The Scenario
A 60-person SA architecture firm has never had a formal vulnerability assessment. The directors authorise an internal review covering perimeter exposure, internal network hygiene, endpoint patching, and basic cloud configuration. You will write the report.
The Brief
Produce a vulnerability assessment report. You may use scenario data (assume scan output of common findings) or document a real assessment of a personal lab. The report must read like a deliverable an external consultant would charge for.
Deliverables
- An executive summary (under 400 words) covering the top three risks and the recommended priority order for remediation
- A findings table listing at least 10 findings with: title, severity (Critical / High / Medium / Low), CVSS-style score or rationale, asset affected, evidence (sanitised), and recommended fix
- A remediation plan grouping findings into Quick Wins (under 1 week), Medium-Term (1-3 months), and Strategic (3-12 months) with effort estimates
- An appendix listing the methodology used and the tools applied (Nessus, OpenVAS, internal scripts, manual checks) with one-line descriptions
Submission Guidance
A vulnerability assessment report that lists 200 findings is useless. The skill is prioritisation: separating the "fix this week" issues from the "consider in next architecture review" ones. Show that judgment.
Submit Your Work
Your submission is graded against the rubric on the right. If you pass, you get a public Badge URL you can share on LinkedIn. There is no draft save, so work offline first and paste your finished response here.