Owner and Director
Total des années d'expérience :18 years, 3 Mois
LawTech Europe Congress / Technology Event Management / Belgium
Tasks: Developing a cybersecurity and forensics event in CEE
Developing LawTech into a global brand
Managing key accounts, marketing, sales, technical content, and acting as lead spokesperson for LawTech Europe Congress
Developing relationships with other large global media and event management firms
• Using Symantec DLP for Data leakage Prevention
• Business Impact Analysis for new and existing projects
• Risk Assessment for business operations
• Assess security architectures for Shell´s ICS/OT environments
• Providing advice and consultancy to senior management regarding the development enterprise security controls and incident reduction
• Controls to detect and prevent fraud and the insider threat for Shell Global Operations Centres
• Analysing out-of-normal user behaviour to counter fraud, collusion, as part of insider threat management
• Communication with stakeholders to track existing information risks and controls
• Working with Shell Global business operation centers on information risks and incidents
• Application of ISO 27001 controls
• Managed information risk for Bangalore, Chennai, Kuala Lumpur, Krakow, and Manila
Vodafone Global / Telecoms / United Kingdom
Tasks: Security Risk Assessments
ISO27001 Information Security Assessment for Vodafone Global Projects
Conducting security awareness campaigns and awareness training
Analysis of cybersecurity threats and reporting to management
Analysis of Identity and Access policies
Recertification of privileged users
Assessment IT Dependency on cloud service providers
AG Insurance / Financial Services / Belgium
Tasks: Vulnerability Management/ Security Awareness
Security assessment for Mobile Device Management software from Blackberry
Virtualization and cloud computing technologies
Reviewing security aspects of desktop migration from Win 7 to Win10
Qualys Web Application and PCI Scanning
Conducting a study for AG Insurance on network segmentation for enhanced security
Managing the security response for serious security breaches such as ransomware
Forensic Data Services / Forensics and Security / USA
Tasks: Threat and Vulnerability Management / Compliance Reporting
Assessing results from vulnerability scans and PCI Pen tests
Sox Compliance Assessment and reporting
Risk assessment in line with the bank’s business objectives
Communicating results of digital forensic investigations to senior management
WorldPay/ Payment Processing / UK
Tasks: Threat and Vulnerability Management
Running and managing Qualys scans in line with WorldPay’s Governance, Risk, and Compliance policy
Advising our operations team teams on vulnerability assessments
Assessing vulnerabilities and rating them in line with business objectives
Assessing pen-testing results
Application of COSO ERM framework
Solid understanding of the Vulnerability Management life cycle.
Developing and managing monthly vulnerability and patching reports
Atlas CopCo / Manufacturing / Czech Republic
Tasks: Web Application SSO integrations using Oracle Access Manager
Involved in various discussions related to integrating Access manager in software as a service platform
Extensive use of Oracle 10g in Production and 11g in our Test Environment
Knowledge of Oracle Identity Analytics
Defining Websecurity Architecture Roadmap
Project and problem management, monitoring, and maintenance
Analysing risk trends and Developing Security process improvements
Tasks: Vulnerability Management and Compliance Reporting
Assessing the risk to EA information and recommending appropriate controls. Analysing the Agency’s risk register and proposing effective countermeasures. Developing information security metrics for better security management.
Creating security compliance reporting for senior management.
Assessing technical vulnerabilities to servers and desktops using the qualys vulnerability management tool. Creating management reports on AV and Patching progress for the EA estate. Assessing and escalating security incidents to the point of resolution, including best practice change management procedures.
Experience in a vibrant SIEM SOC environment for security incidents management
Working with our project business units and updating policies, procedures and guidelines
Selecting external vendors to make sure that are risks are being managed effectively
Home Office/ Public Sector/ UK
Tasks: Security Compliance
Developing a risk management approach to Data handling for business units within the Home Office
Interpreting the broad requirements of the recent Hannigan report from the cabinet office
Drawing up an Action Plan to implement the Coleman recommendations on
Information Assurance for the Home Office
Communication with stakeholders and collecting their security requirements to ensure that the IT Security Governance, Risk and Compliance was auditable and repeatable
Assessing the risk analysis and RMADS document for a major Home Office system
Assessing business unit risks on behalf of the Home Office SIRO
Assisting Home Office Information Asset Owners identify and assess risks to their information assets
Application of HMG Manual of Protective Security and other infosec requirements
Group to discuss the progress of the Information Assurance Programme
AXA - Tech/ Financial Services/UK
Tasks: Data Leakage Prevention and Vulnerability Management
Monitored and prevented data leakage through removable media, email, and spyware exploitation
Data protection and retention policy formation
Generated detailed reports to demonstrate compliance with internal and regulatory privacy requirements to auditors, board members, and other stakeholders of AXA-TECH
Reviewing PCI DSS pen test results
Problem Management and effective change management in an ITIL environment.
Raised change requests to ensure that the identified vulnerabilities were patched
PCI DSS compliance using Qualys reports
SOX compliance reviews carried out
Review and analyse reports from all our security tools
Installing Qualys and scoping for penetration testing
Crown Prosecution Service/ Public Sector/ UK
Tasks: Internal Information Security Audit
Developing a risk management approach to IT Security Audit within the CPS
Assisting with ISO 27001 auditing exercise at CPS
Identifying the branches of CPS that are carrying out adequate security awareness training in accordance with ISO 27001
Auditing of CPS payroll systems in relation to RMADS document
Assisting Internal audit to review and evaluate CPS IT Security Infrastructure and its adequacy
Evaluating the effectiveness of CPS’ business continuity plans
Putting forward solutions for minimising the identified risks
Identifying risks associated with CPS data transfers to 3rd parties
Mapping instances of Data sharing with partners and ensuring that SLA’s are established
Interviewing the MIS board members to clarify CPS’ application of its risk appetite
AXA-Tech/ Financial Services/UK
Tasks: Risk and Vulnerability Management
Risk assessments using FIRM, Citicus One
Policy compliance for SOX purposes
Threat & Vulnerability analysis and reporting using Qualys Guard
Reviewing Standards, Procedures & Guidelines for AXA-TECH
Monitored Email that was quarantined to verify their content and impact on AXA’s network and reputation
Discussing Pentest results with business owners
Assessing the completion of remediation actions
Implementing a sound security methodology and controls
Applying the SABSA framework when selecting appropriate vendors at AXA
Prevented data leakage through removable media and spyware
Produced weekly reports of vulnerabilities against platform types
Raised change requests to ensure that the identified vulnerabilities were patched
Created MI reports to demonstrate that AXA-TECH was carrying out due diligence and care as well as implementing measures to improve service quality and delivery towards the SLA’s
Capgemini/ Technology / UK
Tasks: Project Management and Consulting
Designing Security Architecture for NHS Connecting for Health
Use of Togaf framework at the NHS
Rollout of strategic remote access technologies on the HMRC Aspire project
Providing consultancy in aspects of security, including policy, strategy, architecture and technology solutions
Conducting interviews with business units to identify stakeholder requirements for a Security Governance, Risk and Compliance process and framework
Worked with Customer Security Managers, Security Governance Architects, Technical Architects, and Solution Designers
Ability to formulate a security management vision
Experience in the health sector
AXA-Tech/ Financial Services/UK
Tasks: Security Management
Influencing and promoting security principles
Policy compliance and security monitoring
Carrying out awareness training, and writing awareness articles
Documenting and communicating security standards to support the IT security policies of AXA-Tech
Assisting with implementation, operation and maintenance of appropriate information Responsible introducing researching a credible security governance, risk and compliance framework to implement within the security management team
security controls for services delivered or used by AXA Tech UK
Ownership of problem cases till their resolution is reached
Client-facing experience at all levels
NHS - Western Area Health Trust/ Public Sector/ UK
Tasks: Governance/Compliance
The access of GP surgeries and other trusts to Weston’s databases and confidential patient records
A classification of the trust’s assets
Assessing results of a trusted third-party’s penetration testing
Assessing physical security and access controls for the server rooms
Investigation of crucial updates to firewalls, switches, routers, servers, and desktops
FCT/ Financial Services/ UK
Tasks: Risk Analysis/Security Management/Auditing
Sarbanes-Oxley Act 2002 for the Chicago based offices
BS7799 for UK based offices
Page | 5
courses: CISSP Certified •CISA Certified •Certified Forensic Investigation Practitioner •Qualys Qualified Administrator •Ironport Support Engineer