This repository demonstrates a hands-on vulnerability management program designed to reflect real-world analyst workflows. It showcases my ability to conduct authenticated vulnerability assessments, analyze and prioritize findings, execute remediation actions, and validate results using industry-standard tooling.
The project emphasizes analytical judgment, risk-based decision-making, and clear technical documentation rather than raw scan output. All activities were performed in a controlled lab environment and documented to the level expected in SOC and vulnerability management roles.
This project documents a complete vulnerability management lifecycle conducted against a Windows 11 endpoint using authenticated Nessus scanning. The objective is to demonstrate realistic vulnerability discovery, prioritization, remediation, and validation workflows aligned with entry-level SOC and vulnerability management positions.
Rather than focusing solely on scanner output, this project emphasizes analyst-driven evaluation, evidence-backed remediation decisions, and post-remediation verification.
Completed – Initial Remediation Cycle
This project represents a completed vulnerability management cycle, including discovery, prioritization, remediation, and validation. Future remediation cycles may be added to demonstrate ongoing program maturity.
Organizations must continuously identify, prioritize, and remediate vulnerabilities to reduce attack surface and prevent exploitation. Running vulnerability scans alone is insufficient without structured analysis, remediation planning, and validation.
This project simulates a small-scale vulnerability management program to demonstrate how vulnerabilities are identified, assessed, remediated, and verified in a controlled lab environment.
- Target System: Windows 11
- Scanner: Nessus (credentialed scan)
- Scanner Location: Host machine
- Scan Type: Authenticated vulnerability assessment
The vulnerability management process follows these phases:
- Environment preparation and credentialed scan configuration
- Baseline vulnerability scan and findings analysis
- Risk-based prioritization of vulnerabilities
- Remediation planning and execution
- Post-remediation validation scanning
- Documentation of outcomes and lessons learned
Each phase is documented with supporting evidence and technical analysis.
-
docs/
Analysis, remediation actions, validation results, executive summary, and lessons learned -
scans/
Baseline and post-remediation scan summaries -
screenshots/
Supporting evidence from scans, remediation steps, and validation
Screenshots and selected vulnerability excerpts are included to demonstrate:
- Baseline vulnerability exposure
- Severity, CVSS, and risk context
- Remediation effectiveness
- Reduction in overall risk posture
Both unresolved findings and successfully remediated vulnerabilities are documented to reflect realistic vulnerability management outcomes.
- Vulnerability discovery and assessment
- Credentialed scanning with Nessus
- CVE analysis and risk prioritization
- Remediation planning and execution
- Post-remediation validation
- Security documentation and reporting
- Analyst-driven decision-making
- Successfully remediated a high-severity vulnerability (CVE-2025-22230)
- Verified remediation through authenticated rescanning
- Reduced overall endpoint risk posture without operational impact
This project is designed for:
- SOC analysts
- Vulnerability management analysts
- Blue team and defensive security roles
- Security hiring managers and technical interviewers
All activity in this repository was performed in a controlled lab environment for defensive learning purposes. No production systems were impacted.