Skip to content
View jelanidm's full-sized avatar
💭
Iron sharpens iron
💭
Iron sharpens iron
1 follower · 1 following

Block or report jelanidm

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
jelanidm/README.md 
       _      _             _
      (_) ___| | __ _ _ __ (_)
      | |/ _ \ |/ _` | '_ \| |
      | |  __/ | (_| | | | | |
     _/ |\___|_|\__,_|_| |_|_|
    |__/   security operations // grc // built, not just studied

jelani@bastion:~$ whoami

Cybersecurity and GRC practitioner. I run security operations by day and build the documented security programs that small Caribbean organizations usually go without. I learn by building: I run the labs, map the frameworks at the source, and publish the work.

> now

+ building open-source GRC programs for Caribbean SMBs (healthcare, legal, professional services)
+ running 24/7 security operations :: SIEM, incident response, threat hunting
+ on the path :: CCNA 200-301 / HarvardX Advanced Cyber Defense and Risk
+ member :: ISACA (Trinidad & Tobago Chapter)

> medcaribe :: a complete security program

Five interconnected projects building a full security program for MedCaribe, a 55-person healthcare provider in Trinidad & Tobago. Dual-mapped to NIST CSF 2.0 and CIS Controls v8 IG1.

project what it delivers
Governance Program 20-risk quantified register, 5 core policies, IR plan, board briefing, 12-month roadmap
CIS v8 to M365 Mapping all 56 IG1 safeguards mapped to M365; 82% addressable on existing licensing at zero cost
Tabletop Exercise Kit 3 scenarios (BEC, insider threat, vendor breach) with injects, facilitator + AAR templates
Vendor Risk Framework two-factor tiering, weighted questionnaires, sample EHR assessment scored 67% Medium Risk
Gap Assessment Tool dual-framework tool showing a 129% maturity gain (1.05 to 2.4 NIST CSF) over 8 weeks

> labs

SOC Lab :: pfSense IDS/IPS, Windows Server 2022 (AD/RBAC), CrowdSec + Sysmon. Custom alerting cut incident resolution time by 30%.

SIEM Lab :: Elastic Stack centralizing logs from Kali and Windows. Automated ingestion cut manual collection 40%; Kibana dashboards surfaced 50+ simulated malicious events.

Phishing Simulation :: end-to-end Gophish campaigns testing user awareness and validating the email security controls behind them.

> stack

frameworks / grc   ::  NIST CSF 2.0 | CIS Controls v8 | MITRE ATT&CK | Risk Assessment | TPRM | Tabletop
siem / detection   ::  Microsoft Sentinel | Elastic Stack | Splunk | M365 Defender | Defender for Endpoint
m365 security      ::  Entra ID | Conditional Access | Intune | Defender for Business | Purview | EOP
network / systems  ::  pfSense | Active Directory | TCP/IP | VLANs | Wireshark | Nmap | Kali
scripting          ::  Python | SQL | Gophish | Sysmon | CrowdSec

> certifications

CompTIA CySA+  ·  Security+  ·  CSAP        Microsoft SC-200        Fortinet FCA
LetsDefend SOC Analyst Learning Path        ISACA member (T&T Chapter)

> how i work

01  map, don't memorize   ->  a control only matters when it traces back to a risk
02  build to understand   ->  i don't trust a control i haven't stood up myself
03  make it operable      ->  security an analyst can't run is just paperwork

> connect

linkedin/jelanidm  ·  portfolio  ·  jelanidm@gmail.com

# connection encrypted · built in the lab

Pinned Loading

  1. medcaribe-security-program medcaribe-security-program Public

    Complete cybersecurity governance program for a 55-person Caribbean healthcare provider. Risk register, 5 security policies, IR plan with escalation tree, executive risk briefing, and 12-month reme…

  2. m365-cis-controls-mapping m365-cis-controls-mapping Public

    All 56 CIS Controls v8 IG1 safeguards mapped to Microsoft 365 Business Premium features with admin portal paths. Includes coverage heatmap, implementation tracker, executive report, and 6-wave roll…

  3. tabletop-exercise-kit tabletop-exercise-kit Public

    3 tabletop exercise scenarios (BEC, insider threat, vendor breach) with facilitator guides, participant handouts, observer worksheets, and after-action report templates. Built for a Caribbean healt…

  4. vendor-risk-assessment-framework vendor-risk-assessment-framework Public

    Third-party vendor risk assessment framework with tiering methodology, weighted security questionnaires (45-question Tier 1, 20-question Tier 2), scoring rubric, sample CloudMed EHR assessment (67%…

  5. compliance-gap-assessment-tool compliance-gap-assessment-tool Public

    Dual-framework compliance gap assessment tool using NIST CSF 2.0 and CIS Controls v8 IG1. Includes assessment templates, cross-framework comparison view, and sample gap report showing 129% maturity…

  6. Certificates Certificates Public

    Collection of my currently aquired certifcates.