All projects in this course were completed in the role of a Security Analyst at Northwest Shelbyville Regional Hospital (NWSRH) — a 593-bed regional medical center. Responsibilities included developing and maintaining IT security practices, advising decision makers on risk minimization, identifying security vulnerabilities, deploying new technologies, documenting security policy, and performing security audits and risk assessments.
| Assignment | Description |
|---|---|
| Project 1 — IoMT Vulnerability Memo | CVE research on 3 medical IoT devices — B. Braun infusion pump, Shekar endoscope, and Medtronic insulin pump |
| Project 2 — Physical Security Plan | Physical security recommendations for hospital exterior, lobby, and maternity unit including camera placement, access control, and staff training |
| Project 3 — HIPAA, PII & PHI Training | Narrated PowerPoint employee training presentation covering administrative, physical, and technical security of personal health information |
- CVE Research & Analysis — Identified and documented real vulnerabilities in IoMT medical devices using NIST NVD and CISA advisories
- Vulnerability Assessment — Evaluated CVSS scores and recommended mitigations for each CVE
- Physical Security Planning — Designed access control, surveillance, and security protocols for a healthcare facility
- HIPAA Compliance — Developed employee training covering HIPAA, PII, and PHI security requirements
- Risk Management — Assessed organizational risk and recommended security controls
- Security Documentation — Authored professional security memos, plans, and training materials
- IoMT/IoT Security — Analyzed vulnerabilities specific to networked medical devices
