A hands-on security assessment project for a fictional company, demonstrating the skills I learned while preparing for CompTIA Security+ (SY0-701). This is my way of applying what I studied instead of just memorizing exam dumps.
After passing my Security+ exam (789/900, January 2026), I wanted to create a comprehensive capstone project that covers all five Security+ domains in one place. This isn't just for my portfolio - its a knowledge roadmap I can always come back to when I need to visualize how enterprise security actually works.
Reading about incident response playbooks is one thing. Actually writing one, mapping it to NIST 800-61, and thinking through real scenarios? Completley different. I learn better when I can see the full picture, not just isolated concepts.
So I created NordicShield Technologies, a fictional Finnish company with realistic security challenges, and worked through building their entire security program from the ground up. Now when I think about "security operations" or "risk management," I can instantly picture the NordicShield scenario and walk through the steps in my mind.
This project is my mental model for enterprise security. If you find it helpful, feel free to star it ⭐
NordicShield Technologies Oy is a 120-person company in Helsinki that makes sustainable cooling solutions for data centers. They just raised €15M Series B and are expanding to Amsterdam, Austin, and Kigali.
The problem? Their security is... not great:
- No formal policies (everything is "we'll figure it out")
- No SIEM - they're basically flying blind
- MFA is inconsistent at best
- No incident response plan
- Basic firewall, thats it
Sound familiar? Most SMEs look like this. My job was to fix it.
The project follows the 5 Security+ exam domains:
- Security controls matrix
- CIA triad implementation
- Authentication strategy
- Gap analysis
- Zero trust assessment
- Threat actor profiling
- Vulnerability assessment
- Social engineering defenses
- Malware analysis procedures
- Attack surface mapping
- Network segmentation design
- Cloud security architecture
- IAM implementation
- Encryption strategy
- Resilience planning
- SIEM implementation plan
- Vulnerability management program
- Log analysis procedures
- Incident response plan & playbooks
- Digital forensics procedures
- Automation scripts
- Security policy framework
- Risk management program
- Compliance mapping (GDPR, NIS2, ISO 27001)
- Security awareness training
- Vendor risk assessment
- Business continuity plan
This project demonstrates systematic security assessment methodology following Security+ exam domains. It mirrors real-world consulting engagements where assessments are conducted in phases aligned with client priorities and resource availability.
| Phase | Domain | Status |
|---|---|---|
| Phase 1 | General Security Concepts | 🔄 In Progress |
| Phase 2 | Threats & Vulnerabilities | 📋 Planned |
| Phase 3 | Security Architecture | 📋 Planned |
| Phase 4 | Security Operations | 📋 Planned |
| Phase 5 | Program Management | 📋 Planned |
Additional phases will be completed as part of ongoing professional development and CompTIA continuing education requirements.
- NIST Cybersecurity Framework
- NIST SP 800-53 (Security Controls)
- NIST SP 800-61 (Incident Handling)
- ISO 27001/27002
- CIS Controls v8
- GDPR
- NIS2 Directive
I'm Precious Robert, a cybersecurity analyst based in Finland. Background in industrial Engineering.
Certifications:
- CompTIA Security+ (SY0-701) - Jan 2026
- Google Cybersecurity Professional Certificate
Contact:
- LinkedIn: linkedin.com/in/precious-robert
- GitHub: github.com/robertpreshyl
- Email: precious.robert2023@gmail.com
If your studying for Security+ or want to see how these concepts apply to a real scenario:
- Start with
01_Company_Documentation/NordicShield_Complete_Profile.mdto understand the company - Go through each phase in order
- Each deliverable shows practical application of exam objectives
Feel free to fork this and adapt it for your own learning. Just dont copy paste it as your own work - do the thinking yourself, thats where the learning happens.
This project is for educational purposes. The company (NordicShield) is fictional. Any resemblance to real companies is coincidental.