Critical thinking and problem solving have been two themes throughout my career prior to classifying them as particular skills that I possessed for any type of resume or portfolio. As a Program Manager in the Navy at the command level, you had to triple check written content, execute when lives are on the line as a leader and aircraft maintainer, and ensure compliance between moving parts as a leader and quality assurance representative. At ODU I was able to take classes that taught me about interdisciplinary research, allowing me to place a name to what I had been doing all along. If you want to tackle hard problems, you have to look at them from different angles and disciplinary lenses simultaneously. Cyber GRC allows you to think that way with risk assessments, control frameworks, and compliance gap analyses.

Interdisciplinary Research Paper – IDS 300W

I wrote this paper arguing how much autonomy artificial intelligence should have when assisting ethical hackers with penetration tests. By studying computer science, ethics, and psychology all at the same time, I was able to craft my answer: I developed a theory I named Collaborative AI-Augmented Ethical Hacking, a layered model that scales the autonomy of the AI to the sensitivity of the environment it’s testing. My research in computer science taught me what’s possible with AI tools. Ethics made me consider who’s responsible when a machine automates a high stakes decision. Psychology taught me that over-dependence on automation can silently degrade human decision making. Each individual field would not have led me to that conclusion on its own. The same happens in GRC. It’s that intersection of disciplines that will take you from checking a box to actually managing risk.

10 Step Interdisciplinary Research Flow Chart – IDS 300W

I also developed a flow chart graphic that illustrates all 10 steps of Repko and Szostak’s process mapped to my research question.Designing this made me think through the methodology in a way that just executing it didn’t. Every step had to correspond to something that was visible in my paper. One of my mantras in the Navy was slow is smooth and smooth is fast. That adage applies here as well: taking the time to lay out a process from beginning to end forces you to learn it as if you were teaching it. As a GRC analyst or project manager, you will spend plenty of time introducing new control frameworks or walking leadership through risk assessments. Standards like NIST and ISO 27001 are tried and true problem-solving frameworks and illustrating them out for technical and non-technical stakeholders is part of the job.

Cybersecurity Strategy Analysis – CYSE 425W

Completing this analysis of the 2023 National Cybersecurity Strategy made me think about policy, geopolitics, legal aspects, and organizational behavior all at once. I read through all five pillars but concentrated my in-depth research on Pillar Five, international cooperation, to discuss how cyber threats will never respect national boundaries and unilateral efforts won’t be enough. I selected artifacts from Cyber Policy and Strategy because I want to work in GRC, and anyone who works in GRC that cannot read and analyze policy documents aren’t operating at full potential. Regulations requirements and compliance mandates all stem from policy. This assignment did that directly and helped me connect my coursework to my career.