Working alongside teams, I help develop and implement security policies that meet industry standards and regulations. This collaborative approach includes risk assessments, vulnerability identification, and designing practical security controls. The focus is on making cybersecurity compliance straightforward and achievable through teamwork.

Security Culture.pdf

Proposal: Cybersecurity Awareness Practices

In this presentation, I'm proposing a paradigm shift in our cyber awareness campaign, moving away from the traditional, passive approach to one that actively engages and motivates employees.

Instead of lectures and generic emails, imagine including employees in the cyber awareness campaign. Think gamified quizzes, rewards for spotting phishing attempts, and personalized awareness posters based on individual roles (see below). This approach will educate as it transforms the workforce into a more active line of defense against cyberattacks.

Include Interesting Stories

Make Employees Part of the Learning

Policy Quick Reference Guide.pdf

Cybersecurity Policy Quick Reference Guide

This guide helps you build a strong cybersecurity administrative foundation, even if you're new to it. This outlines the must-have policies to protect your business, plus suggestions on easy-to-use templates to get started.

Key Point: Your company's risk appetite matters! This means understanding what risks you're willing to take, and tailoring your policies accordingly.

With this guide, you'll create a security plan that fits your business like a glove, not just a one-size-fits-all solution.

It's about smart choices, not just checking boxes.

I LOVE AUDITING!!!

As the lead auditor for a SaaS organization mock audit, I followed the Plan-Do-Check-Act (PDCA) methodology outlined in ISO 27001. My goal was to prepare the organization for a successful ISO 27001 certification audit by identifying and addressing any potential gaps in their information security management system (ISMS).

Through my interviews with stakeholders, adhering to the PDCA cycle, and the information in my final report, I was able to help guide the SaaS organization through a structured and thorough preparation process, ultimately enhancing their ISMS and building confidence for the upcoming ISO 27001 certification audit.

Company Audit Report 9_30-2021-FINAL_Redacted.pdf