Israel
Cyber-security expert, security architect and manager with a rich background in the realm of security, including risk management, threat modeling, secure design, SSDLC and security product integration. Capable of helping organizations build and implement efficient cyber-security programs leveraging hands-on experience, technological knowledge and understanding of business processes. Business enabler, methodical, motivated, business- and results-driven. Skills: • SSDLC/SDLC/SDL, Secure Architecture, Secure Design, Threat Modeling • Risk Management, Vulnerability Management, Security Assessment • Penetration Testing (Web/Thick Client/Infrastructure/Network/SAP) • Projects - planning, design, management, and implementation • Frontal Consulting and Thorough Research • Solution design, benchmark, and evaluation • Compliance and regulations, corporate policies and procedures Technological Fields of Expertise: • Penetration Testing Methodologies, Tools, and Approaches • Cloud and Kubernetes security • Web Application Firewalls, Data Base Firewalls, XML Firewalls • Firewalls, IPS, Content Filtering (Mail/Web), Network Anomaly Detection, NAC • Virtualization Solutions and Cloud Technologies • Linux based Solutions • PKI Solutions, Encryption, VPN, SSL-VPN • Router and Switches
• Heading the security of eToroX - the Cryptocurrency division of eToro, leading "everything security" with strong emphasis on Product and Application Security. • Helping the company to reach its business goals by providing efficient security solutions with minimal impact on timelines and without introducing bottlenecks. • Building, promoting and implementing agile-oriented product security practices, using the "shift-left" approach, from the earliest stages of business requirements all the way to production, and maintenance. • These based on industry best practices in regulated and constantly attacked environment. • Implementing Risk Management, Threat Modeling, Security Product Review, Security Design and Security Code Review. Managing Penetration Testing, Security Assessment and Bug Bounty engagements. • Helping to build secure cloud-based and Kubernetes-based infrastructures, integrating security into the pipeline.
• Lead the implementation of secure software development lifecycle (SSDL/SSDLC/SDLC) and secure architecture in all stages of product creation, from conceptualization through design all the way into coding and testing. • Define product security requirements and establish organization-wide application security standards. • Conduct threat modelling, and security review on products/features/user stories • Promote security best practices among the R&D group (OWASP, NIST, SANS). • Research the threat landscape and devise security measures in order to mitigate the threats. • Conduct security code review, guide teams on optimal solutions for discovered vulnerabilities. • Lead external and internal penetration testing initiatives. • Conduct product certification against Common Criteria (Protection Profile) and DoD UC APL/DoDIN.
• Project management and planning of large-scale security projects and internal resource optimization systems. • Research, design, and implementation of vulnerability assessment and threat detection platforms – scanning frameworks, exploitation frameworks, heuristic, and signature based attack-monitoring solutions, hardening solutions, security testing methodologies, and management procedures. • Writing security procedures, disaster recovery plans (DRP), compliance documents, hardening procedures and other security-related documentation. • Security consulting, penetration testing (PT) and cyber security assessments in high-end or technologically complex engagements, provided to global financial institutes, government offices, health-care organizations and the high-tech sector. • Technical leader in infrastructure security, specializing in security architecture.
• Implementation of highly complex security solutions, and large-scale secure network architectures with multiple security controls and components from a wide array of vendors. • Planning, management and implementation of security integration projects locally and abroad. • Security assessments, consulting, and penetration testing services • Providing services for the defense, financial and government sectors.