Branko Džakula
Verified Expert in Engineering
Cybersecurity Developer
Munich, Bavaria, Germany
Toptal member since December 27, 2023
Branko is a cybersecurity entrepreneur and educator with 12 years of experience in cybersecurity ops and compliance. His expertise in implementing security frameworks and hands-on technical skills ensure data and IT assets are safeguarded to the highest standards. Branko has driven impressive growth, securing over $5M in funding for his ventures and over $3M in ARR. He teaches clients how to turn security into a lead magnet and a revenue driver to increase brand trust and business growth.
Portfolio
Experience
Availability
Preferred Environment
Slack, Notion, Cloud Security, Web Security, Endpoint Detection and Response (EDR), Web Application Firewall (WAF), Unified Threat Management (UTM), GRC, Incident Management, Communication, Consulting
The most amazing...
...achievement was increasing ARR by $6M+ by teaching digital health client sales teams to use high-security posture as a competitive edge in securing big deals.
Work Experience
Co-founder and Advisor
Secfix
- Provided expert advice and guidance on developing product content and features, ensuring market needs were met and security best practices adhered to.
- Raised an oversubscribed seed round of $3.6 million led by Octopus Ventures. It was featured in WIRED, Tech Crunch, and Business Insider.
- Created and expanded a detailed knowledge base, providing valuable resources for internal and external stakeholders to better understand and implement security practices.
- Oversaw the internal information security management system (ISMS) and provided leadership in all security-related matters, ensuring a robust and compliant security posture.
- Delivered comprehensive security consulting and support to customers, enhancing their understanding of security measures.
Co-founder and CISO
Un1quely
- Pioneered the creation and enhancement of innovative cybersecurity services, positioning the company as a leader in the industry.
- Generated $3 million in ARR in two years, with over 200 clients served globally.
- Ensured a focus on employees first, driving performance, efficiency, growth, and satisfaction by perfectly syncing people, processes, and technology.
- Infused operations with ambition and drive, setting the tone for strategy meetings and guiding the company through decisions, dilemmas, and wonders with a steady hand.
- Fostered a caring culture, being there 100% for colleagues, partners, vendors, and stakeholders, ensuring a supportive network for all.
- Emphasized a security and privacy-first approach in all software development and cybersecurity initiatives, ensuring products are robust, lasting, and protective.
- Encouraged a culture of innovation and excellence, challenging the ordinary and striving for superior solutions and services.
Privacy Service Designer
Toptal
- Supported the initiative to design and develop a new privacy service offering for the Toptal Services practice. This included integrating subject matter expertise to align the service with international privacy regulations such as GDPR and CCPA.
- Collaborated with a cross-functional team to embed best practices and compliance standards into the privacy service offering. This effort streamlined processes and positioned the service as a leading solution in the market.
- Contributed to help shorten the go-to-market time frame, enabling the company to quickly respond to market demands and gain a competitive edge in the information security sector.
VP of Security and Compliance
Argyle Systems
- Directed the strategic planning and execution of the company's information security program, ensuring a robust and comprehensive approach to protecting digital assets.
- Oversaw the development, implementation, and enforcement of security policies, ensuring compliance with legal and regulatory standards, conducting regular audits to identify and mitigate risks.
- Initiated and led extensive outreach programs, providing education and training to staff at all levels and significantly improving security awareness and practices within the organization.
- Managed the organization's risk management strategies and incident response plans, ensuring rapid and effective action in the face of security breaches and other incidents.
CISO
Kaia Health
- Spearheaded the implementation of an ISMS based on ISO 27001, SOC 2, the GDPR, the CCPA, the HIPAA, and HITRUST frameworks, ensuring a comprehensive approach to security and privacy.
- Oversaw the establishment and maintenance of a robust security governance, ensuring alignment with organizational goals and regulatory requirements.
- Led compliance efforts and managed audits across various frameworks, ensuring the organization consistently met or exceeded security and privacy standards.
- Initiated and led extensive security awareness, education, and training programs, embedding security knowledge and practices across the company.
- Directed risk management strategies, identifying potential threats and developing plans to mitigate them, ensuring the company's resilience against security incidents.
- Managed incident response and business continuity planning, preparing the organization to effectively control and recover from security incidents.
- Championed the integration of security and privacy into every applicable process, ensuring these principles were an integral part of the company culture.
Principal Information Security Officer and Head of the Compliance Board
HolidayCheck
- Spearheaded the successful implementation of an ISMS, enhancing organizational security posture and compliance.
- Directed the strategic leadership of the company's information security program, resulting in a robust and responsive security infrastructure.
- Oversaw and enforced security policies, ensured compliance with regulatory standards, and conducted rigorous audits, significantly reducing vulnerabilities and risks.
- Initiated and led comprehensive outreach programs, educated employees at all levels, and delivered targeted training, substantially improving security awareness and culture.
- Managed risk assessment processes and developed an efficient incident response strategy, minimizing impact and swiftly addressing security incidents.
- Led the company's efforts in achieving and maintaining regulatory compliance, effectively managing and continuously improving the compliance management system to meet industry standards and reduce legal risks.
CISO
Devtech
- Led a team of IT specialists in successfully implementing a comprehensive ISMS, significantly enhancing the organization's security posture and compliance.
- Provided strategic leadership for the company's information security program, developing and implementing policies that effectively safeguarded information assets and technology infrastructure.
- Oversaw the development and enforcement of security policies, ensured compliance with various regulatory standards, and conducted detailed audits, reducing potential security threats and legal exposures.
- Initiated and led extensive outreach, education, and training programs, significantly raising security awareness and fostering a culture of security mindfulness throughout the organization.
- Managed the organization's risk management strategies and incident response plans, ensuring rapid and effective action in the face of security breaches and other incidents.
- Spearheaded efforts to adhere to the GDPR and other data protection regulations, implementing robust processes and controls to secure personal data and ensuring full compliance with legal and regulatory requirements.
Information Security Advisor
Etihad Airways
- Participated actively as an EAP member in the Etihad Aviation Group information security council, significantly contributing to shaping and aligning the overarching security strategy across the group.
- Orchestrated and executed proven, successful security awareness campaigns, markedly enhancing the security culture and awareness throughout the organization.
- Implemented data protection legislation and GDPR requirements, ensuring stringent compliance and protection of sensitive data across the company.
- Directed large teams of professionals in the execution of company-wide security projects, demonstrating exceptional leadership and project management skills.
- Oversaw the management of security practices, fostering a skilled and responsive security workforce.
- Managed and responded to security incidents effectively, minimizing impact and enhancing the organization's incident response capabilities.
- Ensured the establishment and maintenance of a robust security governance, aligning security initiatives with business objectives and regulatory requirements.
- Formulated and communicated executive-level information security strategies and roadmaps, providing a clear vision and direction for the organization's security posture.
- Handled risk assessment processes and compliance activities, significantly reducing vulnerabilities and ensuring adherence to regulatory standards.
- Led the implementation of an ISMS, enhancing the organization's ability to manage and protect information assets effectively.
Information Security Manager
Air Serbia
- Played a pivotal role as a core member of the Etihad Aviation Group information security council, determining the overarching security strategy and identifying synergies across the group.
- Spearheaded the implementation and alignment of governance practices with Etihad Aviation Group, enhancing organizational security posture and compliance.
- Implemented critical security systems successfully, including endpoint protection, mail security, network security, and web application firewalls, improving the organization's defense against threats.
- Led the implementation of a new risk management framework and IT audit management system, ensuring comprehensive risk identification, assessment, and mitigation.
- Orchestrated and executed successful security awareness campaigns, including phishing campaign implementation and regular awareness training for over a thousand participants.
Information Security Engineer
Telenor Serbia
- Identified and managed information system vulnerabilities consistently, ensuring a robust and secure IT infrastructure.
- Oversaw the administration of user accounts, maintaining secure access controls and minimizing unauthorized access risks.
- Implemented general computing controls on internal control over financial reporting systems, enhancing financial data integrity and security.
- Developed and established comprehensive company guidelines, standards, procedures, and policies to govern security practices effectively.
- Performed detailed security risk analyses, identifying potential threats and devising strategies to mitigate them.
- Directed user acceptance testing for new systems and updates, ensuring they met security and usability standards before deployment.
- Identified and defined critical security requirements for systems and projects, ensuring all security aspects were considered during development.
- Ensured the establishment and adherence to robust governance practices, aligning security initiatives with business objectives.
- Followed and continuously integrated the latest technologies and methods in information security, keeping the organization at the forefront of security innovation.
- Engaged in system security hardening, reinforcing the defense against potential attacks and vulnerabilities.
Experience
HITRUST Implementation for Digital Healthcare B2B2C SaaS Company
https://kaiahealth.com/legal/security/I fostered a culture of security and compliance by actively involving and securing buy-in from stakeholders across various departments, thereby ensuring a company-wide commitment to the initiative. The project also involved innovative solutions. I employed cutting-edge technologies and methodologies to streamline the compliance process, significantly reducing manual effort and enhancing accuracy. I also successfully bolstered our defenses against cyber threats, significantly reducing the risk of data breaches and enhancing trust among customers and partners.
ISO 27001 Certification for a B2B SaaS Unified API Company
https://security.kombo.dev/The company successfully achieved the ISO 27001 certification in just four weeks, a testament to the team's hard work and my strategic oversight. As a result, the company improved its security infrastructure and protocols significantly, ensuring robust protection of sensitive data and systems. The security expectations of enterprise prospects and clients were met and exceeded, and the company was able to expand its market reach and secure a substantial investment for future growth.
Dual Certification for a Remote Fintech Startup
https://trust.argyle.com/resourcesAs a result of these efforts, the company attained the ISO 27001 certification and the SOC 2 Type 2 attestation, showcasing the company's commitment to the highest security standards. During the process, I established a comprehensive security framework that significantly bolstered the company's defenses against potential breaches and data leaks. In addition, the dual certification opened new avenues for client engagements, particularly with larger enterprises that demand rigorous security standards, thus driving business growth and competitive advantage.
Launch and Expansion of Offensive Security Services
https://un1quely.com/case-studies/I conducted comprehensive market research to identify and understand the specific needs and challenges of the US and Western European markets. Then, I developed a tailored entry strategy highlighting our unique value proposition and competitive advantages. After that, I collaboratively worked with the team to design a suite of penetration testing services that met industry standards and incorporated innovative techniques and methodologies to provide superior value to clients.
Security Compliance Automation Solution
https://www.secfix.com/about-usSecurity Operations Center (SOC) Implementation and Management
https://un1quely.com/cybersecurity-services/This project was a testament to my ability to understand and implement complex security solutions in a dynamic environment. The successful implementation of the SOC fortified the client's defense against cyber threats and provided a scalable and flexible system that adapts to evolving security landscapes. My leadership in planning, executing, and managing this project demonstrates my comprehensive understanding of advanced cybersecurity measures and my commitment to delivering solutions that provide real, tangible value to clients. This initiative significantly contributed to the client's operational resilience and positioned them to protect their critical assets and data better.
GDPR and Privacy Implementation for Various Industries
• Digital healthcare
• Airlines
• Hospitality
• Fintech
• Telecommunications
• Software and cybersecurity services
The projects involved complex PII and PHI data mapping, data transfer impact assessments, data processing agreements, responding to user data requests, consulting management on risks influencing design decisions for products and services, and ensuring continuous privacy by design.
I successfully maintained compliance with no regulatory penalties, and no customer churns due to privacy concerns, and I successfully executed continuous privacy awareness training within the organizations.
• Regulatory Knowledge
• Data Mapping and Classification
• Privacy Impact Assessments (PIAs)
• Data Protection Policies and Procedures
• Security Measures and Controls
• Data Subject Rights Management
• Cross-Border Data Transfer Expertise
• Regulatory Liaison and Reporting
• Audit and Monitoring
• Record of Processing Activities (ROPA)
• Incident Response and Breach Management
• Vendor Management
Founded and Led the 1st Cybersecurity Academy in Montenegro
https://un1quely.com/academy/This program focused on teaching students about security management practices following the implementation of ISO 27001, learning the basics of defensive security in a security operations center (SOC) environment, and the basics of offensive security practices in penetration testing web applications.
Microsoft Azure Cloud Security Implementation
https://minax.ca/Incident Response for a Film Production Company
https://www.milkandhoney.productions/AI Critical Vendor Security Assessment for a Consulting Firm
https://www.firmsconsulting.com/Security Compliance for AI Application in Legal Space
https://www.syntracts.comEducation
Master's Degree in Computer Science
University of Montenegro - Podgorica, Montenegro
Specialists Degree (Spec. App. Sci.) in Computer Science, Secure Software Development Lifecycle (SSDLC)
University of Montenegro - Podgorica, Montenegro
Bachelor's Degree in Computer Science
University of Montenegro - Podgorica, Montenegro
Certifications
Certified ISO 27001 Senior Lead Auditor
PECB
Certified in Cybersecurity (CC)
ISC2
Information Security Management Principles
Un1quely
Certified Information Security Manager (CISM)
ISACA
Certified ISO 27001 Senior Lead Implementer
PECB
CCNA Advanced Network Security
Cisco
Skills
Tools
Slack, Notion, GCP Security, OpenVPN, Microsoft Power Apps
Paradigms
Team Development, DevSecOps, DevOps, Penetration Testing
Industry Expertise
Network Security, Cybersecurity, Security Advisory
Frameworks
AI Risk Management Framework
Platforms
Azure, Amazon Web Services (AWS)
Languages
Python 3
Storage
Databases
Other
Web Security, Endpoint Detection and Response (EDR), Unified Threat Management (UTM), GRC, Incident Management, Training, Endpoint Security, Data-level Security, Governance, Risk Management, Compliance, Information Security Management Systems (ISMS), IT Security, Team Leadership, Leadership, ISO 27001, SOC 2( Service Organization Control), HITRUST Certification, Trusted Information Security Assessment Exchange (TISAX), GDPR, PCI DSS, CCPA, Threat Intelligence, Business Development, Information Security, Computer Science, IT Governance, IT Audits, Enterprise Risk Management (ERM), CISO, Security, ISO 27002, ISO 27701, CISM, Security Audits, CISSP, SecOps, OWASP Top 10, Risk Analysis, Risk Modeling, SaaS Security, Data Protection, Communication, Organization, Technical Writing, Project Management, Consulting, Managed Security Service Providers (MSSP), Compliance, SOC 2( Service Organization Control), IT Project Management, ISO 27001, Privacy Impact Assessment (PIA), International Data Privacy Regulations, Data Privacy, Privacy-enhancing Technologies (PET), Data Governance, Cloud Security, Web Application Firewall (WAF), Secure Software Development Lifecycle (SSDLC), Cryptography, Data Structures, Operating Systems, Application Security, Offensive Security, Product Design, Fundraising, NIST, Threat Modeling, Open-source Intelligence (OSINT), Cisco, Cloudflare, Bitdefender, AI Trust, Risk and Security Management (AI TRiSM), Regulatory Compliance, Data Mapping, AI Data Classification, Hardware, Software Development, Algorithms, Software Development Lifecycle (SDLC), IT Project Management, Stakeholder Management, Security Operations Centers (SOC), NIS2, Artificial Intelligence (AI), Code Review, Operational Streamlining, Privacy, Auditing, Audits, Security Management, AI Security, AI Consulting, Mail Servers
How to Work with Toptal
Toptal matches you directly with global industry experts from our network in hours—not weeks or months.
Share your needs
Choose your talent
Start your risk-free talent trial
Top talent is in high demand.
Start hiring