Sarah Braun

ISO | CISSP | STEMinist

Boulder, CO, United States

Details

Education: Executive Master of Public Administration - MPA

Emergency Management and Homeland Security

University of Colorado Denver

2020 : 2023

Bachelor of Business Administration (BBA)

Management Information Systems, General

University of Georgia - Terry College of Business

2006 : 2010

Experience: As Information Security Officer at CU Boulder, my job is to make sure that CU’s community, systems, and data are safe and secure. In setting the strategic vision for security and IT compliance across campus, I collaborate with campus leadership to address risks and issues through policy and action. My north star in the administration of our information security risk management program is the focus on creative solutions that balance strong security practices with ease of use. As a steadfast champion for a security-minded culture, I work alongside my amazing teams to ensure that CU is able to adequately identify and treat IT risks and meet data security compliance obligations. In overseeing the Information Security team and Identity and Access Management team, we build and provide services that emphasize resilience to ensure the safety and security of the CU community today and tomorrow.

2021 : Present

University of Colorado Boulder

Information Security Officer and Assistant Vice Chancellor

I oversaw the Risk & Compliance team, which serves the Boulder campus, the System Administration office, and systemwide efforts. Alongside my team, I consult with departments to support their compliance with the data security alphabet soup (PCI, HIPAA, FERPA, GDPR, CUI, etc.), security training and awareness, policy and governance, and security and risk reviews.

2019 : 2021

University of Colorado

Information Security Officer and Associate Director of Risk & Compliance

The CU System Office of Information Security works to protect central systems and data and actively collaborates with the four University of Colorado campuses in support of the University Information Security Program.

I lead data governance efforts to improve data consistency, quality, access and security for CU to enable data-driven decision making. I collaborate with stakeholders throughout the University system to provide guidance on best practices and gather feedback on IT security related initiatives. In my time with CU I have developed IT security guidance for procurement, including system-wide standard contract language and documentation on best practices for the evaluation of third-party services. This also allows me to act as an IT and data security expert for departments and campuses throughout the purchasing process and contract negotiation. In addition, I am involved with the evaluation of new security services, such as our recent phishing simulation tool, and managing vendor relationships.

2016 : 2019

University of Colorado

Assistant Information Security Officer

As a member of the risk management team for the Office of Information Security, I worked to ensure that we always proactively evaluated new and existing processes and systems to enhance security and mitigate potential risks to the University of Georgia.

I managed a variety of programs and projects and offered ad hoc assistance to our clients on all matters related to IT security. I performed risk assessments at the request of UGA departments and internal IT and conducted security evaluations on new IT projects that handled sensitive data and/or were critical to operations. I assisted with identifying and documenting UGA assets and the classification of data handled by those assets, as well as authorizing and coordinating with those system and data owners. I developed, coordinated, and presented security training and awareness to our staff, faculty, and students; some examples of this include educational materials, boot camp information security classes for non-technical staff, annual mandatory security training, presenting an overview of InfoSec offerings and expectations to hundreds of incoming students and their parents each year during orientation sessions.

2010 : 2016

University of Georgia

IT Security Analyst Specialist

While working at the EITS Help Desk, I provided first-tier technical support for the University of Georgia community of over 40,000 faculty, staff, students, and prospective students.

This primarily consisted of phone, email, and chat support and troubleshooting for proprietary enterprise software systems and third-party software. I was also able to cultivate my presentation skills by participating in a range of outreach activities, as well as gain experience developing technical documentation and conducting business analysis tasks.

2008 : 2010

University of Georgia

Enterprise Information Technology Services Help Desk Consultant

Company: University of Colorado Boulder

Years of Experience: 16

Spoken Language: Spanish

Skills

BPMN, Business Analysis, Business Intelligence, Business Process Improvement, Capacity Building, Communication Skills, Cross-functional Team Leadership, Customer Service, Data Analysis, Data Privacy, Desktop Support, Document Management, Employee Learning & Development, Employee Recognition, Employee Wellness Programs, FERPA, Gap Analysis, Governance, Risk Management, and Compliance (GRC), HIPAA, Information Security, Information Technology, ISO 27001, IT Audit, ITIL, Microsoft Office, NeXpose, NIST 800-53, PCI DSS, Process Improvement, Project Management, Public Speaking, Risk Assessment, Risk Management, Security, Security Evaluations, Security Policy, Situational Leadership, Software Service Lifecycle, Standards Development, Talend ETL, Technical Support, Training, Troubleshooting, Two-factor Authentication, Visio, Vulnerability Management

About

The past 15 years slogging through IT work has taught me an important lesson: continuously addressing the symptoms of broken systems is futile. Band-aids (or a little more MFA) will not be enough to save us from others seeking to exploit our goodness and hopefulness. I never thought we'd still be battling phishing, which still holds the top spot for most common attack vector. The things that we tolerate and prioritize speak loudly, and we all have the ability to shape how technology fits into our lives; we can and should demand that it doesn't harm us and is designed it to foster healthy communities. My interests right now are focused on how the heck our society can muddle through all those tough issues leaning on emergent strategy in the areas of civic technology, human factors, social justice, mutual aid, democracy, resilience, and emergency management. I guess my tl;dr is that academia and practice come together in some pretty cool ways that center the collective and whole community, and it gives me hope for tomorrow!

When I started the MPA program with the School of Public Affairs at the University of Colorado Denver in 2020, I sought inspiration and purpose but didn't expect the eye-opening, soul-shattering experience that it has been. Bolstered by brilliant and caring professors, passionate peers, and a wealth of knowledge at my fingertips, I genuinely believe there are no challenges that can't be overcome (or, as the sticky note on my computer reminds me every day, Where there's a will, there's a way).

Throughout my education and career, I've had the honor of getting to know countless people devoting their lives to the greater good and love using LinkedIn to nourish my relationships with these wonderful individuals. I value privacy and I reject invitations to connect if we've never had a conversation.