Cybersecurity
A collection of cybersecurity projects, research, and technical writeups. Here you'll find practical insights from SIEM engineering, threat hunting, and hands-on security projects.
Each project/writeup tries to simulate real-world experience and lessons learned in the field.
Cloud Security
As the cloud security engineer at SWBTL LLC, I have been tasked with addressing the security concerns and lack of documentation left behind by a disgruntled employee.
SWBTL LLC contracts with the government and processes card payments daily. So it must comply with certain regulations such as the Federal Information Security Modernization Act (FISMA) and the Payment Card Industry Data Security Standard (PCI DSS). With the upcoming NIST SP 800-53 assessment, it's critical to secure the organization's security posture. Upon assessing and verifying the current vulnerabilities, I will recommend and implement configuration changes that align with business requirements and comply with regulatory guidelines to ensure adherence. This paper will give the company an overview of its current cloud environment and recommendations and mitigations to improve the security posture of the organization.
Penetration Testing Report
As an information security analyst at Pruhart Tech, I have been tasked to ensure that the testing plan aligns with the security controls within the information environment of Western View Hospital.
We will be utilizing Pruhart Tech's information security penetration testing method with the cooperation of Western View Hospital's IT staff to coordinate a safe and complete test within the approved scope. There will be two testing phases: internal assets and external assets. Western View Hospital has made clear the extent of testing that should be done, and the focus will be on the network level and social engineering. This paper will give an analysis of the penetration testing plan, in addition to any recommendations and solutions.
Network Merger and Implementation Plan
As the cybersecurity professional for Company A, I have been assigned to address the security issues and challenges involved in merging the networks of Company B following its acquisition.
To ensure that Company B's infrastructure can integrate with Company A's existing infrastructure. Risk-based decisions will be involved for a smooth transition, utilizing the vulnerability scans, network diagrams, and assessments from Company B, comparing them with Company A's risk analysis and network diagram to develop a secure network design to merge the two networks successfully. In the implementation of security designs addressing cloud capabilities/adoption, ensuring compliance, and also budget constraints will need to be taken into account. This paper will give company executives a possible solution to implement the merger.