Istanbul, Istanbul, Türkiye
With over 20 years of experience in cybersecurity, I am a passionate and skilled professional who strives to protect the information systems and assets of my clients and employers. I have a strong background in software development security, network security, and security frameworks and standards, as well as certifications in CISSP, CISSP-ISSAP, CCSP, and CSSLP. I am a Cyber Security Senior Expert at Vodafone, one of the world's leading telecommunications companies. I share their vision of connecting people, businesses, and communities for a better future. At Vodafone, I lead and participate in various security projects, such as static and dynamic source code analysis, container security, SOAR, and DevSecOps. I assess new projects by considering the security requirements and best practices and provide guidelines for all on-premise and cloud security solutions. I also take part in the analysis, design, implementation, and management of security systems and applications and work with cross-functional teams to ensure the security of the development and deployment processes. Some of the skills that I use and improve on a daily basis include software development security, CSSLP, network security, DevSecOps, SOAR, container security, and security frameworks and standards. I enjoy working in a dynamic and collaborative environment where I can contribute to the security and success of Vodafone and its customers.
Vodafone Cyber Security Senior Expert | January 2019 – Present • Architected and led the implementation of a Zero Trust Security model, enhancing security across both on-premise and cloud infrastructures by enforcing granular access controls and continuous authentication. • Spearheaded the organization's transition to a cloud-first security strategy, working closely with the cloud operations team to implement advanced security features such as cloud-native firewalls, container security, and IAM. • Played a pivotal role in designing the SOAR (Security Orchestration, Automation, and Response) framework, streamlining security operations through automation and improving incident response times by 50%. • Developed and maintained the Cybersecurity Roadmap, aligning security initiatives with business objectives and ensuring continuous improvements in the security posture. • Collaborated with key stakeholders, including business leaders and technical teams, to integrate security requirements into the DevOps lifecycle, facilitating the adoption of DevSecOps practices. • Led the implementation of security analytics and monitoring solutions using SIEM tools, improving real-time threat detection and response. • Key Projects: o SOAR Project: Automated security incident response processes, reducing manual intervention and improving response times. o Zero Trust Implementation: Led the end-to-end design and deployment of a Zero Trust Architecture to enhance overall network security. o Cloud-Native Firewall Deployment: Spearheaded the deployment of cloud-native firewalls to secure Vodafone’s multi-cloud environments, ensuring robust and scalable protection across cloud platforms. o Certificate Management Implementation: Led the design and implementation of a comprehensive certificate management process and tool, ensuring secure and efficient handling of SSL/TLS certificates across the organization’s infrastructure.
• Designed and implemented information security architectures to support the rapid growth of Trendyol’s e-commerce platform, focusing on application security and data protection. • Ensured compliance with PCI DSS, KVKK, and GDPR standards by conducting thorough audits and implementing necessary security controls for payment processing systems and customer data protection. • Led the integration of DDoS protection, Web Application Firewalls (WAF), and other network security technologies, ensuring the platform's resilience against external threats. • Managed vulnerability assessments and penetration testing processes to identify and address potential security gaps in applications and infrastructure.
• Directed the Security Operations Center (SOC), overseeing daily security monitoring, incident detection, and response activities for multiple clients. • Led and managed penetration testing services for clients, including conducting tests and delivering detailed security assessments to identify vulnerabilities and recommend remediation strategies. • Implemented a comprehensive vulnerability management program, driving risk-based remediation efforts and minimizing the attack surface for clients. • Developed security architectures for clients, ensuring alignment with Zero Trust principles and the latest security standards. • Led the design and implementation of DDoS mitigation solutions and network intrusion detection systems to safeguard client infrastructure from large-scale attacks.
• Managed the deployment and maintenance of network security tools, including firewalls, SIEM, IPS, and encryption technologies, enhancing the overall security of Turkcell Global Bilgi’s infrastructure. • Conducted internal and external vulnerability assessments across the IT landscape, identifying critical vulnerabilities and coordinating mitigation efforts with the operations teams. • Provided penetration testing services and facilitated detailed security reports, ensuring compliance with industry standards such as PCI DSS. • Worked closely with business units and technical teams to implement secure configurations and policies for critical systems. • Directed the design and implementation of security policies and incident response procedures, ensuring effective threat management. • Key Projects: o Led the implementation of a SIEM solution, improving threat detection and response capabilities. o Developed and executed a Vulnerability Management Program, reducing the organization's attack surface. o Conducted security reviews and led internal security audits to maintain compliance with global standards.
• Managed the deployment and maintenance of network security solutions, including NG firewalls, IPS, endpoint security, and encryption tools. • Conducted network security audits and provided detailed security assessments to enhance the overall security of the airline’s IT systems. • Developed and maintained security policies and procedures, ensuring alignment with aviation industry security standards. • Led the Data Center Migration Security Project, overseeing the secure migration of critical systems and data to new data centers, ensuring business continuity and minimizing security risks.