Leading Projects to Manage Risks

Nonprofit Risk Management

I delivered a presentation to a nonprofit on the critical topic of cybersecurity risk assessment, emphasizing how thoughtful cybersecurity practices can enhance donor trust and drive increased funding. To support this, I created a RICH Picture that visually illustrated the importance of safeguarding sensitive data, preventing operational disruptions, and protecting the organization's reputation. The session covered essential risk assessment concepts and concluded with an interactive Cybersecurity Escape Room, providing an engaging way to reinforce key learnings. Read more about the workshop HERE

Nonprofit Cyber Escape Room Assessing Your Cybersecurity Risk.pptx (1).pdf

Cybersecurity Assessment

I contributed to the MITRE Project Xander initiative by designing cybersecurity products in collaboration with local nonprofits. As part of this partnership, I developed a tailored Cybersecurity Assessment for participating nonprofit organizations. You can view the assessment HERE.

Assessment_Controls Cross-walk_8-6-2022.xlsx

Cybersecurity Crosswalk

Next I mapped the assessment questions to each phase of the NIST cybersecurity framework in this "Assessment_Controls CrossWalk" document. Click to view.

Risk Analysis Template

Then I created this "Cybersecurity Assessment_Risk Analysis Template" for the cyber candidates to indicate the nonprofit's current capabilities as well as any identified vulnerabilities or threats as listed in the STRIDE model.

For this project I had the opportunity to work closely with the Cyber Defense Operations Division to streamline and optimize their Plan of Action and Milestones (POA&M) process.

Key Contributions:

Process Assessment & Gap Analysis: I began by working with the SOC Lead to research and conduct a thorough assessment of the existing POA&M process, identifying areas for improvement and potential bottlenecks. This included reviewing documentation, interviewing stakeholders, and observing current practices.
Standardization & Documentation: I collaborated with the team to develop standardized templates and guidelines for POA&M creation, tracking, and reporting. This helped ensure consistency and clarity across the division.

POA&M Process Improvement

To illustrate the strategic value and impact of security controls, I created (for the Salesforce Trailhead Module) this image and a corresponding table (see below) listing ten control categories, along with:

their individual impact on critical information,
a relatable analogy, and
explanations highlighting their impact on the business.

A vehicle is a relatable analogy for the ten control categories because, like a business’s IT systems, it’s a familiar system with many interconnected parts.

Each control category can be likened to a specific vehicle component, each playing a crucial role in maintaining smooth operation.

Each Control Category’s Impact on Critical Information

Security Controls Periodic Table

I designed the "Security Controls Periodic Table" as a visual and intuitive tool to help navigate the complexities of security controls. This table organizes the control families outlined in NIST Revision 5, offering a structured overview of the foundational safeguards essential for any security program.

Recognizing that effective security goes beyond controls, I expanded the table to include cyber assurance methods, testing strategies, and GRC (Governance, Risk, and Compliance) tools, creating a comprehensive resource for security management.

Domestic Abuse & The Internet of Things

My threat modeling presentation explores how cybersecurity principles can protect potential and current survivors of Intimate Partner Violence (IPV)/domestic violence.

Through extensive research into their unique security challenges, I developed guidance to help developers prioritize survivor safety in their design and development process. Watch the video to hear these essential cybersecurity considerations.

Page updated

Google Sites

Report abuse