Skip to content
View MgnCoding2020's full-sized avatar

Block or report MgnCoding2020

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
MgnCoding2020/README.md

Michael Nault

Profile views


πŸ” Cybersecurity Governance & Compliance Portfolio

I'm a cybersecurity student focused on Governance, Risk, and Compliance (GRC). This profile collects self-directed projects I've built to learn how security programs and compliance workflows actually fit together β€” connecting risk, controls, evidence, and remediation.

Everything here is a simulation built for learning and portfolio purposes, not production work. I'm early in my journey and still learning, so these projects reflect practice and progress rather than professional experience.


πŸ‘€ About Me

I started my B.S. in Cybersecurity and Information Assurance (WGU) in 2024, beginning with an interest in offensive security. As I worked through my CompTIA A+, Network+, and Security+ certifications, my interest shifted toward governance, compliance, and the structured side of security β€” how organizations define controls, show they work, and track the gaps.

To learn this hands-on, I started small: hardening my own environment with least-privilege accounts, removing unnecessary services, and applying deny-by-default firewall rules. From there I built baseline-comparison workflows to detect configuration drift, and then began creating end-to-end GRC portfolio projects that tie controls, evidence, and documentation together.

I'm currently building familiarity with tools like Nmap, Wireshark, and Sysmon so I can support governance work with some technical grounding.

🎯 Where I'm headed: entry-level roles in GRC and compliance, across both commercial (NIST 800-53, PCI DSS, third-party risk) and federal-aligned (RMF, NIST 800-171, STIG) environments.


⭐ Featured Projects

All projects are fictional simulations created for educational and portfolio purposes.

πŸ“Œ GRC Security Program β€” Burn and Churn Coffee

An end-to-end GRC program for a fictional small merchant. It includes a risk register, a control matrix mapping NIST SP 800-53 to PCI DSS v4.0.1, a NIST ↔ PCI crosswalk, an evidence pack (with simple Python validation scripts), a POA&M for tracking gaps, and a vendor risk program. πŸ”— https://github.com/MgnCoding2020/grc-paper-project-coffee-shop

πŸ“Œ Vendor Risk Assessment Lab

A companion to the program above β€” a complete third-party (vendor) risk assessment for a fictional cloud payroll vendor, walked end to end: intake β†’ inherent risk scoring β†’ due diligence β†’ findings β†’ remediation β†’ final report. The findings roll back into the GRC program's POA&M, so the two projects connect. πŸ”— https://github.com/MgnCoding2020/Vendor-Risk-Assessment-Lab

πŸ“Œ STIG & NIST 800-171 Compliance Lab

A compliance lab exploring how system baselines align with DISA STIG concepts and NIST SP 800-171 requirements, using PowerShell-based checks and audit-ready evidence organization. πŸ”— https://github.com/MgnCoding2020/stig-800-171-compliance-lab

πŸ“Œ IAM Access Review Lab

A simulated identity and access review workflow β€” access inventory validation, review procedures, findings, and remediation tracking. πŸ”— https://github.com/MgnCoding2020/IAM-Access-Review-Lab

πŸ“Œ Cybersecurity Monitoring Lab

A defensive lab documenting Windows event monitoring with Sysmon β€” capturing telemetry such as process execution, PowerShell activity, and DNS lookups. πŸ”— https://github.com/MgnCoding2020/Cybersecurity-Monitoring-Lab

πŸ“Œ HomeEDR & Governance Security

Scheduled scripts that generate system baselines and snapshots to detect configuration drift over time. πŸ”— https://github.com/MgnCoding2020/HomeEDR-and-Governance-Security


🧠 What I'm Learning / Working On

  • Broadening framework knowledge (NIST CSF 2.0, ISO 27001) beyond NIST 800-53 and PCI DSS
  • Getting familiar with GRC platforms (e.g., OneTrust, ServiceNow GRC) through free training
  • Building a Windows STIG baseline assessment workflow (SCAP Compliance Checker, STIG Viewer)
  • Strengthening networking and system fundamentals (Nmap, Wireshark, Sysmon)
  • Practicing clear, audit-ready documentation and traceability (risk β†’ control β†’ evidence β†’ remediation)

(These are areas I'm actively learning β€” listed to show direction, not mastery.)


πŸ“œ Certifications

ISC2 Candidate CompTIA Secure Infrastructure Specialist – CSIS Stackable Certification CompTIA Security+ ce Certification CompTIA IT Operations Specialist – CIOS Stackable Certification CompTIA Network+ ce Certification CompTIA A+ ce Certification


πŸŽ“ Education

B.S. β€” Cybersecurity and Information Assurance, Western Governors University (WGU) 2024 – In Progress


πŸ“Œ Notes

  • All projects are fictional and built for educational and portfolio purposes.
  • Any sensitive-looking data is simulated or sanitized.
  • The emphasis is on realistic, repeatable workflows and documentation β€” and on showing my learning as it develops.

🀝 Connect

Pinned Loading

  1. stig-800-171-compliance-lab stig-800-171-compliance-lab Public

    STIG-based compliance lab implementing NIST SP 800-171 and CMMC-aligned security controls with PowerShell automation, validation, and audit-ready evidence

    HTML 1

  2. grc-paper-project-coffee-shop grc-paper-project-coffee-shop Public

    A simulated end-to-end GRC security program for a small payment-card merchant β€” risk register, NIST 800-53 controls mapped to PCI DSS v4.0.1, an evidence pack with Python validation scripts, a POA&…

    Python

  3. MgnCoding2020 MgnCoding2020 Public

    Display Credly Badges

  4. IAM-Access-Review-Lab IAM-Access-Review-Lab Public

    Demonstrates an Identity & Access Management (IAM) governance workflow including access review procedures, evidence collection, findings, remediation tracking, and password policy hardening using a…

  5. HomeEDR-and-Governance-Security HomeEDR-and-Governance-Security Public

    Scripts used with task scheduler to generate baselines for your system and develop snapshots to detect if drift occurs

    PowerShell

  6. Cybersecurity-Monitoring-Lab Cybersecurity-Monitoring-Lab Public

    A defensive cybersecurity lab demonstrating Windows event monitoring and investigation with Sysmon. The project documents real telemetry such as process execution, PowerShell activity, and DNS look…