infosec

I have been working in information security / cybersecurity since the late 00's and have accumulated a bunch of knowledge over the years. Some highlights that I worked on:

• IT Security

  • Securing cloud infrastructures
  • Rolling out security controls in large Enterprise environment
  • Tweaking IdP configurations to align security controls to the threat landscape
  • Working with IT departments to align patch management with vulnerability management

• Product Security

  • Leading Threat Modeling Exercises
  • Driving DevOps processes towards DevSecOps
  • Integration of security tools into CI/CD pipelines
  • SAST/DAST scanning & remediation prioritization
  • Performing pen-tests on software products

• Compliance

  • Making environments PCI DSS compliant
  • Threat Analysis and Risk Assessment based on ISO 21434
  • Building Information Security Management Systems that are ISO 27001 compliant
  • Building and optimizing Vendor Risk Management programs
  • Aligning SOX ITGCs with IT processes

• Cybersecurity Operations

  • Building SIEM and log collection infrastructures to improve visibility
  • Adapting ML to profile user behavior and alert on anomalies
  • Automation of Response Actions using SOAR technologies
  • Designing and optimizing SOC procedures and escalation thresholds
  • Designing and optimizing Global Incident Response Plans
  • Establishing Breach Response Teams

• Governance & Risk Management

  • Establishing Cyber Risk Registers
  • Reporting out on major Risk KPIs
  • Establishing Cybersecurity Roadmaps
  • Reporting to Board of Directors and Executive Teams

Never stop learning!