Home | About Me | Resume | Blog
Projects, Labs, and Programs
This page represents my passion and dedication to cybersecurity, showcasing a collection of projects, hands-on labs, and professional programs that have helped shape my journey. Each project has provided me with the opportunity to dive deeper into cybersecurity principles, gain practical, real-world experience, and sharpen my technical skills. From formal training initiatives to independent explorations, this portfolio reflects my growth as I pursue my goal of becoming a skilled cybersecurity professional.
As you explore this page, you’ll find the highlights of programs I’ve completed, projects I’ve worked on, and labs where I’ve challenged myself to continuously learn and improve upon my skills. I’ve also included links to reports, datasets, and presentations to give you more insight into my work. I hope you enjoy following along on my journey as much as I’ve enjoyed living it—thank you for visiting!
Table of Contents
- Programs, Internships, and Virtual Experience
- Projects/Activities
- Virtual Security Operations Center (SOC) Project
- Cybersecurity Incident Response Project (NIST CSF)
- Cybersecurity Network Attack Analysis Project
- Cybersecurity Incident Report Project
- Vulnerability Assessment Report
- Network Hardening Assessment
- Botium Toys Security Audit Scenario
- OS Hardening Techniques
- InfoSec Data Handling Assessment
- Linux File Permission Management
- Labs
Programs, Internships, and Virtual Experience
AIG Cybersecurity Engineering Program (December 2024)
- Served as an Information Security Analyst addressing the critical Log4j vulnerability (CVE-2021-44228), conducting research and infrastructure analysis to draft a detailed remediation plan for impacted teams.
- Crafted an advisory email to notify the Product Development team of the vulnerability, detailing its risks, potential impacts, and actionable remediation steps to prevent exploitation.
- Developed and executed a Python-based brute-force script to decrypt a ransomware-encrypted file during a simulated attack, showcasing technical proficiency in incident response and encryption methodologies.
Telstra Cybersecurity Program (September 2024)
- Served as an Analyst and Security Engineer in the Telstra Security Operations Center (SOC), leading efforts to respond to a malware attack targeting critical infrastructure and coordinating with relevant teams for swift incident response.
- Proactively analyzed firewall logs to detect malicious patterns, providing actionable insights and collaborating on the development of technical solutions to enhance firewall security.
- Engineered, scripted, and implemented a custom Python firewall rule to block malicious traffic exploiting the Spring4Shell vulnerability (CVE-2022-22965), strengthening network defenses.
- Conducted a thorough incident postmortem, including root cause analysis and risk impact assessment, and delivering key recommendations to bolster future prevention measures and system hardening.
Commonwealth Bank Intro to Cybersecurity Program (August 2024)
- Served as a Cybersecurity Generalist on Commonwealth Bank’s Fraud Detection and Response Team, contributing to efforts in identifying and mitigating security threats.
- Utilized Splunk to analyze and visualize transactional data, uncovering patterns related to potential fraud and enhancing incident detection capabilities.
- Led the management of a simulated phishing and malware attack, applying the Incident Response Lifecycle (containment, eradication, and recovery), and implementing steps for improved future prevention.
- Developed security awareness materials, including infographics promoting secure password management practices, aligned with Australian Cybersecurity Centre best practices.
- Performed penetration testing on web applications, identifying critical vulnerabilities and providing actionable remediation strategies to enhance application security.
PwC Switzerland Cybersecurity Program (August 2024)
- Served as a Cybersecurity Analyst and Consultant on PwC Switzerland’s Cybersecurity Team, leading initiatives to identify security gaps and vulnerabilities within client networks.
- Performed an in-depth risk assessment, uncovering critical weaknesses in information security and aligning recommendations with industry standards like NIST and ISO/IEC 27001.
- Developed a comprehensive defense strategy, incorporating layered security measures such as network segmentation, firewalls, and enhanced access control.
- Authored a detailed security report, outlining actionable steps for improving network security, including firewall optimization and stricter access protocols.
- Presented risk management strategies to client stakeholders, offering tailored solutions to enhance their overall cybersecurity posture and mitigate future risks.
Datacom Cybersecurity Virtual Experience Program (August 2024)
- Served as a Cybersecurity Analyst on Datacom’s Incident Response Team, focusing on detecting, analyzing, and mitigating advanced cyber threats.
- Investigated an Advanced Persistent Threat (APT34) attack, utilizing Open-Source Intelligence (OSINT) tools to conduct in-depth research into the group’s tactics, techniques, and procedures (TTPs), and provided actionable intelligence.
- Compiled a detailed cybersecurity investigation report, outlining key findings and delivering targeted recommendations to enhance the client’s overall cybersecurity posture.
- Created a risk matrix and evaluated the effectiveness of existing security controls, identifying critical vulnerabilities and proposing mitigation strategies to safeguard sensitive data, including customer and financial information.
- Applied the MITRE ATT&CK Framework to map out cyber threats, developing a proactive defense strategy to strengthen the client’s networks and prevent future attacks.
Mastercard Cybersecurity Virtual Experience Program (August 2024)
- Gained hands-on experience as a Cybersecurity Analyst on Mastercard’s Security Awareness Team, with a focus on identifying, mitigating, and educating about phishing threats.
- Developed a phishing email simulation campaign, crafting realistic phishing emails to test employee security awareness and uncover organizational vulnerabilities.
- Analyzed campaign results, using metrics such as open rates and phishing success rates to pinpoint departments with higher susceptibility, including HR and Marketing.
- Created tailored training materials and delivered a comprehensive presentation to raise awareness on phishing tactics and improve overall employee vigilance.
- Led an interactive security awareness session, educating employees on how to identify and respond to phishing attempts, while fostering a proactive security culture across the organization.
Projects/Activities
Virtual Security Operations Center (SOC) Project
- Established a cloud-based SOC using Microsoft Azure and Microsoft Sentinel, focusing on real-time monitoring and incident response.
- Monitored over 7.6 million events and generated nearly 6,000 alerts throughout the project duration.
- Implemented custom alert rules using Kusto Query Language (KQL) to optimize threat detection and incident management processes.
- Conducted analysis of attack patterns, identifying peak activity times and refining incident response strategies to improve monitoring efficiency.
Cybersecurity Incident Response Project (NIST CSF)
- Developed a response plan for a Distributed Denial of Service (DDoS) attack based on the NIST Cybersecurity Framework.
- Strengthened network defenses by updating firewall settings, monitoring systems, and applying network segmentation.
- Implemented an Intrusion Detection System (IDS) for real-time monitoring and analysis of threats.
- Conducted a full post-incident analysis and recommended improvements for preventing future attacks.
Cybersecurity Network Attack Analysis Project
- Investigated a network-based cyberattack, identifying the attack vector, methods used, and vulnerabilities exploited.
- Recommended implementing firewalls, intrusion prevention systems (IPS), and advanced threat detection mechanisms.
- Documented the full attack lifecycle, from initial penetration to data exfiltration, and provided recommendations for enhancing network security.
- Collaborated with security teams to implement and monitor the proposed solutions, ensuring ongoing protection against similar threats.
Cybersecurity Incident Report Project
- Conducted a detailed analysis of a cybersecurity incident, creating a formal incident report.
- Identified security gaps and recommended preventative measures to avoid future incidents.
- Presented findings to stakeholders with a focus on actionable recommendations.
Vulnerability Assessment Report
- Conducted a vulnerability assessment on an organization’s network to identify potential security risks.
- Compiled a detailed report outlining the findings and proposed remediation strategies.
- Collaborated with the IT team to implement security improvements.
Network Hardening Assessment
- Evaluated an organization’s existing network security and suggested improvements to harden systems.
- Proposed the use of VPNs, encryption, and access control mechanisms to secure data.
- Documented recommendations and guided the team through implementation.
Botium Toys Security Audit Scenario
- Conducted a security audit for Botium Toys, identifying vulnerabilities in their network infrastructure and assessing the organization’s risk.
- Provided comprehensive recommendations for improving security controls and reducing cyber risks, including enhanced firewall policies and encryption protocols.
- Proposed an action plan to mitigate identified vulnerabilities, including the use of intrusion detection systems (IDS) and continuous monitoring.
- Presented findings to company executives, outlining both short-term fixes and long-term strategies for bolstering cybersecurity resilience.
Operating System Hardening Techniques
- Implemented OS hardening techniques on Linux and Windows systems to enhance security posture.
- Secured configurations, applied encryption, and disabled unnecessary services.
- Developed a comprehensive guide on hardening techniques for team use.
- Conducted post-hardening testing to ensure system integrity and security.
InfoSec Data Handling Security Assessment
- Analyzed data-handling procedures for confidentiality, integrity, and availability.
- Recommended security controls and access authorization protocols based on NIST SP 800-53 guidelines.
- Proposed improvements for secure data storage and encryption to prevent unauthorized access.
Linux File Permission and Access Control Audit
- Managed and configured file permissions in a Linux environment to ensure proper access control.
- Restricted access to sensitive files by applying appropriate user and group permissions.
- Developed best practices for permission management to enhance system security.
Labs
TryHackMe
- Jr. Penetration Tester Certificate Course (currently in progress). Upon completion, I will upload my certificate, along with detailed reports and my personal reflection!
- This course offers hands-on labs covering essential penetration testing techniques, including web application vulnerabilities like SQL Injection, XSS, and IDOR, as well as network security, privilege escalation, and exploitation using tools like Metasploit and Burp Suite.
HackThisSite Penetration Testing Challenges
- Identified Critical Web Application Vulnerabilities: Discovered and exploited vulnerabilities like weak input validation, insecure encryption, and improper authentication mechanisms across multiple levels.
- Applied Advanced Penetration Testing Techniques: Utilized techniques such as command injection, SSI injection, cookie tampering, and directory traversal to gain unauthorized access to sensitive information.
- Analyzed and Reversed Weak Encryption Methods: Successfully reverse-engineered encryption algorithms, showcasing the importance of using strong, industry-standard encryption methods.
- Provided Security Recommendations: Documented each exploit with detailed recommendations to improve input validation, strengthen authentication, and secure server-side logic and file permissions.