Enrique G.

TELECOM ENGINEER

830 euro
Freelancer
18 years
Zurich, SWITZERLAND

My experience

More

The Bavarian ChamberAugust 2019 - October 2020

* Responded to critical computer security incidents by collecting, analysing, assembling, coordinating, and preserving digital evidence according to ISO270035, identifying gaps, and recommending remediate risks.

* Gathered forensic evidence for disciplinary investigations; reviewed log files and events; correlated data and recommended action courses.

* Worked with IAM and PAM access, investigated improper privilege access, revoked access, reported violations, and recorded terminals and interactive sessions.

* Designed, analysed, monitored, and operated security network applications and found sensible data regarding privacy and compliance.

* Provided technical and non-technical security assessment of the network infrastructure, including root cause analysis for systemic security problems and written comprehensive reports, including assessment-based findings (RCAs), outcomes,

* Designed and built custom tools integrations for investigations, hunting, and research to enable automated deployment and cloud infrastructure monitoring and applications.

* Determined attackers' tools, tactics, procedures (TTP), and indicators of compromise (IoCs) applied to current and future investigations.

* Used Cyber Chain contains APT and traditional tools against cyber threats.

* Coordinated threat hunting activities across the web, leveraging intelligence from multiple internal and external sources, as well as cutting-edge security technologies.

* Hunt and identify threat actor groups and their techniques, tools, approaches and identify gaps in IT infrastructure by mimicking attackers' behaviour and responses using Splunk ES.

* Monitored and analysed network traffic and IDS alerts using RSA Security Operations, SourceFire, NetScout, Wireshark, HP OpenView, and FireEye.

* Allocated and produced many of the ISO 27k, Marisk, Bafin, Kritis, Cis20 safeguards for the framework's control process.

* Performed risk analysis and process definition for ISO controls. Documented a high fidelity way for all activities during assessments and provided leadership with status updates during the life cycle of security processes.

* Assisted the governance team in implementing the eGRC tool, Archer, and the Compliance Management Module.

* Designed and operated a secure hybrid cloud infrastructure with IaaS and SaaS components.
More

CCSK Cloud SecurityJanuary 2020 - January 2020

with experience of 14 years in
* CCSK Cloud Security 2018 analyzing, recovering, mitigating, auditing,
* ISO3100 RA
and safeguarding hundreds of architectures
* Data protection office 2018 incidents in containers, VMs, endpoints,
* SABSA Architect Foundations
mobiles, servers, SCADA, network
* CISA Information Security Auditor 2018
boundaries, mainframes, wireless, IoTs,
* OSCP Red Team Ethical Hacking 2017 embed and cloud instances. I am looking to
* Information Privacy Manager 2019 utilize my professional experience with an IT
* GIAC GCFI Forensic analyst. 2006 company specializing in Information Security
* Web pen tester eWPTX 2016 and Cyber Info-Security.
* CompTIA Practitioner 2015

* EC Security Analyst 2017

* EC Ethical Hacker Certified 2010
Roles
* ITIL Foundations.2007
More

CGC PharmaceuticalAugust 2018 - July 2019

* Reintroduced privacy control assessments of moderate system inventory using NIST 800-53 and NIST 800-122 controls.

* Reviewed the System of Records Notice (SORNs) and advised about privacy risk language, including privacy act statements, disclaimers, Cooperative Research, and Development Agreements (CRADAs).

* Maintained an inventory of sharing agreements (MOUs, Memorandum of Understanding, and other data use agreements, rules of behaviour, warning banners (consent and opt-in language). Led the Privacy Information Map (PIM) initiative, which determines the location and nature of PII stored in databases.

* Drafted a privacy handbook for sensitive data management information governance (SDM).
Developed and led activities like data mapping framework between various data items with regulations, such as CCPA, GDPR, PIPA, PDPA, and PIPEDA.

* Authored policies and procedures for data retention and media sanitation (Storage Limitation Principle). Identified the best suitable operating model for the client and updated the RACI matrix to occupy GDPR and CCPA required roles.

* Created process flows to operational response to subject data requests, Data protection impact assessments (DPIA), and Data subject access requests (DSAR).

* Worked as a privacy protection officer for the client, conducted DPIA, and made Records of processing activities (RoPA).

* Developed data flow maps for crucial business processes and produced RoPA entries, as per
Article 30 of the client's security questionnaires (Standardised Information Gathering (SIG), CAIQ
(Consensus Assessments Initiative Questionnaire.

* Worked with cloud-based data storage architectures and the controls commonly used to secure those environments, such as encryption, tokenisation, data masking, data lifecycle management, data rights management (DRM) technology, retention, deletion and archiving policies, and ensuring the suitability of cloud data events.

* Audited the telemetry train system following norms DIN 50600, DIN 820, IEC 62443, RIL 11402.

* Hardened the following systems: Openscap, Lynix, Tripwire, File Integrity, HIDS, Privilege escalation, Logging.

* Provided hardening subject matter expertise utilising DISA STIGS, SRG'S (Security Readiness Guides), and the DISA SCAP tool.

* Established Micro Services Container Security & Cloud-Native Security.

* Introduced a Bring Your Device program and associated security policies, allowing employees to manage communications using their smartphones and tablets across the organisation.

* Analysed hundreds of security monitoring and appliance logs to investigate and tune for each incident's correct remediation actions and escalation paths.

* Performed DLP (Data leakage systems) installation maintenance and tuning procedures and devices in the Symantec product using DLP.

* I installed the existing AV replacement solution, including Defense and Response tools, such as Carbon Black, Crowd strike, and open source-based tools.

*
More

ISO OFFICEMarch 2016 - July 2018

* Managed the relocation of security perimeter devices and integrated them with new standards.

* Implemented security devices' application firewalls and tuning with Tufin, Barracuda, IBM Guardium, and F5 ASM.

* Created the Network Matrix. Replaced perimeter security, including L3 FWs and F5 balancers and WAF into ASM.

* Integrated safeguards for fraud, data leakage, e-commerce fraud, server intrusion, and ISP denial of service by implementing Imperva WAFs (Web application firewalls).

* Maintained cloud security AWS: Docker WAF that integrates the containers; Docker RASP from Wazuh and ansible that automatise part of the Devsecops regarding the micro-services security.

* Implemented a Twistlock security solution for RASP in AWS containers.

* Maintained all documentation for each release or project (Project plan, weekly status of the report, meeting schedule, gate review PowerPoint ations), and ensured all updated documentation repository.

* Created a SOC Monitoring team and procedures, workflows, frameworks, controls, and SIEM correlation rules.

* Remediated deep insight into conducting formal tests on web-based applications and networks, using deep assessment parameters.

* Transformed the adversarial, unproductive relationship between Internal Audit and IT departments into a fruitful, proactive partnership.

* Created a catalogue of deficient or inexistent use cases.

* Implemented Qradar and Carbon Black.

* Performed the migration from TMG to Zscaler cloud DLP and CASB proxy firewalls.

* Provided technical review of report items from various network devices such as log files, screenshots, configuration files, permissions, etc., to ensure Cloud Service Providers were closing and mitigating open findings with their POA&M.

* Assisted in interpreting various vulnerability and compliance scanning results from Assured
Compliance Assessment Solutions (ACAS), Security Content Automation Protocol (SCAP), and Commercial products HP Fortify Cast.
More

PS PROFESSIONAL SERVICESSeptember 2015 - February 2016

* Implemented AAA and PIM: Cisco ISE + Cyberark for Network Access control in cabled and wireless devices.

* Implemented the NAC agent compliance for checking the antivirus and Cisco cloud-based EDR.

* Reviewed Cloud Service Providers.

* Assisted clients with transitions to Microsoft O365/EMS cloud services, such as tenant setup and service configuration, focused on cyber risk mitigation.

* Collaborated with the incident management team to review processes and best practices.


* Performed Cloud Governance Compliance & Auditor/Services Functional Owner/CIO. Coordinated carefully with four compliance analysts and 75 cloud vendors to remediate audit findings.

* Designed, implemented, and managed the VMware virtual infrastructure, executed testing and quality assurance.

* Created a series of penetration tests as a basis for more advanced testing, resulting in ease of strategic test development, Pen testing, Fraud OSINT, and humming.

* Performed industrial security audits, checking telemetry sensors, servers, robustness and vulnerability assessment, CentOS hardening, and auditing.

* Performed attack simulations on the client's systems and web application firewalls to determine and exploit security flaws (evasion techniques).


* Performed application and infrastructure penetration tests, along with physical security reviews. I documented and discussed security findings with information technology teams.
More

Hyundai car CompanyJuly 2013 - August 2015

* Managed the centralisation of security for all European branch offices.

* Administered the migration to a new data centre security and centralised model and consolidation costs and technologies offered in a service model.

* Created the SOC: recruiting, training, implementation of SIEM and runbooks, incident handling procedures, and building a new security Cisco SDN environment.

* Implemented Zero Trust and micro-segmentation with VMWARE NSX-T and Palo Alto Panorama.

* Administered provision (device providers), integration, engineering (in-deep security net infrastructure), and support activities. Collaborated within the design development of support workflows.

* Enhanced and monitored security measures to protect the corporate network, systems, data, applications, and corporate image.

* Created security correlation rules: content rules in Splunk for new BIA cases.

* Designed, implemented, and managed the 2nd generation SecureAuth Cloud services infrastructure, including web, database, directory, and certificate authority services. I had implemented the 2nd generation SecureAuth IdP hardware.

* Develop and enforce cloud security standards in AWS and Azure, including IAM policies, security groups, S3 bucket policies, encryption, network security, cloud workload and container security, logging, monitoring, etc.

* Worked with IAM Roles, SSH essential public/ private key, KMS.

* We have implemented WAFs and NGFW NVAs in Azure and concept with Zero trust and Micro- segmentation.

* Introduced a VPN between cloud and premise reengineering.

* Led and participated in ongoing Office 365 security and strategy discussions.

* Updated Office 365, including changes updates, roadmap & releases, and third party solutions, found flaws in solutions' security, recommended CASB, prevented data exfiltration, and shadow usage of security information.

* Administered the transformation of a middle (commercial) on-premise solution to an MS Azure and AWS cloud-based solutions. I have established the Security Policy Program and corresponding security and privacy policies based on NIST and ISO frameworks.
More

Deutsche Bank UK.April 2010 - June 2013

* Implemented WAF for the Bank in transparent mode and KRP (kernel reverse process).

* Installed a File firewall for SharePoint (Imperva), a solution to avoid exfiltration of data and the orchestration of the approval for document sharing inside large organisations.

* Assisted with reviewing program-related documentation, such as standard operating procedures, security policies, plan of actions and milestones, and other documentation.

* Collaborated with clients in assessments and audits for compliance to include enhancements beyond baseline requirements, as determined by regulation, risk assessments, and organisational risk appetite.

* Developed Risk and Controls Matrix (RCM), detailing GAPP controls and risks associated in case of control failure.

* Worked under the guidance of CISOs, performed SOC2 Type I readiness assessment activities.

* Participated in the company's auditing, overseeing regular audit activities to complete the SOC2
audit for the selected trust criteria.


* Fine-tuned the SOC monitoring team and managed procedures, workflows, frameworks, controls, and SIEM rules. Migrated IPS from McAfee IntruShield to Cisco Firepower. Led other security portfolio projects in parallel to the role of the senior SOC analyst.

* Worked on improvement for security services and provided feedback and verification about existing security issues.

* Analysed various vulnerability detection applications, i.e., Nessus, Rapid7/ Nexpose, AppDetective, Cenzic Hailstorm, WebInspect, Metasploit, and Acunetix Web Vulnerability Scanner.

* Drafted policies and procedures require advanced verbal, written communication and ation.

* Developed and revised policies, standards, procedures, and guidelines for the general operation of data protection. I created continuity and contingency plans regarding network security and disruptions (HA and DDoS).
More

EricssonMay 2007 - March 2010

* Proposed RFIS, RSIs for data lake applications.

* Analysed application logs to find indicators for reporting security flaws, threats, and identity management issues related to web app business areas.

* A founding member of the Information Security Governance, Risk and Compliance Committee is responsible for translating government statutory and regulatory requirements, industry standards, and contractual requirements into IT Security and Risk Management frameworks, policies, procedures, guidelines, and best practices.

* Accomplished reengineering in the network topology and improving the WAF-IDS environment.

* Performed Perimeter Analysis for the customer and recommended security improvements, efficiency, supportability, and security incident escalation (Firemon).

* Created a roadmap for the whole security life cycle technology (Director Security plan, afterwards, a GAP analysis).

* Implemented DMS, a document management system based on open source. Implemented more than 20 security projects: OpenDNS, WAF, IDS, SIEM, AV, MDM, IOC scanner; commercial and open-source ones like Qualys, Nessus, Retina, Rapid7, Sofia, Burp suite, Nmap, Joval, and integrated the results with SIEM to correlate and score the assets SLAs in the IR process.

* Incorporated security into mobility strategy using the latest network security guidance, i.e. (SRG)
Security Readiness Guides, (STIG) Security Technical Implementation Guides, Industry Best
Practices guidance, etc.

* Initiated IT systems for inventory and asset, classification, and labelling projects.

* Responsible for the vulnerability management program that included periodic scanning, reporting, and tracking remediation of security vulnerabilities.

* Executed the Information Assurance Vulnerability Management (IAVM) process to ensure dissemination, reporting, and compliance.

* Implemented a cluster of 200 DAMs (Database activity monitoring) gateways in HA and 100 clusters of WAFs and integrated them with SIEM ArcSight.

* Assisted SOC manager in creating use cases in the SIEM for WAF.

* Installed filtering with three layers of SIEM for data retention regulation of the ISP's business.

* Executed all other IA/CS monitoring and reporting to ensure compliance, including developing and maintaining POA&Ms.
More

CISCOJanuary 2008 - January 2008

3. Security Officer ISO.
* EC Forensic investigator .2010
More

Ernst & YoungFebruary 2004 - April 2007

* Ensured that security methodology followed NIST compliance, 800.53, RMF, and POAM methods.

* Directed security plan implementation, drafted security directives, risk analysis, and impacted business analysis.

* Created plans of action and milestones and managed risk remediation across all locations. Managed third-party risk assessments on all new implementations and significant upgrades.

* Managed Peripheral Component Interconnect.

* Identified data anomalies, errors, non-compliance level degradation, and an increasing number of users required a DSS with a data quality component.

* Led the project of consolidating the security policies program by drafting a new one and updating existing policies (technical and process), identifying its compliance requirements

* Liaised with IT, Finance, and Legal Departments to remediate all existing information security and vendor risk assessment gaps.


* Generated presales: actively involved in developing proposals, statement of work (SOW), engagement letters, staffing estimates for privacy engagements, reported project status to C-level executives, and provided SWOT analysis.

* Reviewed pen testing and vulnerability scanning results and worked with the InfoSec team to remediate gaps.

* Completed the Payment Card Industry Data Security Standard's (PCI-DSS)

* Self-Assessment Questionnaires (SAQ).

* Aligned business-critical advice with optimal cybersecurity solutions and the NIST Cybersecurity
Framework (CSF) during a multi-billion-dollar divestiture to enable a risk-free balanced investment of security capabilities for a global business unit.

* Assessed client security architectures and recommended modifying or adapting certain technologies to meet NIST security standards.

* Executed an evidence audit following all the ISO 27k standards.

* Detected abnormal behaviour and categorised user network traffic profiles with ArcSight SIEM and DPIs (Solera); enforced the authentication for data login, network rights integrated with other perimeter security devices, such as IPS/IDS, NAC, and AV. Implemented data loss prevention of corporate data with different protocol inspections: IronPort email, McAfee Web-washer, Bluecoat for web and GTB, Net witness RSA, IronPort, and Net-beholders the rest of the protocols.
More

TelefonicaJune 2002 - January 2004

* Managed Security Services (MSS) for most of the Banks in Spain, including ant phishing and Perimeter.

* Administered Support, Presales, and Engineering for MSS services, Verisign Teraguard SIEM System.

* Maintained the operations support for the corporate network of Andalusia, for more than 7000 network points, based on ATM cells and MPLS labels.

* Proactively maintained, supported, and provisioned SLAs.

* Worked on transmission, data and wireless radio equipment SDH, PDL, DWDM with Lucent, Alcatel Cisco, Pirelli, Ericson, Motorola, Juniper equipment.

* Supported Level 2 for the VIP customers in-network services.

*

My stack

Wireshark, Vulnerability management, Virtualization, UNIX, Symantec, Stakeholder management, Spanish, SIEM, SCADA, Risk management, Risk Analysis, Quality Assurance, PeopleSoft, Penetration testing, nmap, Network Topology, Network Security, Nessus, Microsoft SharePoint, Microsoft PowerPoint, ITIL, IT Security, Internet Security, Information Security, HP OpenView, Firewalls, ElasticSearch, DWDM, Data Management, Cybersecurity, Cisco Switches/Routers, CentOS, Amazon Web Services