Adele Farhadian, Developer in Vancouver, BC, Canada
Adele is available for hire
Hire Adele

Adele Farhadian

Verified Expert  in Engineering

IT Security Architect and Developer

Vancouver, BC, Canada

Toptal member since June 23, 2021

Expertise
System SecurityPenetration TestingPythonEthical HackingLinux
Bio

Adele Farhadian is an information security architect with over 16 years of experience planning and implementing security systems. She has several certifications: CISSP, CCSP, GWAPT, SABSA Chartered Architect, CISM, CEH, and ISO 27001 Lead Auditor. Launching her own IT security consultancy in 2015, InfoSec Assured, Adele uses her security architecture skills to perform security and privacy gap assessments, vulnerability assessments, security strategies, and security posture designs.

Portfolio

InfoSec Assured
Security Architecture, Threat Modeling...
Aritzia
Security
Grant Thornton LLP
Threat Analysis and Risk Assessment (TARA), Privacy Impact Assessment (PIA)...

Experience

  • Compliance - 16 years
  • Threat Analysis and Risk Assessment (TARA) - 16 years
  • NMap - 10 years
  • Kali Linux - 10 years
  • Nessus - 9 years
  • Security Architecture - 7 years
  • Vulnerability Assessment - 5 years
  • Threat Modeling - 5 years

Availability

Part-time

Preferred Environment

NMap, Sqlmap, Nessus, Burp Suite, OWASP Zed Attack Proxy (ZAP), Kali Linux, Metasploit, DirBuster, Shodan

The most amazing...

...result I've delivered was a custom business-focused security solution that saved the client millions dollars in compliance fines and reputation damages.

Work Experience

Owner | IT Security Architect

2015 - PRESENT
InfoSec Assured
  • Performed various security architectural (cloud and on-premise) reviews and architectural designs of major projects for clients; worked with various teams including product managers, scrum masters, developers (front- and back-end), and cloud experts.
  • Conducted vulnerability assessments for many clients while often working with Agile teams; also reviewed CI/CD pipelines and recommended security measures.
  • Composed IT security framework documentation which included a set of policies, definitions that covered roles and responsibilities, awareness and training schedules, data classification guidelines, and so on.
  • Spoke publically on the following topics: “Security Projects Sanity Check” at BSides Vancouver (May 21) and "GDPR Challenges & Quick Wins” at InfoSec Train (May 19).
Technologies: Security Architecture, Threat Modeling, Threat Analysis and Risk Assessment (TARA), Privacy Impact Assessment (PIA), Vulnerability Assessment, Penetration Testing, Compliance, PCI DSS, ISO 27001, Security Design

Senior IT Security Analyst

2012 - 2013
Aritzia
  • Developed the ISMS framework including the security policies, procedures, and guidelines.
  • Performed as the security SME (subject matter expert) on all projects with a security impact.
  • Implemented PCI requirements and guided the vendors throughout their responsibilities.
  • Handled all security operations including any security investigation and incident handling.
Technologies: Security

Senior IT Security Associate

2011 - 2012
Grant Thornton LLP
  • Provided detailed threat risk assessment for many clients including the government and public and private companies.
  • Created detailed privacy impact assessments for many clients including the government and public and private companies.
  • Generated detailed security roadmaps based on identified threats for many clients including the government and public and private companies.
  • Developed the ISMS framework for many clients including the complete suite of documentation, policies, procedures, and guidelines.
  • Documented disaster recovery and business continuity plans for many clients.
Technologies: Threat Analysis and Risk Assessment (TARA), Privacy Impact Assessment (PIA), Information Security Management Systems (ISMS), Security Roadmap, Security Planning

IT Security Officer

2010 - 2011
Accenture
  • Handled the security operations including managing incidents.
  • Administered the security infrastructure for several projects, solutions, and applications.
  • Performed as a security SME (subject matter expert) on a few projects for a client.
Technologies: Security Operations Centers (SOC), Incident Response, Security Administration, Security, Administration

Security Analyst

2005 - 2008
ALA Enterprises
  • Provided clients with incident handling expertise.
  • Oversaw security operations for a client and developed policies and procedures for them.
  • Administered the security infrastructure and solutions for a client.
Technologies: Security Incident Handling, Security Administration, Administration, Security

Experience

TRA and PIA for a Project with HIPAA Requirements

The Ontario Health Ministry hired me to perform a threat risk assessment (TRA) and privacy impact assessment (PIA) on a project.

The project goal was to design a solution to copy the PHI (personal health information) of Ontario residents from every clinic, hospital, and medical facility into their own data center and then keep the historical data at the source location as read-only files reference only.

They had multiple vendors with different roles in this project. I had to understand their roles, their demarcation points, their responsibilities, access needs, and so on to complete the TRA and PIA. They adopted HIPAA as the best practice, and then TRA/PIA was used to design and enhance the solution.

Low-level Designs of Security Solutions

I've evaluated, tested, designed, and helped implement several security solutions, e.g., SIEMs, Tenable, among others. I completed these designs by performing a threat risk assessment (TRA) and working with the stakeholders, infrastructure, database, and application owners.

Reviews of Compliance Implementations, Saving Millions of Dollars in Compliance Fines

For example, for a utility company, I reviewed their NERC compliance implementation. I dug deep into their other systems (there were none identified as NERC assets), identified many assets that were not compliant or were not sufficient in their NERC compliance control implementations. They then engaged their external auditors to report these non-compliance issues.

Since these findings were investigated internally and reported as a self-report, their fines were minimal compared to an external audit findings fines and/or a reported security/privacy incident.

Education

2009 - 2010

Diploma in Network Administrator and Security Professional

University of British Columbia (UBC) and BC Institute of Technology (BCIT) - Vancouver, BC, Canada

2005 - 2007

Executive MBA (EMBA) in Business Administration

Industrial Management Institute - Tehran, Iran

Certifications

FEBRUARY 2021 - PRESENT

GIAC Web Application Penetration Tester

SANS

JUNE 2018 - PRESENT

SABSA Chartered Security Architect

SABSA

FEBRUARY 2018 - PRESENT

Certified Cloud Security Professional

(ISC)2

DECEMBER 2017 - PRESENT

Certified Ethical Hacker

EC Council

AUGUST 2017 - PRESENT

Certified Information Systems Security Professional

(ISC)2

JUNE 2013 - PRESENT

Certified Information Security Manager

ISACA

JUNE 2009 - JUNE 2013

Security+

CompTIA

NOVEMBER 2006 - JUNE 2008

ISO 27001 Lead Auditor

BSI

Skills

Tools

NMap, Nessus, Sqlmap, OWASP Zed Attack Proxy (ZAP), Metasploit, DirBuster

Languages

Python 3

Paradigms

Penetration Testing, HIPAA Compliance, Testing

Platforms

Burp Suite, Kali Linux, Linux

Other

Security Architecture, Threat Modeling, Threat Analysis and Risk Assessment (TARA), Compliance, General Data Protection Regulation (GDPR), Vulnerability Assessment, Shodan, MCSA, CCNA, CompTIA Network+ Certification, CompTIA Security+ Certification, PCI DSS, ISO 27001, CISSP, Cloud Security, GWAPT, Certified Ethical Hacker (CEH), CISM, Information Security Management Systems (ISMS), Security, Privacy Impact Assessment (PIA), Security Roadmap, Security Operations Centers (SOC), Incident Response, Security Administration, Security Incident Handling, Security Planning, Administration, Security Architecture Review, Vendor Management, Security Review, Security Design, Business, Business Administration

Collaboration That Works

How to Work with Toptal

Toptal matches you directly with global industry experts from our network in hours—not weeks or months.

1

Share your needs

Discuss your requirements and refine your scope in a call with a Toptal domain expert.
2

Choose your talent

Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.
3

Start your risk-free talent trial

Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.

Top talent is in high demand.

Start hiring