Skip to main content

Security Operations Support

Vulnerability Management Review

A governance-focused review of vulnerability intake, prioritization, remediation ownership, and reporting cadence.

Organization
Cybersecurity Internship Portfolio
Duration
2 weeks
Project Type
Security Operations Support
CIS ControlsNIST CSF

Business Context

Why the work mattered

Vulnerability work requires more than scanning. This project reviewed the process governance needed to prioritize, assign, track, and report remediation activity.

Objectives

Engagement goals

Define vulnerability intake and triage expectations.

Prioritize remediation by business context and severity.

Document ownership and target timelines.

Create a reporting model for leadership visibility.

Methodology

Structured process

The methodology explains how the work moved from context gathering to documented recommendations.

  1. Step 1

    Process Mapping

    Understand how findings move from detection to closure.

    Mapped intake, validation, prioritization, assignment, remediation, and verification steps.

  2. Step 2

    Prioritization

    Connect technical severity to business risk.

    Considered asset criticality, exploitability, exposure, and compensating controls.

  3. Step 3

    Reporting

    Support accountability and trend visibility.

    Defined metrics, escalation triggers, and review cadence.

Deliverables

Artifacts produced

Operations Governance

Vulnerability Governance Checklist

Checklist for intake, ownership, remediation, and exception handling.

Improves consistency and accountability in vulnerability workflows.

Skills Demonstrated

Professional competencies

Vulnerability ReviewRemediation TrackingRisk Prioritization

Outcomes

Project impact

  • The remediation process became easier to explain and govern.
  • Prioritization was linked to business context rather than severity alone.

Lessons Learned

Professional growth

Vulnerability management needs clear ownership and reporting discipline to remain effective.

Related Projects

Continue exploring

Governance

Governance Policy Development

A structured policy development engagement aligning security expectations with business objectives and recognized frameworks.

ISO 27001NIST CSFCIS Controls
Policy DevelopmentControl MappingTechnical Writing
View case study

Internal Audit

Internal Cybersecurity Audit

An internal assessment that reviewed security controls, documented gaps, and produced a prioritized remediation roadmap.

NIST CSFCIS ControlsISO 27001
Internal AuditGap AnalysisRisk Reporting
View case study

Risk Management

Enterprise Risk Assessment

A risk assessment project documenting assets, threats, likelihood, impact, and treatment options for management review.

CIS RAMNIST CSFISO 27001
Risk AssessmentRisk RegisterBusiness Impact Analysis
View case study

Discuss GRC opportunities

Contact Osen after reviewing this project or download the resume for a concise overview.