Risk & Vulnerability Management

Showcasing my work in information technology and cybersecurity fields.

Building a powerful homelab isn’t just about standing up virtual machines and spinning up services—it’s about protecting them. With several internet-facing services live, including Windows Servers hosting game infrastructure, and cloud-based platforms for medium-scale storage, document editing, and team planning, risk and vulnerability management became a core focus of the overall design. Security wasn’t an afterthought—it was baked into the architecture from day one.

To manage this evolving threat landscape, a multi-layered vulnerability and risk management strategy was implemented. Nessus served as the primary vulnerability scanner, regularly auditing both internal and external-facing assets. Scans targeted known CVEs, misconfigurations, weak encryption, and missing patches. These automated scans provided consistent, real-time visibility into potential weaknesses and were key in maintaining a proactive security posture.

Beyond automated tools, manual penetration testing techniques were studied and practiced to validate results and identify blind spots Nessus might miss. Using frameworks like OWASP and tools such as Nmap, Metasploit, and custom scripts, efforts were made to simulate real-world attacks—including privilege escalation, lateral movement, and service enumeration. This hands-on approach didn’t just find vulnerabilities—it built intuition and a deeper understanding of how attackers think.

Recognizing that not all vulnerabilities carry equal weight, qualitative risk management was used to prioritize response strategies. Each potential threat was assessed based on likelihood, impact, exploitability, and the sensitivity of affected systems. For example, a known vulnerability on a public-facing game server might be accepted if it only affects non-persistent data, whereas even a low-risk threat to the document collaboration platform—containing sensitive planning data—would trigger immediate mitigation.

Firewalls and access control policies were then aligned to match these risk profiles. Game servers were segmented in isolated VLANs with strict inbound/outbound rules, and reverse proxies were deployed to abstract and secure web interfaces. Cloud-based services used hardened authentication (including MFA), encrypted transit/storage, and were monitored for unusual activity. Logs were centralized and reviewed with a focus on high-value indicators like repeated login failures, unexpected traffic spikes, or unauthorized file changes.

The homelab became more than just a testbed for services—it evolved into a risk-aware infrastructure sandbox where security tools and theories could be applied, tested, and improved continuously. It was a proving ground for real-world security workflows, where patching cycles, response plans, and access control could be modeled like in an enterprise environment—but with the freedom to experiment.

In short, the combination of Nessus-powered scans, penetration testing techniques, and qualitative risk analysis created a dynamic, secure environment capable of hosting internet-facing services without compromise. The result wasn’t just protection—it was clarity, confidence, and control over every node, port, and packet in the system.