Commonwealth Bank Introduction to Cybersecurity Job Simulation

Fraud analytics in Splunk, incident response handling, security awareness design, and entry-level web pentesting in a banking context.

Overview

This project is based on the Commonwealth Bank Introduction to Cybersecurity Job Simulation delivered through Forage (January 2026).
The simulation reflects the responsibilities of a cybersecurity generalist supporting fraud detection, incident response, security awareness, and basic penetration testing within a large financial institution.


Key Activities

1) Fraud Analytics & Dashboarding (Splunk)

  • Installed and configured Splunk Enterprise, imported a structured payments dataset, and explored fields via Interesting Fields.
  • Built a fraud-focused dashboard including:
    • Counts by Category, Fraud, Age group, and Merchant
    • Fraud distribution by Age, Category, Month (Step), and Gender
    • Identification of highest-fraud gender + category combinations
    • Identification of highest-fraud age group + merchant combinations
  • Produced reporting outputs designed to support rapid operational decision-making in fraud monitoring.

2) Incident Response (Phishing → Credential Theft → Ransomware)

  • Analyzed a timeline consistent with phishing-led credential harvesting followed by malware/ransomware impact (file access failures and document errors).
  • Documented the next-response actions aligned to standard IR phases:
    • Detection & escalation, stakeholder notification, evidence preservation
    • Containment (isolations, blocking indicators, account actions)
    • Eradication (malware removal, scanning, patching, credential rotation)
    • Recovery (restoration from backups, validation, monitoring)
    • Post-incident review and control improvements

3) Security Awareness (Password Hygiene)

  • Designed an employee-facing password security infographic based on Australian Cyber Security Centre (ACSC) guidance.
  • Focused on clear, actionable content to reduce credential compromise risk.

4) Web Application Security (Basic Pentesting)

  • Completed HackThisSite “Basic” challenges (Levels 1–11) to practice identifying common web weaknesses.
  • Produced a structured pentest-style report (scope, findings, impact, and remediation guidance).

Skills Applied

  • Splunk data exploration and security analytics dashboarding
  • Fraud pattern identification and operational reporting
  • Incident response planning and structured containment/recovery thinking
  • Threat identification: phishing, credential compromise, ransomware indicators
  • Security awareness content design for non-technical audiences
  • Basic web security testing and vulnerability documentation

Industry Relevance

This project aligns with entry-level responsibilities in:

  • SOC / Blue Team (alert triage, incident handling, containment support)
  • Fraud detection & security analytics (SIEM dashboards and trend analysis)
  • Security awareness / human risk (training artifacts and policy reinforcement)
  • Junior penetration testing (basic web security findings and reporting)

It demonstrates practical capability across both technical defense (monitoring/IR) and organizational security (awareness), in a realistic banking threat environment.