IT Security Implementation - Stabilization & Resilience

Overview

Complete hardening, validate incident readiness, and transition to steady-state operations.

Objectives

Harden remote access (Citrix/VPN): modern TLS/ciphers, posture checks, minimized split tunneling, comprehensive logging.

Strengthen data protection (NAS): least-privilege ACLs, SMB signing/encryption, immutable backups, and restore drills.

Finalize cloud/container supply chain: least-privilege IAM, key retirement, signed images with CI/CD enforcement, registry scanning gates.

SIEM/IR: tune detections, run a tabletop, close gaps, and document KPIs/runbooks for operate-to-own.

Scope

Remote Access: Citrix Gateway/VPN policy, device posture, role-based tunneling, log forwarding.

Data/NAS: ACL redesign, encryption in transit, immutable backup policy, quarterly restore process.

Cloud/Containers: IAM refactor, permission boundaries, cosign/Sigstore verification in pipelines, ECR scanning thresholds.

Monitoring & IR: Alert tuning, dashboards/retention, tabletop execution and follow-ups.

Methods

Change-controlled rollouts with backout steps.

Short stakeholder sessions; evidence captured via exports/screenshots.

Readiness tests (auth, restore, alerting).

Mapping to ISO 27001, NIST CSF, CIS Controls for auditability and handover.

Key Responsibilities

Remote Access Hardening: Update Citrix, enforce modern TLS/ciphers, enable posture checks, restrict split tunneling for privileged roles, route gateway/VPN logs to SIEM.

NAS & Backups: Rework shares to least-privilege, enable SMB signing/encryption, implement immutable backups, perform a live restore drill with documented RTO/RPO.

AWS & Containers: Apply permission boundaries and role refactors, retire long-lived keys, require signed images in CI/CD, block deploy on failing provenance or critical findings.

SIEM & IR: Reduce false positives, add coverage for remote-access/NAS events, finalize dashboards and retention, run tabletop and close actions.

Deliverables

Remote Access Pack: Hardened Citrix/VPN config (before/after), posture policy, split-tunnel matrix, log routing proof.

Data Protection Pack: NAS ACL design, SMB signing/encryption evidence, immutable backup policy, restore-test report.

Cloud & Container Pack: IAM boundary templates, key-retirement attestations, CI/CD image-signing enforcement, registry scanning gate policy.

SIEM/IR Readiness: Tuned rules with KPI baseline (e.g., MTTA/FP rate), finalized runbooks, tabletop minutes, closed action log.

Operate-to-Own Handover: SOPs, admin guides, quarterly upkeep checklist.

Qualifications

Proven hardening of Citrix/VPN (cipher/TLS policies, posture checks, split tunneling).

NAS/backup engineering with immutable storage and documented restore drills.

AWS IAM refactor and container supply-chain controls (image signing, registry scanning, CI/CD policy gates).

SIEM tuning and tabletop facilitation with measurable KPIs; strong documentation/change control.