Shane Alves

Summary

As a Cyber Risk & Compliance Analyst, I specialize in managing and mitigating cyber risks, while ensuring compliance with industry regulations and standards. I leverage my technical skills in cybersecurity and cloud computing, which I developed through my education and certifications. I possess excellent communication, problem-solving, and attention to detail skills. Proven success in safeguarding sensitive data, reducing vulnerabilities, and streamlining compliance processes. Experienced in gap analysis, vulnerability identification, and providing effective solutions to enhance business continuity, and minimize operational disruptions.

Overview

years of professional experience

Certification

Work History

Cybersecurity Risk Analyst

University of Florida

08.2024 - Current

. Conducted risk management conversations with clients to identify, assess, prioritize, and mitigate cyber risks. This enabled informed decision-making, reduced cyber exposure, and improved risk mitigation by 30%.
Collaborated with 6+ cross-functional teams. To gather requirements, define project scopes, and ensure enterprise alignment, fostering effective teamwork and project success.
Performed comprehensive gap assessments to pinpoint security vulnerabilities, and provided strategic recommendations for remediation, resulting in a remarkable 90% reduction in non-compliant expenditures
Produced 15+ comprehensive risk analysis reports and presentations monthly, summarizing any findings, recommendations, residual risk, and remediation plans, facilitating clear communications with stakeholders, and enforcing actionable outcomes.
Conduct IT/IS risk assessments for local and offshore vendors, ensuring 100% compliance across 30+ vendors, reducing third-party risks, and avoiding potential losses.
Reviewed security documentation and vendor artifacts (Pen Test reports, vulnerability scans, SOC 2, etc.), ensuring security best practices are enforced and enhancing the organization's overall cybersecurity resilience.
Represented the Cyber Risk team to track and remediate enterprise-wide cyber risks. Improved visibility and accelerated remediation by 40%, reducing risk exposure by 25%, and strengthening the organization's overall security posture.

PCI Security Assessor Intern

Baxter Clewis Cybersecurity

02.2023 - 08.2024

Conducted comprehensive audits of the Web Application Firewall (WAF), revealing instances of internal users accessing malicious websites As a result, we implemented whitelisting controls, effectively shielding the company from approximately 3000 attacks on a quarterly basis
Reviewed the security policies of the Domain Controller on Windows servers, ensuring the robust enforcement of domain security policies. This safeguarded the company's intellectual property against potential misuse and unauthorized access.
Successfully performed firewall scope validation, allowing the company to implement precise network segmentation. This strategic initiative minimized the network scope, resulting in substantial savings of 20,000 billable assessment hours.
Assisted in identifying critical findings during the scoping of systems for PCI assessment that had the potential to cost the company $500,000.
Implemented proactive pre-assessment scoping, leveraging the Prioritization Approach Tool to achieve precise scoping, and reduce company costs by 20%. This also led to a more comprehensive understanding of the organization's diverse environments.
Collaborated closely with clients to enhance and refine their compliance processes, ensuring alignment with PCI DSS standards. This collaborative effort significantly improved business continuity, thereby mitigating potential losses of up to $300,000 due to operational interruptions.

Education

Bachelor of Science - Cybersecurity and Information Assurance

Western Governors University

Salt Lake City, UT

12-2025

Skills

RSA Archer
Risk Management
Third-Party Risk Management
Security/Compliance Frameworks (NIST, ISO 27001, SOC 2, HITRUST, PCI DSS)
Risk Assessments (Qualitative and Quantitative)
Penetration Testing and Vulnerability Management
Audit and Assurance
IT Governance
Information Security Policy

Information Security
Project Management
Team Collaboration
Critical thinking
Effective communication
Stakeholder Management
Teamwork and collaboration
Metric tracking

Certification

CompTIA Security+
CompTIA Network+ CE
CompTIA A+ CE
AZ 900
ITIL v4
ISC2 CC

Websites

References

References available upon request.

Timeline