As a non-technical cybersecurity professional, my toolbox focuses on non-technical tools to visualize complex concepts, manage risk, create accessible documentation, and deliver effective training. Here I've listed some of the primary tools I use to get my work done efficiently and effectively.

Visualization & Documentation Tools

Tools that transform complex technical concepts into clear, actionable information

YouTube

I use YouTube as a tool in my curriculum design to connect with diverse groups by incorporating visuals of IT, cybersecurity processes and current trends.

For instance, I might integrate a trending dance challenge into a lesson on safe social media practices, use a viral joke to introduce a technical concept, and set a cybersecurity idea to music, creating memorable and effective learning experiences.

Mural

I use Mural, a digital whiteboarding platform, to simplify and visualize complex concepts. Some examples include:

IPv4 CIDR Visual Learning Boards: Interactive boards for teaching networking concepts.
CGRC Study Materials: Integrated with RFC documentation for deeper understanding.
Business Model Canvas Adaptations: Tailored to align security processes with organizational goals.
Stakeholder Analysis: For planning and prioritizing security initiatives.
Low-Fidelity Prototypes: Designed to streamline the development of security documentation.

F.A.S.T Diagrams

I use Function Analysis System Technique (F.A.S.T) diagrams to help identify the core purpose of a function. This tool allows me to explore creative and cost-effective ways to achieve the same function, even when specific resources, like a particular tool or vendor, aren’t available.

Project Management Tools

Tools for organizing, tracking, and maturing security initiatives

Trello

I use Trello, a visual project management tool, to organize and streamline various workflows. Some key applications include:

PRINCE2 Project Management: Tracking project stages, milestones, and deliverables in alignment with PRINCE2 principles.
Policy Development Tracking: Managing the drafting, review, and approval process for policies, ensuring progress and accountability.
Curriculum Design & Evaluation Management: Organizing cybersecurity projects, templates, evaluation data, feedback, and follow-up actions.

Enterprise Mission Assurance Support Service (eMASS)

I use eMASS (a Department of Defense tool) to track, manage, and document every phase of the Risk Management Framework (RMF) process. This includes:

Centralized Documentation Management: Storing and organizing all RMF-related documentation, such as system security plans (SSPs), security control assessments (SCAs), and plans of action and milestones (POA&Ms).
Workflow Tracking: Monitoring the progress of RMF activities, including assessments, authorizations, and continuous monitoring tasks.
Authorization Artifacts: Managing artifacts related to ATO (Authorization to Operate) processes, including initial authorizations, renewals, and decommission orders.
Audit Readiness: Ensuring all required documentation and processes are well-documented and easily accessible for audits and reviews.

Training Design & Content Creation Tools

Tools for designing, developing, and delivering training & performance support resources to enable informed decision-making

Command Line

I incorporate the command-line environments (Linux, CMD, PowerShell) into my curriculum design and delivery to provide technical and non-technical learners with the same workplace environment they currently use (or will use) and practical experience managing and interacting with systems.

Skill Development: Learners practice executing commands, navigating directories, managing files, and configuring systems—building foundational skills essential for technical roles.
Work Scenarios: The command line is used to troubleshoot, automate processes, analyze logs, audit controls, etc., ensuring learners are prepared to meet employer needs.
Adaptable Learning: The command line encourages problem-solving and adaptability, especially as the project complexity increases.
Emphasis on Proficiency: By including the command line, I ensure learners develop confidence in performing tasks across various operating systems, including Linux and Windows.

Augmented Reality & QR Codes

In the escape room experience, I integrate augmented reality (AR) and QR codes to create an interactive and immersive way to hide and reveal critical information.

QR Codes: Strategically placed QR codes acted as digital keys, requiring players to locate and scan them with their devices to access clues, puzzles, or hidden instructions.
Augmented Reality: AR elements were layered into the experience, allowing players to unlock virtual objects, overlays, or hidden messages when viewed through an AR app.

Data Summarization Tools

I use tools like word clouds to summarize and analyze text in an engaging, visual format. I've used them to aid in some of these key tasks:

Feedback Summaries: Highlight common themes in survey responses or customer feedback.
Keyword Analysis: Identify dominant topics in text datasets or social media posts.
Teaching and Learning: Visualize important concepts in a lecture or reading material.
Brainstorming: Generate ideas by visualizing input from a group discussion.

Compliance

Tools for maintaining and managing security documentation and compliance requirements

Correspondence & Task Management System (CATMS)

CATMS is DoD's document management system, where I do the following:

Security documentation workflow management
Policy distribution and tracking
Compliance documentation maintenance

Stig Viewer

Using the Security Technical Implementation Guides (STIG) Viewer allows me to accomplish the following:

Review and assess security configuration compliance
Track the implementation status of security controls
Generate compliance reports for systems and applications
Document compliance findings and remediation steps
Support RMF package development
Maintain evidence of security control implementation