Commonwealth Bank Introduction to Cybersecurity Job Simulation
Fraud analytics in Splunk, incident response handling, security awareness design, and entry-level web pentesting in a banking context.
Overview
This project is based on the Commonwealth Bank Introduction to Cybersecurity Job Simulation delivered through Forage (January 2026).
The simulation reflects the responsibilities of a cybersecurity generalist supporting fraud detection, incident response, security awareness, and basic penetration testing within a large financial institution.
Key Activities
1) Fraud Analytics & Dashboarding (Splunk)
- Installed and configured Splunk Enterprise, imported a structured payments dataset, and explored fields via Interesting Fields.
- Built a fraud-focused dashboard including:
- Counts by Category, Fraud, Age group, and Merchant
- Fraud distribution by Age, Category, Month (Step), and Gender
- Identification of highest-fraud gender + category combinations
- Identification of highest-fraud age group + merchant combinations
- Produced reporting outputs designed to support rapid operational decision-making in fraud monitoring.
2) Incident Response (Phishing → Credential Theft → Ransomware)
- Analyzed a timeline consistent with phishing-led credential harvesting followed by malware/ransomware impact (file access failures and document errors).
- Documented the next-response actions aligned to standard IR phases:
- Detection & escalation, stakeholder notification, evidence preservation
- Containment (isolations, blocking indicators, account actions)
- Eradication (malware removal, scanning, patching, credential rotation)
- Recovery (restoration from backups, validation, monitoring)
- Post-incident review and control improvements
3) Security Awareness (Password Hygiene)
- Designed an employee-facing password security infographic based on Australian Cyber Security Centre (ACSC) guidance.
- Focused on clear, actionable content to reduce credential compromise risk.
4) Web Application Security (Basic Pentesting)
- Completed HackThisSite “Basic” challenges (Levels 1–11) to practice identifying common web weaknesses.
- Produced a structured pentest-style report (scope, findings, impact, and remediation guidance).
Skills Applied
- Splunk data exploration and security analytics dashboarding
- Fraud pattern identification and operational reporting
- Incident response planning and structured containment/recovery thinking
- Threat identification: phishing, credential compromise, ransomware indicators
- Security awareness content design for non-technical audiences
- Basic web security testing and vulnerability documentation
Industry Relevance
This project aligns with entry-level responsibilities in:
- SOC / Blue Team (alert triage, incident handling, containment support)
- Fraud detection & security analytics (SIEM dashboards and trend analysis)
- Security awareness / human risk (training artifacts and policy reinforcement)
- Junior penetration testing (basic web security findings and reporting)
It demonstrates practical capability across both technical defense (monitoring/IR) and organizational security (awareness), in a realistic banking threat environment.