Think Tank Workshop - Scottie Harris

Scottie Harris

Current highest MTTR: 49 hours

Average MTTR 36 hours

Vulnerability Management

This portfolio highlights the comprehensive approach to vulnerability management, focusing on the installation, scanning, analysis, and remediation of vulnerabilities across a diverse set of systems.

1. Tool Installation and Configuration

Tenable Nessus: Successfully installed and configured Nessus Professional and Tenable Vulnerability Management for vulnerability scanning across the environment. Both network scans and agent-based scans were conducted within the environment to assess the security posture.
Tenable Vulnerability Management was integrated to enable centralized tracking, reporting, and management of vulnerabilities across all endpoints. This integration streamlined the vulnerability management process and provided a comprehensive view of the organization's security landscape

2. Vulnerability Scanning

Vulnerability scans were conducted across a variety of systems, including:

Windows 10 and Windows 11 standalone devices
Windows Server 2022
Ubuntu LTS 22.04 and 24.04

The scans were meticulously customized to ensure thorough detection of vulnerabilities for all relevant software, configurations, and system-specific settings. This approach enabled a comprehensive assessment of the security posture across diverse operating environments.

3. Scan Results Analysis

Vulnerabilities were identified in both the operating systems and installed applications. A thorough analysis of the scan results was performed to prioritize vulnerabilities based on their severity, exploitability, and potential impact on the environment.
Additionally, a compliance scan was conducted to ensure adherence to relevant security standards and regulatory requirements, further strengthening the organization’s security posture.
Risk-Based Prioritization
Vulnerabilities were prioritized based on their severity, exploitability, and potential impact on critical business operations. A risk matrix was used to ensure that high-risk vulnerabilities were addressed first, while also maintaining the overall security posture of the environment.
Proactive Scanning and Continuous Monitoring
Routine and on-demand vulnerability scans were conducted across all systems and endpoints, including network scans, web application scans, and server-side scans. Integration with SIEM tools enabled continuous monitoring for new vulnerabilities, allowing swift detection and response.

4. Remediation Process

Remediation efforts were initiated to address the identified vulnerabilities, including:

Patch management to update systems and software with the latest security patches and fixes.
Configuration hardening using CIS Benchmarks to enhance system defenses and reduce exposure to potential threats.
Special attention was given to vulnerabilities on Linux systems, with targeted remediation steps taken for each identified issue to ensure optimal security across the environment.
Post-Remediation Validation After remediation efforts, systems were re-scanned and tested to confirm that the identified vulnerabilities had been successfully addressed. Root cause analysis was also conducted to ensure similar vulnerabilities would be prevented in the future.
Regular reports were generated for internal and external stakeholders to demonstrate compliance with relevant industry standards, such as PCI DSS, ISO 27001, etc. Detailed vulnerability remediation reports were also produced to track progress and ensure all security requirements were met.

5. Automation and PowerShell Remediation

PowerShell scripts were employed to automate key remediation processes, enhancing both efficiency and consistency across the environment. These scripts were designed to:

Automate Patching: Ensured timely and consistent patching of systems, reducing vulnerabilities and minimizing exposure to known threats.
Enforce Security Configurations: Automated the application of security best practices, such as hardening system configurations and applying necessary security policies.
Manage Firewall Rules and System Hardening: Streamlined the configuration and management of firewall rules and other security controls, ensuring that all systems adhered to required security baselines.

This automation significantly accelerated vulnerability management workflows, enabling rapid remediation at scale and ensuring continuous alignment with security standards.

PCI DSS

This portfolio highlights hands-on experience in managing and ensuring compliance with PCI DSS (Payment Card Industry Data Security Standard). A full PCI audit was led for an organization, demonstrating proficiency across all areas of PCI requirements.

1. Report on Compliance (ROC) PCI Assessment

Conducted a PCI DSS assessment for Think Tank Workshop. The ROC included a comprehensive analysis of the environment, addressing all applicable security requirements. Network diagrams were included to illustrate network segmentation using the AWS Virtual Private Cloud (VPC) setup. An in-depth audit of the entire environment was carried out to identify gaps and areas for improvement in relation to PCI DSS controls.

2. Policy and Procedure Documentation

Developed sample policies and procedures for key PCI DSS requirements, including data retention and disposal, access control, and authentication, and security testing and monitoring.
Tailored the policies to the organization's specific environment to ensure alignment with industry best practices and PCI DSS standards.
Ensured that the created documents provided clear guidance on maintaining compliance and enhancing the organization’s security framework.

3. Document Collection and Evidence Gathering

- Collected and reviewed essential documents to demonstrate the organization’s compliance with PCI DSS requirements, including network configuration files, system and application logs, and security testing results.
- Ensured the inclusion of vulnerability scans, penetration testing reports, and other relevant data to support compliance efforts.
- Compiled these documents into the final audit package, providing comprehensive evidence of the organization’s adherence to PCI DSS standards.

4. Comprehensive Audit and Gap Analysis

Conducted a detailed gap analysis to evaluate the environment’s alignment with PCI DSS requirements, reviewing all 12 security controls.
Assessed the organization’s controls, security measures, and practices to identify any non-compliance or weaknesses.
Collaborated with internal teams to implement corrective actions and resolve deficiencies, ensuring full adherence to PCI DSS standards.

5. Demonstrating Proficiency in PCI DSS Requirements

During the audit process, policy development, and documentation compilation, and implementing procedures, a comprehensive understanding of all PCI DSS requirements was effectively demonstrated. This included ensuring full compliance with industry standards and aligning organizational practices to meet the security and regulatory benchmarks set by PCI DSS.

Page updated

Report abuse