Laura McNeill – Cybersecurity Portfolio

Data Analytics Project

Posted on:

Understanding how to collect, clean, normalize, analyze, visualize, and present data is an important skill for cybersecurity analysts.

I created this presentation as part of the capstone project for the IBM Data Analyst Professional Certificate on Coursera. The specialization included the following courses: Introduction to Data Analytics, Excel Basics for Data Analysis, Databases and SQL for Data Science with Python, Data Visualization and Dashboards with Excel and Cognos, Data Analysis with Python, Python for Data Science, AI & Development, Python Project for Data Science, Data Visualization with Python, IBM Data Analyst Capstone Project.

Essays / Governance / Incident Response / Risk Assessment / Threat Modeling

Incident Response with the Pyramid of Pain

Posted on:

While we might be tempted to address a cyber attack by going after low-hanging fruit such as blocking known, malicious hash values, IP addresses, or domain names, it can be far more effective to focus active defense efforts in ways that present a higher cost to the attacker. Instead of playing whack-a-mole with IoCs that the adversary can easily adapt, security teams should prioritize defenses that challenge the adversary’s tools and strategy. This post examines the Pyramid of Pain paradigm for mapping IoCs to levels based on adversarial cost to adapt and explains how it can be used to help prioritize incident response activity.

Indicators of Compromise / PASTA / Projects / Risk Management / System Hardening / Threat Hunting / Threat Modeling / Vulnerability Research

PASTA Threat Modeling

Posted on:

Process for Attack Simulation and Threat Analysis (PASTA) is a framework that guides organizations in risk-based approach to holistic application threat modeling. This post provides an introductory overview of PASTA and an example of its application for modeling threats to an e-commerce mobile application.

Audit / Controls Assessment / NIST CSF / Projects / Risk Management

Botium Toys IT Security Audit

Posted on:

This is a high-level IT security audit for a company that develops and sells toys. The manager of the IT department requested an internal IT audit due to concerns about security, business continuity, and compliance. Audit findings will be used to assist leadership in making risk-based decisions for allocating resources for improvements to the company’s IT security plan

Access Control / Configuration Review / Essays / Least Privilege / Linux

Overprivileged User Risk

Posted on:

When granting elevated privileges to users for specific applications, one should consider the full capability of the application to which privileges are being granted. Granting users sudo privileges to an application may also grant them elevated system privileges if the application is capable of such actions.
In this post, we specifically look at how the shell spawning capability of a popular Unix-based text editor tool can be exploited to gain elevated system access.

Artificial Intelligence / Emerging Technology / Essays / Governance / Risk Management

Ethics Review of Medical Diagnostic AI Model

Posted on:

This is an ethical review of proposed diagnostic AI model to be used in a medical practice. It presents an analysis of laws and regulations that would apply to the model. It considers privacy implications and presents potential mitigations. It considers several other issues related to fairnsess and safety of using the diagnostic AI model.

Essays / Incident Response / Indicators of Compromise / Linux / Malware Analysis / Risk Assessment / Risk Management / Threat Hunting

Analyze a Suspicious File

Posted on:

This activity demonstrates conducting malware research on a suspicious file using a publicly available, crowd sourced catalog of malware indicators of compromise (IoCs). It further demonstrates the use of the MITRE ATT&CK taxonomy to categorize IoCs and the prioritization of recommended eradication activities based on the Pyramid of Pain hierarchy.

Compliance / Incident Response / Indicators of Compromise / PowerShell / Protocol Analyzers / Risk Management / tcpdump / Threat Hunting / Vulnerability Research / Wireshark

Protocol Analyzers

Posted on:

Examining node communications, network traffic, and flow of data gives us key insights which can help secure the network by informing security activities and decisions. In this post I compare two commmon tools used to conduct network analysis.

Access Control / Asset Inventory / Configuration Review / Controls Assessment / Essays / Governance / Least Privilege / Log Managment / Projects / Risk Management / System Hardening

Vulnerable Server Assessment

Posted on:

A vulnerability assessment to produce an initial report on the company’s remote database server to inform and prioritize initial security efforts to provide for the confidentiality, integrity, and availability of this important asset. The assessment will inform company policymaking and provide a starting point for ongoing cybersecurity risk management and data governance for the company.

Access Control / Audit / Compliance / Configuration Review / Controls Assessment / Governance / Incident Response / Least Privilege / Projects

Analysis of Authentication, Authorization, Accounting Incident

Posted on:

Reviewed event and access logs of the incident. Identifed a likely threat actor. Found access control vulnerabilities that were exploited. Recommended mitigations to improve access controls and reduce the likelihood that this incident reoccurs.

Cyptography / File Integrity / Hash / Indicators of Compromise / PowerShell / Programming / Projects / Python / Risk Management

Checking a Hash in Windows

Posted on:

When downloading files from the internet, there is a danger that the file may have been tampered with or corrupted. One way to mitigate this risk is to validate a hash of the file. This post explains how to check a hash value for a downloaded file.

Access Control / Controls Assessment / Data Handling / Governance / Incident Response / Projects / Risk Management / Security Plan

Appropriate Data Handling

Posted on:

This project evaluated details of a data leak of internal business plans to a social media platform. The path of the data leak was analyzed to determine some root causes. Controls were recommended to improve data handling.

Configuration Review / Controls Assessment / Incident Response / Indicators of Compromise / Log Managment / NIST CSF / Projects / Risk Management / Security Plan

Incident Report

Posted on:

This project applies the NIST Cybersecurity Framework (CSF) to making remediation recommendations after a DDoS attack incident. It evaluates the incident as aligned with the NIST Incident Response Lifecycle and recommends remediation plans by walking throught the five core functions of the NIST CSF.