Sharon Rau

• Evaluated risk assessments to include determining threat vector, single loss expectancy, and annualized rate of occurrence. Currently done manually in .xlsx format, but modernizing the process through 1RM and ServiceNow.
• Created weighted matrices to better assess infrastructure risk which improved overall audit readiness
• Completed an impact analysis of IBM offices per country following rising geo-political threats in Europe. Analysis included networks, applications, location, and employees through Inventory Management SOS. This was used to determine which applications needed to be supported elsewhere, and evidence to correct user access to mitigate cyber threats.
• Created process flow for mergers and acquisitions of non-integrated companies. Now applying the same flow to integrated companies. Promoted the idea of a "Risk Review Board" to include leadership from multiped cyber departments for all applications included in the merger.

• Lead external audits around the workstation and platform management security of over 450,000 device to maintain IBM's certifications with SOC2 and ISO 27001. Met with auditors on a monthly, and quarterly basis to review security standards and implemented compliance controls.
• Assisted in creation of IBM's modern compliance reporting tool which ingests data from three MDM solutions (Jamf, Intune, and BigFix) for 450,000+ managed devices. Specifically for de-bugging, user experience improvements, Service Now queue creation, and an automated response Slack channel.
• Supported audits on IBM's internal compliance controls to include being the lead for workstation security and collecting evidence from multiple security solutions such as mentioned MDMs, CrowdStrike, Azure, and MDE. Frameworks include SOX, GDRP, PCI, HIPAA, FEDRAMP, ITAR, COBIT, and NIST.
• Promoted to Program Manager by 13th month of employment.
• Scheduled and facilitated meetings between project stakeholders utilizing agile methodologies to discuss deliverables, schedules and conflicts using Trello, Box, Mural, and Jira.
• Tracked team member progress to mitigate delays and blockers, and to ensure the team felt supported to mitigate burnout. Created the team's template for playbooks and process flows to prevent single points of failure in team progress.
• Lead bi-weekly calls with executives and displayed a presentation and the team's progress, and next sprint steps.

Active Duty: 03/2013-02/2019, Reservist 03/2019-current.

• Performs hands-on and managerial duties in a multi-disciplinary role to include help desk management, IT asset management, risk liaison, lifecycle management, and subject-matter expert on IT devices, their physical security, and information assurance.
• Lead the DoD RMF review for battalion of over 300 personnel, and 500+ nodes within the Information Assurance scope.
• Responsible for an inventory of over 1.5 million dollars of IT equipment to include servers, networking devices, security appliances, and cryptographic control devices.
• While deployed, managed a team of four technicians responsible for diagnosing and remediating devices on secret and unclassified networks for over 300 personnel.

• Lead third party audits with Bansec and regulatory audits under NCUA to include vulnerability and patch management (Qualys), cyber awareness training (KnowBe4), email security, IT systems management (Azure, Solarwinds, Palo Alto) and IDS/IPS management (SecureWorks).
• Tested SIEM (QRadar) and EDR (Crowdstrike, Sophos, Varonis, Arctic Wolf) solutions for company use following maturity recommendations of the NCUA.
• Managed vulnerability scanning, social engineering training, IDS/IPS escalation for over 1000 nodes and 300 employees.