MITRE ATT&CKArchitecture

Security Architecture Redesign – CustomerFirst Bank

Team Lead·Feb – April 2024

Overview

A comprehensive security architecture redesign for a financial institution that had suffered a network compromise. Led a team to develop a $500K security enhancement plan covering network hardening, SIEM deployment, breach management, and policy reform — all mapped to observed attacker TTPs using MITRE ATT&CK.

The Challenge

The bank had an active compromise with indicators still present in the environment. The challenge was designing a remediation plan that both addressed the immediate breach and built long-term defensive architecture — within a fixed $500K budget and without disrupting banking operations during the hardening period.

The Solution

Mapped all observed attacker activity to MITRE ATT&CK techniques to understand the full kill chain. Used OWASP ZAP to assess web application vulnerabilities. Designed hardened Linux/Windows configurations, deployed SIEM for centralized log analysis and alerting, developed breach management playbooks for future incident response, and updated security policies to align with CIS Benchmarks.

Tech Stack

MITRE ATT&CKTTP mapping for observed breach indicators and remediation coverage

OWASP ZAPWeb application vulnerability assessment

SIEMCentralized log collection, correlation, and alerting

Linux/Windows HardeningCIS Benchmark-aligned system configuration

Security PolicyIncident response playbooks and acceptable use policies

Outcomes

▸$500K security budget allocated across 7 control domains with ROI justification
▸All observed attacker TTPs mapped to MITRE ATT&CK with remediation controls
▸SIEM deployment enabling real-time threat detection and alert triage
▸Breach management playbook deployed — reduces mean time to respond for future incidents

← Back to all projects View Artifact ↗