About me
I'm building a career in cybersecurity governance, risk, and compliance ,backed by three years of real-world audit experience and a growing technical foundation.
My path into cybersecurity isn't the usual one. I spent three years as a SAICA trainee auditor at BI Group Chartered Accountants, testing controls across public sector clients in South Africa. That work taught me to ask "prove it" about every policy, system, and process and that instinct is exactly what GRC needs. Most people enter cybersecurity from 'm entering from the control environment side, and that gives me a different and valuable perspective on how risk actually plays out inside an organisation.
Building the technical foundation:
- Google Cybersecurity Professional Certificate
- ISC2 Certified in Cybersecurity (CC) — in progress
- Hands-on practice via TryHackMe, working through GRC-focused learning paths
- A sequenced roadmap beyond CC toward Security+ and CRISC, aimed squarely at GRC-specific roles
**What I bring:**
GRC isn't just knowing frameworks like ISO 27001 or NIST — it's understanding how an organisation actually behaves, where controls break down in practice, and how to translate technical risk into language a board or audit committee will act on. Three years of testing controls across real public sector environments gave me that grounding before I ever started studying cybersecurity formally.
POPIA and data privacy compliance is another area where I bring genuine depth — as data protection regulation matures across South Africa, professionals who understand both the legal framework and the underlying technical controls are still rare.
**Visibility and community:**
I document my pivot publicly — sharing cybersecurity fundamentals, study notes, and career-transition lessons with a growing audience of people moving from finance, audit, and other non-technical backgrounds into cybersecurity. It's proof that there's more than one route into this field.
**Where I'm headed:**
I'm actively seeking entry points into cybersecurity GRC roles — through structured programmes, internships, or remote-friendly positions that value a compliance-first, controls-literate approach to security. My traineeship trained me to scrutinise every control an organisation claims to have. Now I'm applying that same rigour to the digital risks shaping how every organisation operates.
Based in Gauteng, South Africa. Open to remote and hybrid opportunities.
---
That's roughly 320 words — leaves room if you want to add anything specific (a recent project, the Anglo American programme application, or a portfolio piece). Want me to expand it back toward 500, or keep it lean like this