I'm an aspiring cybersecurity professional transitioning from a background in sales management, bringing strong communication, analytical thinking, and problem-solving skills to the digital security space.
My focus is on Governance, Risk, and Compliance (GRC) — helping organizations identify, assess, and manage cyber risk while aligning with frameworks and regulatory standards. I'm currently developing hands-on skills with frameworks like NIST CSF, ISO/IEC 27001, and CIS Controls, and building a portfolio of risk assessments, policy documentation, and compliance processes.
My goal is to contribute to secure and resilient operations through practical, business-aligned cybersecurity governance.
A mock risk assessment using the NIST Cybersecurity Framework. Includes scope, risk register, impact analysis, and mitigation planning. → Demonstrates risk analysis, prioritization, and control recommendation skills.
Evaluates a fictional third-party vendor's risk profile, including data sharing, risk ratings, required controls, and treatment plan. → Shows TPRM proficiency aligned with SIG Lite and NIST SP 800-161.
A set of policies (Acceptable Use, Access Control, Incident Response) based on SANS templates, tailored for a fictional company. → Highlights enforceable policy writing aligned with security frameworks.
Maps NIST or ISO controls to business processes. Includes implementation status, ownership, and gap remediation. → Demonstrates control identification and audit-readiness.
Sample SOC 2/ISO 27001 compliance checklist with evidence tracking and executive audit summary. → Shows practical compliance tracking and audit prep.
A reference spreadsheet of key controls across NIST, ISO, and CIS frameworks. Categorized by objective, process, and implementation notes. → Useful for control mapping and audit readiness.
A fictional plan for maintaining operations during a major disruption. Includes critical process analysis, recovery strategy, and communication plan. → Demonstrates continuity planning and resilience strategy.
Assesses privacy risks for a system handling sensitive data, with mitigations aligned to GDPR/CCPA. → Reflects understanding of data protection and regulatory compliance.
Outlines a fictional GRC program's structure, key roles (e.g., CISO, Privacy Officer), and policy lifecycle. → Demonstrates strategic oversight and GRC integration.
A fictional incident response scenario based on a real-world breach. Includes lessons learned and control improvements. → Showcases awareness of GRC implications in security events.
Sample dashboard with visual KPIs like risk closure rate, policy reviews, and control coverage. → Highlights ability to report and communicate GRC performance to leadership.
| Task | Tools / Technologies |
|---|---|
| Conducting mock risk assessments | NIST CSF, CIS Controls, Risk Register (Excel), FAIR (intro level) |
| Developing cybersecurity policies | ISO/IEC 27001, SANS Policy Templates, Markdown, Word |
| Control mapping & gap analysis | NIST CSF, CIS v8, ISO 27001, Excel |
| Tracking compliance activities | Google Sheets, Excel, custom GRC templates |
| Researching frameworks & regulations | NIST SP 800-53/800-82, NERC-CIP, ISO 27001 |
| Documentation & reporting | Google Docs, Word, Markdown, Lucidchart |
| Exploring GRC tools (demo/simulated use) | ServiceNow GRC (videos/demos), RSA Archer (overview), AuditBoard (conceptual) |
While my focus is GRC, I believe understanding technical environments improves risk decision-making. I’m currently completing the SOC Level 1 Path on TryHackMe to gain foundational knowledge in threat detection, log analysis, and security operations.
[![TryHackMe](<iframe src="https://tryhackme.com/api/v2/badges/public-profile?userPublicId=3720994" style='border:none;'></iframe>)
“Cybersecurity is not a destination, it's a journey — and I’m excited for the road ahead!”