Shawn Rich

• Development of Advanced Red Team processes and identification of risk
• Oversight and appropriate delegation of key deliverables for projects
• Development of plans and strategies for tools, processes, and overall program road map
• Define, develop and implementation of appropriate metrics for ongoing reporting and risk management
• Plan program design updates based on evolving regulatory environment
• Creation of play books and threat actor profiles
• Mentor and coach staff on a regular basis
• Review employee performance metrics to measure productivity and overall effectiveness
• Provide valuable input to influence the shape and direction of the team strategy

• Responsible for planning, directing and coordinating of the Cyber Threat Intelligence program including leading red teaming from initiation through to implementation.
• Lead cross-functional program teams and collaborate with the lines of business to determine and interpret business requirements into technology solutions enhancing the the enterprise security posture against Cyber Threats
• Responsible for managing program costs, metrics, resources, change requests, risk and issues to ensure that maximum business benefit maintained
• Facilitated potential control solutions by working with the business partners and senior level Security Architects to determine technology solutions that align with the business strategies and IT strategic directions
• Accountable for engaging appropriate service delivery resources to ensure program/project delivery
• Responsible for continued development of the program strategy and the various enterprise-wide high-level project plans and ensures that scope and approach are fully understood by all stakeholders
• Facilitated procurement of third party services and resources in support of the programs matrixed strategy
• Conducted interviews, on-boarding of FTE and contract resources, coaching and mentoring of resources

• Responsible for design and management of highly complex IT security program consisting of multiple red teaming projects and span a broad range of systems and enterprise-wise components
• Lead cross functional program teams and worked with business/technology partners to determine and interpret business requirements into technology solutions for security testing
• Accountable for directing appropriate delivery resources both FTE and Contract to ensure program/project delivery
• Communicated with Directors of Technical Delivery, Portfolio Management and Business Partners with regard to program strategy direction and updates
• Acting as the focal point, and driving force, for PCD and Retail site red teaming projects
• Defining project scope and deliverables, including business/requirements analysis where required
• Helping to identify appropriate candidate solutions for the fulfillment of security requirements in conjunction with relevant technical SMEs, external vendors and the broader marketplace, in order to steer stakeholders to consensus
• Helping to define and document proposed pen testing assessments across all infrastructures
• Modelling the costs and effort to deliver each project, in order to assist with the production of the relevant business cases and budget submissions
• Managing relevant vendors, potentially including conducting market-soundings, facilitating scoping calls, obtaining quotes, managing vendor due diligence and on-boarding, and managing vendor project delivery performance
• Defining, maintaining and tracking performance against detailed project delivery plans in each of the time, cost and quality dimensions
• Project administration, including the production and maintenance of project documentation and the production and delivery of project status reports
• Preparing release-to-production documentation to ensure that the solution delivered can be supported under BAU, including definition of any support / service desk processes require

• Responsible for management of a cross functional security analysts team and collaborated with business/technology partners to determine and interpret intelligence requirements to reduce potential cyber risk to the business
• Development of a Security Incident Response Plan
• Advanced red teaming at all global locations including pen testing and physical breach exercises
• Accountable for directing appropriate delivery resources both FTE and Contract to ensure delivery
• Communicated to Senior and Executive Leadership concerning relevant cyber threats and potential control solutions
• Conducted interviews, on-boarded FTE and contract resources, coached and mentored resources

• Devised and implemented a new security operation centre from initiation to ‘steady state' operation, introducing KPIs and critical success factors to ensure the successful delivery of new security operations globally
• Requirements validation, updating. Created User Stories from Epics and Features
• Working and supporting Agile projects. Updating Board, Tasks, Create PBIs, aligning requirements to delivery. Updating progress
• Report Generation, extracting data from systems to generate compelling, visually clean (aligned to corporate colours, fonts, layouts) reports. Weekly time and progress tracking. Monthly status reporting
• Updating Wiki's with content, using MarkDown and similar
• Led and directed the activities of cross-functional teams globally and supporting the Head of Delivery
• Furthermore, managed 3rd party suppliers and consultants delivering quality products on time and within the budget
• Oversaw the performance of the project team (6), setting clear objectives and targets for the delivery of the project using Agile methodology

SIEM Compensating NIST Controls program: Directing the leadership and management of a compensating control security project, consisting of manual SIEM implementations, pen testing.

• Devised and implemented the integrated Agile/Waterfall hybrid project plan, introducing KPIs and critical success factors to ensure the successful delivery of projects within the program
• Established and implemented project governance to ensure successful program transition from start-up to ‘steady-state'
• Led and directed the activities of cross-functional teams comprising FW, Networks, SOC and SIEM analysts. Furthermore, managed 3rd party suppliers and consultants delivering quality products on time and within the budget
• Oversaw the performance of the project team (5), setting clear objectives and targets for the delivery of the project using Agile/Waterfall hybrid methodology

Security Transformation program: Directing the leadership and management of a multi-streamed security transformation program using NIST framework, comprising Global inhouse and M & As network(NAC) and firewall security upgrades and new software implementations.

• Devised and implemented the integrated Agile (Jira Sprints) project plan, introducing KPIs and critical success factors to ensure the successful delivery of a Global NAC using Aruba ClearPass within the program
• Established and implemented project governance to ensure successful program transition from start-up to ‘steady-state'
• Led and directed the activities of Global cross-functional teams comprising FW, Networks, and Developers. Furthermore, managed 3rd party suppliers and consultants delivering quality products on time
• Oversaw the performance of the project team (10), setting clear objectives and targets for the delivery of the program using Agile sprint methodology

Global IT Transformation program: Played a pivotal role in directing the leadership and management of a multi-streamed global security transformation program, comprising NAC/IAM/Cyber/SIEM/Threat/Vulnerability Security tooling. Consolidation of Global directories including AD along with new ToM of BYOID.

• Devised and implemented the integrated Agile (Jira Sprints) project plan, introducing KPIs and critical success factors to ensure the successful delivery of projects within the program
• Established and implemented project governance to ensure successful program transition from start-up to ‘steady-state'
• Led and directed the activities of cross-functional teams comprising ITSO, Middleware, FW, Networks, and Developers. Furthermore, managed 3rd party suppliers and consultants delivering quality products on time
• Oversaw the performance of the project team (16), setting clear objectives and targets for the delivery of the program using Agile sprint methodology
• Managed the program budget (£22m), including expenditures and costs against delivered and realized benefits in accordance with the program plan governance arrangements
• Built and strengthened relationships with key stakeholders including GITSO, CTO, CIO, regional heads of, 3rd Party PMs, and Architects
• Oversaw change management processes within the streams and minimized detrimental impacts to overall progress and delivery expectations. This allowed the quick transitions from current to new ToM tool sets.