Identify, Explain, Determine, Implement — And a Career Detour

🔑This page doesn't reteach 1.1.1–1.1.3 — it hands you the format professionals (and AP free-response questions) actually use to write up a security finding, plus two things this project introduces for the first time: working under real team norms, and a first look at a cybersecurity career path.
AP Skills 1.A–1.B, 2.A–2.BAP Skill

The Identify → Explain → Determine → Implement Format

Vague advice doesn't help a coworker, and it doesn't score well on the AP exam either. Both reward the same structure: name the specific problem, explain how it could actually be exploited, decide on a fix, and describe putting that fix into action.

🪜 The Task-Verb Ladder — click each rung
Name the specific vulnerability, threat, or risk you're looking at. Be concrete — not 'there's a security problem,' but exactly which one.
ExampleGuided Example — A Suspicious Login Log

A coworker forwards you this snippet from their account's login history and asks if anything looks wrong: 10:02 AM — Login success — Chicago, IL — known device 10:03 AM — Login success — Chicago, IL — known device 2:47 AM — Login success — Lagos, Nigeria — unknown device 2:48 AM — Password changed 2:51 AM — New recovery email added

Identify
A login from an unfamiliar location and device at 2:47 AM, immediately followed by a password change and a new recovery email — three changes in four minutes, none of them normal behavior for this user.
💡Notice how little of this required new knowledge — the login-log reasoning leans directly on what you already know about credential compromise from 1.1.2 and 1.1.3. The new part is purely the structure you used to write it up.
Concept

Why Team Norms Matter Here

A help desk team only works if coworkers trust that a mistake gets fixed, not hidden. Strong team norms tend to share a few traits: they're specific enough to actually guide behavior (not just "be respectful"), they get written down somewhere the team actually revisits, and they treat mistakes as something the team catches together rather than something one person hides.

✍️When your team drafts norms, test each one the same way you tested your Code of Conduct rules back in 1.1.1: if everyone actually followed this exact norm, would the team's work actually improve? If the answer is unclear, the norm probably needs to be more specific.

An ethics question worth sitting with

Sharing a password with a trusted person feels harmless — until something goes wrong under that account. If someone else does something unethical or illegal while logged in with a shared password, who's actually accountable: the account holder, or the person who acted? There's no clean answer, which is exactly why it's worth discussing with your team before you're the one making the call.

Career

Career Spotlight: Cyber Defense Incident Responder

This role is the professional version of what you just practiced: someone reports a security concern, and the incident responder has to triage it — figure out what actually happened, how serious it is, and what to do about it, fast. On a given day that might mean reviewing logs like the one above, walking an employee through securing a compromised account, or helping contain a larger breach before it spreads.

Typically expectedCommon entry paths
Comfort with logs and basic networkingAssociate's or bachelor's degree in cybersecurity/IT, or equivalent experience
Calm, methodical communication under pressureEntry-level SOC (security operations center) analyst roles
Familiarity with common frameworks and toolsIndustry certifications like CompTIA Security+

If today's role-play felt more interesting than tedious, that's a genuine signal worth paying attention to — incident response is largely built from exactly this kind of triage.

← Back to Project 1.1.4Next: Unit 2 Overview →Unit 1 (PLTW) complete.
Built with v0