Skip to content

🛡️ Vulnerability Assessment

TL;DR: Vulnerability scan and fix plan using standard tools (Nessus/OpenVAS/Nmap). I find issues, rank them by business risk, and hand back clear, actionable remediation steps with evidence. Outcome: prioritized findings into a 24/72-hour patch plan with stakeholder-ready summaries.

A hands-on demonstration of enterprise vulnerability management using industry-standard tools and structured methodologies. This project highlights the ability to identify, prioritize, and remediate security weaknesses — experience directly relevant to SOC operations, risk management, and compliance.

💡 Core Focus Areas

  • Network Scanning → discovery and enumeration of active hosts and services
  • Vulnerability Detection → using tools like Nessus and OpenVAS to identify system weaknesses
  • Prioritization & Reporting → applying CVSS scores to assess risk and document findings for stakeholders

🌐 Assessment Workflow

Vulnerability Scan Summary
Vulnerability Scan Summary — host discovery, risk scoring, and remediation recommendations.

🛠️ Tools & Methods Used

  • Tools: Nessus Essentials, Nmap, OpenVAS
  • Techniques: CVSS scoring, risk-based prioritization, remediation verification
  • Frameworks: Mapped findings against NIST CSF and MITRE ATT&CK

🧩 Key Competencies Developed

  • Vulnerability Management → scanning, validating, and prioritizing system weaknesses
  • Risk Assessment → translating technical vulnerabilities into business impact using CVSS and industry frameworks
  • Remediation Workflows → documenting findings and recommending fixes for IT teams
  • Professional Skills → leadership, mentoring, and disciplined execution under pressure, shaped by service as a USAF Veteran and corporate leadership experience

💼 Professional Applications

The competencies gained through this assessment translate into measurable value for organizations:
- Proactive Risk Reduction → identify and remediate weaknesses before they can be exploited
- Compliance Alignment → produce reports and evidence for frameworks like NIST, ISO 27001, HIPAA
- Operational Efficiency → provide actionable remediation plans that shorten patch cycles and improve system resilience