🪐 Welcome to My Portfolio!
Welcome to my professional showcase. Here, you’ll find my journey through the world of cybersecurity, including hands-on projects, professional experiences, certifications, and blog-style posts sharing my thoughts and learning experiences.
📑 Table of Contents
👨🏽💻 About Me
My name is Justin Min, and I am a Governance, Risk, and Compliance (GRC) professional specialized in bridging the gap between regulatory requirements and technical security. I hold a degree from Georgia State University’s J. Mack Robinson College of Business, where I majored in Computer Information Systems with a focus on Cybersecurity.
With a unique background in legal compliance and cybersecurity, I have hands-on experience translating complex laws (e.g. NIST, SOX, ISO 27001) into actionable security strategies. I am continually advancing my expertise in IT auditing, risk assessment, and control automation, applying a risk-centric mindset to protect critical assets. My approach blends a detail-oriented mindset with technical efficiency to enhance organizational resilience and streamline compliance maturity.
Protecting the future by securing the present.
📖 Professional Background
I began my academic journey in Computer Information Systems with a focus on Cybersecurity, fascinated by the technical architecture of cybersecurity. However, it was during a pivotal Cybersecurity Cloud Risk Analyst capstone internship that my true passion ignited. I realized that effective security wasn’t just about firewalls—it was about governance, strategy, and managing the human element of risk.
Driven to master the regulatory side of this equation, I immersed myself in the legal field as a Paralegal. This role allowed me to sharpen my skills in regulatory compliance, forensic documentation, and auditing, instilling the precise, detail-oriented mindset that is critical for Cybersecurity GRC. As I continued to apply these legal skills to technical challenges—through hands-on projects and virtual simulations—my commitment to the GRC field only deepened.
Today, I possess a unique blend of experiences that bridge the gap between legal precision and technical cybersecurity. My journey reflects a deliberate pursuit of the “why” and “how” behind security frameworks, with a clear mission to build resilient, compliant, and secure infrastructures for the future.
📜 Certifications & Badges
- CompTIA Security+
- ISACA CISA (In Progress)
- AWS Academy Cloud Security Foundations
- Qualys Vulnerability Management (In Progress)
- Qualys Policy Compliance (In Progress)
- ServiceNow System Administrator Associate (In Progress)
🎓 Education & Affiliations
- ISACA Atlanta Chapter (Since 2026)
- Member of ISACA’s Atlanta Chapter
- Georgia State University, Atlanta, GA (2020-2025)
- Bachelor’s in Business Administration, Major in Computer Information Systems, Concentration in Cybersecurity, Minor in Korean Language
- Clubs: Programming Club (Event Lead), Women in Tech, Cybersecurity Club
- Dean’s List 2023-2025
- Completed coursework in Introduction to Programming (Python), Intro to Cybersecurity, Systems and Network Security, Cybersecurity Tools, Principles of Accounting I & II
- Codepath, Intro to Web Development 101 (Fall 2023)
- Completed an introduction to Web Development course provided by Codepath.
- Designed and deployed a mock website utilizing HTML, CSS, and JavaScript.
- North Gwinnett High School, Suwanee, GA (2016-2020)
- High School Diploma
- Graduated from a Top 20 ranked Georgia public high school, known for College Prep and STEM
💡 Skills
🛡️ Technical & GRC Skills
- Audit Evidence Collection
- Audit Walkthrough
- Automated Workflow Configuration
- CIS Controls
- Compliance Mapping
- Control Gap Analysis
- Cross-Walking Frameworks
- Dashboarding
- IT General Controls (ITGC)
- Maturity Modeling/Assessment
- Governance, Risk, and Compliance & Frameworks:
- COSO (Committee of Sponsoring Organizations of the Treadway Commission)
- GDPR
- HIPAA
- ISO 27001
- Nationwide Cybersecurity Review (NCSR)
- NIST Cybersecurity Framework (CSF)
- NIST Risk Management Framework (RMF)
- NIST SP 800-37
- NIST SP 800-53
- NIST SP 800-171
- PCI DSS
- SOC 2
- SOX (Sarbanes-Oxley Act)
- Operating Effectiveness (OE)
- Risk Assessment & Mitigation
- Risk Register
- Risk Management
- Risk Matrix
- Test of Design (ToD)
- Third-Party Risk Management (TPRM)
💼 Professional Skills
- Attention to Detail
- Critical Thinking
- Documentation & Presentation
- Ethical Decision Making
- Executive Reporting
- Legal Analysis
- Log Analysis
- Stakeholder Management
- Teamwork
🧠 Core Security Concepts
- CIA Triad
- Cloud & Enterprise Security
- Data Privacy
- Identity and Access Management (IAM)
- Least Privilege
- Vulnerability Management
- Zero Trust Architecture Principles
- AWS Prowler
- Microsoft Office
- Word
- PowerPoint
- Excel (Pivot Tables, Dashboard, Risk Modeling, VLOOKUP)
- Python
- Qualys
- ServiceNow
- SQL
📂 Featured Projects & Experiences
Cloud Risk Analyst Internship: AWS & NIST 800-171
View Full Report
- Served as a Cloud Risk Analyst responsible for assessing the security posture of a simulated AWS environment handling Controlled Unclassified Information (CUI).
- Executed Automated Vulnerability Scans using AWS Prowler and Qualys TotalCloud, analyzing thousands of lines of JSON output to identify critical misconfigurations such as open S3 buckets and lack of MFA on root accounts.
- Performed Framework Mapping, translating technical scan findings into NIST SP 800-171 control gaps (e.g., Mapping “MFA Missing” to Control 3.5.3).
- Developed a Risk Register, calculating risk scores based on likelihood and impact, and assigning severity levels (Critical/High/Medium/Low) to guide executive remediation prioritization.
- Cross-Walked Compliance Standards, demonstrating how the identified NIST gaps also resulted in non-compliance with ISO 27001 and SOC 2 requirements.
PwC Cyber Security Consulting Program: SOX & ITGC
View Full Report
- Served as a Cyber Security Consultant assessing a client’s Procure-to-Pay (P2P) Standard Operating Procedures (SOP) lifecycle against Sarbanes-Oxley (SOX) compliance requirements.
- Conducted Segregation of Duties (SoD) Analysis, identifying a critical control failure where a single user possessed the ability to both create a vendor and process payments, creating a high risk for fraud.
- Executed Test of Design (ToD) and Operating Effectiveness (OE) testing on IT General Controls (ITGCs), specifically reviewing Change Management logs and Access Control lists.
- Drafted an Audit Deficiencies Report, clearly documenting the “Condition, Criteria, Cause, and Effect” of the identified failures.
- Presented Strategic Remediation Plans to the Audit Committee, recommending the implementation of Role-Based Access Control (RBAC) to resolve the SoD conflicts.
ServiceNow GRC: Automated “NIST ComplianceGuard” Application
View Full Report
- Engineered a custom Governance, Risk, and Compliance (GRC) Application within ServiceNow, migrating an organization from static Excel spreadsheets to an automated system of record based on the NIST SP 800-53 framework.
- Architected the Database Schema by extending the core Task table to ensure audit trail inheritance and executed ETL (Extract, Transform, Load) operations to normalize raw data using Transform Maps and Coalescing strategies.
- Reduced Mean Time to Respond (MTTR) to critical compliance failures by 99% (cutting reaction time from ~24 hours to <5 seconds) by implementing Server-Side Logic and Flow Designer workflows that instantly trigger remediation incidents.
- Conducted User Acceptance Testing (UAT) via a “Smoke Test” simulation (SIM-999), verifying that a control failure immediately triggered the automated remediation workflow and alert system.
- Designed a “CISO Command Center” Dashboard, providing executives with real-time visualization of the organization’s security posture through Compliance Overview charts and Critical Action Item lists.
More projects, labs, programs, and experiences will be added to my project portfolio as I continue to develop my skills and complete new work.
Feel free to reach out to me if you have any questions, opportunities, or just want to connect!
I’m always open to networking, collaboration, and opportunities to contribute to the cybersecurity community. Thanks for visiting my portfolio!
Back to Top ↑