6RISC Initiative (CRISC Aligned Projects)
Project 6RISC is a structured, end-to-end IT risk management initiative designed to demonstrate practical application of CRISC principles within a regulated healthcare environment. The initiative follows a risk-first approach, emphasizing governance, decision-making, and business alignment over control checklists.
The program is organized into six sequential projects, each building on the previous to simulate how an enterpris IT ris program is established, executed, and communicated.
Security Assessment & Risk Management Program (Professional Project)
Led an end-to-end security assessment aligned with NIST Cybersecurity Framework (CSF) 2.0, covering governance, protection, detection, response, and recovery
Conducted stakeholder interviews and evaluated access control, data protection, incident response, and recovery practices
Built a prioritized risk register and visual heat map to support risk-based decision-making
Selected and mapped security controls to address high-risk findings using a minimum-effective-control approach
Delivered assessment documentation and an implementation roadmap tailored to a small business operating model
Project Sentinel (Cloud SOC)
Designed and deployed a cloud-native SOC-in-a-box using AWS, capturing real-world attacker sessions and generating actionable threat intelligence.
Built a real-time detection pipeline (CloudWatch → Lambda → OpenSearch) to normalize logs, enrich events, reduce noise, and store curated alerts for threat analysis.
Developed Apache Airflow security workflows for daily vulnerability management, CVE/asset correlation, risk-based prioritization, and IOC feed ingestion.
Implemented AI-assisted analysis to summarize attacker activity, extract IOCs, classify behavior, and support triage with contextual insight.
Created automation pipelines for CSV reporting, email summaries, and structured outputs consumable by SOC analysts and SIEM tools.
Integrated Cowrie and Suricata to detect brute-force attempts, malicious payloads, and exploitation traffic, producing attacker-derived intelligence.
Reduced SIEM storage costs by 50–70% via Lambda filtering and tiered S3 Glacier retention without losing forensic value.
Delivered dashboards, scripts, and orchestrated workflows demonstrating modern SOC engineering, detection logic, threat intel, and automation skills.
Adversary Simulation & Threat Detection
Built a simulated attack environment with a Windows victim endpoint and Ubuntu C2 server running Sliver for malware command-and-control.
Developed and executed a custom malware payload, achieving SYSTEM-level privilege escalation on the target. (Red Team)
Performed threat hunting by investigating suspicious processes and identifying malicious executables on the compromised host. (Blue Team)
Created YARA signatures and LimaCharlie D&R rules to detect and respond to malicious activity. (Blue Team)
Tested and validated detection logic, confirming YARA rules effectively detected, scanned, and blocked the malware. (Threat Hunting)
Vulnerability Management Lifecycle
Installed and deployed Qualys Virtual Scanner Appliance and accessed it through the Qualys Cloud Platform.
Executed the vulnerability management Lifecycle in a virtualized environment, comprising the stages of: Discovery, Prioritization, Assessment, Reporting, Remediation, and Verification.
Leveraged Qualys to manage vulnerability scanning and assessed the identified vulnerabilities.
Detected deprecated software on a Windows 10 virtual machine, remediated the vulnerabilities and verified the software was no longer vulnerable.