navy federal.

role Vulnerability Management Intern
period Aug 2023 - Mar 2025
focus IT governance, infrastructure security
scale Thousands of employees
vulnerability management IT governance remediation EUC environment infrastructure security

managing vulnerability at scale

the challenge

Navy Federal Credit Union operates critical infrastructure serving hundreds of thousands of members. With thousands of employees across multiple locations, the IT environment is vast and complex. Vulnerability management at this scale isn't just about finding security holes—it's about managing risk across an entire enterprise, prioritizing remediation based on business impact, and maintaining compliance with strict financial industry regulations.

The challenge: identify vulnerabilities across endpoints, servers, and infrastructure; assess risk; coordinate remediation with business teams; and maintain IT governance controls that prevent regression while enabling business operations.

the approach

comprehensive vulnerability scanning

Systematic scanning of the enterprise environment including endpoints, servers, network infrastructure, and applications. This generates a complete inventory of vulnerabilities across the organization, categorized by severity and risk level.

risk-based prioritization

Not all vulnerabilities are created equal. A critical CVE on an exposed production server requires immediate action. A low-severity finding on an isolated lab system can wait. Effective vulnerability management prioritizes by assessing which vulnerabilities pose the greatest business risk given the organization's specific environment.

coordination and remediation

Identifying vulnerabilities is step one. Remediation requires coordinating with infrastructure teams, application owners, and business stakeholders. Some fixes require patches, others require configuration changes, some require architectural redesign. Working across teams to remediate while minimizing operational disruption.

IT governance and controls

Maintaining governance policies that prevent future vulnerabilities. This means controls on system builds, software approvals, patch management policies, and monitoring that enables rapid detection of new issues. Governance prevents the vulnerability backlog from growing while teams remediate existing issues.

impact & learnings

Enterprise vulnerability management taught me that security is a systems problem. It's not enough to be technically skilled at finding vulnerabilities—you must understand business priorities, coordinate across teams, manage process and governance, and balance security with operational needs. A secure organization requires alignment between security teams, IT operations, and business leadership.

At Navy Federal, I learned the complexity of managing IT infrastructure at scale. Every decision affects thousands of employees and millions of member interactions. This experience shaped how I approach infrastructure decisions today—always thinking about downstream impact, coordination requirements, and risk management.

back to work →
◆ building & scaling view work  ⇒ 📍 based in Virginia
zarhum3@gmail.com © 2025