Türkiye
I am a seasoned Cyber Security professional with a proven track record of safeguarding organizations against evolving threats. With a diverse career spanning over a decade, I've honed my expertise in various facets of information security, from threat management and compliance to secure software development.
- Managing SOC team, operates at 24/7/365 basis - Managing and improving activities of triage; processing, analyzing and disseminating of SOC functions - Coordinating incident response and forensic analysis processes - Coordinating regular threat hunting - Defining, reviewing and reporting KPI’s for service - Ensure audit process completion and compliance - Monitoring and researching cyber threats with a direct or indirect impact to the company. - Managing daily operational interaction and information sharing between the other IT and cyber security teams. - Following career development plans of team members - Tracking innovations in related fields and create reports for improvements. - Identifying internal and external needs for opportunities
- Coordinating the penetration testing service, finding opportunities to innovate and improve testing processes and ensuring that Sony assets are secured according to the requirements defined by Sony Policies. - Improving standards, procedures and policies, and helping all stakeholders with application security related issues. - Review conducted penetration tests, and recommending countermeasures based on multiple frameworks - Driving test processes to find threats on applications and related infrastructure - Working with incident management and risk management in regards of security issues - Managing pentest teams in multiple regions - Defining KPIs for service and performance measurement - Monitoring performance and provide regular reports - Managing career development process with facilitation of HR for the team members - Supporting other divisions with the expertise in own professional cyber security subjects. - Tracking innovations in related fields and create reports for improvements. - Identifying internal and external needs for opportunities
Security Analysis & Architecture - Providing expertise in all aspects of application security, identify and communicate current and emerging threats and risks. - Recommending additional security architecture elements to mitigate threats as they emerge in order to protect critical assets. - Performing security feature reviews on application-level documentations like requirements specifications, system architectures, design documentation, test plans, security plans, etc. - Identify security design gaps in existing and proposed architectures, recommend changes and enhancements to ensure the confidentiality, integrity, and availability of assets. - Conducting system security and vulnerability analyses and risk assessments - Evaluating and reviewing internal and external penetration test and vulnerability assessment reports and provide recommendations to Information Risk Management on approval of these reports. - Reviewing security audit and compliance documents and evaluate them for acceptance as a step of the application security gate in Sony Electronics. - Performing attack surface analysis and providing feedback. - Aligning standards, frameworks and security with overall business and technology strategy. Process Design and Improvement - Defining, designing, modifying and constantly improving the provided security assessment services: processes, roles, metrics, key performance Indicators and tools. - Improving the process for architectural analysis and the process to evaluate the outputs of security tests and ensure accountability. - Track innovations in related fields and create reports for improvements. Secure Development Lifecycle - Improving and maintaining secure development standards and guidelines. - Improving and supporting application security tool deployments including static source code analysis and runtime testing tools. - Implementing threat modelling practices into the development lifecycle
- Providing vulnerability and threat analysis for Sony assets - Reviewing security considerations for cloud migrations - Threat modelling and Secure Software Development Lifecycle (S-SDLC) implementation - Implementing the process to evaluate the outputs of security tests and ensure accountability - Tracking innovations in related fields and create reports for improvements - Providing expertise in all aspects of application security for threats and risks - Analyzing reports and provide help to internal customers - Identifying internal and external needs for opportunities - Helping with vendor evaluation - Helping on researching, evaluating relevant Security Testing tools and methods. - Reviewing and making security recommendations on application-level documentations like; requirements specifications, system architecture, design documentation, test plans, security plans, etc. - Participating with internal Security related research topics.