At The Global Electronics Association, I have worked on several tasks of the 1st 50
hours relating to our organization’s security. The tasks I completed required extensive in-
depth analysis of our internal network and systems. I worked mostly on remediation tasks
related to penetration testing as we prepared for a retest. Additionally, I was responsible
for creating a Security Awareness Training module for Newly Hired employees and a
Phishing campaign to analyze how susceptible our employees were.
First, we reviewed the 84-page report and planned our remediation steps. I learned that
there are many vulnerabilities that could be exploited; however, some carry more weight
than others. I worked with my supervisor and team to remediate the high-risk threats. This
gave me valuable insight into the annual penetration testing process and how it
strengthens our defenses. The remediation process, which was required before retesting
on 2/6/2026, required me to update the weak password policy and assist with other critical
items. We strengthened our password policy to align with Synercomm’s recommendations
and industry standards. The penetration testing documentation gave me a clear view of the
issues in our environment and how an attacker could exploit each vulnerability. We worked
on reviewing and implementing changes from 1/23/2026 to 2/5/2026.
Changes to the environment, such as password policy updates through Group Policy,
affect not only IT but the entire organization, so careful planning and communication were
required. Other changes required proper planning and documentation in case a rollback
was needed due to disrupted business operations. We would then review the change and
determine whether it represented an acceptable risk to the organization. I implemented
the password policy changes in the local Active Directory on 2/2/2026. This also included a
list of forbidden passwords, which included any domain or company names and terms.
In addition to Penetration testing remediation, I worked with KnowBe4 to create a Cyber
Security Awareness Training Module for newly hired employees. This training is important
because it will help mitigate the biggest weakness in any organization, the “Human
Factor.” The training consisted of KnowBe4’s Annual 45-minute training video. In addition
to creating this campaign, I used Knowbe4 to create a Simulated phishing campaign to
help evaluate our organizational risk. The campaign took place between 2/4/2026 –
2/6/2026. The results of the camping exercise gave us insight into how susceptible our
employees are to phishing attempts. It showed me that ongoing training is detrimental to
an organization’s security posture.
Conclusion
In conclusion, I found my hands-on involvement in Penetration testing remediation
gave me an exclusive look into current vulnerabilities, how they can be exploited, and
practical knowledge for resolving them. I understood the importance of documentation
and communication to our staff regarding changes in organizational security standards.
Using KnowBe4’s platform was rewarding as well because it demonstrated the importance
of annual training and the risks it can help mitigate.