This project documents the end-to-end implementation of a comprehensive vulnerability management program within an organization - from policy creation to successful remediation.
Starting Point: Organization with no existing vulnerability management policy or practices
End Goal: Fully operational program with formal policy, stakeholder buy-in, and completed remediation cycle
- Tenable - Enterprise vulnerability management platform
- Azure Virtual Machines - Hosting Nessus scan engine and scan targets
- PowerShell & BASH - Remediation scripting
The foundation of the program began with creating a comprehensive vulnerability management policy draft outlining scope, responsibilities, and remediation timelines.
A stakeholder meeting was conducted to present the draft policy to the server team. Based on feedback, remediation timelines were adjusted to be more realistic - extending critical vulnerability remediation from 48 hours to one week.
After incorporating stakeholder feedback, the finalized policy received senior leadership approval, establishing the official framework for the program.
An initial scan planning meeting with the server team established scan protocols, including:
- Starting with a single server to assess performance impact
- Using just-in-time Active Directory credentials for secure access
- Setting specific scan windows to minimize business disruption
An insecure Windows Server was provisioned as a test environment, and an authenticated scan was performed to establish a vulnerability baseline. The initial scan results identified 174 vulnerabilities of varying severity.
Vulnerabilities were assessed and prioritized based on severity and ease of remediation:
- Third-party software removal (Wireshark)
- Windows OS secure configuration (protocols & ciphers)
- Windows OS secure configuration (guest account group membership)
- Windows OS updates
Remediation scripts and scan reports were distributed to the server team via a detailed remediation email, providing clear instructions and expected outcomes.

A post-scan review meeting was held with the server team to discuss findings, remediation approaches, and to prepare change requests for the Change Advisory Board (CAB).
A CAB (The Change Control Board) meeting approved the remediation plan, which included rollback provisions and a phased implementation approach to minimize risk.
-
Removal script automated the uninstallation of outdated Wireshark
-
Follow-up scan confirmed successful remediation
- Protocol remediation script disabled insecure protocols
- Cipher remediation script disabled weak cipher suites
- Verification scan confirmed successful remediation
- Group membership script removed the guest account from the administrators group
- Verification scan confirmed successful remediation
- Windows Update was re-enabled and all available updates were applied
- Final scan confirmed remediation success
The remediation effort achieved significant security improvements:
- 80% reduction in total vulnerabilities (from 30 to 6)
- 100% elimination of critical vulnerabilities
- 90% reduction in high-severity vulnerabilities
- 76% reduction in medium-severity vulnerabilities
Detailed remediation metrics are available in the remediation data spreadsheet.
Following the initial remediation cycle, the program transitioned to a maintenance mode characterized by:
- Regular scheduled vulnerability scans
- Continuous patch management
- Prompt remediation of newly identified vulnerabilities
- Periodic policy reviews and updates
- Compliance monitoring and auditing
- Ongoing stakeholder communication
The finalized policy details the specific scanning and remediation cadence requirements for ongoing management.






