Adele Farhadian
Verified Expert in Engineering
IT Security Architect and Developer
Adele Farhadian is an information security architect with over 16 years of experience planning and implementing security systems. She has several certifications: CISSP, CCSP, GWAPT, SABSA Chartered Architect, CISM, CEH, and ISO 27001 Lead Auditor. Launching her own IT security consultancy in 2015, InfoSec Assured, Adele uses her security architecture skills to perform security and privacy gap assessments, vulnerability assessments, security strategies, and security posture designs.
Portfolio
Experience
Availability
Preferred Environment
NMap, Sqlmap, Nessus, Burp Suite, OWASP Zed Attack Proxy (ZAP), Kali Linux, Metasploit, DirBuster, Shodan
The most amazing...
...result I've delivered was a custom business-focused security solution that saved the client millions dollars in compliance fines and reputation damages.
Work Experience
Owner | IT Security Architect
InfoSec Assured
- Performed various security architectural (cloud and on-premise) reviews and architectural designs of major projects for clients; worked with various teams including product managers, scrum masters, developers (front- and back-end), and cloud experts.
- Conducted vulnerability assessments for many clients while often working with Agile teams; also reviewed CI/CD pipelines and recommended security measures.
- Composed IT security framework documentation which included a set of policies, definitions that covered roles and responsibilities, awareness and training schedules, data classification guidelines, and so on.
- Spoke publically on the following topics: “Security Projects Sanity Check” at BSides Vancouver (May 21) and "GDPR Challenges & Quick Wins” at InfoSec Train (May 19).
Senior IT Security Analyst
Aritzia
- Developed the ISMS framework including the security policies, procedures, and guidelines.
- Performed as the security SME (subject matter expert) on all projects with a security impact.
- Implemented PCI requirements and guided the vendors throughout their responsibilities.
- Handled all security operations including any security investigation and incident handling.
Senior IT Security Associate
Grant Thornton LLP
- Provided detailed threat risk assessment for many clients including the government and public and private companies.
- Created detailed privacy impact assessments for many clients including the government and public and private companies.
- Generated detailed security roadmaps based on identified threats for many clients including the government and public and private companies.
- Developed the ISMS framework for many clients including the complete suite of documentation, policies, procedures, and guidelines.
- Documented disaster recovery and business continuity plans for many clients.
IT Security Officer
Accenture
- Handled the security operations including managing incidents.
- Administered the security infrastructure for several projects, solutions, and applications.
- Performed as a security SME (subject matter expert) on a few projects for a client.
Security Analyst
ALA Enterprises
- Provided clients with incident handling expertise.
- Oversaw security operations for a client and developed policies and procedures for them.
- Administered the security infrastructure and solutions for a client.
Experience
TRA and PIA for a Project with HIPAA Requirements
The project goal was to design a solution to copy the PHI (personal health information) of Ontario residents from every clinic, hospital, and medical facility into their own data center and then keep the historical data at the source location as read-only files reference only.
They had multiple vendors with different roles in this project. I had to understand their roles, their demarcation points, their responsibilities, access needs, and so on to complete the TRA and PIA. They adopted HIPAA as the best practice, and then TRA/PIA was used to design and enhance the solution.
Low-level Designs of Security Solutions
Reviews of Compliance Implementations, Saving Millions of Dollars in Compliance Fines
Since these findings were investigated internally and reported as a self-report, their fines were minimal compared to an external audit findings fines and/or a reported security/privacy incident.
Skills
Tools
NMap, Nessus, Sqlmap, OWASP Zed Attack Proxy (ZAP), Metasploit
Other
Security Architecture, Threat Modeling, Threat Risk Assessment (TRA), Compliance, GDPR, Vulnerability Assessment, DirBuster, Shodan, MCSA, CCNA, CompTIA Network+ Certification, CompTIA Security+ Certification, PCI DSS, ISO 27001, CISSP, Cloud Security, GWAPT, Certified Ethical Hacker (CEH), CISM, Information Security Management Systems (ISMS), Security, Privacy Impact Assessment (PIA), Security Roadmap, Security Operations Centers (SOC), Incident Response, Security Administration, Security Incident Handling, Security Planning, Administration, Security Design Review, Security Architecture Review, Secure Vendor Management, Security Review, Security Design, Business, Business Administration
Languages
Python 3
Paradigms
Penetration Testing, HIPAA Compliance, Testing
Platforms
Burp Suite, Kali Linux, Linux
Education
Diploma in Network Administrator and Security Professional
University of British Columbia (UBC) and BC Institute of Technology (BCIT) - Vancouver, BC, Canada
Executive MBA (EMBA) in Business Administration
Industrial Management Institute - Tehran, Iran
Certifications
GIAC Web Application Penetration Tester
SANS
SABSA Chartered Security Architect
SABSA
Certified Cloud Security Professional
(ISC)2
Certified Ethical Hacker
EC Council
Certified Information Systems Security Professional
(ISC)2
Certified Information Security Manager
ISACA
Security+
CompTIA
ISO 27001 Lead Auditor
BSI
How to Work with Toptal
Toptal matches you directly with global industry experts from our network in hours—not weeks or months.
Share your needs
Choose your talent
Start your risk-free talent trial
Top talent is in high demand.
Start hiring