‭ ver the duration of our course, we discussed many non math, non technical subjects of‬

O
‭which many that were surely new to us. Through our lectures, conversations, and the writing of‬
‭our own ideas every week, my understanding of decision making, ethically applied problem‬
‭solving, and the many imperative soft skills I will need to succeed, has improved drastically. In‬
‭my final paper, I will first go over the set of criteria of personal ethics and principles that I will‬
‭use to better perform in cyber security, and then I will show the soft skills that this class has‬
‭propped up for me in order to show how at all this course has changed my views.‬
‭Sitting in lectures and hearing the views of others every week was incredibly important to‬
‭me, though I was not surprised to see how different people were politically in both their‬
‭reasoning and their ideas, mainly just impressed. This has lent itself to me in a way, because I‬
‭know that my first and foremost objective leaving school is to remove bias. This principle will be‬
‭the determining factor of my success because the World is too large, and consisting of too many‬
‭ideas, to be so objective. If I can properly remove many of my learned biases, as well as the need‬
‭for confirmation bias, I will be able to better access that that is around me. We discussed in class‬
‭the idea of confirmation bias, in which one only looks for supporting information to prove their‬
‭already placed side of an argument. The reason I would like to remove bias from my thinking is‬
‭so that another of my core principles, credibility, will be just that. Being credible is irreplaceably‬
‭valuable in cyber security. Many of those hiring us are putting everything on the line when‬
‭choosing who to handle their security, so I must be someone they can trust. After trust, another‬
‭large supporting pillar to my ethical principles is respect. I will many times be faced with‬
‭problems in which I could choose an easy way out, choose the money, or choose a path that‬
‭could hurt clients. In order to succeed, I must avoid those choices at all costs. If I show respect‬
‭towards others, and treat them honestly and in a way that protects them, I will be doing exactly‬
‭what security is supposed to do. Lastly, and off the end of respect for others, I would like to talk‬
‭about money. As deceiving as it may be, I find it so important to not let it sway my decision‬
‭making in the future. We have seen case studies in class of companies abusing money making‬
‭schemes, such as the Enron scandal. This felt obviously wrong from start to finish, and nothing‬
‭short of disgusting to me. This is not how I want to make money, and I know that if I were to do‬
‭anything close to as slimy, I would not be able to sleep at night. After looking at multiple core‬
‭values of mine, I would like to quickly show how this class has changed my thinking.‬
‭Going into this course, I came with some solid foundational understanding of some of the‬
‭ideas we began with. However, the applications of these concepts towards the world of security‬
‭was enjoyable and thought provoking. Though I had biases towards one belief system over the‬
‭others, this class forced me into considering other options that I previously tossed out the‬
‭window. I really appreciated that, as it could be a factor in leaving bias behind me in the grand‬
‭scheme of things. This application has laid a newfound disposition for me within the security‬
‭lens, and has shown that in security, there is much value to the many different applications of‬
‭thought and how to use them in the many different contexts I will find myself in. This class has‬
‭not just shown the many reasons to use many different ways of thinking to solve problems, but‬
‭has also shown the many soft skills that we will need for our success in the industry.‬
 I‭ want a long, eventful and fulfilling career in cyber security. Due to taking this class (and‬
‭well in part to my CPRE 294 class I took this semester) I have a much better understanding of‬
‭what soft skills and business skills will benefit me the most. I think the first skill that’ll be to my‬
‭advantage in a pressured environment such as security is to maintain a level headed calmness.‬
‭This will let me assess any situation I get dropped into. It is a stressful environment with a lot on‬
‭the line. Also, I could be doing a job in a new setting weekly if I were to do some form of‬
‭contracting, so being able to stay calm and level headed will help narrow in fast on what is‬
‭around me to do my job better. This level headedness won’t just be good for me, but for others. I‬
‭like to lead, and a leader should be the last person to lose their composure. If I walk onto a scene‬
‭and throw up my hands as onlookers watch, they too will begin to break down. Talking about‬
‭leadership, this is another skill I value. We had a class discussion over the situation in which you‬
‭get called into a meeting to either drop the reporting of well known CVE’s or to leave your‬
‭position. I think that you have to take an authoritative position here, even in the midst of two‬
‭company leaders. We talked about how that could end up costing you your job, but in the long‬
‭run you will be blamed if an attacker uses those vulnerabilities later on and most likely fired for‬
‭that. Leadership is how I want to be impactful in the workforce. I don’t like the idea of working‬
‭under people, though it will be a necessity for the beginning of my career. I also want to lead in‬
‭order to have my ideals and core values at the top, rather than them having less precedence over‬
‭important decisions compared to a higher up that I might not agree with. This is because I feel‬
‭like the way I handle problems and what I value is something I believe in and is compatible with‬
‭good security. Another soft skill that branches off from my beliefs is the ability to plan and‬
‭prioritize what must be done. I read an article from a professional hacker about the use of time‬
‭management and threat assessment and its large importance. Under the twitter handle,‬
‭@TinkerSec, he said that “you will never have enough time to finalize a pen test, you’ll almost‬
‭never get through your playbook and strategy. So the number one thing is to understand the‬
‭importance of security flaws and the hidden ‘weights’ they each have.” I thought this was a‬
‭completely accurate statement on valuing some vulnerabilities over others, as it ties into this idea‬
‭of prioritization. Now, if you are on the blue team end of things, you have more time to prepare‬
‭for attacks, but prioritization of tasks to do in the middle of an attack is still important. Having‬
‭plans for outcomes that are likely to happen is what sets good security apart from bad. There are‬
‭more general soft skills I feel are important to me, including working well with others, dressing‬
‭well, continuous learning, and not underestimating attackers being the few with little needed‬
‭explanation. These are all skills that I feel I can do well, given the criteria and ethical basis I‬
‭have laid out for myself. However, being that I am requiring a lot out of myself, there are things‬
‭that could get the better of me if I am not careful.‬
‭The security industry has pretty high stakes to put in bluntly. A company can spend years‬
‭developing software or filming a movie or really anything. All of that can become null if security‬
‭is even slightly flawed. This puts a large amount of stress on those of us entering the field to‬
‭those who have been involved for their whole career. Again from the user @TinkerSec, I read a‬
‭longer twitter thread about a personal experience he had revolving around overwork. Because of‬
h‭ is drive to earn money at the time, he never took breaks. He would write up reports from last‬
‭week’s pen test, work on this week’s current test, and scout for any possible targets for next‬
‭week. He worked and hacked so much that the glucose ran dry in his brain, causing seizures‬
‭every time he started trying to work. The stress, over use of the brain and lack of liveable time‬
‭management was enough to make him lose his job during recovery, and develop a form of PTSD‬
‭correlated to the act of hacking. In my future career, I worry that time management will be‬
‭difficult to solve, and the stress involved in security could end up being too much if I don’t‬
‭handle it well like he did. At school, when work starts to pile up, I often get very stressed and‬
‭overwhelmed. If I want to become a successful security engineer, I need to soon figure out how‬
‭to manage my time and stress in a way that is resourceful and healthy for my career, but more‬
‭importantly, me.‬
‭After looking at some core values of mine, I would like to build an ethical code with‬
‭these following traits: Always adhere to a strict policy of working towards a more secure future.‬
‭To do so, maintain credibility, trust, and a responsibility to lead the industry forward. Don’t quit‬
‭on those who need service. Provide quality and top of the line security in an approachable and‬
‭evolving way that won’t fall behind. Accel in risk management. Be professional and removed‬
‭from bias or any conflict of interests. Continue learning. Violations of the is a break of condition‬
‭that must be maintained.‬
‭In lecture, we went over what makes a good code of ethics. Does my code attempt to‬
‭reconcile individual or cultural differences into a unified set of guiding principles and duties? I‬
‭believe it does, as the main object is to work equally with anyone who requires aid. I have‬
‭focused heavily on making sure little to no bias will go into decision making. Has a minimum‬
‭been set for acceptable conduct by employees/members? Yes, as I have created large‬
‭expectations for those adhering to my code of ethics. Is this something that any future employee‬
‭would be able to agree on? I believe that it is, and that it will also pull forth many of those who‬
‭truly care about the betterment of security in our World. There is nothing that would potentially‬
‭bar one from being accepted apart from the things they can change, such as work ethic and drive.‬
‭Will violations have arbitration processes, and can they lead to discipline or expulsion? I would‬
‭agree that violations of a code like this would ultimately mean they did something very wrong. If‬
‭this code is broken, disciplinary action will be taken. Ultimately, do people take them seriously‬
‭to the extent they’re communicated and enforced? This code is a serious and sound code of‬
‭ethics that would surely be taken seriously. I have only met those in security who care deeply‬
‭about our field. This basic ethics code is not far off of what most of those in the field already care‬
‭about.‬