Verified Expert in Engineering
vCISO and Security Program Developer
Elias is a highly dedicated business, technical, and strategic information security, cybersecurity, and risk management officer, executive, consultant, advisor, expert, and specialist. With over 30 years of worldwide experience, he specializes in building, managing, and maintaining information security and cybersecurity programs designed to protect your organization's systems and assets from internal and external threats and help organizations achieve their regulatory compliance requirements.
Windows, Linux, Cloud
The most amazing...
...thing I've developed is a cybersecurity preparedness program established to help regulated financial dealer members operating worldwide.
Virtual Chief Information Security and Risk Officer (CISO/CIRO)
- Developed, implemented, and managed an information security, cybersecurity, and risk compliance program for various institutions from the financial services, insurance, telecom, private, retail, food, oil and gas, real estate, and technology sectors.
- Established an enterprise security risk management program to achieve ongoing assessment of risks, mitigation tactics, escalation, monitoring and response activities, and overall compliance with formal audit functions.
- Built a cybersecurity dashboard showcasing the key performance indicators (KPIs), offering the executive team valuable insights related to the security program's success while supporting and evolving the organization's cybersecurity strategy.
- Established and executed a fully operational information security vendor risk management program, including strategy, framework, processes, etc.
- Provided the necessary and much-needed advice and direction to the senior leadership team and client executives in the integration of security practices into the set strategic and operational processes.
- Created a cyber forensics practice to investigate all reported security incidents.
- Planned, developed, and delivered a corporate security awareness training program.
- Established and delivered secure software development lifecycle (SDLC) programs and frameworks following a shift-left approach.
- Steered the implementation and audit of information security management program based on risk and regulatory frameworks, standards, and best practices, such as ISO 27001/27002/27005, PCI DSS, COBIT, OWASP, CIS v8, SOC 2, and NIST SSDF/CSF/800-53.
- Evaluated and managed many security solutions related to GRC, SIEM, DLP, IAM, PAM, penetration testing, endpoint protection, malware defense, application security, IPS/IDS, firewalls, vulnerability management, and cloud security CASB and Zero Trust.
Cybersecurity and Risk Management Program
This program took around 18 months from inception to completion, and it was based on adopting and incorporating a combination of customized information security and risk management frameworks, policies, standards, guidelines, and procedures, such as ISO 27001, ISO 27002 controls, NIST CSF, and SP 800-53 controls. The program components and requirements were implemented and managed as a fully established and well-managed information security management system lifecycle. This project was a massive success as it provided all these financial firms with the required level of cybersecurity protection measures.
Cybersecurity, Network Security, IT Security, Security
Enterprise Risk Management (ERM), IT Service Management (ITSM), Information Security Management Systems (ISMS), ISO 27001, ISO 27002, Threat Risk Assessment (TRA), Policies & Procedures Compliance, Security Policies & Procedures, CISO, CISSP, Security Audits, GRC, NIST, Critical Security Controls (CIS), Certified Trainer, IT Audits, Threat Intelligence, Endpoint Security, Data Loss Prevention (DLP), Vulnerability Management, Advisory, Consulting, Incident Management, Incident Response, SOC 2, GAP Analysis, Roadmaps, SWOT Analysis, Capability Maturity Model Integration (CMMI), Information Security, Certified Information Systems Security Professional, Risk Management, Computer Science, Business Information Systems, IT Governance, Compliance, Executive Coaching, Program Management, Cross-functional Collaboration, Communication, Process Management, Reporting, Motivational Speaking, Frameworks, System-on-a-Chip (SoC), Strategic Planning & Execution, Process Design, Mentorship & Coaching, Third-party Management, Third-party Risk, Process Execution, Operational Risk, Risk Assessment, Secure Software Development Framework (SSDF), Security Awareness, Teamwork, Vulnerability Assessment, Unified Threat Management (UTM), Technical Consulting, Security Architecture, Software Development Lifecycle (SDLC), Web App Security, Threat Modeling, Cloud Security, Business Transformation Program Management, Technical Writing, Architecture, Identity & Access Management (IAM), Web Security, Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST)
Secure Code Best Practices, Penetration Testing, DevSecOps, DevOps
Certified Cloud Security Professional (CCSP)
Certified ISO 27005
Certified ISO 27001 Lead Auditor
Certified ISO 27001 Lead Implementer
Certified Chief Information Security Officer (CCISO)
Certification in Risk and Information Systems Control (CRISC)
Certified Information Security Manager (CISM)
Certified Information Systems Security Professional (CISSP)