Month 2 Complete: My Journey into Governance, Risk & Compliance

This month marked an important transition in my cybersecurity learning journey. Instead of focusing only on technical concepts, I spent the month learning how organizations manage cybersecurity from a governance and business perspective. During this month I explored topics including: Governance vs Management Three Lines Model NIST Cybersecurity Framework (CSF) Policy Framework RACI Matrix Policy and Risk Ownership Risk Appetite Business Alignment Strategic Objectives Cybersecurity Roadmaps Executive Cybersecurity Strategy One of my biggest takeaways is that cybersecurity is not just about protecting systems. It is about helping organizations make better decisions, reduce business risks, improve resilience, and support long-term business goals. Throughout this journey, I have been documenting everything publicly through GitHub, Medium, and LinkedIn. This approach helps me stay accountable, organize my knowledge, and build a portfolio that reflects my progress. Looking ahead, Month 3 will be much more practical. I plan to start creating professional cybersecurity documentation, including: Password Policy Risk Register RACI Matrix Incident Response Plan Risk Assessment Cybersecurity Strategy The goal is not only to study cybersecurity but also to build practical skills and a portfolio that demonstrates real-world governance and risk management knowledge. Month 2 is complete. Now it's time to start building. 🚀 The journey continues.