29th October 2023

Access Controls Worksheet

As a part of my cybersecurity journey, I delved into the intricate world of access control. I understand the critical importance of restricting access to sensitive data and systems to maintain the integrity and confidentiality of information.

31st October 2023

Vulnerability Assessment Report

In my role, I conducted a vulnerability assessment on our e-commerce company's critical database server, focusing on access controls and guided by NIST SP 800-30 Rev. 1. The purpose was to identify potential risks and safeguard sensitive data, given the severe consequences of a breach. The assessment revealed various threats, including competitor-driven risks and potential cyberattacks, which we plan to address through the Principle of Least Privilege, a Defense in Depth strategy, Multi-Factor Authentication, and an Authentication, Authorization, Accounting (AAA) Framework. These measures are crucial for securing our valuable database server.

31st October 2023

STAR Responses Worksheet

In this worksheet, I present three pivotal professional experiences that spotlight my cybersecurity competencies and effective response to security incidents. The first experience outlines my role as a Technology Professional Intern at Los Angeles County Internal Services Department, involving secure coding practices and digital support for a mentorship project. The second, as the proprietor of Grace Coding, demonstrates my proficiency in vulnerability assessments and security awareness. Finally, my role as a Digital Aide at Delete The Divide underscores my adeptness in incident response and threat intelligence.

31st October 2023

Risk Register Sample Risk Matrix

In the operational environment of a coastal bank, where stringent financial regulations demand data and fund security, this risk register identifies potential risks to various assets, including funds, customer data, financial records, and physical security. These risks encompass scenarios such as business email compromise, user database compromise, and financial record leakage. The register assesses each risk's likelihood, severity, and priority, highlighting vulnerabilities within this unique operating context. This tool serves as a crucial instrument in proactively managing and mitigating potential security threats in a complex banking environment.

31st October 2023

Algorithm For File Updates In Python

In this project, I developed a Python algorithm as part of my role as a security professional at a healthcare company. The algorithm manages a file containing a list of authorized employees' IP addresses for accessing sensitive patient records. By automatically cross-referencing this list with a "remove list" of IP addresses, it ensures that only authorized personnel have access to confidential patient data. This automation contributes to maintaining the security and privacy of healthcare information. The algorithm involves tasks such as reading and manipulating file contents and offers a practical solution for managing IP address access control in a healthcare setting.

31st October 2023

PASTA Worksheet Portfolio

This portfolio item is based on the PASTA (Process for Attack Simulation and Threat Analysis) methodology. It encompasses multiple stages, including defining business and security objectives, evaluating technical scope, decomposing the application through a data flow diagram, conducting threat and vulnerability analyses, and creating an attack tree. The focus is on a sneaker company's application, emphasizing security considerations, technologies used, potential threats, vulnerabilities, and security controls to mitigate risks.

31st October 2023

Data Flow Diagram (PASTA Methodology)

This data flow diagram illustrates a simplified process involving user interaction with an application to search for sneakers. Using the PASTA (Process for Attack Simulation and Threat Analysis) methodology, it identifies key elements, data flows, and processes within this specific operation. Note that in a real-world application, such diagrams are typically more intricate, reflecting complex data interactions.

31st October 2023

Sample Attack Tree (PASTA Methodology)

This sample attack tree, created using the PASTA (Process for Attack Simulation and Threat Analysis) methodology, provides a visual representation of potential security threats to user data within an application. It outlines various attack vectors and their subcomponents, highlighting the intricate nature of security risks in application environments.

30th October 2023

Parking lot USB exercise

In the "Parking Lot USB Exercise," I analyzed a USB drive belonging to Jorge Bailey, revealing a mix of personal and work-related files. By adopting the mindset of a potential attacker, I assessed the risks associated with the USB's contents, emphasizing the dangers of USB baiting attacks and the critical need for security measures and employee awareness to safeguard against these threats.

30th October 2023

NIST SP 800-30 Rev. 1

NIST Special Publication 800-30 Revision 1 (NIST SP 800-30 Rev. 1) is a pivotal guidance document that offers a structured framework for conducting comprehensive risk assessments. This invaluable publication delineates methodologies for identifying, analyzing, and mitigating risks across various operational domains.

30th October 2023

File Permissions Project

As a security professional working with a prominent research team within a large organization, I embarked on a mission to fortify data security and access control. The primary objective of this project was to enforce stringent authorization measures by meticulously scrutinizing and adjusting file and directory permissions using Linux commands.

30th October 2023

Elevator Pitch Exercise

An elevator pitch activity I created during my coursework studies for potential jobs within cybersecurity based on my past experience.