Skip to main content

Skillber v1.0 is here!

Learn more

Capstone Project

Checking access...

Scenario

You are the newly hired CISO of FinServ Inc., a mid-size financial services company with 1,200 employees, $500M in annual revenue, and 50,000 customers. The CEO has asked you to assess the company’s security posture and produce a 90-day improvement plan.

Organisation Profile

AspectCurrent State
Workforce1,200 employees (60% remote), 200 contractors
IT infrastructure3,000 endpoints (Windows/Mac), 200 servers, hybrid cloud (AWS + on-prem)
Applications50 SaaS apps, 15 internal apps, 2 customer-facing web apps
DataCustomer PII (50,000 records), financial data, intellectual property
RegulatorySubject to SOX, GDPR (has EU customers), PCI DSS (processes credit cards)
Security teamCISO (you), 2 SOC analysts (L1), 1 security engineer
Current toolsMicrosoft 365 E5, AWS native security tools, basic AV
Previous incidents2 phishing-based account takeovers in the past year; 1 ransomware attempt (blocked by user reporting)

Assessment Deliverables

Using what you have learned across all 12 modules, produce:

1. Executive Summary (1 page)

  • Current security maturity level
  • Top 3 risks to the business
  • 90-day improvement priorities

2. Gap Analysis

DomainCurrent StateTarget StateGapPriorityEffort
IAMNo MFA on most apps; manual deprovisioning; shared admin accountsMFA everywhere; automated JML; PAM for adminsCriticalP14 weeks
EndpointBasic AV only; no EDREDR on all endpointsCriticalP12 weeks
NetworkFlat network; no segmentationMicrosegmentation; DMZ; IDS/IPSHighP28 weeks
DetectionNo SIEM; limited loggingSIEM with correlation rules; SOC L1/L2CriticalP16 weeks
Incident ResponseNo IR plan; no playbooksDocumented IR plan with tested playbooksHighP13 weeks
Vulnerability MgmtNo scanningWeekly authenticated scanning; risk-based prioritisationHighP24 weeks
CloudNo CSPM; loose IAM rolesCSPM scanning; least-privilege IAMHighP24 weeks
ComplianceNo formal compliance programSOC 2 Type II; PCI DSS v4.0CriticalP112 weeks

3. 90-Day Improvement Roadmap

Weeks 1-2: Quick Wins (minimal effort, maximum impact)
- Enable MFA on all external-facing apps (Azure AD Conditional Access)
- Deploy EDR (Microsoft Defender for Endpoint — already licensed)
- Disable 50+ stale accounts (manual cleanup + HR process)
Weeks 3-6: Detection & Response
- Deploy SIEM (Microsoft Sentinel) and ingest all logs
- Build and test 3 incident response playbooks (phishing, ransomware, data breach)
- Implement automated account deprovisioning
Weeks 7-12: Foundation
- Deploy vulnerability scanner (Tenable or Qualys)
- Implement PAM (Azure AD PIM for JIT admin access)
- Deploy CSPM (Microsoft Defender for Cloud)
- Begin SOC 2 readiness assessment

4. Budget Estimate

ItemCostOne-time/Recurring
EDR licensing (3,000 endpoints × $5/endpoint/month)$15,000/monthRecurring
SIEM (Microsoft Sentinel — 5 GB/day ingestion)$2,500/monthRecurring
Vulnerability scanner$10,000/yearRecurring
Penetration test (annual)$50,000Annual
SOC 2 readiness + audit$80,000First year
Additional headcount (2 L2 analysts)$200,000/yearRecurring
Total Year 1~$450,000

Scoring Rubric

CriteriaWeightExcellent (90-100%)Good (70-89%)Needs Improvement (<70%)
Executive summary10%Clear, actionable, business-focusedUnderstandable but lacks specificsVague, too technical
Gap analysis30%Comprehensive, prioritised, realisticCovers major areas, some gaps missedSuperficial, missing critical domains
90-day roadmap30%Realistic, phased, with clear ownershipLogical but lacks detail or phasingUnrealistic timing or missing key steps
Budget estimate15%Realistic, justified, with optionsRough estimates, some items missingNo budget or clearly unrealistic
Presentation15%Professional, clear, CISO-readyGood structure, some formatting issuesUnprofessional, hard to follow