Home | About Me | Projects | Resume

---

Professional Statement

“Security is not a roadblock to innovation; it is the guardrail that ensures we reach our destination safely.”

I am a Cybersecurity Governance, Risk, and Compliance (GRC) professional dedicated to bridging the critical gap between technical security operations and executive business strategy. In an era where data is a currency and trust is a competitive advantage, I believe that effective cybersecurity is not just about blocking threats—it is about enabling the business to operate with confidence.

My approach to cybersecurity is rooted in Risk Contextualization. A vulnerability is just a technical flaw until it is viewed through the lens of business impact. My goal is to translate complex technical risks into clear, actionable intelligence that stakeholders can use to make informed decisions. With a background in Computer Information Systems (Cybersecurity) and legal law as a Paralegal, I possess the unique ability to understand both the “system” and the “law” elements of security, allowing me to orchestrate compliance programs that are compliant both on book and in action.

🏛️ Core Values

My professional conduct is guided by three non-negotiable pillars:

1. Integrity: In the world of auditing and compliance, truth is the biggest metric. I am committed to transparent reporting and ethical decision-making, ensuring that risks are never hidden, but managed. “Doing the right thing when no one is watching” is not a cliché to me; it is the baseline of my profession.
2. Precision: As detailed in my approach to control mapping and framework analysis, I believe that the difference between “compliant” and “secure” lies in the details. I approach every policy review, risk assessment, and control test with forensic attention to detail.
3. Resilience: The threat landscape is not static, and neither am I. I view setbacks as data points for improvement. Whether it is adapting to a new regulatory framework (like the shifts in NIST or ISO) or responding to an emerging threat vector, I remain adaptable and composed under pressure.

🛠️ Technical Competency & Growth

While my focus is on governance, risk, and compliance, I maintain a strong technical foundation to ensure I understand the systems I am protecting. I hold the CompTIA Security+ certification and AWS Academy Cloud Security Foundations badge, and I am actively pursuing my ISACA CISA certification.

Some hands-on experience includes:

• ServiceNow GRC: Configuring automated workflows to streamline risk assessments.
• Framework Alignment: Mapping controls across NIST SP 800-53, ISO 27001, and SOX to eliminate redundancy.
• Vulnerability Management: Utilizing tools like Qualys and AWS Prowler to assess posture and prioritize remediation based on criticality.

Read More: More projects, labs, programs, and experiences.

🔮 The Path Forward

My long-term vision is to serve as a Chief Information Security Officer (CISO) who champions a culture of security-by-design. I aim to move beyond reactive compliance—scrambling to pass an audit—toward proactive governance, where security controls are seamlessly integrated into the organization’s daily lifecycle.

I am driven by the challenge of bringing harmony in a world of chaos and the responsibility of protecting the data that powers our modern world.

---

Back to the Main Portfolio