Work Project Inventory
Project Tracker
Review: Every Monday morning
Last updated: 2026-05-21
Security — Authentication & Access
| Project | Details | Origin | Days | Status | Links |
|---|---|---|---|---|---|
MSCHAPv2 Migration |
6-sheet Standard Report due. ~6,227 devices, 5 waves. Window 05-04 to 05-30. 9 days remaining. |
2026-04-17 |
34 |
P0 - DUE |
Docs · |
Linux Research (Dr. Shahab / Xianming Ding) |
EAP-TLS for Linux workstations, dACL, UFW. Certificate "password required" blocker. |
2026-03-01 |
— |
P0 - BEHIND |
Docs · |
Research Segmentation |
All research endpoints to Untrusted VLAN. Includes Linux + other endpoints. CISO decision pending. |
2026-03-01 |
— |
P0 - BLOCKED |
Docs · |
ChromeOS EAP-TLS |
SCEP + certificate deployment for Chromebooks. Victor + Paul testing. Related to MSCHAPv2 Wave 1. |
2026-02-01 |
— |
P1 - In Progress |
|
Vocera EAP-TLS Supplicant Fix |
~10 phones failing 802.1X, missing supplicant config. Schedule with clinical engineering. |
2026-03-12 |
70 |
P1 - TODO |
|
iPSK Manager HA |
Pre-shared key automation. DB replication issues, no SSL/HTTPS. Ben Castillo / InfoSec. |
2026-02-01 |
— |
P1 - BEHIND |
|
Strongline Gateway |
8 devices in wrong identity group. David Rukiza assigned. |
2026-03-16 |
66 |
P0 - TODO |
|
Spikewell BYOD VPN |
dACL SQL, AD group integration. |
2026-02-01 |
— |
P1 - Active |
Security — Vulnerability & Compliance
| Project | Details | Origin | Days | Status | Links |
|---|---|---|---|---|---|
ISE Patch 10 (CVE-2026-20147 CVSS 9.9) |
ISE 3.2 Patch 10. Supersedes Patch 9. 70 days on a CVSS 9.9. |
2026-03-12 |
70 |
P0 - OVERDUE |
|
Mandiant Remediation |
Guest ACL hardening, SIEM report, findings status. |
2026-04-16 |
35 |
P0 - Active |
|
Guest Redirect ACL |
Guest redirect ACL work. Mandiant remediation finding. |
2026-05-12 |
9 |
P0 - TODO |
|
VNC Blocking/Removal |
VNC inventory and removal across endpoints. |
2026-05-01 |
— |
P0 - Active |
|
HHS Regulatory Compliance |
New HHS security policies implementation. |
2026-03-01 |
— |
P2 - NOT STARTED |
|
EDR Migration (AMP → Defender) |
Endpoint protection consolidation. |
2026-03-01 |
— |
P2 - NOT STARTED |
Network Infrastructure
| Project | Details | Origin | Days | Status | Links |
|---|---|---|---|---|---|
ISE 3.4 Migration |
Upgrade from ISE 3.2p9 to 3.3+/3.4. SW maintenance ended 2025-10-31. |
2026-01-01 |
— |
P1 - Blocked |
|
Switch Upgrades |
IOS-XE fleet update (C9300, 3560CX). |
2026-01-01 |
— |
P1 - Pending |
|
TCP Clocks Deployment |
ISE identity group validation, query outputs, comms with team. |
2026-04-22 |
29 |
P0 - Active |
|
IoT Dr. Kim |
Sleep study devices, watches recurrence. 5 incident versions in d001. Validate iPSK enrollment. |
2026-04-15 |
36 |
P0 - Recurring |
|
Murus Portae (WAF/FMC) |
FMC cert expired, ACP returns zero rules. Zone map, architecture D2, FMC API reference. |
2026-04-16 |
35 |
P0 - Investigating |
|
DMZ Migration |
DMZ migration planning. |
2026-03-01 |
— |
P2 - Planned |
|
SIEM & Monitoring
| Project | Details | Origin | Days | Status | Links |
|---|---|---|---|---|---|
SIEM QRadar → Sentinel |
Lead role. Monad selected. ISE secure syslog configured, streaming errors. DCR not created — Victor + Mauricio. |
2026-04-10 |
41 |
P0 - BLOCKED |
Docs · |
Monad Pipeline |
3/6 values configured. Need Rule ID + Stream Name from DCR. ISE Remote Logging Target configured 05-18. |
2026-03-11 |
71 |
P0 - Active |
|
k3s NAT Verification |
NAT rule 170 for 10.42.0.0/16. Test or defer to Q3. Blocks Wazuh. |
2026-03-09 |
73 |
P0 - BLOCKING |
|
Wazuh Indexer Recovery |
Restart pod after NAT confirmed. Blocked by k3s NAT. |
2026-03-09 |
73 |
P0 - Blocked |
|
ISE MnT Messaging Service |
Enable ISE Messaging Service for UDP syslogs. Low risk. Bundle with Patch 10. |
2026-03-12 |
70 |
P2 - Bundle |
Platform & Cloud
| Project | Details | Origin | Days | Status | Links |
|---|---|---|---|---|---|
NebulaONE AI Platform |
Enterprise AI on Azure. C-level visibility. Cloudforce vendor. |
2026-03-01 |
— |
P1 - Active |
|
Azure Legacy Migration |
Modern landing zone architecture. Team effort. |
2026-01-01 |
— |
P2 - In Progress |
|
Disaster Recovery |
DR planning and queries. |
2026-03-01 |
— |
P2 - Planned |
|
Abnormal Security |
CR-2026-05-07. Implemented 05-13. Migrated from Cisco. Post-validation pending. |
2026-05-07 |
14 |
✅ COMPLETE |
|
Documentation & Tooling
| Project | Details | Origin | Days | Status | Links |
|---|---|---|---|---|---|
Network Diagram Library |
Network diagrams and queries. |
2026-03-01 |
— |
P2 - Active |
|
BMS Device Inventory |
Building management systems inventory and queries. |
2026-04-01 |
— |
P1 - Active |
|
Downtime Computers |
Downtime computer queries and tracking. |
2026-04-01 |
— |
P1 - Active |
|
Firewall Audit |
FMC discovery, zone map, audit queries. |
2026-04-16 |
— |
P1 - Active |
|
ISE Hardware Refresh |
SNS-3755-K9 — no refresh needed. Upgrade to 3.3+ before EOS 2028-10-31. |
2026-02-01 |
— |
✅ COMPLETE |
This Week — Critical Actions
| Priority | Action | Deadline |
|---|---|---|
P0 |
Run MSCHAPv2 6-sheet standard report |
2026-05-30 (9 days) |
P0 |
Schedule ISE Patch 10 maintenance window (CVSS 9.9, 70 days) |
Immediate |
P0 |
Escalate DCR creation — Victor + Mauricio |
This week |
P0 |
Triage k3s NAT — test or defer to Q3 |
This week |