Cyber / GRC¶
This section captures cybersecurity, governance, risk, compliance, and security authorization notes.
The goal is to keep practical reference material organized in a way that supports both learning and professional use.
Focus Areas¶
| Area | Focus |
|---|---|
| NIST SP 800-53 | Control families, control intent, and implementation notes |
| RMF / ATO | Authorization workflow, evidence, findings, and risk decisions |
| CMMC | Small business cybersecurity requirements and assessment readiness |
| GRC Workflow | Evidence organization, control mapping, risk tracking, and reporting |
| Security Operations | Monitoring, incident response, exposure review, and alerting |
How This Supports the Portfolio¶
These notes connect hands-on technical projects to compliance and risk management. They show the ability to understand both the technical side and the governance side of cybersecurity.