Sandra O. is a cybersecurity professional and educator with fifteen years of experience in security architecture, risk management, and compliance. She holds CISSP, CISM, and CRISC designations and has served as a security architect and governance lead for organizations in financial services, healthcare, and federal contracting — environments where a misconfigured access control or a misread risk assessment has real operational and regulatory consequences.
Her career began in network security operations, monitoring perimeter defenses and investigating incidents at a regional bank. Over time she moved into architecture roles, designing zero-trust segmentation frameworks, leading PCI DSS and HIPAA gap assessments, and building security awareness programs from the ground up. That operational background — having been the person who had to explain a data exposure to a CISO at 11 pm — shapes how she teaches security concepts: with precision about what actually matters and why.
At Boost eLearning, Sandra teaches CISSP preparation, CompTIA Security+, CySA+, and CISM exam prep. She structures the CISSP course around the eight domains as integrated disciplines rather than isolated topic areas, because the exam — and the job — requires candidates to reason across them. In Boost’s Live Lab environment, students work through realistic scenarios: classifying a data asset under conflicting regulatory requirements, evaluating a third-party vendor risk posture, and designing an incident response playbook for a simulated breach.
Sandra is direct about what CISSP tests: it is a management-level credential, and students who approach it as a technical exam consistently underperform. She coaches learners to think like a security manager making risk decisions, not a technician implementing controls. She uses Boost’s spaced-repetition review system between sessions specifically to reinforce domain concepts that students tend to conflate — particularly risk management terminology, cryptographic control selection, and access control model distinctions.
She holds CRISC for risk and information systems control, contributes to a regional ISACA chapter, and has written internal governance frameworks adopted by three mid-size financial institutions. She is known by students for being rigorous without being discouraging and for office hours that routinely run long.