Governance & Control:

Technical controls:

• Reaction to critical computer security incidents by collecting, analyzing, assembling, coordinating, and preserving digital evidence according to ISO27035, identifying gaps and advising on remedying the risks.
• Collected forensic proof for disciplinary investigations; reviewed log files and events; correlated data and advice for courses of action.
• Work on IAM and PAM access, investigation of possible unauthorized access privileges, revocation of access, report of violations and recording of terminals and interactive sessions.
• Designed, analyzed, monitored, and operated security network applications, which detected important data privacy and legal compliance information.
• Designation of both - a technical and a non-technical security assessment of the network infrastructure, including a root cause analysis for systemic security problems with written reports; the latter comprises assessment-based results (RCAs)
• Developed and designed customized tool integrations for investigations, tracing, and research to ensure an automatic deployment and monitoring of cloud infrastructures and applications.
• Determining attackers' tools, tactics, procedures (TTP) and indicators of compromise (IoCs) that may be applied to current and future investigations.
• Used Cyber Chain contains APT and established tools against cyber threats.
• Coordinated threat-tracing activities across the web, leveraging intelligence from multiple internal and external sources and the latest security technologies.
• Tracing and identifying threat actor groups and their techniques, tools, approaches and identification of breaches in IT infrastructure by imitating attackers' behaviour and responses using Splunk ES.
• Monitor and analyze network traffic and IDS alerts using RSA Security Operations, Sourcefire, NetScout, Wireshark, HP OpenView, and FireEye.
• Allocating and producing multiple security precautions according to ISO 27k, Marisk, Bafin, Kritis, and Cis20 for the framework's control process.
• Implementation of risk analyses and process definitions for ISO controls. Document all activities during assessments while providing status updates on the company's direction during the life cycle of security processes.
• The assistance of the governance team with implementing the eGRC tool Archer and the Compliance Management Module.
• Design and run a secure hybrid cloud infrastructure with IaaS and SaaS components

• Moderate system inventory privacy control assessments are reintroduced using NIST 800-53 and NIST 800-122 controls.
• Review the System of Records Notice (SORNs) and advise on privacy risks, including privacy act statements, disclaimers, and Cooperative Research And Development Agreements (CRADAs).
• Maintain a range of sharing agreements (MOUs, Memorandum of Understanding, and other data use agreements, rules of behaviour, and warning banners (consent and opt-in language). The leadership of the Privacy Information Map (PIM) initiative determines the location and nature of PI stored in databases.
• Drafting a privacy handbook for Sensitive Data Management information governance (SDM). Development and administration of activities like data mapping framework between various data items with regulations, such as CCPA, GDPR, PIPA, PDPA, and PIPEDA.
• Authorisation of policies and procedures for data retention and media sanitation (Storage Limitation Principle). Identify the most suitable operating model for the client and update the RACI matrix to occupy the required roles of GDPR and CCPA.
• Creating process flows to operational response to subject data requests, Data Protection Impact Assessments (DPIA), and Data Subject Access Requests (DSAR).
• Worked as a privacy protection officer for the client, conducting DPIA and doing Records of Processing Activities (RPA).
• Development of data flow maps for crucial business processes and producing RoPA entries, according to article 30 of the client's security questionnaires (Standardised Information Gathering (SIG), CAIQ (Consensus Assessments Initiative Questionnaire).
• Work with cloud-based data storage architectures and controls that are commonly used to secure those kinds of environments, such as encryption, tokenization, data masking, data lifecycle management, data rights management (DRM) technology, retention, deletion and archiving policies, thus ensuring the suitability of cloud data events.
• I am auditing the telemetry train system per norms DIN 50600, DIN 820, IEC 62443, and RIL11402.
• Hardening of the systems: Openscap, Lynix, Tripwire, File Integrity, HIDS, Privilege escalation, and Logging.
• Providing hardening subject matter expertise utilizing DISA STIGS, SRG'S (Security Readiness Guides), and the DISA SCAP tool.
• Establishment of Micro Services Container Security & Cloud-Native Security.
• Introducing a 'Bring Your Device' program compliant with security policies to ensure employees' communication management via smartphones and tablets across the organization
• Analyses hundreds of security monitoring and appliance logs to investigate and tune each incident's correct remediation actions and escalation paths.
• Performing DLP (Data Leakage Systems) installation, maintenance and tuning procedures and devices in the Symantec product using DLP.
• Installing the existing AV replacement solution, including defence and response tools like Carbon Black, Crowd Strike, and open-source tools.

• Managing to relocate security perimeter devices and integrating with new standards.
• Implemented security devices' application firewalls and tuned with Tufin, Barracuda, IBM Guardium, and F5 ASM.
• Creating the Network Matrix. Replacing perimeter security into ASM, including L3 FWs, F5 balancers, and WAF
• Integrating safeguards for fraud, data leakage, e-commerce fraud, server intrusion, and ISP denial of service by implementing Imperva WAFs (Web application firewalls).
• Maintainance of cloud security AWS: Docker WAF that integrates the containers; Docker RASP from Wazuh and Ansible automatises part of the Devsecops regarding the micro-services security.
• Implementing a Twistlock security solution for RASP in AWS containers.
• Document each release or project (project plan, the weekly report status, meeting schedule, gate review PowerPoint presentations), and ensure all updated documentation repositories.
• Creating a SOC monitoring team, procedures, workflows, frameworks, controls and SIEM correlation rules.
• Remediating deep insight into conducting formal tests on web-based applications and networks using deep assessment parameters.
• Transformation of the adversarial, unproductive relationship between Internal Audit and IT departments into a practical, proactive partnership.
• Creating a catalogue of harmful or inexistent use cases.
• Implementing Qradar and Carbon Black.
• Performing the migration from TMG to Zscaler cloud DLP and CASB proxy firewalls.
• Provided technical review of report items from various network devices, such as log files, screenshots, configuration files, permissions, etc., to ensure Cloud Service Providers were closing and mitigating open findings with their POA&M.
• Assisted in interpreting various vulnerability and compliance scanning results from Assured Compliance Assessment Solutions (ACAS), Security Content Automation Protocol (SCAP), and commercial products HP Fortify Cast.

• Implementing AAA and PIM: Cisco ISE + Cyberark for Network Access Control in cabled and wireless devices.
• Implementing the NAC agent compliance for checking the antivirus and Cisco cloud-based EDR.
• Reviewing cloud service providers.
• Assisting clients with transitions to Microsoft O365/EMS cloud services, such as tenant setup and service configuration, focused on cyber risk mitigation.
• Collaborating with the incident management team to evaluate processes and standard practices.
• Performing Cloud Governance Compliance and Auditor/Services Functional Owner/CIO. Coordinating carefully with four compliance analysts and 75 cloud vendors to remediate audit findings.
• Designed, implemented, and managed the VMware virtual infrastructure, testing and improving quality assurance.
• Creating a series of penetration tests for further testing simplified ten development of strategic tests, Pen testing, Fraud OSINT and humming.
• Performing industrial security audits, checking telemetry sensors and servers, robustness and vulnerability assessment, CentOS hardening, and auditing.
• Performing attack simulations on the client's systems and web application firewalls to determine and exploit security flaws (evasion techniques).
• Executing application and infrastructure penetration tests as well as physical security assessments. Documenting and discussing security findings within the information technology teams.

• Managing the centralization of security for all European branch offices.
• Administering the migration to a new data centre security and centralized model and consolidation costs and technologies offered in a service model.
• Creating the SOC: recruiting, training, implementing SIEM and runbooks, incident handling procedures, and building a new security Cisco SDN environment.
• Implementing Zero Trust and micro-segmentation with VMWARE NSX-T and Palo Alto Panorama.
• Administering provision (device providers), integration, engineering (in-depth security net infrastructure) and support activities. Collaborating within the design development of support workflows.
• Enhance and monitor security measures to protect the corporate network, systems, data, applications, and corporate image.
• Creating security correlation rules: content rules in Splunk for new BIA cases.
• Designed, implemented, and managed the 2nd generation SecureAuth Cloud services infrastructure, including all web, database, directory, and certificate authority services. Furthermore, implementation of the 2nd generation SecureAuth IdP hardware.
• Developing and enforcing cloud security standards in AWS and Azure, e.g. IAM policies, security groups, S3 bucket policies, encryption, network security, cloud workload and container security, logging, monitoring, etc.
• Work with IAM Roles, SSH essential public/ private key, KMS
• Implementation of WAFs and NGFW NVAs in Azure and of a concept with Zero trust and micro-segmentation
• Introducing a VPN between cloud and premise reengineering.
• Managing and participating in ongoing Office 365 security and strategy discussions
• Updating Office 365, including changes updates, roadmap & releases, and third-party solutions, discovering flaws in solutions' security, advice of CASB, preventing data exfiltration and shadow usage of security information.
• Administration of transforming a middle (commercial) on-premise solution to an MS Azure and AWS cloud-based solutions. Establishment of a security policy program and corresponding security and privacy policies based on NIST and ISO frameworks

• Implementing WAF for the Bank in transparent mode and KRP (kernel reverse process).
• Installing a file firewall for SharePoint (Imperva) is a solution to avoid data exfiltration and orchestrating the approval for document sharing inside large organisations.
• Assisting with reviewing program-related documentation, such as standard operating procedures, security policies, plan of action and milestones, and other documentation.
• Collaborating with clients in assessments and audits for compliance to include enhancements beyond baseline requirements, as determined by regulation, risk assessments, and organisational risk appetite.
• Developing a Risk and Controls Matrix (RCM), listing GAPP controls and risks associated with control failure.
• Working under the guidance of CISOs, performing SOC2 Type I readiness assessment activities.
• Participating in the company's auditing, overseeing regular audit activities to complete the SOC2 audit for the selected trust criteria.
• Fine-tune the SOC monitoring team and manage procedures, workflows, frameworks, controls, and SIEM rules. Migrating IPS from McAfee IntruShield to Cisco Firepower. Meanwhile, leading other security portfolio projects parallels the senior SOC analyst role.
• Working on improvement for security services and providing feedback and verification about existing security issues.
• Analysing various vulnerability detection applications, i.e., Nessus, Rapid7/ Nexpose,
• AppDetective, Cenzic Hailstorm, WebInspect, Metasploit, and Acunetix Web Vulnerability Scanner.
• Drafting policies and procedures that require advanced verbal and written communication and an appropriate presentation.
• Developing and revising policies, standards, procedures and guidelines for the general operation ofdata protection. Creation of emergency plans for continuity and contingency regarding network security and disruptions (HA and DDoS).

• Analysing application logs to find indicators for reporting security flaws, threats and identity management issues related to web app business areas.
  
• A founding member of the Information Security Governance, Risk and Compliance Committee, si responsible for translating government statutory and regulatory requirements, industry standards, and contractual requirements into IT Security and Risk Management frameworks, policies, procedures, guidelines, and best practices
• Accomplished reengineering the network topology and improving the WAF-IDS environment.
• Performing perimeter analyses for the customer and recommending security improvements, efficiency, supportability, and incident escalation (Firemon).
• Creating a roadmap for the whole security life cycle technology (Director's security plan with subsequent GAP analysis).
• Implementing DMS, a document management system based on open source. Implementing more than 20 security projects: OpenDNS, WAF, IDS, SIEM, AV, MDM, IOC scanner; commercial and open-source ones like Qualys, Nessus, Retina, Rapid7, Sofia, Burp suite, Nmap, Joval, and integrating of the results with SIEM to correlate and score the assets SLAs in the IR process.
• Incorporating security into mobility strategy using the latest network security guidance, i.e. (SRG) Security Readiness Guides, (STIG) Security Technical Implementation Guides, Industry Best Practices guidance, etc.
• Initiating IT systems for inventory, asset, classification, and labelling projects.
• Responsible for the vulnerability management program, including periodic scanning, reporting, and tracking remediation of security vulnerabilities.
• Executing the Information Assurance Vulnerability Management (IAVM) process to ensure dissemination, reporting, and compliance.
• Implemented a cluster of 200 DAMs (Database activity monitoring) gateways in HA and 100 clusters of WAFs and integrated them with SIEM ArcSight.
• Assisting SOC manager in creating use cases in the SIEM for WAF.
• Installing three layers of filtering of SIEM for data retention regulation of the ISP's business.
• Executing all other IA/CS monitoring and reporting to ensure compliance, including developing and maintaining POA&Ms.

• Ensuring security methodology followed NIST compliance, 800.53, RMF, and POAM methods.
• Directing security plan implementation, drafting security directives, risk analysis, and impacted business analysis.
• Creating plans of action and milestones and managing risk remediation across all locations. Managing third-party risk assessments on all new implementations and significant upgrades.
• Managing Peripheral Component Interconnect.
• Identifying data anomalies, errors, non-compliance level degradation and increasing users requiring a DSS with a data quality component.
• Led the project of consolidating the security policies program by drafting a new one and updating existing policies (technical and process), identifying its compliance requirements
• Cooperating with IT, Finance, and Legal Departments to remediate all existing information security and vendor risk assessment gaps.
• Generating pre-sales: active involvement in developing proposals, statements of work (SOW), engagement letters, staffing estimates for privacy engagements, reporting project status to C-level executives, and providing SWOT analysis.
• Reviewing pen testing and vulnerability scanning results and working with the InfoSec team to remediate gaps.
• Completing the Payment Card Industry Data Security Standard (PCI-DSS)
• Self-Assessment Questionnaires (SAQ).
• Assess client security architectures and recommend modifications or adaptions of specific technologies to meet NIST security standards.
• Executing an evidence audit following all the ISO 27k standards.
• Detecting abnormal behaviour and categorising user network traffic profiles with ArcSight SIEM and DPIs (Solera); enforcing the authentication for data login and network rights integrated with other perimeter security devices, such as IPS/IDS, NAC, and AV. 
• Implementing data loss prevention of corporate data with different protocol inspections: IronPort email, McAfee Web-washer, Bluecoat for web and GTB, Net witness RSA, IronPort, and Net-beholders, the rest of the protocols.