I am a soon-to-be graduate with a strong interest in cybersecurity governance, risk, and compliance. My academic work has focused on understanding frameworks like NIST and ISO, and my personal projects demonstrate my ability to translate technical standards into clear, actionable procedures. I am passionate about building robust security programs that protect organizations from evolving threats. This portfolio showcases my hands-on projects and skills.
- Technical Skills: Cybersecurity Frameworks (NIST, ISO 27001), Risk Management, Policy & Procedure Writing, Process Documentation, Data Analysis & Reporting, & Vulnerability Management
- Soft Skills: Leadership, Problem-Solving, Time Management, Communication, Documentation, & Teamwork
- Certifications: CompTIA Security+, Systems Security Certified Practitioner, Cisco Certified Network Associate, & Certified Information Systems Auditor (in progress)
- Objective: To demonstrate the ability to identify, exploit, and remediate security vulnerabilities in a controlled environment. The project showcases practical skills in using industry-standard tools for scanning, penetration testing, and implementing security controls.
- Process: 1. Environment Setup: Configured an isolated virtual network using VirtualBox, deploying a Kali Linux machine (for attacks) and a vulnerable machine (Metasploitable 2).
- Vulnerability Identification: Performed comprehensive port scans with Nmap and used a vulnerability scanner (OpenVAS) to identify known weaknesses and misconfigurations on the target machine.
- Exploitation: Successfully exploited a documented vulnerability using the Metasploit Framework to gain unauthorized access. This step proved a theoretical vulnerability was practically exploitable.
- Remediation & Documentation: Researched and applied necessary security patches and configuration changes to fix the vulnerability. Documented the entire process, including the initial findings, the method of exploitation, and the final remediation steps
- Key Takeaways: This project taught me the complete lifecycle of a security incident, from discovery to resolution. I gained hands-on experience with core cybersecurity tools and learned the critical importance of a structured approach to vulnerability management. The documentation process further enhanced my ability to communicate technical findings clearly and professionally.
- Objective: To demonstrate proficiency in network traffic analysis and incident detection by identifying and investigating malicious activity within a provided packet capture. This project showcases practical skills in using industry-standard tools for network forensics.
- Process: 1. Tool & Data Acquisition: Acquired a simulated malicious network packet capture file from an educational resource and used Wireshark, a widely-used network protocol analyzer, to open and examine the data.
- Traffic Filtering & Investigation: Systematically filtered the network traffic to identify suspicious patterns, such as connections to known malicious IP addresses, unusual port usage, or unauthorized data transfers. Investigated specific packets to understand the nature of the communication.
- Threat Identification: Identified evidence of a simulated security incident, such as a malware download or a command-and-control communication channel. Correlated network activity with known threat indicators.
- Reporting: Wrote a professional incident report summarizing the findings, including a timeline of events, a description of the malicious activity, and the data that served as evidence.
- Key Takeaways: This project provided hands-on experience with Wireshark, a foundational tool for network security professionals. I learned how to apply critical thinking and analysis to raw data to uncover hidden threats. The project reinforced the importance of attention to detail and documentation in the incident response process.
- Email: Cassandrarussell@live.com