This portfolio demonstrates the design and implementation of structured cybersecurity governance workflows, with a focus on:
- DISA STIG baseline assessment
- NIST RMF-aligned security processes
- identity and access governance
- continuous monitoring concepts
- control-to-evidence mapping
The goal of this work is to simulate how a small organization or DoD-aligned environment can implement defensible, repeatable, and audit-ready security practices.
I began my Bachelor of Science in Cybersecurity and Information Assurance in 2024 with an initial focus on offensive security.
As I progressed through CompTIA A+, Network+, and Security+, my interests shifted toward governance, security architecture, and the structured protection of systems.
I started by hardening my own environmentβimplementing least-privilege account separation, removing unnecessary services, and applying deny-by-default firewall principles. From there, I began developing baseline comparison workflows to detect configuration drift through scheduled assessments.
This work evolved into building portfolio-driven governance projects that connect security controls, monitoring, and documentation. My focus is on creating structured, repeatable approaches to security that align with frameworks such as NIST RMF and DISA STIG baselines.
I am currently developing hands-on experience with system and network analysis tools such as Nmap, Wireshark, and Sysmon, strengthening my ability to support governance decisions with technical insight.
π― Career Focus: Entry-level roles in GRC, RMF, or DoD-aligned cybersecurity environments, supporting compliance assessments, baseline validation, and continuous monitoring efforts.
This portfolio represents components of a structured security program, emphasizing:
- baseline configuration management
- compliance assessment workflows
- governance documentation
- remediation tracking
- continuous monitoring support
Each project is designed to reflect real-world security processes, not just isolated labs.
A compliance-focused lab exploring how system baselines and security controls align with:
- DISA STIG concepts
- NIST SP 800-171 requirements
- structured compliance workflows
- documentation and evidence organization
π Repository: https://github.com/MgnCoding2020/stig-800-171-compliance-lab
A long-form governance project simulating how a security program can be designed for a small business environment.
Focus areas:
- risk identification and analysis
- asset inventory development
- control framework alignment
- governance documentation
π Repository: https://github.com/MgnCoding2020/grc-paper-project-coffee-shop
A governance-focused lab simulating an identity and access review process.
Focus areas:
- access inventory validation
- review workflows
- findings documentation
- remediation tracking
π Repository: https://github.com/MgnCoding2020/IAM-Access-Review-Lab
Actively building a Windows STIG baseline assessment lab using:
- SCC (SCAP Compliance Checker)
- STIG Viewer
- DISA SCAP benchmark content
This project is focused on creating a repeatable, audit-ready compliance workflow, including:
- automated baseline scanning
- checklist validation
- structured reporting
- evidence organization
- Governance, Risk, and Compliance (GRC)
- RMF-aligned assessment workflows
- baseline configuration analysis
- continuous monitoring concepts
- control-to-evidence mapping
- documentation and reporting discipline
Seeking opportunities in:
- GRC / Compliance Analysis
- RMF / DoD-aligned environments
- security baseline assessment and validation roles
Focused on supporting organizations in building structured, defensible, and continuously monitored security programs.
- All projects are built for educational and portfolio purposes
- Sensitive information has been sanitized where applicable
- Emphasis is placed on realistic workflows, documentation, and repeatability
Bachelor of Science β Cybersecurity and Information Assurance (WGU)
2024 β In Progress