Hi, Its me Swann
I am a cybersecurity professional and recent graduate with hands-on experience in security planning, policy development, risk assessment, and maturity modeling. Through academic and project-based work, I have developed practical skills aligned with industry frameworks such as NIST 800-53, PCI DSS, and organizational security governance. My experience includes creating comprehensive security plans, writing and refining security policies, completing SAQ-D documentation for fictitious organizations, and evaluating security maturity to prioritize remediation efforts. I am detail-oriented, analytical, and committed to continuous learning, with a strong interest in helping organizations strengthen their security posture while balancing risk, compliance, and business objectives.
Threat Modeling
This work demonstrates how threat modeling can be integrated into both the system and software development life cycles to identify and mitigate security risks early. Using the fictitious organization SnowBe, I applied techniques such as STRIDE, attack surface analysis, and process flow diagrams to evaluate risks related to sensitive data, application design, and access controls. The project also illustrates how threat modeling supports security maturity by enabling repeatable, risk-based decision making and informing security plans and policies aligned with NIST 800-53, PCI DSS, and CMMC. This artifact highlights my ability to connect technical threats to practical security controls and governance decisions.
Password Procedure & Standard Policy
These security policies were developed to address key organizational security requirements, including access control and acceptable use. Each policy is clearly structured, written in professional language, and aligned with industry best practices. This work demonstrates my ability to translate security requirements into enforceable, understandable policy documents.
Security Plan
This project presents a comprehensive organizational security plan developed and refined across multiple courses. The plan outlines security objectives, governance structure, risk considerations, and control implementation aligned with NIST 800-53. It demonstrates my ability to analyze organizational needs, apply industry frameworks, and create clear, professional security documentation suitable for executive and technical stakeholders.
