Hands-on Architect-level Cyber Security Consultant with over 15 years of experience. (See CV for the full range of skill sets.)
Aktualisiert am 12.09.2024
Profil
Freiberufler / Selbstständiger
Remote-Arbeit
Verfügbar ab: 11.09.2024
Verfügbar zu: 100%
davon vor Ort: 25%
security certifications
vulnerability management
Operational Resilience
Penetrationstest
Patchmanagement
DDOS
policy compliance
PCI DSS
DORA
NIS2
NIST
XDR
EDR
ISO 27001
SOC
SOAR
CMDB
phishing
ISO27005
hardening
Architecture board

Einsatzorte

Einsatzorte

Deutschland, Schweiz, Österreich
möglich

Projekte

Projekte

5 years 1 month
2019-09 - now

Build comprehensive Penetration testing customers scenarios for compliance frameworks

Cyber Security / Penetration Testing Consultant
Cyber Security / Penetration Testing Consultant
  • Build comprehensive Penetration testing customers scenarios for compliance frameworks ( SANS Top 25, OWASP Top 10, NIST )
  • Plan and execute Penetration tests services and Red team Exercises
  • Develop technical and executive reports
  • Present business oriented findings at front of customers executives
  • Assists customers remediation process
  • Project Management for Cyber Security
  • Static Code Analysis
  • SQLi, XSS, Overflows, DLL-Hijacking
  • Vulnerability management - ( Nessus, Qualys)
  • Wi-Fi testing
Bulgaria
7 years
2017-10 - now

Identify and evaluate the company?s data processing activities

Data Protection Offi cer
Data Protection Offi cer
  • Act as point of contact with EU residents, supervisory authorities and internal teams
  • Identify and evaluate the company?s data processing activities
  • Provide advice and instructions on how to conduct Data Protection Impact Assessments (DPIAs)
  • Monitor data management procedures and compliance within the company
  • Participate in meetings with managers to ensure privacy by design at all levels
  • Maintain records of processing operations
  • Address all queries from data subjects within legal timeframes
  • Liaise with other organisations that process data on company behalf
  • Write and update detailed guides on data protection policies
  • Perform audits and determine whether we need to alter our procedures to comply with regulations
  • Offer consultation on how to deal with privacy breaches
  • Arrange for training on GDPR compliance for employees
  • Follow up with changes in law and issue recommendations to ensure compliance
Varna, Bulgaria
12 years 3 months
2012-07 - now

Migration of IaaS

IT & Cyber Security Consultant
IT & Cyber Security Consultant
  • Reporting directly to CEO
  • Migration of IaaS ( email and storage servers) to Office 365
  • Network segmentation - External, DMZ, Internal
  • Upgrading, installing and troubleshooting networks, networking hardware devices and software
  • Analysing workflow, access, information, and security requirements for in-house software
  • Preparing users by designing and conducting training programs providing references and support
Europe
1 year 1 month
2023-07 - 2024-07

Patch Management process and implementation SME

Cyber Security Consultant
Cyber Security Consultant
  • Patch Management process and implementation SME 
  • Penetration testing SME - define scope, create tender, support pen. testing teams, approve the reports and translate them to the C-Level management
  • Policy Compliance / Asset Inventory - hardening standard
  • Qualys and ServiceNow Vuln. Response synchronization project - Phase 2
  • CyberArk (IAM/PAM) integration and roll-our
  • KnowB4 staff awareness training and phishing simulations
  • PhishER phishing email protection integration and configuration
  • SME for Incident Response and Prevention
Galderma S.A Switzerland
Switzerland/Remote
9 months
2022-10 - 2023-06

Design and lead the Vulnerability Management transformation program

Cyber Security Architect
Cyber Security Architect
  • Design and lead the Vulnerability Management transformation program for a big client in the construction field
  • Implement different roll-our strategies
  • PoC a vulnerability management solution - Qualys
  • Project Manager and Lead for a team of 10+ people
  • Create and implement custom dashboards, widgets and reports for the clients needs
  • Align and integrate the Vulnerability Management system (Qualys) with ServiceNow CMDB, NAC, SOAR and other solutions
  • Act as final level of support for troubleshooting or creating custom solutions in Qualys
  • Part of the Architecture board for the client
NTT DATA
Germany/Remote
7 months
2022-05 - 2022-11

Assessment and evaluation of the VM/PM processes against ISO27005

Security and Patch Management Consultant
Security and Patch Management Consultant
  • Assessment and evaluation of the VM/PM processes against ISO27005
  • Architectural design of a new VM/PM processes following ISO27005
  • Process involving over 200 apps and different teams
  • Security VM and PM workshops
  • Hands-on implementation and configuration of a Vulnerability and PM system(Qualys)
  • Implementation of hardening standards and following them with policy compliance(Qualys)
  • SME for SOC integration (SOAR Playbooks, policies, procedures, use cases)
  • Knowledge transfer
  • Lowering of the FTE needed for different teams to patch using semi-automation process
on request
Geneva/Remote
1 year 1 month
2021-06 - 2022-06

Reviewing DDoS protections technologies

Cyber Security Consultant
Cyber Security Consultant
  • Part of Operational Resilience team responsible for the whole AXA entity
  • DDoS topic Subject-Matter Expert
  • DDoS Protection Assessment on 50+ entities
  • Reviewing DDoS protections technologies - Volumetric and Application layers
  • XDR - fast isolation and recovery use cases
  • Attack case scenarios creation - Ransomware, DDoS, Data leakage, etc.
  • Red Button creation use case creation following ISO standards
AXA Operational Resilience
France/Remote
1 year 4 months
2020-10 - 2022-01

IAM system tender and architecture

Cyber Security Consultant
Cyber Security Consultant
  • IAM system tender and architecture - CyberArk
  • New Vulnerability Architecture - Qualys
  • Policy Compliance / Asset Inventory - hardening standard
  • Security Awareness program - KB4/PhishER
  • ServiceNow Vulnerability Response and Qualys integration - Architecture and documentation (Phase1)
  • SecureWorks XDR Taegis (RedCloak) - tender, PoC,deployment and administration
  • XDR SOC - Workflows, RACI, Runbooks creation
  • O365 Azure Security Center - server hardening
  • Network Security Architecture SME
  • Azure Security Architecture
Galderma S.A Switzerland
Switzerland
1 year 2 months
2019-09 - 2020-10

Implement security measures following the new SPoC standard

Cyber Security Consultant
Cyber Security Consultant
  • Lead PCI DSS Level 1 certification - Project Management and SME
  • Implement security measures following the new SPoC standard
  • IDS solutions implementation (Kibana, Suricata, Splunk )
  • HSM devices configuration, administration and key generation ( SafeNet )
  • Remote office implementation and administration - IDaaS ( F5 Big-IP)
  • Secure email gateway - PoC and implementation ( Proofpoint )
  • Vulnerability Architecture and implementation into the CI/CD pipeline. (Qualys VMDR )
  • SIEM and EDR tender and implementation
  • Created Staff Awaness program - KnowBe4
  • Phishing prevention - Proofpoint
  • Implementation of ISO27001/2 security principles
myPOS AD - Fin-tech company
Bulgaria
3 months
2019-09 - 2019-11

External penetration test on the network infrastructure

Penetration Testing Consultant
Penetration Testing Consultant
  • External penetration test on the network infrastructure, Exchange servers, web servers, web applications, blog and more
  • Recon-ng, Maltego, Burp ,Dirbuster, Nessus, sqlmap, XPath, XXE, XSS, File Inclusion, Fuzzing, DLL-Hijacking, Buffer Overflow, Metasploit, NMap, crackmapexec, BloodHound, Kerberoast
Fin-Tech company ? Blackbox penetration testing ( NDA )
Sofia, Bulgaria
2 years 4 months
2016-12 - 2019-03

Directing and approving the security designs of systems, applications, ATMs and PoS devices

Information Security Offi cer
Information Security Offi cer
  • Directing and approving the security designs of systems, applications, ATMs and PoS devices - hardware and SaaS, HSMs (SafeNet), mobile applications/ API
  • Conducting Vulnerability, SIE, Patch, AV management, log analysis (splunk, ELK) and Firewall rules review
  • Involved in the process of testing and approving the security systems - SIEM, AV, DLP, VM, IDP/IPS, OTP, web application firewalls
  • Participate in the integration projects for the major card schemes - Visa, Master Card, JCB, UnionPay, AMEX, Bancontact and more
  • Reviewing and approving security policies, controls and cyber
  • incident response planning
  • Ensuring compliance with the changing laws and applicable
  • regulations ( PCI-DSS, Cyber Security Act )
  • Overseeing identity, access, BYOD , IoT, PKI management
  • Ensuring that disaster recovery and business continuity plans
  • are in place and tested
  • Conducting Internal Penetration tests on the networks, servers, web applications, etc
  • Employee Information security and Anti-Phishing training and communicating best practices and risks to all parts of the business
iCard AD
Varna, Bulgaria
8 months
2015-09 - 2016-04

Evaluating network performance issues

Corporate Administrator
Corporate Administrator
  • Evaluating network performance issues including availability, utilization, throughput, and latency
  • Planning and executing the selection, installation, configuration, and testing of equipment; defining network policies and procedures; establishing connections and firewalls
  • Securing network by developing network access, monitoring, control, and evaluation; maintaining documentation
  • Upgrades network by conferring with vendors; developing, testing, evaluating, and installing enhancements
  • Creating, installing and managing Virtual Machines on Hyper-V and VMWare
  • Worked and troubleshoot Microsoft Active Directory, Microsoft DHCP and DNS servers, Windows Server 2007 R2, Windows Server 2008 R1/R2, Windows Server 2012 R1/R2
  • Worked with Linux servers ? Debian and Ubuntu
  • Installed, configured and maintained network equipment ? switches, routers, access points from Cisco and Fortinet
  • Installed and worked with VoIP servers and VoIP phones ? FortiVoice, Freeswitch (FusionPBX) and Cisco Call Manager
  • Troubleshoot Microsoft Office 2010, 2013 and 2016
  • Installed and maintained monitoring
iCard AD
Varna, Bulgaria
4 years 8 months
2011-02 - 2015-09

Establishing network specifications

Level 2 Network Administrator
Level 2 Network Administrator
  • Serving as the security officer for the network;
  • Recommending and scheduling repairs to the LAN/WAN
  • Upgrading, installing and troubleshooting networks, networking
  • hardware devices and software;
  • Establishing network specifications by conferring with users;
  • Analysing workflow, access, information, and security requirements;
  • designing router administration, including interface configuration
  • and routing protocols
TCV AD
Varna, Bulgaria

Aus- und Weiterbildung

Aus- und Weiterbildung

1 month
2020-01 - 2020-01

Web Application Scanning

Qualys Inc.
Qualys Inc.
1 month
2019-12 - 2019-12

Vulnerability Management Detection & Response

Qualys Inc.
Qualys Inc.
1 month
2019-12 - 2019-12

Policy Compliance

Qualys Inc.
Qualys Inc.
1 month
2019-12 - 2019-12

Patch Management

Qualys Inc.
Qualys Inc.
4 months
2015-07 - 2015-10

Interactive Programming in Python

Rice University
Rice University
3 months
2015-05 - 2015-07

Software Defined Networking

Princeton University
Princeton University
4 months
2015-02 - 2015-05

Python Programming

University of Michigan
University of Michigan

Position

Position

  • Cyber Security Consultant

Kompetenzen

Kompetenzen

Top-Skills

security certifications vulnerability management Operational Resilience Penetrationstest Patchmanagement DDOS policy compliance PCI DSS DORA NIS2 NIST XDR EDR ISO 27001 SOC SOAR CMDB phishing ISO27005 hardening Architecture board

Produkte / Standards / Erfahrungen / Methoden

Profile:

  • My background, while extensive, isn't traditional and believe me I know that
  • After years working for the Blue team ( Cyber Security), I decided that is not enough
  • I wanted to find ways to contribute even more to organizations
  • This is why I jumped the fence and started studying and working for the Red team ( Penetration testers), as this allows me to be a Purple team member
  • Now I can do a penetration test on your infrastructure, do an educational phishing attack against your employees, after that sit with the IT and IS teams and do the Vulnerability, Patch and SIE management and after that stand in front of the Board of Directors and translate all that them in a way they understand
  • A true cultural changer that can work with any part of your organisation


QUALITIES:

  • Self-Learning
  • Problem-solving
  • Incident Handling
  • Detail Oriented
  • Analytical
  • Self-Motivated
  • Team Player
  • Communication
  • Adaptation
  • Knowledge Hungry
  • Persuasion
  • Discipline
  • Listens to advice
  • Lead by example


Work experience:

04/2024_ today:


Tasks:

NIS 2 compliance consulting of International Naval Port

  • Analysis of compliance against NIS 2
  • vCISO consultant and SME for Penetration testing services


02/2024 - today:

Customer: International Bank, BG/FR


Tasks:

DORA audit, consulting and Red teaming exercise

  • Help with necessary steps for full DORA compliance


12/2020 - today

Customer: Fraport Bulgaria


Tasks:

  • Vulnerability Management - architecture, integration and MSSP services with Qualys


11/2023 - 11/2023


Tasks:

ISO27001 Certification

  • SME for certification


11/2023 - 11/2023


Tasks:

ISO27001 Certification

  • SME forcertification


09/2023 - 10/2023

Role: Team lead

Customer: B2B software company


Tasks:

Penetration testing

  • SME / Team lead for an extensive Penetration test


06/2023 - 09/2023

Customer: Bank 


Tasks:

Qualys Policy Compliance (CIS)

  • PoC for a Bank of Qualys PC module for hardening use cases


01/2023 - 04/2023

Role: Team lead

Customer: international gaming company


Tasks:

Penetration testing

  • SME / Team lead for an extensive Penetration test


12/2022 - 01/2023

Role: Project Manager / Lead

Customer: NRA BG


Tasks:

penetration testers training

Tailor made training for Bulgaria National

  • Revenue Agency penetration testing team of 9 people


05/2022 - 11/2022


Tasks:

Security Awareness Training

  • Intergrated Security Awareness tailor made for the different teams (Management,IT, Backoffice etc)


07/2022 - 08/2022

Role: Team lead, Project Manager

Customer: SME


Tasks:

  • Penetration testing


10/2021 - 11/2021

Role: Team lead / Project Manager for the test.


Tasks:

  • Black/Gray box pen. testing


11/2020 - 12/2020

Customer: BG National Revenue Agency


Tasks:

  • Training the NRA pen. testers team in OWASP TOP 10 / MITRE techniques


09/2020 - 05/2021

Customer: PCI CPoC


Tasks:

Tap to Phone

  • CPoC Solution architecture, cryptographic solutions management and certification documentation


10/2020 - 04/2021

Customer: Qualys VMDR 


Tasks:

  • M&A - New Datacenter Architecture, implementation and staff training


06/2020 - 03/2021


Tasks:

Nessus Vuln. Management

  • Architecture and management of more than 10k assets with Nessus
  • Integration with existing OP processes
  • Onboarding new teams in the process - DevOps, Digital Marketing


08/2020 - 01/2021


Tasks:

ISO 27001 Compliance

  • Leading (Project Management) the certification process and preparing the company for the certification cycle


11/2020 - 11/2020

Customer: Fin-tech company


Tasks:

  • Penetration test - Datacenter


05/2020 - 10/2020


Tasks:

DDoS Protection intergration

  • Tender, integration and testing of L4 and L7 protections for a Fin-Tech client


11/2019 - 10/2020

Customer: PCI SPoC


Tasks:

Pin on Glass

  • Never seen on the market PoS software


05/2020 - 09/2020


Tasks:

EDR implementation project

  • Replacing old AV solution with EDR one


01/2020 - 08/2020

Customer: Fin-tech company


Tasks:

  • Penetration test - Banking web application


2020 - 2020

Customer: Qualys VMDR


Tasks:

  • Tender, architecture, integration and management of Qualys VMDR platform


2019 - 2020

Customer: Financial sector


Tasks:

  • PCI DSS Level 1 Service Provider


2019 - 2019

Customer: Qualys VM


Tasks:

Qualys VM integration

  • Tender, integration and management of Qualys VM platform


2019 - 2019


Tasks:

  • Swift Security Program


2018 - 2018

Customer: Fintech company


Tasks:

Qualys VM Web Application

  • Integration and automation of Qualys WAS for a fin-tech company


2017 - 2017

Customer: Qualys VM


Tasks:

Qualys VM integration

  • Tender, integration and management of Qualys VM platform

Branchen

Branchen

Pharmaceutical

Financial

Fin-Tech

Maritime

Banking

Insurance

Development

Government Agencies

Building and Construction


Einsatzorte

Einsatzorte

Deutschland, Schweiz, Österreich
möglich

Projekte

Projekte

5 years 1 month
2019-09 - now

Build comprehensive Penetration testing customers scenarios for compliance frameworks

Cyber Security / Penetration Testing Consultant
Cyber Security / Penetration Testing Consultant
  • Build comprehensive Penetration testing customers scenarios for compliance frameworks ( SANS Top 25, OWASP Top 10, NIST )
  • Plan and execute Penetration tests services and Red team Exercises
  • Develop technical and executive reports
  • Present business oriented findings at front of customers executives
  • Assists customers remediation process
  • Project Management for Cyber Security
  • Static Code Analysis
  • SQLi, XSS, Overflows, DLL-Hijacking
  • Vulnerability management - ( Nessus, Qualys)
  • Wi-Fi testing
Bulgaria
7 years
2017-10 - now

Identify and evaluate the company?s data processing activities

Data Protection Offi cer
Data Protection Offi cer
  • Act as point of contact with EU residents, supervisory authorities and internal teams
  • Identify and evaluate the company?s data processing activities
  • Provide advice and instructions on how to conduct Data Protection Impact Assessments (DPIAs)
  • Monitor data management procedures and compliance within the company
  • Participate in meetings with managers to ensure privacy by design at all levels
  • Maintain records of processing operations
  • Address all queries from data subjects within legal timeframes
  • Liaise with other organisations that process data on company behalf
  • Write and update detailed guides on data protection policies
  • Perform audits and determine whether we need to alter our procedures to comply with regulations
  • Offer consultation on how to deal with privacy breaches
  • Arrange for training on GDPR compliance for employees
  • Follow up with changes in law and issue recommendations to ensure compliance
Varna, Bulgaria
12 years 3 months
2012-07 - now

Migration of IaaS

IT & Cyber Security Consultant
IT & Cyber Security Consultant
  • Reporting directly to CEO
  • Migration of IaaS ( email and storage servers) to Office 365
  • Network segmentation - External, DMZ, Internal
  • Upgrading, installing and troubleshooting networks, networking hardware devices and software
  • Analysing workflow, access, information, and security requirements for in-house software
  • Preparing users by designing and conducting training programs providing references and support
Europe
1 year 1 month
2023-07 - 2024-07

Patch Management process and implementation SME

Cyber Security Consultant
Cyber Security Consultant
  • Patch Management process and implementation SME 
  • Penetration testing SME - define scope, create tender, support pen. testing teams, approve the reports and translate them to the C-Level management
  • Policy Compliance / Asset Inventory - hardening standard
  • Qualys and ServiceNow Vuln. Response synchronization project - Phase 2
  • CyberArk (IAM/PAM) integration and roll-our
  • KnowB4 staff awareness training and phishing simulations
  • PhishER phishing email protection integration and configuration
  • SME for Incident Response and Prevention
Galderma S.A Switzerland
Switzerland/Remote
9 months
2022-10 - 2023-06

Design and lead the Vulnerability Management transformation program

Cyber Security Architect
Cyber Security Architect
  • Design and lead the Vulnerability Management transformation program for a big client in the construction field
  • Implement different roll-our strategies
  • PoC a vulnerability management solution - Qualys
  • Project Manager and Lead for a team of 10+ people
  • Create and implement custom dashboards, widgets and reports for the clients needs
  • Align and integrate the Vulnerability Management system (Qualys) with ServiceNow CMDB, NAC, SOAR and other solutions
  • Act as final level of support for troubleshooting or creating custom solutions in Qualys
  • Part of the Architecture board for the client
NTT DATA
Germany/Remote
7 months
2022-05 - 2022-11

Assessment and evaluation of the VM/PM processes against ISO27005

Security and Patch Management Consultant
Security and Patch Management Consultant
  • Assessment and evaluation of the VM/PM processes against ISO27005
  • Architectural design of a new VM/PM processes following ISO27005
  • Process involving over 200 apps and different teams
  • Security VM and PM workshops
  • Hands-on implementation and configuration of a Vulnerability and PM system(Qualys)
  • Implementation of hardening standards and following them with policy compliance(Qualys)
  • SME for SOC integration (SOAR Playbooks, policies, procedures, use cases)
  • Knowledge transfer
  • Lowering of the FTE needed for different teams to patch using semi-automation process
on request
Geneva/Remote
1 year 1 month
2021-06 - 2022-06

Reviewing DDoS protections technologies

Cyber Security Consultant
Cyber Security Consultant
  • Part of Operational Resilience team responsible for the whole AXA entity
  • DDoS topic Subject-Matter Expert
  • DDoS Protection Assessment on 50+ entities
  • Reviewing DDoS protections technologies - Volumetric and Application layers
  • XDR - fast isolation and recovery use cases
  • Attack case scenarios creation - Ransomware, DDoS, Data leakage, etc.
  • Red Button creation use case creation following ISO standards
AXA Operational Resilience
France/Remote
1 year 4 months
2020-10 - 2022-01

IAM system tender and architecture

Cyber Security Consultant
Cyber Security Consultant
  • IAM system tender and architecture - CyberArk
  • New Vulnerability Architecture - Qualys
  • Policy Compliance / Asset Inventory - hardening standard
  • Security Awareness program - KB4/PhishER
  • ServiceNow Vulnerability Response and Qualys integration - Architecture and documentation (Phase1)
  • SecureWorks XDR Taegis (RedCloak) - tender, PoC,deployment and administration
  • XDR SOC - Workflows, RACI, Runbooks creation
  • O365 Azure Security Center - server hardening
  • Network Security Architecture SME
  • Azure Security Architecture
Galderma S.A Switzerland
Switzerland
1 year 2 months
2019-09 - 2020-10

Implement security measures following the new SPoC standard

Cyber Security Consultant
Cyber Security Consultant
  • Lead PCI DSS Level 1 certification - Project Management and SME
  • Implement security measures following the new SPoC standard
  • IDS solutions implementation (Kibana, Suricata, Splunk )
  • HSM devices configuration, administration and key generation ( SafeNet )
  • Remote office implementation and administration - IDaaS ( F5 Big-IP)
  • Secure email gateway - PoC and implementation ( Proofpoint )
  • Vulnerability Architecture and implementation into the CI/CD pipeline. (Qualys VMDR )
  • SIEM and EDR tender and implementation
  • Created Staff Awaness program - KnowBe4
  • Phishing prevention - Proofpoint
  • Implementation of ISO27001/2 security principles
myPOS AD - Fin-tech company
Bulgaria
3 months
2019-09 - 2019-11

External penetration test on the network infrastructure

Penetration Testing Consultant
Penetration Testing Consultant
  • External penetration test on the network infrastructure, Exchange servers, web servers, web applications, blog and more
  • Recon-ng, Maltego, Burp ,Dirbuster, Nessus, sqlmap, XPath, XXE, XSS, File Inclusion, Fuzzing, DLL-Hijacking, Buffer Overflow, Metasploit, NMap, crackmapexec, BloodHound, Kerberoast
Fin-Tech company ? Blackbox penetration testing ( NDA )
Sofia, Bulgaria
2 years 4 months
2016-12 - 2019-03

Directing and approving the security designs of systems, applications, ATMs and PoS devices

Information Security Offi cer
Information Security Offi cer
  • Directing and approving the security designs of systems, applications, ATMs and PoS devices - hardware and SaaS, HSMs (SafeNet), mobile applications/ API
  • Conducting Vulnerability, SIE, Patch, AV management, log analysis (splunk, ELK) and Firewall rules review
  • Involved in the process of testing and approving the security systems - SIEM, AV, DLP, VM, IDP/IPS, OTP, web application firewalls
  • Participate in the integration projects for the major card schemes - Visa, Master Card, JCB, UnionPay, AMEX, Bancontact and more
  • Reviewing and approving security policies, controls and cyber
  • incident response planning
  • Ensuring compliance with the changing laws and applicable
  • regulations ( PCI-DSS, Cyber Security Act )
  • Overseeing identity, access, BYOD , IoT, PKI management
  • Ensuring that disaster recovery and business continuity plans
  • are in place and tested
  • Conducting Internal Penetration tests on the networks, servers, web applications, etc
  • Employee Information security and Anti-Phishing training and communicating best practices and risks to all parts of the business
iCard AD
Varna, Bulgaria
8 months
2015-09 - 2016-04

Evaluating network performance issues

Corporate Administrator
Corporate Administrator
  • Evaluating network performance issues including availability, utilization, throughput, and latency
  • Planning and executing the selection, installation, configuration, and testing of equipment; defining network policies and procedures; establishing connections and firewalls
  • Securing network by developing network access, monitoring, control, and evaluation; maintaining documentation
  • Upgrades network by conferring with vendors; developing, testing, evaluating, and installing enhancements
  • Creating, installing and managing Virtual Machines on Hyper-V and VMWare
  • Worked and troubleshoot Microsoft Active Directory, Microsoft DHCP and DNS servers, Windows Server 2007 R2, Windows Server 2008 R1/R2, Windows Server 2012 R1/R2
  • Worked with Linux servers ? Debian and Ubuntu
  • Installed, configured and maintained network equipment ? switches, routers, access points from Cisco and Fortinet
  • Installed and worked with VoIP servers and VoIP phones ? FortiVoice, Freeswitch (FusionPBX) and Cisco Call Manager
  • Troubleshoot Microsoft Office 2010, 2013 and 2016
  • Installed and maintained monitoring
iCard AD
Varna, Bulgaria
4 years 8 months
2011-02 - 2015-09

Establishing network specifications

Level 2 Network Administrator
Level 2 Network Administrator
  • Serving as the security officer for the network;
  • Recommending and scheduling repairs to the LAN/WAN
  • Upgrading, installing and troubleshooting networks, networking
  • hardware devices and software;
  • Establishing network specifications by conferring with users;
  • Analysing workflow, access, information, and security requirements;
  • designing router administration, including interface configuration
  • and routing protocols
TCV AD
Varna, Bulgaria

Aus- und Weiterbildung

Aus- und Weiterbildung

1 month
2020-01 - 2020-01

Web Application Scanning

Qualys Inc.
Qualys Inc.
1 month
2019-12 - 2019-12

Vulnerability Management Detection & Response

Qualys Inc.
Qualys Inc.
1 month
2019-12 - 2019-12

Policy Compliance

Qualys Inc.
Qualys Inc.
1 month
2019-12 - 2019-12

Patch Management

Qualys Inc.
Qualys Inc.
4 months
2015-07 - 2015-10

Interactive Programming in Python

Rice University
Rice University
3 months
2015-05 - 2015-07

Software Defined Networking

Princeton University
Princeton University
4 months
2015-02 - 2015-05

Python Programming

University of Michigan
University of Michigan

Position

Position

  • Cyber Security Consultant

Kompetenzen

Kompetenzen

Top-Skills

security certifications vulnerability management Operational Resilience Penetrationstest Patchmanagement DDOS policy compliance PCI DSS DORA NIS2 NIST XDR EDR ISO 27001 SOC SOAR CMDB phishing ISO27005 hardening Architecture board

Produkte / Standards / Erfahrungen / Methoden

Profile:

  • My background, while extensive, isn't traditional and believe me I know that
  • After years working for the Blue team ( Cyber Security), I decided that is not enough
  • I wanted to find ways to contribute even more to organizations
  • This is why I jumped the fence and started studying and working for the Red team ( Penetration testers), as this allows me to be a Purple team member
  • Now I can do a penetration test on your infrastructure, do an educational phishing attack against your employees, after that sit with the IT and IS teams and do the Vulnerability, Patch and SIE management and after that stand in front of the Board of Directors and translate all that them in a way they understand
  • A true cultural changer that can work with any part of your organisation


QUALITIES:

  • Self-Learning
  • Problem-solving
  • Incident Handling
  • Detail Oriented
  • Analytical
  • Self-Motivated
  • Team Player
  • Communication
  • Adaptation
  • Knowledge Hungry
  • Persuasion
  • Discipline
  • Listens to advice
  • Lead by example


Work experience:

04/2024_ today:


Tasks:

NIS 2 compliance consulting of International Naval Port

  • Analysis of compliance against NIS 2
  • vCISO consultant and SME for Penetration testing services


02/2024 - today:

Customer: International Bank, BG/FR


Tasks:

DORA audit, consulting and Red teaming exercise

  • Help with necessary steps for full DORA compliance


12/2020 - today

Customer: Fraport Bulgaria


Tasks:

  • Vulnerability Management - architecture, integration and MSSP services with Qualys


11/2023 - 11/2023


Tasks:

ISO27001 Certification

  • SME for certification


11/2023 - 11/2023


Tasks:

ISO27001 Certification

  • SME forcertification


09/2023 - 10/2023

Role: Team lead

Customer: B2B software company


Tasks:

Penetration testing

  • SME / Team lead for an extensive Penetration test


06/2023 - 09/2023

Customer: Bank 


Tasks:

Qualys Policy Compliance (CIS)

  • PoC for a Bank of Qualys PC module for hardening use cases


01/2023 - 04/2023

Role: Team lead

Customer: international gaming company


Tasks:

Penetration testing

  • SME / Team lead for an extensive Penetration test


12/2022 - 01/2023

Role: Project Manager / Lead

Customer: NRA BG


Tasks:

penetration testers training

Tailor made training for Bulgaria National

  • Revenue Agency penetration testing team of 9 people


05/2022 - 11/2022


Tasks:

Security Awareness Training

  • Intergrated Security Awareness tailor made for the different teams (Management,IT, Backoffice etc)


07/2022 - 08/2022

Role: Team lead, Project Manager

Customer: SME


Tasks:

  • Penetration testing


10/2021 - 11/2021

Role: Team lead / Project Manager for the test.


Tasks:

  • Black/Gray box pen. testing


11/2020 - 12/2020

Customer: BG National Revenue Agency


Tasks:

  • Training the NRA pen. testers team in OWASP TOP 10 / MITRE techniques


09/2020 - 05/2021

Customer: PCI CPoC


Tasks:

Tap to Phone

  • CPoC Solution architecture, cryptographic solutions management and certification documentation


10/2020 - 04/2021

Customer: Qualys VMDR 


Tasks:

  • M&A - New Datacenter Architecture, implementation and staff training


06/2020 - 03/2021


Tasks:

Nessus Vuln. Management

  • Architecture and management of more than 10k assets with Nessus
  • Integration with existing OP processes
  • Onboarding new teams in the process - DevOps, Digital Marketing


08/2020 - 01/2021


Tasks:

ISO 27001 Compliance

  • Leading (Project Management) the certification process and preparing the company for the certification cycle


11/2020 - 11/2020

Customer: Fin-tech company


Tasks:

  • Penetration test - Datacenter


05/2020 - 10/2020


Tasks:

DDoS Protection intergration

  • Tender, integration and testing of L4 and L7 protections for a Fin-Tech client


11/2019 - 10/2020

Customer: PCI SPoC


Tasks:

Pin on Glass

  • Never seen on the market PoS software


05/2020 - 09/2020


Tasks:

EDR implementation project

  • Replacing old AV solution with EDR one


01/2020 - 08/2020

Customer: Fin-tech company


Tasks:

  • Penetration test - Banking web application


2020 - 2020

Customer: Qualys VMDR


Tasks:

  • Tender, architecture, integration and management of Qualys VMDR platform


2019 - 2020

Customer: Financial sector


Tasks:

  • PCI DSS Level 1 Service Provider


2019 - 2019

Customer: Qualys VM


Tasks:

Qualys VM integration

  • Tender, integration and management of Qualys VM platform


2019 - 2019


Tasks:

  • Swift Security Program


2018 - 2018

Customer: Fintech company


Tasks:

Qualys VM Web Application

  • Integration and automation of Qualys WAS for a fin-tech company


2017 - 2017

Customer: Qualys VM


Tasks:

Qualys VM integration

  • Tender, integration and management of Qualys VM platform

Branchen

Branchen

Pharmaceutical

Financial

Fin-Tech

Maritime

Banking

Insurance

Development

Government Agencies

Building and Construction


Vertrauen Sie auf Randstad

Im Bereich Freelancing
Im Bereich Arbeitnehmerüberlassung / Personalvermittlung

Fragen?

Rufen Sie uns an +49 89 500316-300 oder schreiben Sie uns:

Das Freelancer-Portal

Direktester geht's nicht! Ganz einfach Freelancer finden und direkt Kontakt aufnehmen.