Boards - Objectives
The list of objectives below outlines the projects I have aligned with my degree goals. The projects I've worked on during my time at the University of Advancing Technology have prepared me for entering this industry. If you'd like to know more about these projects, please refer to my portfolio, which offers a detailed explanation. Thank you for your time, and I encourage you to explore my work.
Objective 1
1. Create a network infrastructure design communications document that includes identified hardware components, connections to outside world, identified physical layer connectivity (media) and addressing, including operational and security components in the design.
Projects
BusterBlock Inc. Network Consultant Project
NTS:415 - Final Project
Team Collaboration - Nickolaus Grant & Koby Arnold
The BusterBlock Inc. Network Consultant Project aimed to improve the physical security of a small call center by addressing vulnerabilities like unauthorized access and equipment theft. It included a risk assessment, security policy recommendations, and an updated network diagram with cameras and badge-based access control, aligning with Objective 1 by integrating physical and network security to protect data and assets.
Server Infrastructure Plan - Mid Size Business
NTW:275 - Assignment 4.1
Team Collaboration - None
In the Server Infrastructure Plan for HealthCo, I designed a hybrid network architecture that combines on-premises and cloud-based services, covering file storage, email, web hosting, and database management. This project aligns with Objective 1 by documenting hardware specifications, network topology, connectivity (via AWS Direct Connect), redundancy strategies, and security mechanisms, and includes a detailed infrastructure diagram of the network design.
Network Design Evaluation - Final Project
NTW:275 - Final Project
Team Collaboration - None
The Network Design Evaluation - Final Project enhanced a previous office network by incorporating enterprise-level hardware, Zero Trust security, and cloud solutions. Key upgrades included dual ISP connections with failover, AWS integration (IAM, MFA, RDS, EC2, Backup), and modular switches for scalability. Security improvements featured role-based access control (RBAC), CrowdStrike Falcon for endpoint security, and staff training. This project aligns with Objective 1, emphasizing scalability, security, and operational resilience through hybrid cloud and on-premises integration.
Objective 2
2. Install, configure and test security hardware and software tools with supporting documentation such as port scanners, vulnerability detection systems, intrusion detection systems, firewalls, system hardening, anti-virus tools, patch management, auditing and assessment.
Projects
Project 5 - Network Sniffing - Wireshark
NTS:330 - Project 5 - Network Sniffing
Team Collaboration - Nickolaus Grant & Koby Arnold
The Network Sniffing Project focused on installing, configuring, and utilizing Wireshark, a packet-sniffing tool, to analyze network traffic and assess potential security vulnerabilities. Conducted on Kali Linux, this project explored real-time packet capture, filtering techniques, and the distinction between encrypted (HTTPS) and unencrypted (HTTP) communication. Additionally, it highlighted Wireshark’s role in network troubleshooting, security auditing, and forensic analysis, aligning directly with Objective 2.
Firewall Software/Appliance Management Project
NTS:415 - Assessment -Firewall Software/Appliance Management
Team Collaboration - None
The Firewall Software and Appliance Management Project focused on configuring and testing the Sophos Firewall, a security appliance used for network protection, content filtering, and traffic management. The project involved reviewing existing firewall rules, including DMZ and outbound traffic policies, as well as creating custom security policies to restrict access to websites like Netflix and YouTube during work hours. By utilizing Sophos’ Server Access Assistant (DNAT), the project demonstrated how to create and enforce rules for network security.
Network Design Evaluation - Final Project
NTS:330 - Project 3 - Enumeration and Scanning
Team Collaboration - None
The Network Enumeration and Scanning Project utilized Nmap to analyze a Metasploitable2 Linux system through active reconnaissance techniques. We executed commands like `nmap -sC -sV --script vuln` and `nmap -A` to identify live hosts, open ports, services, and vulnerabilities, revealing the operating system, IP addresses, and security weaknesses. This project demonstrated the importance of network auditing and penetration testing while providing hands-on experience in installing and configuring security tools, aligning with Objective 2 and enhancing skills in network security assessment and vulnerability detection.
Objective 3
3. Construct, implement and document a script or a program to automate a security-related process or other tasks such as installation, administration, management, mapping resources, logon scripts, patch management, updates, auditing, analysis and assessment.
Projects
Aws - Security Group - Automation Script
NTS:330 - Project 3 - Enumeration and Scanning
Team Collaboration - None
In this project, I automated the configuration of firewall rules for AWS EC2 instances using the AWS Command Line Interface (CLI). The process involved scripting the creation of a Security Group, which included adding inbound rules to allow HTTP (port 80) and HTTPS (port 443) connections from any IP address. Additionally, I restricted SSH (port 22) access to a specific IP address. By automating these steps, I ensured consistent application of security policies across cloud instances while minimizing manual configuration errors.
System Hardening Project - Automation Script
NTS:330 - Project 3 - Enumeration and Scanning
Team Collaboration - None
This project aimed to enhance system security by implementing and automating common hardening techniques in a Windows environment. I utilized a PowerShell script to automate several hardening tasks, including disabling unnecessary services (such as SMBv1 and NetBIOS), enabling the Windows Firewall, removing unneeded applications, disabling guest accounts, and enforcing strong password policies. By automating these steps, the project not only improves efficiency but also ensures consistent adherence to security best practices.
Objective 4
4. Create a policy or procedure that addresses events such as: a disaster recovery plan, a business continuity plan, an incident response policy, an acceptable usage document, an information security policy, a physical security policy, assessments or troubleshooting procedures.
Projects
Disaster Recovery Plan - Shoe Inc.
NTS:336 - Designing a Disaster Recovery Plan
Team Collaboration - None
For my Disaster Recovery Plan project, I developed a tailored policy for a cloud-based business using AWS services. It includes risk assessments, a business impact analysis, recovery objectives, and strategies like AWS Backup, cross-region replication, IAM access control, and regular testing. This aligns with Objective 4: creating a policy for disaster recovery and business continuity, detailing necessary steps, responsibilities, tools, and security measures to ensure continuity and reduce downtime during unexpected events.
Disaster Recovery Plan - Small Doctor Office
NTW:275 - Assignment 14.1: Disaster Recovery
Team Collaboration - None
This report outlines a Disaster Recovery Plan (DRP) for a small doctor's office, aiming to ensure the network's resilience in the event of failures or disasters. It builds on a previously established network infrastructure by identifying critical vulnerabilities and proposing strategies for maintaining continuity. The DRP includes data backup solutions, redundancy measures, failover systems, and emergency response protocols to minimize downtime and protect sensitive healthcare data. A cost-benefit analysis is conducted to balance security investments with operational efficiency. Additionally, the report discusses potential challenges in implementation and suggests mitigation strategies to facilitate a smooth recovery.
Objective 5
5. Develop a research report or implementation plan concerning legal and ethical best practices and mandated requirements that pertain to information security.
Projects
Daubert & Frye - Legal Implementation Plan
CFR:101 - Assignment: Daubert and Frye
Team Collaboration - None
This report explores the Daubert and Frye standards, which determine whether expert forensic testimony is admissible in court. It explains how the Daubert standard emphasizes scientific validity and is now the dominant legal framework. The report also covers how digital forensic investigators must comply with legal regulations, including the Computer Fraud and Abuse Act (CFAA), the Fourth Amendment, and the General Data Protection Regulation (GDPR). Additionally, it introduces best practices for forensic investigations, such as chain of custody, verified forensic tools, and proper data handling to ensure evidence is legally admissible.
Cybercrime & Legal Regulation - Report
NTS:201 - Assignment: Cyber Crime Report
Team Collaboration - None
This report analyzes the DDoS-for-hire case involving Matthew Gatrel, who provided illegal DDoS attack services through the websites DownThem.org and AmpNode.com. It explains how his actions violated the Computer Fraud and Abuse Act (CFAA) and wire fraud statutes, leading to severe legal consequences. The report also includes best practices for businesses to prevent cybercrime liability, such as adopting NIST and ISO 27001 frameworks, using DDoS protection services, and implementing cybersecurity policies. Additionally, it introduces an implementation plan for cybersecurity compliance, outlining how businesses can protect themselves from DDoS attacks while ensuring legal and ethical compliance.
Objective 6
6. Research, document, test and evaluate several current industry information security based threats, risks, malicious activities, covert methodology, encryption technologies, mitigation techniques or unconventional tactics to prevent loss of sensitive information and data confidentiality, integrity and availability.
Projects
Project - Malware - Research Report
CFR:101 - Project: Malware
Team Collaboration - None
The Malware Analysis Report explores three malware samples, analyzing their behaviors, indicators of compromise (IoCs), and security risks. Using VirusShare and Hybrid Analysis, the report documents how the malware establishes persistence evades detection, and communicates with malicious domains. The report also introduces covert methodologies, such as memory protection, process injection, and encrypted command-and-control (C2) communication, which malware authors use to bypass security defenses. To meet Objective 6, the paper includes a detailed mitigation section, outlining how Endpoint Detection and Response (EDR), network segmentation, DNS filtering, and behavioral-based anomaly detection help prevent malware infections.
Project 6 - CTF - "Pickle Rick"
NTS:330 - Final Project
Team Collaboration - None
The NTS 330 Final Project is a hands-on penetration testing exercise using a Capture The Flag (CTF) challenge to exploit security vulnerabilities in a controlled environment. It involved network reconnaissance, privilege escalation, command execution, and directory brute-forcing. The report illustrates how attackers exploit system weaknesses and outlines mitigation techniques like secure authentication, intrusion detection systems (IDS), logging, and role-based access control (RBAC). This project meets Objective 6 by combining research, testing, and the practical mitigation of security risks.
N.V.D. & C.W.E. - Research Report
NTS:330 - Assignment: National Vulnerability Database & Common Weakness Enumeration
Team Collaboration - None
The National Vulnerability Database Report examines security weaknesses using the CWE system and real-world CVEs, highlighting vulnerabilities like CWE-79 (Cross-Site Scripting) and CWE-787 (Out-of-Bounds Write). It discusses how cybersecurity professionals utilize tools such as Nmap, Nessus, and Metasploit to identify these flaws and includes mitigation strategies like input validation and software patching to ensure compliance with Objective 6.