My Work
Here's a collection of exercises and tasks I have completed as part of my learning and training.
Python Algorithm
For updating permissions
This project was designed to help control access to restricted content. I was required to work with a text file containing IP addresses that are allowed to access specific restricted content. This involved parsing the file to read and update the contents, and then develop an algorithm to automate the process of parsing and updating the file (by removing IP addresses that no longer have access to the restricted content).
Linux Permissions
Managing file and directory access
The research team at my organization needs to update the file permissions for certain files and directories within the projects directory. The permissions do not currently reflect the level of authorization that should be given. Checking and updating these permissions will help keep their system secure. To complete this objective, I performed these tasks.
SQL Queries
Applying filters to investigate security issues
I am a security professional at a large organization. Part of my job is to investigate security issues to help keep the system secure. I recently discovered some potential security issues that involve login attempts and employee machines.
I examined the organization’s data in the employees and log_in_attempts tables. I used SQL filters to retrieve records from different datasets and investigate the potential security issues.
Security Incident Reporting
Using tcpdump log analysis
The primary goal of this activity was to identify the network protocol used in an incident, where customers reported poor performance from their computers after accessing a specific website.
Security Ticket Handling
Triaging potential phishing attack
This exercise involved processing a ticket generated by an employee that had potentially engaged a phishing attempt. Using VirusTotal to investigate the details of the suspicious email and attachment.
Vulnerability Assessment Reports
Evaluating a server for vulnerabilities
Evaluating vulnerabilities, risks and potential remediation strategies for a specific server containing valuable databases of sensitive information.
Risk Register
Evaluating a bank's risk level
The bank is located in a coastal area with low crime rates. Many people and systems handle the bank's data—100 on-premise employees and 20 remote employees. The customer base of the bank includes 2,000 individual accounts and 200 commercial accounts. The bank's services are marketed by a professional sports team and ten local businesses in the community. There are strict financial regulations that require the bank to secure their data and funds, like having enough cash available each day to meet Federal Reserve requirements.
Incident Report Analysis
Reviewing a data leak
Reviewing a data leak incident and providing recommendations for security hardening measures.
Incident Summary Report
Reviewing a DDoS attack
Using the NIST CSF to evaluate the lifecycle of a Distributed Denial of Service (DDoS) attack on a company's network.