https://github.com/sking-dev/sc100-portfolio
End-to-end portfolio for the Microsoft SC-100 Cybersecurity Architect exam - Zero-Trust landing zones, Policy-as-Code, AKS guard-rails, FinOps budget controls, and AI-powered Sentinel playbooks. All projects are IaC-driven (Terraform / Bicep) and mapped directly to the four SC-100 skill domains.
https://github.com/sking-dev/sc100-portfolio
ai-security aks azure-policy cloud-governance cybersecurity-architecture devsecops finops sc-100 terraform zero-trust
Last synced: 3 months ago
JSON representation
End-to-end portfolio for the Microsoft SC-100 Cybersecurity Architect exam - Zero-Trust landing zones, Policy-as-Code, AKS guard-rails, FinOps budget controls, and AI-powered Sentinel playbooks. All projects are IaC-driven (Terraform / Bicep) and mapped directly to the four SC-100 skill domains.
- Host: GitHub
- URL: https://github.com/sking-dev/sc100-portfolio
- Owner: sking-dev
- License: mit
- Created: 2025-07-07T15:18:19.000Z (3 months ago)
- Default Branch: main
- Last Pushed: 2025-07-08T10:05:22.000Z (3 months ago)
- Last Synced: 2025-07-08T11:25:23.695Z (3 months ago)
- Topics: ai-security, aks, azure-policy, cloud-governance, cybersecurity-architecture, devsecops, finops, sc-100, terraform, zero-trust
- Homepage:
- Size: 4.88 KB
- Stars: 0
- Watchers: 0
- Forks: 0
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# π SC-100 Portfolio
```plaintext
Zero-Trustβ|βPolicy-as-Codeβ|βAKS Guardrailsβ|βAI-SecOps & FinOps
```
This repository hosts four practical projects that map **1-to-1** to the **SC-100 Cybersecurity Architect Expert** exam domains.
Everything is Infrastructure-as-Code-first (Terraform / Bicep) and blends security, FinOps and AI capabilities.
| Project Folder | SC-100 Domain | Status |
| -------------- | ------------- | ------ |
| [`project-a-zero-trust-landing-zone`](./project-a-zero-trust-landing-zone/) | 1 - Design a Zero-Trust strategy (25 %) | π¨ Scaffolded |
| [`project-b-policy-as-code`](./project-b-policy-as-code/) | 2 - Evaluate governance & compliance (20 %) | β³ Pending |
| [`project-c-aks-guardrails`](./project-c-aks-guardrails/) | 3 - Design infrastructure security (35 %) | β³ Pending |
| [`project-d-sentinel-gpt`](./project-d-sentinel-gpt/) | 4 - Design security operations (20 %) | β³ Pending |
## π Skills-Mapping Table
The detailed cross-walk can be found in the roadmap repo:
## π Prerequisites
* Azure subscription with **Contributor** rights
* **Terraform β₯ 1.6** and / or **Bicep CLI β₯ 0.24**
* **Azure CLI** β `az login`
* *(Optional)* VS Code with Terraform, Bicep & Azure extensions
## π Quick Start
```bash
# Clone repository.
git clone https://github.com//sc100-portfolio.git
cd sc100-portfolio/project-a-zero-trust-landing-zone
# Deploy (Terraform example)
terraform init
terraform apply
# Destroy demo resources.
terraform destroy
```
## π Repo Structure
```plaintext
sc100-portfolio/
ββ project-a-zero-trust-landing-zone/
ββ project-b-policy-as-code/
ββ project-c-aks-guardrails/
ββ project-d-sentinel-gpt/
```
## π
Roadmap
### Project A β Zero-Trust Landing Zone
* [x] Scaffold project folder & README
* [ ] Build hub-and-spoke VNet + Azure Firewall
* [ ] Add Private Link, Bastion and Conditional Access policies
* [ ] Commit architecture diagram & deployment guide
### Project B β Policy-as-Code & Secure Score Uplift
* [ ] Scaffold project folder & README
* [ ] Author custom Azure Policy set (CAF + CIS)
* [ ] Integrate **tfsec** + **Infracost** in Azure DevOps pipeline
* [ ] Capture before / after Secure Score metrics
### Project C β AKS Guardrails
* [ ] Scaffold project folder & README
* [ ] Deploy AKS cluster via Terraform/Bicep
* [ ] Add OPA Gatekeeper with three Rego policies
* [ ] Generate Trivy SBOM & sign images with Cosign
* [ ] Export Kubecost / OpenCost report to Log Analytics
### Project D β Sentinel + GPT-4o Incident "Triager"
* [ ] Scaffold project folder & README
* [ ] Create custom Sentinel analytic rule (AKS audit logs)
* [ ] Build Logic App β Azure Function β GPT-4o summary
* [ ] Post MITRE-mapped incident brief to Teams
* [ ] Log token usage & set budget alert
## Disclaimer
All code is demo-grade. **Do not** deploy to production without full security, compliance and cost review.