Lisbon, Portugal
• Specialist in designing and delivering corporate information security & business continuity programs, offering over 20 years of rich experience. • Trusted Cyber Security Advisor for corporate executive management customers across EMEA, Africa and Asia; delivered risk management and information protection, designed security architecture, strategy, roadmaps, policies and procedures, implemented security controls, hardening of infrastructures, endpoint security, identity management & security auditing, performed threat modeling, incident investigation, security operations and automation. • Experienced systems architect of complex IT infrastructures, innovative solutions, and cross technology systems. Successful implementation and maintenance of multiple IT infrastructures in On-Prem, Hybrid and Cloud environments; Use of automation for streamline operations and processes; Versed in AI platforms. • Efficient people manager, team leader, technical leader, mentor and master trainer for systems and cyber security SME’s; Qualified trainer for internal and external audiences; Efficient use of limited personnel. • Proven skills in pre-sales, business development of IS and Customer Services, product management and development of IP, delivery capacity building and management. • Possess effective coordination, analytical, leadership and interpersonal skills; Thrives for high quality delivery.
• Design and implementation of Information Security Policies and Controls (aligned with UAE NCRMF, ISO27001:2013, NIST) and Business Continuity Management (ISO23301). • Subject Matter Expert on Information Security, organizational and technical risk, security assessments, architecture reviews, threat hunting, web application assessments. • Operations Management of Information Security (Security Controls Configuration Management, Security Operation Center (SOC), team management). • Implementation of Vulnerability Assessment and Patch Management Controls in OnPrem, Hybrid, IaaS, PaaS and SaaS models. • Deployment of SIEM, UEBA and deception systems, Security Orchestration Automation and Response (SOAR); Creation and implementation of security incident management. • Implementation of Application Whitelisting on client and server systems (Windows, Linux, MacOS), EDR and Anti-Malware, SMTP and WAF, User Based Access control, PAM. • Design and implementation of secure remote access with 2FA authentication, Federated Authentication, AlwaysON and SSL VPN. • Creation of security awareness and training material for employees, vendors, and technology team.
• Architecture, Design, Implementation of Information Systems (on-prem, hybrid, IaaS, PaaS and SaaS) for corporate, gov-to-user and gov-to-gov services. • Implementation and consolidation of Servers, Identity, Databases, and centralized Configuration Management. • Deployment of application, systems, and dependencies level monitoring, alerting and dashboards. • Configuration of certificate and federation services-based authentication for systems and users. • Health and Configuration assessments, creation of configuration baselines and operating processes. • Operations Management of Information Systems (Systems, Networking and Database Administration, NOC, team management); Capacity management of infrastructures. • SME to architectural, analytical, and technical requirements in the design or improvement of complex systems. • Implementation of DevOps Software Development Life Cycle (SDLC) for code, build and release management of the application projects, with automated build and deployment of Microsoft, Linux, Android and iOS applications. • Deployment of Least Privileged Mode and OnDemand access and management solution, including role based, JiT, JeA and PAM. Automation of user provisioning and de-provisioning process according to HRMS.
• Coaching and guidance of Managers, Assistant Managers and Auditors on Information Security Systems Audits with in-depth risk management following architecture, process and technical of corporate security policies, controls. • Planning and execution of audits according to the bank’s established audit standards; improvement of risk register. Implementation of CaaT tools to assist internal auditing process. Review and improvement of policies and procedures.
• Delivery of high-value proactive services and Security Advisory to Information Officers for IT and OT security • Assessment of IT, IS and SOC configuration and governance according to UAE NCRMF, NIST, ISO27001 and ADSIC. • Pre-sales for cyber security services and solutions, roadmaps, creation of proposals and SOW.
• Delivery of high-value proactive and reactive services and Security Advisory to Information Officers for IT and OT security across Europe, Middle East, Africa and Asia: System Architecture design and reviews, security roadmaps, risk management, security assessments, compliance reviews, workshops, health checks and knowledge transfer sessions. • Regional Technical Leadership for MEA Security services and team. Technical Leader, Master Trainer and Mentor to security peers across EMEA and ASIA - Team growth in MEA and ASIA increased by 700% over a four-year period. • Development of Business of Information Security services and IP, growing the services deliveries from 30/yr to 1450/yr over a four-year period, representing services sales growth above 15M USD. • Program manager, project manager, contributor, and reviewer for IP for Premier Services: Security Assessments for Active Directory, Windows Server, Windows Client, Exchange, SharePoint, SQL and IIS; ISO27001 gap assessment; workshops securing windows active directory, securing windows server 2012, securing windows client; Security Incident Response; PoC’s for Advanced Threats Analytics, Enterprise Mobility Services and Cloud services, windows 10 security; Health Checks for IIS, TMG and UAG. • Pre-sales for cyber security services and roadmaps, landing several security contracts above 6M USD/3yr. • Co-authoring in development of controls to mitigate credential theft (LAPS, Enterprise LAPS). • Presentations in events (UAE information security symposium, Qatar QITCOM, UAE partner security training, Qatar cyber security summit, GeekReady, TechReady and TechED Middle East). • Implementation of Secure Software Development Lifecycle and threat modeling to solutions and systems. • Member of first responder team for forensics response for security incidents.
• Delivery of risk assessments, vulnerability assessments and risk-based security reviews / audit for applications, databases, and operating systems. • Investigation, documentation, and classification of information security incidents. • Implementation of Microsoft Operations Framework and Operations Monitor in complex Information Systems. • Trainer to technical and user audiences; Presenter in Microsoft Events: TechDays Portugal.