Luis Galvao

• Designed and implemented Information Systems architecture for the office supported infrastructures (physical
datacenters, IaaS, PaaS and SaaS) supporting corporate, gov-to-user and gov-to-gov services.
• Implemented Server, Identity, Database, and centralized Configuration Management and Monitoring across distinct,
infrastructure, network operating systems; Deployed monitoring of applications, systems and dependencies;
Configured certificate and federation services based authentication for systems and users.
• Performed health and configuration assessments, improved configuration baselines and operating processes.
• Managed day-to-day activities and operations related to Information Systems function (Systems, Networking and
Database Administration) teams, with individual and team objectives and performance evaluation.
• SME to architectural, analytical, and technical requirements in the design or improvement of systems.
• Created architecture, operating procedures, guidelines to support operations and incident response. Developed
baseline configurations for Operating Systems and Business Applications. Implemented, governed, automated and
measured security and update management for Systems, Network and applications.
• Implemented DevOps code, build and release management of the Office projects, with automated build and
deployment of Microsoft, Linux, Android and iOS applications.
• Deployed a Least Privileged Mode and OnDemand access and management solution, including role based, JiT, JeA
and PAM. Automated the user provisioning and de-provisioning process according to HRMS system operations.
• Implemented and managed centralized NOC across all managed infrastructures.
• Expanded the supported technologies for Web and Database system to support most common flavors.
• Performed Capacity management of systems across multiple datacenters including physical and virtual datacenters,
adopted cloud-based systems (public and community based virtual datacenters) in IaaS, PaaS and SaaS models.

• Developed and implemented Information Security measures and controls in the organization in line with UAE and
industry’s best practices (UAE NCRMF, ISO27001:2013, NIST) and Business Continuity Management (ISO23301).
• Performed organizational and system security and risk assessments, threat hunting exercises, blue team web
application assessments.
• Managed the day-to-day activities and operations related to Information Security function (Security Controls
Administration, Security Operation Center) teams, with individual and team objectives and performance evaluation.
• Subject Matter Expert on security recommendations to identify gaps and improvement areas, as result architectural
reviews, security incidents or security risk assessments.
• Implemented vulnerability assessment controls across all systems in multiple datacenters (physical and virtual, public
and community cloud based virtual datacenters) in IaaS, PaaS and SaaS models.
• Configured SIEM, UEBA and deception systems for identification of security incidents; Used security intelligence
sources and automated controls to IOCs; Created and implemented a security incident management process.
• Deployed and configured an Application Control security control whitelisting approved only processes on client and
server systems (Windows, Linux, MacOS), EDR and Anti-Malware solutions on all client and server systems.
• Configured secure remote access through 2FA authentication, Federated Authentication, AlwaysON and SSL VPN.
• Created awareness and security training material for employees, contractors and technology department team.

• Coached and guided Managers, Assistant Managers and Auditors to ensure that Information Security Systems Audits
carried out in systematic and professional manner, with in-depth risk management approach, ensuring architecture,
processes and technical implementation of corporate security policies and controls are followed.
• Planned and executed audits in accordance with the bank’s established audit standards; improved these where
appropriate. Implemented CaaT tools to assist in the internal auditing process. Performed review and improvement
recommendations of policies, procedures and special assignments.

• Chief Security Advisor for Cyber Security technologies; delivered high-value proactive services, providing Security Advisory to Information Officers for IT and OT security
• Assessed IT, IS and SOC configuration and governance according to UAE NCRMF, NIST, ISO27001:2013 and ADSIC.
• Executed pre-sales for cyber security services and solutions, improvement roadmaps, creation and preparation of proposals and SOW.

• Delivered high-value proactive services and Security Advisory to Information Officers for IT and OT security on Microsoft, Open source and 3rd party security intelligence, across Europe, Middle East, Africa and Asia. Performed system architectures, security roadmaps, risk management, security assessments, compliance reviews, workshops, health checks and knowledge transfer sessions.
• Regional Technical Lead for MEA Security offerings and engineers; program manager, project manager, contributor and reviewer in the creation of Security Assessments for Active Directory, Windows Server, Windows Client, Exchange, SharePoint, SQL and IIS, ISO27001 gap assessment, workshops securing windows active directory, securing windows server 2012, securing windows client, Security Incident Response; PoC’s for Advanced Threats Analytics, Enterprise Mobility Services and Cloud services, windows 10 security; health checks for IIS, TMG and UAG.
• Developed Business of Information Security services and IP, growing the services deliveries from 30/yr to 1450/yr over a four-year period, representing services sales growth above 15M USD.
• Executed pre-sales for cyber security solutions and services, landing several security projects above 6M USD/3yr contracts.
• Developed controls to mitigate security risks on Microsoft products and infrastructures, identity credential theft and cloud solutions (LAPS).
• Lead and managed a team of security engineers across EMEA and ASIA; Business Operations Manager, Master trainer, Technical leader and Mentor - Team growth in MEA and ASIA increased by 700% over a four-year period.
• Provided external and internal training to executives, technical and user audiences; presented in public events, such as UAE information security symposium, Qatar QITCOM, UAE partner security training, Qatar cyber security summit as well as in Microsoft internal events such as GeekReady, TechReady and TechED Middle East.
• Implemented Secure Software Development Lifecycle and performed threat modeling to projects and systems.
• Performed forensics response for security incident reactive requests as member of first responder team.
• Implemented security operations center program over client's information technology systems, reducing SIR cost from 75%.

• Performed risk assessments, vulnerability assessments and risk-based security reviews / audit for applications,
databases, operating systems and network devices.
• Investigated, determined causes, documented, and classified information security incidents.
• Delivered external training to technical and user audiences; presented in Microsoft External Events: TechDays Portugal.

• Worked as Systems Consultant for complex environments in Microsoft, Novel and Lotus Domino technologies and performed several migration projects from Lotus Domino to Exchange, SharePoint and Novel eDirectory to Microsoft Active Directory identity.
• Conducted information security risk assessment programs, reviewed compliance with IS policies.
• Administered and implemented Microsoft infrastructures, with special focus in secure online banking solutions involving Operations Manager, Windows Server, Commerce and IIS web services.
• Presented & exhibited at Microsoft TechDays 2005 at the Lisbon Congress Center.

• Managed the implementation, maintenance and operations of the IT infrastructure and support of a multi company
cluster organization.
• Implemented group’s Information Security Management System (ISMS), with Governance, security controls and user
training & awareness programs.
• Managed an heterogenous Information Systems environment including Novel, Microsoft, Lotus Domino, UNIX, Apple
& FreeBSD technologies, and a team of administration and support staff.