Integrity
Security work depends on honest evidence, clear limitations, and responsible recommendations.
About
I translate security goals into governance, risk, compliance, and documentation teams can use.

Professional Profile
My cybersecurity perspective is shaped by the idea that strong security programs depend on more than tools. They require clear policies, accountable ownership, useful evidence, effective communication, and risk decisions that support the business.
I organized this portfolio around practical case studies rather than a traditional resume-only presentation. Each project demonstrates a specific GRC capability: policy development, internal audit support, risk assessment, vendor review, incident response planning, security awareness, vulnerability governance, framework mapping, and business continuity.
I am especially interested in work that connects security requirements to organizational reality. That includes translating frameworks into usable controls, preparing documentation that helps teams make decisions, and communicating findings in a way that supports both leadership and implementation teams.
Location
Open to remote and hybrid opportunities
Specialization
Governance, Risk & Compliance
Experience Focus
Structured cybersecurity projects
Frameworks
ISO 27001, NIST CSF, CIS Controls
Availability
Recruiting, internship, consulting, and contract conversations
Journey
This site is designed to show how my learning translates into work products that recruiters and security leaders can evaluate.
2024
Eretmis Academy
Completed structured GRC-focused projects covering governance, internal assessment, risk management, awareness, and incident preparedness.
2024
ISC2 and Google
Built foundational cybersecurity knowledge across principles, operations, frameworks, incident response, and governance.
Ongoing
Professional Development
Expanding expertise in ISO 27001, IT audit, vendor risk, business continuity, and AI security governance.
Values
The professional values behind the portfolio are visible in the structure of each project and the care given to documentation.
Security work depends on honest evidence, clear limitations, and responsible recommendations.
Controls should support the organization, reduce risk, and remain realistic for the people who operate them.
Cybersecurity changes quickly, so professional development is treated as an ongoing obligation.
GRC work succeeds when security, IT, legal, leadership, and business teams share context.
Competencies
These competencies are introduced on the home page and explored through project case studies.
Developing policies, control expectations, and governance artifacts that help security programs operate with clarity.
Assessing business risk, documenting impact, and translating findings into prioritized treatment plans.
Mapping requirements to practical evidence, controls, documentation, and audit-friendly reporting.
Reviewing controls, identifying gaps, and presenting remediation recommendations in professional formats.
Evaluating third-party risk through questionnaires, control reviews, and business impact analysis.
Supporting incident response planning with roles, escalation paths, communications, and lessons learned.
Professional Approach
01
02
03
04
05
Review structured case studies that show my GRC approach in practice.