Skip to content
View stephenroque's full-sized avatar
👨‍💻
Coding
👨‍💻
Coding

Highlights

  • Pro

Block or report stephenroque

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
stephenroque/README.md

Hi, I'm Stephen Roque 👋

Cybersecurity Governance | GRC | TPRM | Critical Infrastructure

Military Firefighter • IT Procurement & Cybersecurity Governance • CBMMG


🛡️ About Me

I am a Cybersecurity Governance and Risk Management professional with a strong background in critical infrastructure, IT governance, and public-sector technology.

Currently serving in the Technology and Systems Core (NTS) of the Military Fire Department of Minas Gerais (CBMMG), where I support IT governance, public-sector procurement, third-party risk management (TPRM), compliance, and secure technology acquisition for mission-critical information systems.

My career spans more than 20 years across the Brazilian Army, Brazilian Navy, and Military Fire Department, with experience supporting high-reliability organizations where operational continuity, resilience, and disciplined risk management are essential.

  • 🎓 B.Sc. in Computer Science — University of the People (GPA: 3.85)
  • 🛡️ Focus: Governance, Risk & Compliance (GRC), Third-Party Risk Management (TPRM), Critical Infrastructure Protection
  • 🌎 Experience: Military operations, IT infrastructure, public-sector procurement, secure systems, and cybersecurity governance
  • 📚 Currently advancing expertise in: Security+, NIST RMF, ISO/IEC 27001, Risk Management and Security Frameworks

📈 Professional Impact

  • Governed IT procurement processes totaling approximately R$18M annually, supporting secure technology acquisition, compliance, and audit readiness for mission-critical systems.
  • Performed vendor and third-party risk assessments (TPRM) for information systems acquisitions in the public sector.
  • Developed and deployed the official CBMMG mobile application, integrating multiple legacy public safety systems into a unified platform.
  • Supported operational resilience during Operation Brumadinho, contributing to logistics, personnel coordination, and continuity in one of the world's largest search and rescue operations.
  • More than 20 years supporting critical infrastructure across defense, public safety, aviation, mining, and government environments.

🎯 Areas of Interest

  • Governance, Risk & Compliance (GRC)
  • Third-Party Risk Management (TPRM)
  • Critical Infrastructure Protection
  • Vendor Security Assessments
  • Public Sector Cybersecurity
  • Secure Procurement
  • Security Frameworks (NIST RMF • ISO/IEC 27001 • CIS Controls)

🛠️ Technical Expertise

Infrastructure • Security • Cloud

Windows Linux Kali AWS Docker Google Cloud Cloudflare Wazuh

Development & Application Security

Python PHP Laravel Java Kotlin Swift Bash


📜 Certifications & Professional Recognition

Cybersecurity

  • GRC Specialist — Hackers do Bem
  • Google Cloud Computing Foundations Certificate
  • Ethical Hacker — Cisco
  • Certified Fundamentals Cybersecurity — Fortinet
  • Cybersecurity Specialist — DIO

Academic Honors

  • President's List
  • Dean's List

Languages

  • 🇺🇸 English (B2+)
  • 🇪🇸 Spanish (B2)

Awards

  • Meritorious Note - Life-saving action (Successful Neonatal CPR)
  • Meritorious Note - Excellence in Communications (B5), Training & Community Outreach

📝 Publications

Cybersecurity • Governance • Risk Management

Engineering

📖 Read more on Medium and LinkedIn.


Proudly serving at

CBMMG

Passionate about strengthening cybersecurity governance, operational resilience, and secure technology adoption in mission-critical environments.


Popular repositories Loading

  1. OrangeTech OrangeTech Public

    Bootcamp Orange Tech +

    JavaScript 4 2

  2. dio-kali-medusa-bruteforce-lab dio-kali-medusa-bruteforce-lab Public

    Educational lab simulating brute force attacks using Kali Linux and Medusa against vulnerable services (FTP, Web/DVWA, SMB), with focus on ethical hacking, documentation, and mitigation strategies.

    2

  3. stephenroque stephenroque Public

    Profile

    1

  4. OrangeTechBackEnd OrangeTechBackEnd Public

    Bootcamp Orange Tech + | BackEnd

    Java 1

  5. laravel-benchmark laravel-benchmark Public

    Forked from thecaliskan/laravel-benchmark

    Laravel Benchmark Example Project for Laravel Octane Servers

    PHP 1 1

  6. dio-miniguia-tprm-grc dio-miniguia-tprm-grc Public

    Análise tática de TPRM e GRC em licitações públicas, cruzando a Lei 14.133/21 com o framework NIST SP 800-161. Projeto prático gerado com IA (NotebookLM) | Desafio DIO.

    1