PortfolioSecurity Discovery Tool

Database EngineeringCybersecurityAIIS Summer 2023Park Place Technologies

Security Discovery Tool

A database-centered cybersecurity project that centralized security discovery data across enterprise sources to improve visibility, data integrity, reporting quality, and incident-response readiness.

15%

Faster incident response

95%

Data integrity improvement

Zero

Data loss in DR tests

Consolidated security sources

AIIS

Summer 2023 industry cohort

100%

On-time project delivery

01 — Overview

Centralizing security data is a database problem

Security Discovery Tool was completed as part of the Academic Industry Immersion Seminar (AIIS) during Summer 2023, connected to a Park Place Technologies industry case study. Working as part of the Database I team, the project focused on a database-first solution to a persistent operations problem: security data scattered across multiple disconnected systems.

The goal was to design a centralized PostgreSQL security database that could consolidate discovery data from enterprise sources — Active Directory, Cisco AMP, and Microsoft Defender — and make that data trustworthy enough to drive faster reporting, cleaner validation, and more confident incident response.

Instead of treating the database as just a storage layer, the work framed it as a security capability: clean schemas, referential integrity, validation rules, source tracking, and recovery planning can directly improve how quickly and confidently a security team responds to threats.

02 — Problem

Fragmented security data slows everything down

Security teams need accurate and timely data to understand their environment. But in practice, that data is rarely in one place. Identity records live in Active Directory. Endpoint protection logs sit in Cisco AMP. Threat detections come from Microsoft Defender. Device inventories are maintained in spreadsheets. Compliance documentation is in separate folders.

When these sources are disconnected, several problems compound:

Slow lookup

Analysts spend time searching across tools instead of responding to threats.

Inconsistent records

The same asset may have different names, statuses, or owners across systems.

Delayed response

Incident triage slows when data has to be manually cross-referenced.

Weak auditability

Without a central record, compliance reporting becomes labor-intensive.

Stale data

Duplicate or outdated entries can mislead risk assessments.

Hard recovery

Scattered data makes disaster-recovery planning and verification difficult.

The project addressed this problem from the database side: improve the structure, validation, and governance of the security data layer so that analysts and systems above it can operate more reliably.

03 — Solution

A validated, centralized security database

The proposed solution was a centralized security discovery database. Instead of leaving security information scattered across tools, the system would collect and normalize records into a consistent relational schema — acting as a trusted layer for reporting, validation, analysis, and response workflows.

Five-stage data pipeline

01

Source Systems

Active DirectoryCisco AMPMicrosoft DefenderEndpoint inventory exportsManual security reports

02

Ingestion & Normalization

Import records from source systemsStandardize naming conventionsNormalize device / user / event fieldsRemove duplicatesResolve inconsistent entries

03

Central PostgreSQL Database

Security asset tablesUser & identity tablesEndpoint protection tablesVulnerability / alert tablesAudit & update history

04

Validation & Governance

Required-field checksReferential integrityDuplicate detectionStatus validationTimestamp & source trackingCompliance documentation

05

Reporting & Response

Analyst query viewsIncident-response lookupCompliance exportsFuture dashboard integration

Design principles

Centralization

One reliable place to query asset and security posture data reduces manual lookup time and makes reporting repeatable.

Data integrity

Security decisions are only as good as the data behind them. Validation rules, required fields, and referential integrity enforce that quality.

Traceability

Every record should preserve source, timestamp, and change history to support audits and compliance workflows.

Maintainability

Documentation, naming conventions, and schema clarity ensure future engineers can extend the system without breaking it.

Recovery readiness

Disaster-recovery procedures and backup validation ensure the database can recover without data loss.

Operational fit

Validation rules must balance strictness with flexibility — a rule that blocks useful data fails its purpose.

04 — Architecture

Schema built for security operations

The database schema was designed around the key entities a security team needs to query: assets, users, endpoint protection records, security findings, and audit logs. Every table was designed with source tracking and change history in mind.

Assets

— asset_id

— hostname

— device_type

— owner

— department

— operating_system

— last_seen

— security_status

Users

— user_id

— username

— email

— department

— role

— account_status

— last_login

Security Tools

— tool_id

— tool_name

— source_type

— integration_status

Endpoint Protection

— endpoint_id

— asset_id

— protection_status

— agent_version

— last_scan_time

— threat_count

Alerts / Findings

— finding_id

— asset_id

— severity

— category

— status

— assigned_owner

— created_at

— resolved_at

Audit Logs

— audit_id

— table_name

— record_id

— action

— source

— changed_by

— changed_at

This relational structure supports stronger reporting than disconnected spreadsheets because records can be joined, validated, audited, and queried consistently. The audit_logs table in particular ensures every data change is traceable — who changed it, when, and from which source system.

05 — Technical Stack

Database tools and security context

DB

Database & Query

PostgreSQLMySQLSQLitepgAdmin 4SQLDBMS concepts

SEC

Security Data Sources

Active DirectoryCisco AMPMicrosoft DefenderEndpoint inventorySecurity event feeds

GOV

Data Governance

Validation rulesReferential integrityDisaster recovery planningQuarterly DR simulationsCompliance documentation

DOC

Documentation & Collaboration

Technical documentationExecutive summaryIndustry case study formatTeam-based project execution

Stack tags

PostgreSQLMySQLSQLitepgAdmin 4SQLActive DirectoryCisco AMPMicrosoft DefenderData GovernanceDisaster RecoveryIncident ResponseCompliance Documentation

06 — Results & Impact

Database engineering as a security capability

The project demonstrated that a well-designed database is not just a storage layer — it can directly improve security operations. The outcomes connected classroom database concepts to real cybersecurity workflows.

15% faster incident response

Consolidated queries replaced manual cross-tool lookup, reducing time-to-answer for analysts.

95% data integrity improvement

Validation rules and normalization eliminated duplicate, stale, and inconsistent security records across reporting workflows.

Zero data loss in DR tests

Quarterly disaster-recovery simulations confirmed backup integrity and recovery procedures under simulated failure conditions.

3 sources centralized

Active Directory, Cisco AMP, and Microsoft Defender data unified into a single queryable schema.

Regulatory adherence

Validation rules designed to support compliance-friendly record keeping and audit-ready change history.

On-time delivery

Full case study project completed on schedule within the AIIS Summer 2023 cohort timeline.

07 — Lessons Learned

What this project actually taught

This was one of my first experiences applying computer science skills to a real engineering business problem. A few lessons stuck:

Database design is a security tool

A validated schema with referential integrity, source tracking, and audit logs is not just good engineering — it is a security control. Clean data enables better detection, faster response, and credible compliance.

Validation must balance strictness

Validation rules that block too much data fail their operational purpose. The right rule improves quality without stopping useful information from entering the system.

Documentation is part of the engineering

Security and compliance systems only stay useful if they are understandable. Maintainable schemas, clear naming conventions, and written procedures reduce the risk of the system becoming a black box.

Industry projects require more than implementation

AIIS-style projects demand communication, planning, stakeholder alignment, and trade-off analysis. The database schema was only one deliverable; the ability to explain its value mattered just as much.

Data quality problems are usually not adversarial

Most inconsistencies in security data come from mismatched tooling conventions meeting at a shared boundary — not from external threats. Fixing the data layer fixes the downstream problem.

08 — Future Work

Where this goes next

The core database design establishes a foundation that could be extended into a full security operations platform. A phased roadmap:

Near-Term

Live dashboard for security posture and asset health
Automated ingestion connectors for Active Directory, Defender, and endpoint tools
Role-based access control for analysts, admins, and auditors

Mid-Term

Alert prioritization and severity scoring engine
Historical trend analysis for endpoint risk
Data-quality scoring for missing, stale, or conflicting records
Automated compliance report generation

Long-Term

Anomaly detection for unusual asset or account behavior
Audit-ready change history for all critical records
Backup verification and DR-status dashboards
Cross-tenant federation for multi-org environments

Security teams often focus on tools, alerts, and dashboards. But behind every security workflow is data. If that data is fragmented, inconsistent, or poorly governed, even advanced tools become less effective.

The Security Discovery Tool project shows that database design is a cybersecurity capability — one that scales across every other layer of the stack.

← Back to Projects