Information Security Specialist
Through this portfolio, I aim to highlight my competence in implementing security strategies based on international standards, effectively managing risks, and developing automated solutions and customized tools that contribute to strengthening the security posture of modern organizations.
Throughout my position as a security specialist, I have developed and implemented risk management strategies, acquiring a strong understanding of cyber security risks of IT platforms, web, mobile and administrative applications.
With extensive experience helping protect companies by employing a range of technologies and processes to prevent, detect and manage cyber security threats across all their applications and infrastructure platforms. I design and implement comprehensive security strategies across organizations.
I have supported companies in achieving certifications under the ISO 27001 framework and in completing SOC 2 Type 2 attestation processes, among others.
As part of my service portfolio, I offer the development and implementation of robust policies and procedures to enhance organizational security and efficiency. This includes designing access control policies, such as implementing role-based access control (RBAC) systems to reduce unauthorized access incidents by 30%. I also create incident response policies that optimize mean time to resolution (MTTR), achieving a 40% improvement during phishing attack simulations. Furthermore, I develop data classification policies focused on minimizing data breaches through employee training on proper handling procedures. My change management policies enhance system stability by introducing structured change controls, while my vendor risk management policies mitigate risks through stricter onboarding processes. These tailored solutions help organizations maintain a secure, compliant, and efficient operating
As part of my service portfolio, I provide detailed risk analysis to strengthen organizational security. This includes conducting web application security assessments to identify vulnerabilities, such as critical SQL Injection risks, using methodologies like ISO 31000 and ISO 27005. I implement mitigation strategies, such as parameterized queries and library updates, reducing exploitation risks by 60%. My network security risk assessments focus on mapping network topology, identifying critical assets, and analyzing threats like unauthorized access or malware infections. I recommend measures such as applying updates, reconfiguring firewalls, and enabling IDPS to enhance security and reduce downtime. Additionally, I offer business impact analysis (BIA) services for disaster recovery planning, evaluating scenarios like ransomware attacks, estimating downtime costs, and calculating recovery time and point objectives (RTOs and RPOs) to prioritize critical systems during recovery efforts. These services ensure a proactive and structured approach to risk management and mitigation.
I offer comprehensive compliance and security services as part of my portfolio. These include the implementation of ISO 27001-aligned Information Security Management Systems (ISMS), where I conduct gap analyses, define tailored security controls, and deliver employee training, ensuring successful certification audits that elevate organizational credibility. I also provide GDPR compliance services by mapping personal data flows, drafting transparent privacy policies, and establishing breach notification procedures, effectively reducing penalties and enhancing user trust. Additionally, I specialize in achieving PCI DSS compliance by identifying payment system vulnerabilities, implementing robust encryption protocols, and conducting penetration tests to secure transactions. Furthermore, I tailor compliance solutions to specific regulations like SOC 2 or ISO 27017, designing secure systems and data-handling practices that improve legal standing. These services exemplify my ability to strengthen security frameworks and ensure compliance with diverse regulatory standards, safeguarding your business operations.
Develop and maintain automated scripts, including a Python-based tool for security audits that identifies open ports, misconfigurations, and default passwords using libraries such as nmap and os; utilize matplotlib and pandas to create insightful vulnerability reports for stakeholders; and leverage re and datetime libraries to analyze logs, detect suspicious login attempts, and alert administrators. In addition below, you will find some security programs developed throughout my professional career to enhance the safeguarding of the companies I have worked for.