Istanbul, Türkiye
Semih Gelişli has over 16 years of experience in cyber and information security, including 8+ years of people management. He started his career in 2010 and has been working in the finance industry since 2012, holding various roles such as Network Security Specialist, Incident Responder, and Manager of Cyber Security Incident Management Unit. Up until recently, he held the position of Director of the Cyber Security Center & Information Security Governance at Yapı Kredi Bank. In this role, he led diverse teams responsible for Application Security & DevSecOps, Cloud Security, Blue & Red Team Operations, and Information Security Risks & Governance, impacting Yapı Kredi Bank and its subsidiaries. In his most recent advancement, he has taken on the role of Chief Technology Officer (CTO) at Natica Consulting, where he steers the company's technological vision and ensures the integration of cutting-edge cybersecurity solutions across their client portfolios. Achievements: 🥇 Awarded first prize for “Big Data & Analytics” and “Security & Fraud Management” by the IDC (International Data Corporation) Turkey at the 2022 IDC Financial Services Summit. 🎙️ Was a speaker at the Splunk .conf 2022 worldwide event held in Las Vegas with the subject of "One app to rule them all: Applied Machine Learning to find them". 🎙️ Invited to FirstCon22 annual event in Dublin on “Dynamic Detection: May the ML Be with You” 🎙️ Was a speaker at the Black Hat MEA event held in Riyadh with the subject of "How to use Additional Data Sources and ATT&CK in Vulnerability Management" 👨🎓 Participated in the RSA Conference 2023 CISO Boot Camp held in San Francisco and co-designed by RSAC™ and the SANS Institute, a rigorous training program designed for Chief Information Security Officers(CISOs) and senior cybersecurity executives. ✍️ Actively contributes to industry initiative CSA (Cloud Security Alliance), where he submitted white papers on AI and LLM Security. 👨🏫 Is a mentor for the Cyversity Mentorship Program, which focuses on increasing the representation of women and underrepresented minorities in the industry.
•Leads the company's technology vision and strategy, ensuring alignment with business objectives. •Drives innovation and the adoption of cutting-edge technologies to enhance customer value and maintain a competitive edge. •Oversees all technology operations, including research, development, implementation, and maintenance of IT systems. •Drives revenue growth by leveraging technology to acquire and retain clients. •Champions a customer-centric approach to technology solutions, ensuring alignment with client needs and business outcomes. •Develops and implements a comprehensive technology roadmap to support the company's long-term vision and growth.
• Develops and implements a comprehensive security strategy to protect against cyber threats and risks, with a focus on protecting the organization's sensitive information and systems • Establishes policies and procedures to ensure compliance with relevant laws, regulations and industry best practices • Identifies, assesses and prioritizes information security risks to the organization and implements measures to mitigate them • Monitors security trends and threats and adapts security measures accordingly • Coordinates incident response and recovery efforts in the event of a security breach • Implements and monitors employee security awareness and training programs to build a security-aware culture, and continuously improves the organization's security posture • Oversees the protection of the organization's information assets, including data, systems, and networks, and manages application and cloud security measures to protect against vulnerabilities and threats.
Establishing security strategy by considering cyber threats, regulations and needs Managing the CAPEX and OPEX budget for projects and programs Leading a dedicated team of IT Security Professionals working on Log Management, Cyber Threat Detections, Incident Response, Threat Intelligence, Security Operation Center and Digital Forensics. Responsible of Managing and Operating Security Operation Center Infrastructure (SIEM, Data Lake etc.), Cyber Security Proactive Services (including cyber threat intelligence program, red teaming, threat hunting and threat detection program) and 7/24 Security Operation Center Leading a virtual team of IT Security Professionals working on Hybrid Cloud Security and DevOps / DevSecOps, responsible of managing and planning cloud security projects of Next Generation Banking Infrastructure Reporting directly to the CISO and upper management, including the CIO, on security threats, exposed security incidents, and metrics.
Handle high and critical severity security incidents Providing digital (Memory/Host/Network) forensics Experience with incident response methodology in investigations and the groups behind targeted attacks and tactics, techniques, and procedures (TTPs) Identification and reporting malicious activity Cyber Defence Center (CDC) design, and operations workflow Developments and Simulations of Detection Use-Cases Perform threat hunting activities to search the network for indicators of compromise Technical familiarity with enterprise security architecture (including SIEMs, IDS/IPS, critical network infrastructure, Virtualisation, Storage) Technical familiarity with forensics softwares (including Forensic Explorer, Xways, F-Response) Assist intrusion remediation and strategy development and implementation Recommend effective process changes to enhance defense and response procedures Real-time monitoring of third party security feeds, forums, and mailing lists to gather information on vulnerabilities and exploits
Administration and maintaining of network security infrastructure Lead the design, implementation of IT Network infrastructure technologies Defining and implementing cyber security tools and technologies Performing daily IT security operations Preparing policies, procedures, standards and guidelines Managements of IT security projects Experience conducting PCI-DSS, Visa Payment Application Best Practice assessments Hands-on experience with the folllowing technology vendors: Cisco, Juniper, Palo Alto, Websense, BlueCoat, Check Point, McAfee, Symantec, Fortinet, SourceFire, Radware, Imperva, F5, Bind, ArcSight
Administration of Network Security and End Point Security Infrastructure Administration of AD, GPO and DNS Administration of Mail Server and AntiSpam Infrastructure Designing and Maintaining IT Security infrastructure Performing daily IT Security operations