Project Overview
A comprehensive 3-page Power BI dashboard providing real-time visibility into cybersecurity operations, vulnerability management, and compliance tracking across 500+ enterprise systems.
Built for: Executive decision-making and security operations prioritization
Timeline: October – November 2025
Tools: Power BI Pro, DAX, Power Query, SQL
๐ Explore Interactive Dashboard
๐ป View Code on GitHub
The Challenge
Security teams at enterprise organizations struggle with:
โ Visibility gaps – 500+ vulnerabilities scattered across multiple systems
โ Priority confusion – Which issues need immediate attention?
โ Compliance complexity – Tracking SOC 2, ISO 27001, NIST requirements
โ Manual reporting – Hours spent preparing status updates for executives
The question leadership asks: “What’s critical RIGHT NOW?”
Most teams can’t answer quickly.
My Approach
I designed a 3-page dashboard that tells a complete operational story:
- Executive Summary – 30-second status scan for C-suite
- Vulnerability Management – Detailed analysis for security teams
- Compliance Tracking – Framework monitoring for audit preparation
Each page serves a specific audience with the exact insights they need.
Page 1: Executive Summary
Purpose: High-level operational status for C-suite and security leadership
Key Metrics Tracked:
๐ Current Status
- 90 Open vulnerabilities
- 85 In-Progress
- 325 Closed (78% closure rate – exceeds industry average of 65%)
โฑ๏ธ Performance
- 20-day average time to remediate (meets SLA target of <25 days)
- 31 Critical vulnerabilities requiring immediate attention
๐ฏ Risk Profile
- Severity distribution: 40% Medium, 30% High, 15% Critical, 15% Low
- Applications have highest count: 194 total (26 Critical)
Key Insight:
The stacked bar chart reveals Applications have 26 Critical vulnerabilities – immediately directing security teams to prioritize application patching over other system types.
Interactive features: Filter by Location and Remediation Owner for drill-down analysis.
Page 2: Vulnerability Management
Purpose: Operational intelligence for security teams to identify trends, aging vulnerabilities, and prioritize remediation work
What This Page Reveals:
๐ Trend Analysis
- Q1 2024: 195 vulnerabilities discovered (annual audit spike)
- Q3 2025: Discovery and closure rates converging (improvement)
- Clear quarterly patterns guide resource planning
โฐ Aging Analysis
- 225 vulnerabilities aged 90+ days (backlog requiring escalation)
- Stacked by severity: Most are Medium priority, but Critical items exist
- Visual immediately shows if urgent issues are aging too long
๐ฏ At-Risk Systems
| System | Critical | High | Avg Days Open |
|---|---|---|---|
| CRM | 5 | 7 | 415 |
| Patch Management | 5 | 7 | 348 |
| Payment Gateway | 5 | 10 | 303 |
Key Insight:
CRM system has 5 Critical vulnerabilities with 415-day average age – the conditional formatting (dark blue highlighting) draws immediate attention to this urgent remediation priority.
Technical note: The aging chart uses a stacked column design to show severity composition within each time bucket – revealing that not all aged vulnerabilities are equal priority.
Page 3: Compliance Tracking
Purpose: Framework compliance monitoring for audit committees and risk management
Compliance Status:
๐ Overall Score: 78%
- Target: 80% (currently 2.34% below)
- Q3 2025 peak: 95%
- Q4 2025 decline: 78%
๐ What Happened in Q4?
The trend line tells the story: Compliance peaked at 95% in Q3, then dropped to 78% in Q4. This reflects a comprehensive year-end audit that identified previously undetected gaps.
Framework Breakdown:
SOC 2 Type II: 77 findings (highest count)
- 6 Critical
- 14 High
- 38 Medium
- 19 Low
ISO 27001: 74 findings
NIST SP 800-53: 24 findings
PCI DSS: 7 findings
Business Unit Performance:
- Operations: 79% (lowest – needs focused support)
- HR: 81%
- IT: 83%
- Finance: 86%
- Security: 89%
- Other: 100%
Key Insight:
The matrix visual groups findings by framework and severity, revealing that SOC 2 Type II compliance requires immediate attention with 77 total findings concentrated in monitoring and malicious software controls.
Technical Highlights
Data Architecture
Data Model: Star schema design
- Fact Table: Vulnerabilities (500 rows)
- Dimension Tables: Systems (30 rows), Compliance (200 rows)
- Date Table: Custom DAX-generated calendar (2024-2025)
Relationships: One-to-many from Systems โ Vulnerabilities
Advanced Power BI Features
โ Custom DAX Measures
MTTR =
CALCULATE(
AVERAGE(Vulnerabilities[Days_To_Remediate]),
Vulnerabilities[Status] = "Closed"
)
Critical Count =
CALCULATE(
COUNTROWS(Vulnerabilities),
Vulnerabilities[Severity] = "Critical"
)โ
Conditional Formatting
Gradient scales automatically highlight high-priority items using color intensity
โ
Cross-Page Filtering
Slicers enable multi-dimensional analysis across all visualizations
โ
Matrix Visuals
Hierarchical grouping by framework reveals compliance patterns
โ
Time Intelligence
Trend analysis with quarter-over-quarter comparisons
Design Principles Applied
Color Strategy:
- Blue gradient palette for professional, corporate appearance
- Darker shades indicate higher priority/urgency
- Minimal accent colors (orange for targets only)
- Consistent across all pages
Information Hierarchy:
- Page 1: Summary metrics (executive 30-second scan)
- Page 2: Operational details (daily security team use)
- Page 3: Compliance monitoring (audit preparation)
Real-World Applications
This dashboard structure is used in:
๐ข Security Operations Centers (SOC)
Real-time monitoring and incident prioritization
๐ Risk Management
Executive reporting on security posture and compliance status
๐ Audit Preparation
Framework compliance tracking for SOC 2, ISO 27001, NIST assessments
๐ Board Presentations
C-suite visibility into cybersecurity operations
Industries:
Utilities โข Financial Services โข Healthcare โข Government โข Technology
Based On:
This structure mirrors production dashboards I worked with in the Energy sector, where I tracked $50M+ IT operations and cybersecurity compliance for utility infrastructure.
What This Project Demonstrates
Technical Skills
โ
Power BI Pro (advanced visualizations, DAX, Power Query)
โ
Data modeling (star schema, relationships, calculated columns)
โ
Business intelligence (KPIs, trend analysis, conditional formatting)
โ
SQL (data extraction and transformation)
Business Acumen
โ
Cybersecurity domain knowledge
โ
Risk-based prioritization thinking
โ
Executive communication (distilling technical data for leadership)
โ
Compliance framework understanding (SOC 2, ISO 27001, NIST)
Soft Skills
โ
Translating business requirements into technical solutions
โ
Information design and visual communication
โ
Stakeholder-focused reporting
Portfolio Quality
This isn’t a tutorial project. It’s production-ready work that could be deployed in enterprise environments today.
Explore the Project
๐ Interactive Dashboard
Launch Dashboard
Try the filters, explore the data, see how interactive visualizations guide decision-making.
๐ป GitHub Repository
View Code & Documentation
Complete technical documentation, DAX measures, data model structure, and design decisions.
๐บ Video Walkthrough
Coming This Week
5-minute guided tour explaining the business problem, technical approach, and key insights.
Let’s Connect
Interested in discussing data analytics, Power BI best practices, or cybersecurity operations?
๐ง Email: hello@ernestogonzales.com
๐ผ LinkedIn: linkedin.com/in/eg-data
๐ป GitHub: github.com/ernestog27
๐ More Projects: Browse Portfolio
Ernesto Gonzales, MSDA
Data Analyst | San Diego, CA
Master’s Degree in Data Analytics, Western Governors University
Specializing in Power BI, SQL, Python, and transforming complex operations into executive insights.
Ernesto Gonzales, MSDA 