Skip to main content

Scheol Lab - Project Overview

Purpose

Scheol Security Lab is a hands-on cybersecurity project designed to explore and document the progressive construction of a security program for a small-to-medium enterprise (SME).

The project is currently at an early stage. The core infrastructure is already deployed (a Proxmox virtualization host, an OPNsense firewall and a public VPS hosting this documentation platform), while the governance, risk management and control documentation is being developed in parallel.

This portfolio therefore serves both as technical documentation and as a structured roadmap for the lab’s evolution, illustrating how risks, controls, architecture and validation mechanisms are progressively designed, implemented and reviewed over time.

This project also serves as a professional portfolio supporting my search for a work-study opportunity in cybersecurity governance.

If you’d like to discuss a work‑study opportunity or simply learn more, feel free to contact me on LinkedIn (link in the footer).

Positioning

The lab is designed as a progressive learning environment in GRC frameworks and processes, and is still a work-in-progress project.

All technical choices are driven by identified risks and are mapped to structured controls, inspired by real‑world security and compliance frameworks (ISO 27001, NIST CSF, GDPR and the EBIOS RM methodology).

Scope

The following pillars are meant to be covered end‑to‑end:

  • Risk Management - asset inventory, threat‑scenario creation, risk evaluation.
  • Control Framework - selection and mapping of safeguards to each risk.
  • Applied Security Architecture - segmented infrastructure, hardened hosts, identity management and secure administrative access.
  • Monitoring & Validation - log aggregation, telemetry collection and control validation.
  • Audit Simulation - mock audits, DPIA simulation, evidence collection for ISO 27001 and GDPR.

Guiding Principle

Risk → Controls → Implementation → Validation → Improvement

The lab evolves iteratively : documentation (methodology, risk register, asset catalogue) is kept up‑to‑date to reflect the current state of the environment.

Architectural Highlights

  • Network segmentation (DMZ, internal LAN, privileged zone).
  • Segmented trust zones with restricted inter-zone communication.
  • Identity management with OpenLDAP and MFA.
  • Infrastructure automation using Ansible, Gitea and version-controlled configuration.

Methodological References:

  • ISO/IEC 27001:2022 - Asset management and operational security principles used as inspiration for control structuring.
  • NIST Cybersecurity Framework (CSF) 2.0 - High-level security functions used to organise lifecycle activities.
  • GDPR (Regulation EU 2016/679) - Data-protection principles and security of processing considerations.
  • EBIOS Risk Manager (ANSSI) - Methodology used as inspiration for threat-scenario modelling and risk evaluation.