Cybersecurity risk assessment conducted for a nonprofit organization, aligned with CIS Critical Controls, covering enterprise, data, network, and endpoint security
- Led Network Security Risk Assessment
- Identified risks in:
- Network segmentation (IoT isolation)
- Wi-Fi security weaknesses
- VPN hardening gaps
- Network logging & monitoring
- Provided remediation strategies aligned with CIS Critical Controls
- Lack of network segmentation for IoT devices
- Weak VPN and remote access hardening
- Limited network visibility and logging
- Absence of documented network architecture
- CIS Critical Controls
- Risk-based assessment methodology
- Interview-based security evaluation
Produced a detailed risk report with prioritized recommendations to improve security posture and reduce enterprise risk.
Designed cybersecurity safeguards and policies including Acceptable Use Policy (AUP), Incident Response, and Vulnerability Management aligned with CIS Controls.
- Designed Acceptable Use Policy (AUP) safeguards
- Contributed to policy development covering:
- Secure use of organizational systems
- Data handling and user responsibilities
- Acceptable usage of devices and networks
- Acceptable Use Policy (AUP)
- CIS Critical Controls v8
- NIST SP 800-61 (Incident Response)
- Security governance best practices
Delivered a structured safeguards framework enabling secure operations, policy enforcement, and risk mitigation.