Adele Farhadian, IT Security Architect and Developer in Vancouver, BC, Canada
Adele Farhadian

IT Security Architect and Developer in Vancouver, BC, Canada

Member since June 23, 2021
Adele Farhadian is an information security architect with over 16 years of experience planning and implementing security systems. She has several certifications: CISSP, CCSP, GWAPT, SABSA Chartered Architect, CISM, CEH, and ISO 27001 Lead Auditor. Launching her own IT security consultancy in 2015, InfoSec Assured, Adele uses her security architecture skills to perform security and privacy gap assessments, vulnerability assessments, security strategies, and security posture designs.
Adele is now available for hire

Portfolio

Experience

  • Compliance 16 years
  • Threat Risk Assessment (TRA) 16 years
  • Kali Linux 10 years
  • NMap 10 years
  • Nessus 9 years
  • Security Architecture 7 years
  • Threat Modeling 5 years
  • Vulnerability Assessment 5 years

Location

Vancouver, BC, Canada

Availability

Part-time

Preferred Environment

NMap, Sqlmap, Nessus, Burp Suite, OWASP Zed Attack Proxy (ZAP), Kali Linux, Metasploit, DirBuster, Shodan

The most amazing...

...result I've delivered was a custom business-focused security solution that saved the client millions dollars in compliance fines and reputation damages.

Employment

  • Owner | IT Security Architect

    2015 - PRESENT
    InfoSec Assured
    • Performed various security architectural (cloud and on-premise) reviews and architectural designs of major projects for clients; worked with various teams including product managers, scrum masters, developers (front- and back-end), and cloud experts.
    • Conducted vulnerability assessments for many clients while often working with Agile teams; also reviewed CI/CD pipelines and recommended security measures.
    • Composed IT security framework documentation which included a set of policies, definitions that covered roles and responsibilities, awareness and training schedules, data classification guidelines, and so on.
    • Spoke publically on the following topics: “Security Projects Sanity Check” at BSides Vancouver (May 21) and "GDPR Challenges & Quick Wins” at InfoSec Train (May 19).
    Technologies: Security Architecture, Threat Modeling, Threat Risk Assessment (TRA), Privacy Impact Assessment (PIA), Vulnerability Assessment, Penetration Testing, Compliance, PCI DSS, NERC, ISO 27001, Security Design
  • Senior IT Security Analyst

    2012 - 2013
    Aritzia
    • Developed the ISMS framework including the security policies, procedures, and guidelines.
    • Performed as the security SME (subject matter expert) on all projects with a security impact.
    • Implemented PCI requirements and guided the vendors throughout their responsibilities.
    • Handled all security operations including any security investigation and incident handling.
    Technologies: Security
  • Senior IT Security Associate

    2011 - 2012
    Grant Thornton LLP
    • Provided detailed threat risk assessment for many clients including the government and public and private companies.
    • Created detailed privacy impact assessments for many clients including the government and public and private companies.
    • Generated detailed security roadmaps based on identified threats for many clients including the government and public and private companies.
    • Developed the ISMS framework for many clients including the complete suite of documentation, policies, procedures, and guidelines.
    • Documented disaster recovery and business continuity plans for many clients.
    Technologies: Threat Risk Assessment (TRA), Privacy Impact Assessment (PIA), Information Security Management Systems (ISMS), Security Planning, Security Roadmap
  • IT Security Officer

    2010 - 2011
    Accenture
    • Handled the security operations including managing incidents.
    • Administered the security infrastructure for several projects, solutions, and applications.
    • Performed as a security SME (subject matter expert) on a few projects for a client.
    Technologies: Security Operations Centers (SOC), Incident Response, Administration, Security, Security Administration
  • Security Analyst

    2005 - 2008
    ALA Enterprises
    • Provided clients with incident handling expertise.
    • Oversaw security operations for a client and developed policies and procedures for them.
    • Administered the security infrastructure and solutions for a client.
    Technologies: Security Incident Handling, Administration, Security, Security Administration

Experience

  • TRA and PIA for a Project with HIPAA Requirements

    The Ontario Health Ministry hired me to perform a threat risk assessment (TRA) and privacy impact assessment (PIA) on a project.

    The project goal was to design a solution to copy the PHI (personal health information) of Ontario residents from every clinic, hospital, and medical facility into their own data center and then keep the historical data at the source location as read-only files reference only.

    They had multiple vendors with different roles in this project. I had to understand their roles, their demarcation points, their responsibilities, access needs, and so on to complete the TRA and PIA. They adopted HIPAA as the best practice, and then TRA/PIA was used to design and enhance the solution.

  • Low-level Designs of Security Solutions

    I've evaluated, tested, designed, and helped implement several security solutions, e.g., SIEMs, Tenable, among others. I completed these designs by performing a threat risk assessment (TRA) and working with the stakeholders, infrastructure, database, and application owners.

  • Reviews of Compliance Implementations, Saving Millions of Dollars in Compliance Fines

    For example, for a utility company, I reviewed their NERC compliance implementation. I dug deep into their other systems (there were none identified as NERC assets), identified many assets that were not compliant or were not sufficient in their NERC compliance control implementations. They then engaged their external auditors to report these non-compliance issues.

    Since these findings were investigated internally and reported as a self-report, their fines were minimal compared to an external audit findings fines and/or a reported security/privacy incident.

Skills

  • Tools

    NMap, Nessus, Sqlmap, OWASP Zed Attack Proxy (ZAP), Metasploit
  • Other

    Security Architecture, Threat Modeling, Threat Risk Assessment (TRA), Compliance, GDPR, Vulnerability Assessment, DirBuster, Shodan, MCSA, CCNA, Linux (L1/L2), CWNA, CompTIA Network+ Certification, CompTIA Security+ Certification, PCI DSS, NERC, ISO 27001, CISSP, Certified Cloud Security Professional (CCSP), GWAPT, Certified Ethical Hacker (CEH), CISM, Information Security Management Systems (ISMS), Privacy Impact Assessment (PIA), Security Roadmap, Security Operations Centers (SOC), Incident Response, Security Administration, Security Incident Handling, Security Planning, Administration, Security Design Review, Security Architecture Review, Secure Vendor Management, Security Solution Design, Security Review, Security Design, Business, Business Administration
  • Languages

    Python 3
  • Paradigms

    Penetration Testing, HIPAA Compliance, Testing
  • Platforms

    Burp Suite, Kali Linux
  • Industry Expertise

    Security

Education

  • Diploma in Network Administrator and Security Professional
    2009 - 2010
    University of British Columbia (UBC) and BC Institute of Technology (BCIT) - Vancouver, BC, Canada
  • Executive MBA (EMBA) in Business Administration
    2005 - 2007
    Industrial Management Institute - Tehran, Iran

Certifications

  • GIAC Web Application Penetration Tester
    FEBRUARY 2021 - PRESENT
    SANS
  • SABSA Chartered Security Architect
    JUNE 2018 - PRESENT
    SABSA
  • Certified Cloud Security Professional
    FEBRUARY 2018 - PRESENT
    (ISC)2
  • Certified Ethical Hacker
    DECEMBER 2017 - PRESENT
    EC Council
  • Certified Information Systems Security Professional
    AUGUST 2017 - PRESENT
    (ISC)2
  • Certified Information Security Manager
    JUNE 2013 - PRESENT
    ISACA
  • Security+
    JUNE 2009 - JUNE 2013
    CompTIA
  • ISO 27001 Lead Auditor
    NOVEMBER 2006 - JUNE 2008
    BSI

To view more profiles

Join Toptal
Share it with others