About the project
This project involved conducting a simulated risk assessment based on a real cyberattack incident targeting the National Oceanic and Atmospheric Administration (NOAA). The goal was to identify and document key threats, assess the level of risk (based on likelihood and impact), and propose realistic mitigation strategies to strengthen NOAA’s information security program. The report was based on findings from official audit reports and included actionable recommendations.
What I learned
How to analyze cyber threats using likelihood, impact, and overall risk scoring
How unauthorized system access can serve as the entry point for multiple threat chains
The role of weak authentication practices and poor web application security in major breaches
The importance of early detection and proper access controls to prevent privilege escalation
How espionage, malware persistence, and data theft are often interconnected in advanced persistent threat (APT) scenarios
How to interpret real audit findings and translate them into security recommendations
The value of tools like ManageEngine Vulnerability Manager Plus for vulnerability scanning and prioritization
View the report:
Challenges faced
One challenge was interpreting a dense and technical government audit report and turning it into a clear, structured risk assessment. I had to connect different threat events and understand how they chained together (e.g., unauthorized access leading to espionage and data theft). Another challenge was evaluating risk levels without access to live NOAA systems. I relied on reported likelihood and impact to rank the risks logically and make realistic mitigation suggestions.