At some point in my life, I developed a strong aversion to criticism. This caused me to avoid it altogether during my early years. However, as I grew older, my aversion turned into defensiveness whenever I was critiqued. Fortunately, before I reached adulthood, I experienced a defining event that led to the development of a healthier and more accepting approach to criticism that made me a better writer and revitalized my enjoyment of reading.

My aversion to criticism began in second grade, where my school day was split into four periods. The first focused on basic math, science, and history, while the second period honed our literary skills. After lunch, I attended a gifted class where we explored the same topics in greater depth. As time passed, I began feeling disconnected from my peers and eventually became isolated. One day, our second-period assignment was to write an essay about ourselves, an opportunity I thought would allow me to express myself and make friends. However, when I presented my writing to the teacher, she scolded me in front of the class, insisting that I should avoid talking about my feelings in official assignments and should have talked about significant events instead. Her outburst compounded my feelings of being an outsider, especially because I was the only person who misunderstood the assignment, and so I withdrew, learning to avoid expressing myself openly. This seemingly trivial incident had a lasting effect on me, making me fearful of creative expression for the rest of my primary education.

By sixth grade, this fear had morphed into anger. The middle school I attended was in an affluent area, and I felt like I was behind my peers in all subjects. To catch up, I put in extra work outside of school, reading classic literature that I believed to be more beneficial when compared to the novels my peers were reading. Towards the end of the year, my literature teacher assigned a reading that I despised, a young adult novel about a boy turned beast who meets a mermaid. The teacher adored the book, but I couldn't stand it. So, I wrote an essay contrasting its importance to literature to A Tale of Two Cities to spite my teacher, even though the books had nothing in common, and I hardly understood the scale of the significance of the latter or former. Yet, I was proud of my writing, as felt like a reclamation of my creative spirit and it conveyed my feelings, even though they were formed in ignorance, but my teacher accused me of having someone else write it. While the criticism was fair considering I wasn’t the greatest student, it wasn’t beneficial to me as a writer, and it triggered the anger that had been brewing since second grade. I went home, wrote a new essay with intentionally bad grammar and spelling and tried to emulate the valley girl style of the mermaid. I turned it in the next day with a note asking if this was more in line with the teacher's expectations. Despite this anger-fueled response, I felt no validation and recognized that I gained nothing from doing it. It was then that I realized that the criticism that I had been given wasn’t good criticism. This was really the first time that I had this realization - that criticism is not inherently bad. I kept thinking that I would have been fine with the interaction if she would’ve given me a reason for why she felt I wasn’t the one who wrote the paper and given me a chance to explain myself. Of course, as a coming-of-age boy with social anxiety, I would never properly express how I felt until many years later. As an aside, we are friends now and have made amends.

In high school, I had another teacher with whom I would become good friends with. Unlike my previous experiences in English classes, this teacher had a much more open outlook on the work submitted by students. The students were expected to meet requirements, but the requirements were broad, and left many of the assignments up to the interpretation or creative whims of the students. I favored this and felt that the grading was more objective in nature. After I had passed the class, I became a teacher’s assistant for this class, and part of the responsibilities involved grading submitted work. I tried my best to grade the submissions as objectively as possible. Many of the student’s writings were deeply personal, and this caused me to reflect on my paper from second grade. Others had hints of bitterness that might have indicated displeasure in the assignment or material. I empathized with these students, and to avoid perpetuating the cycle of toxic criticism, I tried to be constructive and fair in my feedback. Through this process, I not only became comfortable with criticism but began to look forward to it and seek it out.

In conclusion, I learned immensely from observing the other students' strong and weak points, and even today, I apply elements of their writing in my own. Reading their work allowed me to recognize the emotions and feelings of writers, and my experience with literature became much more immersive and richer than it had been when I forced myself to read literature that I had little understanding of. I realized that my fear and defensiveness towards criticism stemmed from my negative experiences with it during my formative years. However, my defining event in high school taught me that not all criticism is created equal, and that constructive criticism can be invaluable in helping one grow, gain confidence and develop their skills. I am now able to accept criticism without feeling defensive, and I never would have reached this point had I truly given up on my development of literary skills.

Universal Basic Income (UBI) has been a topic of discussion for some time now, particularly during the 2020 Democratic presidential primary. One of the candidates, Andrew Yang, was a strong advocate for UBI, and it has gained increasing support among the general population as well with 45% of Americans supporting the policy (Gilberstadt, 2020). The policy guarantees a minimum income to all members of a particular community without any conditions, aiming to establish a minimum living standard consistent with the United Nations Universal Declaration of Human Rights (United Nations, 1948). In this essay, we will examine the goals of UBI, as well as arguments from both its supporters and detractors, to arrive at an informed opinion

One of the more recent claims supporting UBI is that it could help society cope with widespread unemployment in the face of rapidly advancing artificial intelligence (AI). The emergence of advanced language models such as GPT-4 and ChatGPT have driven this belief. UBI is being proposed as an alternative to traditional paid-for-labor or unemployment benefits in a scenario where AI and automation threaten the job market. This would enable our current market economy to continue to exist. While we may or may not be a few years away from such a scenario, a study on the labor supply effects of UBI found that the policy increased employment for women and entrepreneurship for men (Salehi-Isfahani & Mostafavi-Dehzooei, 2018; Jones & Marinescu, 2018). This is surprising because the expectation would be that unemployed individuals would be less motivated to find work. One possible explanation for the increase is that households had more flexibility and choice when it came to spending their money, which allowed them to invest in education for themselves and their children. This in turn provided opportunities for mothers or fathers who would have previously been caretakers to work while their children were at school or with babysitters. Additionally, households continued to receive money whether they were employed or unemployed, creating a new baseline that allowed previously risk-averse households to engage in opportunities that may not have been feasible before or earn more money overall. Interestingly, this benefit was not present when the payment was based on employment status (Moffit, 2019). Finally, an increase in consumer spending, which has been shown to occur with the introduction of UBI, would cause an increase in the number of available jobs because of an increase in demand for goods (Marcopolis, 2012).

The other major claim that has been universally popular amongst supporters is that a UBI is good for families. This claim is supported by several experimental studies, programs, and pilots that show a UBI results in babies being born healthier (Zafar & Birak, 2016). Children raised in families with regular income participated in less crime, had lower addiction rates, and better health as adults (Reuben, 2016). Additionally, people that received cash transfers lived a longer life, attained more education, maintained healthier weights, and earned higher income than those that did not (Eli, 2016). Many of these can be explained by the increase in opportunities (Brookings, n.d.) and decrease in stress (Blanding, 2018) that comes with having more money.

The biggest pushback against UBI has been by the cost. One estimate suggests that a UBI for all American adults to receive 1,000 a month or 12,000 a year, the policy would need 2.8 trillion USD of funding a year (Pomerleau, 2017). There have been a few proposals that would be deficit neutral, however, they would require major cuts to existing welfare and transfer programs (Jenson & Metz, 2020). The Penn Wharton Options for Universal Basic Income suggests “three ways to finance a Universal Basic Income program: with deficits, a payroll tax and with transfers funded by external sources. Under all three scenarios, a Universal Basic Income program dampens hours worked, capital services, GDP and Social Security revenues” (Penn Wharton, 2018).

I often hear people argue that a UBI will cause people to stop working, however, several studies that I have referred to suggest the opposite (Salehi-Isfahani & Mostafavi-Dehzooei, 2018; Jones & Marinescu, 2018). I believe a more realistic argument is UBI causing a rise in inflation. It makes sense that if consumer spending increased aggregate demand would as well and supply would fall, causing prices to rise which is known as demand pull inflation. This is indeed a cause for concern, and I have seen studies that support (Miller, 2017) and deny (Cunha et al., 2011) this claim. It seems that this will remain a point of contention until further studies are done at a larger scale. My personal view is that while demand pull inflation is a concern, an increase in entrepreneurship and the overall workforce could lead to more competition in a variety of industries, thus leading competitive pricing to act as a moderator for inflation.

In summary, UBI has both benefits and challenges, and further research and modeling are necessary to determine its viability. Nonetheless, given the potential impact of AI on employment, it is critical to explore policy options that could help minimize the impact on households. Thus, UBI remains a compelling policy to consider, and I am hopeful that future studies will provide greater clarity on its potential efficacy.

In recent years, there has been a marked increase in the activity of advanced persistent threats (APTs), particularly those carried out by nation-state actors. The number of significant nation-state incidents has risen by 100% between 2017 and 2021 (HP Threat Research, n.d.), and it has doubled again between 2021 and 2022 (Microsoft, 2021). This increase is largely attributed to various factors, including the ongoing conflict in Ukraine, the aggressive espionage targeting Ukraine’s allies, the need for funds to support Russia's war effort, the development of increasingly advanced tooling that makes previously difficult attacks easier, and the shift to remote work due to the global Covid-19 pandemic.

Russian-backed APTs have been the largest contributor to this increase (VPN Overview, 2021), targeting multinational enterprises and critical national infrastructure (CNI) with ransomware attacks, in addition to attacking Ukrainian infrastructure. North Korea has also been found to use money from its ransomware attacks to fund its nuclear program (BBC News, 2022), and it appears that Russia is following suit. Russia is estimated to have made a significant profit from ransomware attacks (VPN Overview, 2021), highlighting the lucrative nature of cybercrime and the financial incentive for nation-states to engage in it. Furthermore, China, Russia, and the United States have been engaging in both military and corporate espionage, with China estimated to have stolen a significant amount of intellectual property (Bloomberg, 2021). If nations continue to profit from cybercrime at such large margins, it will likely continue to increase

Additionally, APTs have increasingly targeted critical infrastructure such as power grids, hospitals, and natural gas companies, often using ransomware attacks (HP Threat Research, n.d.). This creates a strong incentive for these organizations to pay the ransom, providing the APTs with funds to expand their tooling and teams. Exploits and zero-day vulnerabilities are frequently leaked such as EternalBlue in 2016, allowing nation-states to streamline previously difficult hacking techniques. Nation-states take advantage of Command and Control (C2) software that frequently have modules for known exploits to serve as an all-in-one control center for infected machines and obfuscating activity, making detection significantly more difficult for the defenders, and pivoting easier for the attackers.

Furthermore, the shift to remote work has created a new attack surface for APTs to exploit, including personal devices, home networks, and unfamiliar technology used for working from home. Social engineering techniques are often used to take advantage of this human factor. Additional attacks can range from taking advantage of vulnerabilities in outdated software to unsecured IoT devices that are not subnetted, as well as zero-day vulnerabilities in new software such as VPN clients, collaboration tools, and cloud-based tools.

In summary, the increase in APT activity, particularly those carried out by nation-states, is due to various factors, including geopolitical conflicts, financial gain, and advancements in hacking techniques. The shift to remote work has also created new attack surfaces for APTs to exploit. It is crucial for organizations to remain vigilant and take appropriate measures to protect their critical infrastructure and data in a time of increasing digital complexity.

In Task 3, I discussed the problem of increasing Advanced Persistent Threat (APT) activity and identified potential causes that include the ongoing war in Ukraine, the profitability of ransomware and attacks on critical infrastructure, increasing ease-of-use tooling that enables low-skill attackers to perform advanced attacks, and the shift from on-site work to remote work. While all these factors contribute to the problem, addressing the issue requires a multifaceted approach that identifies all the factors involved and develops a comprehensive solution. Throughout the essay, I will discuss the various factors involved in APT attacks and describe how a solution that addresses all of them is to provide awareness and education at various levels to all people involved in the system by implementing universal standards, promoting safe security practices, promoting open source and disclosure, and thorough incident response.

The common factor in all vulnerabilities is human error, making the enforcement of good coding practices and the use of known good code essential to prevent errors (Packetlabs, 2019). The first step to reducing the threat of APTs is to establish flexible, universal standards that can easily be updated and adhered to. These standards would need to be internationally agreed upon, followed, and enforced. For instance, the General Data Protection Regulation (GDPR) sets data protection standards for members of the European Union but falls short of being universal. The Payment Card Industry Data Security Standard (PCI-DSS) is a standard set by the payment card industry that requires security controls for organizations that support electronic payments for certain providers (Microsoft, 2023). Although this policy is headed in the right direction, it only applies to a small sector of the system. Currently, there are no international policies that promote or require secure coding practices. The implementation of such a policy has the potential to mitigate many of the exploits that APTs take advantage of. Good practices that can be included in the policy include using memory-safe languages, implementing input validation, avoiding hardcoded passwords, using prepared statements for database queries, error handling, and secure data storage. Additionally, applications should be set to use secure options by default, alerting users when something might be insecure.

In addition to human error in the development of software, there is also human error in its use, such as reusing passwords, using simple passwords, disclosing API keys, and security misconfigurations. Educating and promoting safe practices to end users is an approach that can be used to solve this problem. This includes regular or automatic software updates, using complex passwords and multiple factor authentication, and avoiding suspicious links. There are organizations such as the National Cyber Security Alliance (NCA), Cybersecurity and Infrastructure Security Agency (CISA), and the National Institute of Standards and Technology (NIST) that aim to promote safe practices (Cybersecurity and Infrastructure Security Agency, n.d.).

There has been an increase in vulnerability disclosure programs and bug bounty programs that aim to crowdsource security, such as HackerOne (HackerOne, n.d.) and BugCrowd (BugCrowd, n.d.). These programs offer rewards to researchers who report vulnerabilities they discover. This is part of a larger effort of the cybersecurity community that believes in strength in numbers. Another example of this mentality is the push towards using open-source software. If the software is open source, any developer can provide feedback on the source code and potentially spot any errors that might have been made by the original developer and request a fix. If there were more promotion regarding these two types of approaches to security, along with other approaches, there may be fewer vulnerabilities for bad actors to exploit. Successful examples of open-source software include OpenSSL (OpenSSL, n.d.), WordPress (WordPress, n.d.), and Linux (Torvalds, n.d.).

Organizations need to be aware that software will never be fool-proof and have a plan in place that allows them to return to business operations quickly and reliably in the case that systems are compromised. This can involve the use of backups for mission-critical systems, secure storage of sensitive data, and cooperation with law enforcement. Regular simulations and drills can be used to evaluate the current response status. Additionally, there needs to be transparency when breaches occur, including how they happened, what they affected, and what the response was. Such transparency builds trust between users and vendors and can also help other organizations improve their incident response strategies (Harvard, 2015).

To prevent advanced persistent threat (APT) attacks, organizations can utilize threat intelligence, which identifies the common tactics, techniques, and procedures (TTPs) used by attackers. Various organizations centralize such intelligence, and by understanding their attackers' TTPs, organizations can put in place appropriate mitigations for the industry and APTs most likely to target them. Furthermore, threat intelligence and threat hunting can detect whether an organization has already been breached, as APTs can have access to machines for nearly 200 days before being discovered (Muncaster, 2015). However, it's essential to keep in mind that APTs frequently change their methods, necessitating staying up-to-date on the latest threat intelligence and security best practices. An essential part of the security strategy is a dedicated team responsible for monitoring and responding to potential threats.

Overall, protecting against APT threats requires a multifaceted approach. This includes things like establishing universal standards for secure coding practices, educating end-users on safe practices, promoting vulnerability disclosure and bug bounty programs, maintaining effective incident response plans, utilizing threat intelligence and security frameworks, and remaining vigilant and adaptable. By taking these steps, organizations can significantly reduce the risk of falling victim to APT attacks and thereby stop the trend that I discussed in Task 3.