Cybersecurity Portfolio 

This is my first security audit that I conducted. For a simulated company I created a risk assessment report. I assessed the scope and goals within the assessment report, then recommended controls and compliance needs for stronger security for the companies assets  

I created an incident report from a cyber attack from a threat actor. The simulated company experienced a former employee executing a brute force attack to gain access the web host. He repeatedly entered several known default passwords for the administrative account until he correctly guessed the right one. After he obtained the login credentials, he was able to access the admin panel and change the website’s source code. He embedded a javascript function in the source code that prompted visitors to download and run a file upon visiting the website. The file that visitors opened and ran was malware that made their computer’s run slow. The top recommendation I made was a stronger password policy implementation to cirumvent any future brute force attacks. 

This is a report that I created applying the National Institute of Standards and Technology Cybersecurity Framework. In summary, the simulated company experienced a Distributed Denial Of Service (DDOS) attack. The company's internal network services stopped responding due to incoming ICMP packets. I recommended the company to implement a new firewall to limit the rate of incoming ICMP packets. I also recommended that the security team can use SIEM tools for network monitoring and an IDS/IPS system along with source IP address verification on the new firewall implemented. 

This is a shorter report I created. The task was to make suggestions to a simulated company for network hardening. I was given a list of network hardening tools and methods and was tasked to recommend three to the simulated company to implement.