Hi, I'm Sharaden
GRC & Cybersecurity Engineer
I specialize in Governance, Risk, and Compliance Engineering, focusing on securing cloud environments, performing audits, and managing organizational and third-party risk. Here are my hands-on labs and projects:
-
Flask Application Deployment on AWS EC2 — Deployed a Python Flask web application on AWS EC2, implementing secure configuration practices including security groups, key pair authentication, and controlled network access. Demonstrated foundational cloud security principles such as system hardening, least privilege access, and secure application hosting. (Focus: Cloud Security, Secure Deployment & Infrastructure Hardening)
-
AWS API to Excel Automation Lab — Developed an automated solution to extract AWS environment data via APIs and transform it into structured Excel reports for audit and compliance purposes. Enabled efficient evidence collection and reporting by converting raw cloud data into audit-ready artifacts, supporting governance, risk analysis, and continuous monitoring initiatives. (Focus: Compliance Automation, Audit Reporting & Cloud Data Engineering)
-
AWS Encryption-at-Rest Compliance Validation Lab — Designed and executed an automated Python-based compliance validation script to assess encryption-at-rest across AWS S3 buckets and EBS volumes. Validated use of SSE-S3, SSE-KMS, and default encryption settings; identified high-risk unencrypted resources; and generated structured, audit-ready evidence (JSON/CSV) aligned with SOC 2 CC6.1 and NIST SP 800-53 SC-28 requirements. (Focus: Cloud GRC, Compliance Automation & Audit Evidence)
-
AWS Security Architecture Review (SAR Lab) — Conducted a simulated Security Architecture Review on an example AWS environment. Defined system scope, mapped architecture, identified assets and threats, reviewed security controls, documented findings, and created a risk register with quantified risks. Implemented governance-focused recommendations including IAM least privilege, S3 bucket encryption enforcement, and centralized CloudTrail logging. (Focus: Cloud GRC, Risk Assessment & Automation)
-
AWS Account Governance — A Step-by-Step Security Implementation Guide — Established a cloud governance baseline with Identity Center, CloudTrail, AWS Config, Security Hub, and Budgets for compliance and operational control. (Focus: Cloud GRC & Governance Automation)
-
Gap Analysis of Vendor Privacy and Security Policy — Performed a comprehensive vendor policy gap analysis to assess compliance risks against regulatory standards. (Focus: Vendor Risk & Policy Compliance)
-
Third Party Risk Management — Developed a third-party risk management framework to evaluate and mitigate vendor risk. (Focus: Vendor Risk Governance & Compliance)
-
Cybersecurity Audit and Risk — Conducted a simulated IT audit and risk assessment, identifying gaps in controls and recommending remediation. (Focus: IT Audit & Risk Management)
-
Building Elastic SIEM Home Lab — Implemented a security monitoring and threat detection lab using Elastic Stack to simulate SOC operations. (Focus: Security Monitoring & Operational Controls)
I am a GRC-focused cybersecurity engineer passionate about building secure and compliant environments. My expertise includes:
- Governance & Policy Management: Developing, assessing, and enforcing organizational and third-party policies.
- Risk & Compliance Engineering: Performing audits, risk assessments, and implementing controls aligned with NIST, CIS, ISO 27001, and AWS Well-Architected frameworks.
- Cloud Security & Automation: Designing repeatable governance controls using AWS services (Config, CloudTrail, Security Hub) and Infrastructure-as-Code.
- Vendor & Third-Party Risk Management: Evaluating vendor security posture, managing compliance gaps, and mitigating risk.
I focus on practical, hands-on labs that simulate real-world GRC engineering challenges while maintaining compliance, security, and operational efficiency.
- Governance, Risk, & Compliance (GRC)
- Cloud Security & AWS Governance
- Security Auditing & Assessment
- Vendor & Third-Party Risk Management
- Policy Development & Gap Analysis
- SIEM & Security Monitoring