I'm a cybersecurity student focused on Governance, Risk, and Compliance (GRC). This profile collects self-directed projects I've built to learn how security programs and compliance workflows actually fit together β connecting risk, controls, evidence, and remediation.
Everything here is a simulation built for learning and portfolio purposes, not production work. I'm early in my journey and still learning, so these projects reflect practice and progress rather than professional experience.
I started my B.S. in Cybersecurity and Information Assurance (WGU) in 2024, beginning with an interest in offensive security. As I worked through my CompTIA A+, Network+, and Security+ certifications, my interest shifted toward governance, compliance, and the structured side of security β how organizations define controls, show they work, and track the gaps.
To learn this hands-on, I started small: hardening my own environment with least-privilege accounts, removing unnecessary services, and applying deny-by-default firewall rules. From there I built baseline-comparison workflows to detect configuration drift, and then began creating end-to-end GRC portfolio projects that tie controls, evidence, and documentation together.
I'm currently building familiarity with tools like Nmap, Wireshark, and Sysmon so I can support governance work with some technical grounding.
π― Where I'm headed: entry-level roles in GRC and compliance, across both commercial (NIST 800-53, PCI DSS, third-party risk) and federal-aligned (RMF, NIST 800-171, STIG) environments.
All projects are fictional simulations created for educational and portfolio purposes.
An end-to-end GRC program for a fictional small merchant. It includes a risk register, a control matrix mapping NIST SP 800-53 to PCI DSS v4.0.1, a NIST β PCI crosswalk, an evidence pack (with simple Python validation scripts), a POA&M for tracking gaps, and a vendor risk program. π https://github.com/MgnCoding2020/grc-paper-project-coffee-shop
A companion to the program above β a complete third-party (vendor) risk assessment for a fictional cloud payroll vendor, walked end to end: intake β inherent risk scoring β due diligence β findings β remediation β final report. The findings roll back into the GRC program's POA&M, so the two projects connect. π https://github.com/MgnCoding2020/Vendor-Risk-Assessment-Lab
A compliance lab exploring how system baselines align with DISA STIG concepts and NIST SP 800-171 requirements, using PowerShell-based checks and audit-ready evidence organization. π https://github.com/MgnCoding2020/stig-800-171-compliance-lab
A simulated identity and access review workflow β access inventory validation, review procedures, findings, and remediation tracking. π https://github.com/MgnCoding2020/IAM-Access-Review-Lab
A defensive lab documenting Windows event monitoring with Sysmon β capturing telemetry such as process execution, PowerShell activity, and DNS lookups. π https://github.com/MgnCoding2020/Cybersecurity-Monitoring-Lab
Scheduled scripts that generate system baselines and snapshots to detect configuration drift over time. π https://github.com/MgnCoding2020/HomeEDR-and-Governance-Security
- Broadening framework knowledge (NIST CSF 2.0, ISO 27001) beyond NIST 800-53 and PCI DSS
- Getting familiar with GRC platforms (e.g., OneTrust, ServiceNow GRC) through free training
- Building a Windows STIG baseline assessment workflow (SCAP Compliance Checker, STIG Viewer)
- Strengthening networking and system fundamentals (Nmap, Wireshark, Sysmon)
- Practicing clear, audit-ready documentation and traceability (risk β control β evidence β remediation)
(These are areas I'm actively learning β listed to show direction, not mastery.)
B.S. β Cybersecurity and Information Assurance, Western Governors University (WGU) 2024 β In Progress
- All projects are fictional and built for educational and portfolio purposes.
- Any sensitive-looking data is simulated or sanitized.
- The emphasis is on realistic, repeatable workflows and documentation β and on showing my learning as it develops.



