I'm a cybersecurity graduate student at UMGC and an IT Project Manager with a strong foundation in governance, risk, and compliance (GRC), customer experience (CX/UX), and real-world defensive security work.
My career blends technical cybersecurity operations, policy development, and human-centered technology, giving me a unique ability to bridge communication between leadership, engineers, and end-users.
I'm building a portfolio that showcases my journey from IT project management → GRC analyst → long-term security leader.
I'm currently sharpening skills across several blue-team and GRC domains:
- Threat Analysis & Detection — Wireshark packet investigations, PCAP reconstructions, KQL (KC7 labs), Splunk, event log triage.
- Vulnerability Management & Hardening — Nessus/OpenVAS scanning, STIG/RMF-based remediation, configuration management, and POA&M documentation.
- GRC & Policy Development — NIST SP 800-53, RMF, security policies, risk registers, incident response planning, vendor/security control assessments.
- Cloud Security Foundations — AWS Cloud Practitioner certified; IAM, S3, EC2, logging, shared responsibility model.
- Building a cybersecurity project portfolio using real-world scenarios, labs, and mock company assessments.
- Creating risk registers, SOPs, and GRC templates for my consulting brand Human Sight CX.
- Completing hands-on graduate work in Cybersecurity Technology with a focus on Governance, Risk, and Compliance (GRC).
- Preparing for roles such as Cybersecurity Analyst, GRC Analyst, SOC Analyst (L1/L2).
Security Tools: Wireshark · Splunk · KQL · OpenVAS · Nessus · Burp Suite (beginner) · Event Viewer · Autopsy (beginner)
Frameworks & Standards: NIST 800-53 | DoD RMF | CIS Controls | MITRE ATT&CK | FedRAMP basics | Zero Trust Concepts
Cloud & Systems: AWS · Linux · Windows Server Hardening · Git/GitHub for version control and documentation
I currently serve as an IT Project Manager for the federal government. My work is rooted in:
- Translating technical requirements for leadership and stakeholders
- Coordinating cross-functional teams
- Documenting processes, risks, and system impacts
- Bringing CX/UX thinking into technical modernization efforts
This background gives me a strong understanding of how systems, people, and policies intersect — skills that transfer directly into GRC and cybersecurity operations.
Explore my GRC + AI Compliance Portfolio, which demonstrates hands-on documentation, control mapping, and policy authorship aligned to federal and emerging AI standards.
| Section | Description |
|---|---|
| Risk Register | Risk catalog and scoring aligned with NIST SP 800-30 and RMF methodology. |
| ISO 27001 Checklist for Small Businesses | An ISO 27001 checklist created to help small business owners understand the basics of building an Information Security Management System (ISMS). |
| AI Governance & Compliance | AI RMF-aligned governance tables, bias mitigation concepts, and accountability frameworks. |
| Vendor / SaaS Risk Assessment | Lightweight supplier risk questionnaire aligned with NIST SR and FedRAMP SA-9 controls. |
| Continuous Monitoring | Metrics, POA&M reporting cadence, and tracking workflow. |
| Vulnerability Management | Patch validation checklist and risk-based remediation workflow. |
- AI Governance & Risk Management — Applying NIST AI RMF to small-business use cases
- Security Automation — Improving documentation workflows using Make.com + AI assistants
- GRC Development — Expanding policy library and assessment templates
- Professional Growth — Pursuing cybersecurity analyst roles and advanced GRC capabilities
- ✉️ Email: upon request
- 🔗 LinkedIn: LinkedIn Profile
- 🗂️ Portfolio Repository: Dre-C---GRC_Portfolio
- 🐙 GitHub: https://github.com/TechDre