen is what sets good security apart from bad. There are
more general soft skills I feel are important to me, including working well with others, dressing
well, continuous learning, and not underestimating attackers being the few with little needed
explanation. These are all skills that I feel I can do well, given the criteria and ethical basis I
have laid out for myself. However, being that I am requiring a lot out of myself, there are things
that could get the better of me if I am not careful.
The security industry has pretty high stakes to put in bluntly. A company can spend years
developing software or filming a movie or really anything. All of that can become null if security
is even slightly flawed. This puts a large amount of stress on those of us entering the field to
those who have been involved for their whole career. Again from the user @TinkerSec, I read a
longer twitter thread about a personal experience he had revolving around overwork. Because of
h is drive to earn money at the time, he never took breaks. He would write up reports from last
week’s pen test, work on this week’s current test, and scout for any possible targets for next
week. He worked and hacked so much that the glucose ran dry in his brain, causing seizures
every time he started trying to work. The stress, over use of the brain and lack of liveable time
management was enough to make him lose his job during recovery, and develop a form of PTSD
correlated to the act of hacking. In my future career, I worry that time management will be
difficult to solve, and the stress involved in security could end up being too much if I don’t
handle it well like he did. At school, when work starts to pile up, I often get very stressed and
overwhelmed. If I want to become a successful security engineer, I need to soon figure out how
to manage my time and stress in a way that is resourceful and healthy for my career, but more
importantly, me.
After looking at some core values of mine, I would like to build an ethical code with
these following traits: Always adhere to a strict policy of working towards a more secure future.
To do so, maintain credibility, trust, and a responsibility to lead the industry forward. Don’t quit
on those who need service. Provide quality and top of the line security in an approachable and
evolving way that won’t fall behind. Accel in risk management. Be professional and removed
from bias or any conflict of interests. Continue learning. Violations of the is a break of condition
that must be maintained.
In lecture, we went over what makes a good code of ethics. Does my code attempt to
reconcile individual or cultural differences into a unified set of guiding principles and duties? I
believe it does, as the main object is to work equally with anyone who requires aid. I have
focused heavily on making sure little to no bias will go into decision making. Has a minimum
been set for acceptable conduct by employees/members? Yes, as I have created large
expectations for those adhering to my code of ethics. Is this something that any future employee
would be able to agree on? I believe that it is, and that it will also pull forth many of those who
truly care about the betterment of security in our World. There is nothing that would potentially
bar one from being accepted apart from the things they can change, such as work ethic and drive.
Will violations have arbitration processes, and can they lead to discipline or expulsion? I would
agree that violations of a code like this would ultimately mean they did something very wrong. If
this code is broken, disciplinary action will be taken. Ultimately, do people take them seriously
to the extent they’re communicated and enforced? This code is a serious and sound code of
ethics that would surely be taken seriously. I have only met those in security who care deeply
about our field. This basic ethics code is not far off of what most of those in the field already care
about.