Hi, nice to have you here!

This site includes my study notes and is meant to be a place to reference information, reflect on projects and share ideas around cyber resilience, tech and cloud computing.
I want to help people and organisations keep their data secure: this is my learning repository and blog.

Below, a growing list of knowledge and experience accrued.

I also have a mentor in cyber governance which is helping me solidify and develop in this area: so grateful for it!


CERTS: 

The GRC approach to managing cybersecurity – Kennesaw state uni

AZ-500: Azure Security Engineer Associate

Managing the security posture | Implementing threat protection | Identifying and remediating vulnerabilities.

  • Secure identity and access
  • Secure networking
  • Secure compute, storage, and databases
  • Secure Azure using Microsoft Defender for Cloud and Microsoft Sentinel

Microsoft Cybersecurity Analyst Professional Certificate

  • Cybersecurity concepts and how they apply to a business environment, threat mitigation strategies from an enterprise perspective, cybersecurity policy measures within an Azure environment, and practice on tools like MS defender, Azure Active Director. A comprehensive course on cloud computing and network security fundamentals, threat modeling and Azure services.

Microsoft Cybersecurity Analyst Professional

PROJECTS AND LABS

  • LetsDefend SOC Analyst path
  • Setup and configured Pfsense firewall
  • Network segmentation on Unifi router and access point
  • Built and configured Network Attached Storage (TrueNAS)
  • Reviewing cybersecurity news daily/weekly and analysing threat actor’s tactics and techniques used, as well as best controls for each vulnerability. Sources include: Simply Cyber Daily threat brief, CISO series, Click Here podcast, Darknet Diaries)
  • Microsoft Cybersecurity Analyst Professional: Network segmentation project + Capstone project

COURSES

  • Comptia A+
  • DR. CHUCK, Python for everyone
  • Hands-on Python for networking professionals, ITPro.TV
  • Reading: “Mastering Information Security Compliance Management” – ISO 2001:2022
  • The Definitive GRC Analyst Master Class – Simply Cyber
    •  Prepared, executed, and reported on audit of subset of NIST SP 800-53 cybersecurity controls
      to include interview, document review, and testing of systems to support compliance audit
      activities.
    • Knowledgeable on NIST Cybersecurity Framework and how the Identify, Protect, Detect,
      Respond, and Recover categories comprise and facilitate an information security program
    • Semi-quantitatively analysed cybersecurity risk using NIST SP 800-30 methodology to identify
      highest risk weaknesses for a system
    • Executed threat modeling exercise to determine higher likelihood threat events to inform
      cybersecurity risk modeling