Gökay Pekşen, Developer in Istanbul, Turkey
Gökay is available for hire
Hire Gökay

Gökay Pekşen

Verified Expert  in Engineering

IT Security Developer

Location
Istanbul, Turkey
Toptal Member Since
April 28, 2022

Gökay is a senior manager and principal advisor specializing in cyber security, information security, audit, and standards and regulations. He is highly skilled in enterprise security architecture and an expert in delivering sustainable protection and enhancing reputation and digital existence while enabling risk mitigation to prevent financial loss. Gökay has been working with different technologies, programming languages, and frameworks and is willing to embrace new and challenging projects.

Information SecurityVulnerability ManagementSecuritySecurity ArchitectureCertified Ethical Hacker (CEH)Endpoint SecurityData Loss Prevention (DLP)Identity & Access Management (IAM)FirewallsWeb IntelligenceData PrivacyGRCWeb SecurityWeb App SecurityNISTIT Service Management (ITSM)Data ProtectionGDPRContinuous Data Protection (CDP)NessusInfrastructure Security

Portfolio

Prime Threat
Cybersecurity, Information Security, Project Consultancy, Auditing, ISO 27001...
Olea Global Pte. Ltd. - Main
Application Security, Information Security, CISO, Cybersecurity, IT Security...
Toyota Material Handling
Security, Risk Assessment, Risk, Risk Models, Threat Modeling, Threat Analytics...

Experience

Information Security - 15 yearsTraining - 15 yearsCybersecurity - 15 yearsISO 27001 - 12 yearsEthical Hacking - 12 yearsPenetration Testing - 12 yearsLinux - 10 yearsNetworks - 10 years

Availability

Full-time

Preferred Environment

Zoom, MacOS, Linux, Windows

The most amazing...

...thing I've designed is Turkey's first DevSecOps continuous integration and continuous delivery pipeline.

Work Experience

Founder and CEO

2016 - PRESENT
Prime Threat
  • Advised a firm on cybersecurity investments focusing on ISO 27001, PCI DSS, and COBIT to boost financial stability and global reach.
  • Aimed to bolster market competitiveness by aligning investments with international GRC standards.
  • Created an ISO 22301, NIST-based security framework for a logistics client in Turkey to enhance resilience and compliance.
  • Embedded GRC principles to protect assets and reinforce the client's reputation as a secure logistics partner.
  • Proposed a reorganization for a cybersecurity firm aligning with ISO 27001, NIST, and PCI DSS to improve governance and risk management.
  • Emphasized the reorganization strategy, elevating the firm's commitment to data protection and cybersecurity excellence.
Technologies: Cybersecurity, Information Security, Project Consultancy, Auditing, ISO 27001, ISO 22301, ITIL 4, IT Service Management (ITSM), Windows, Linux, Training, ICT Training, Information & Communications Technology (ICT), COBIT 5, GDPR, Enterprise Architecture, Security Software Development, Amazon Web Services (AWS), CISO, Google Cloud Platform (GCP), Azure, Software Development Lifecycle (SDLC), Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), JavaScript, Go, Rust, Cloud Security, Architecture, Network Security, Security, CI/CD Pipelines, IT Security, System Administration, CCNA, CCNA Security, Information Security Management Systems (ISMS), Business Continuity & Disaster Recovery (BCDR), Migration, NIST, Containers, Azure Active Directory, Product Strategy Consultant, Go-to-market Strategy, Security Engineering, Group Policy, Data Protection, Security Architecture, GRC, Security Audits, Compliance, Single Sign-on (SSO), Web Security, Computer Security, Risk Management, Security Management, DevSecOps, Detection Engineering, Automation, Security Design, Lecturing, Learning, E-learning, PCI, SecOps, Secure Code Best Practices, Data Encryption, Docker, Kubernetes, Web App Security, Cloudflare, Google Workspace, DDoS, Grafana, Azure DevOps, SOC 2, Mobile Security, Certified Information Systems Security Professional, Amazon S3 (AWS S3), Malware Removal, CISSP, Python, Datadog, CISM, Data Privacy, International Data Privacy Regulations, Leadership, Audits, Artificial Intelligence (AI), Application Security, Advanced Encryption Standard (AES), Cryptography, IDS/IPS, Endpoint Detection and Response (EDR), Microsoft Power Apps, Business Continuity Planning (BCP), Infrastructure Security, Network Architecture, Cloud Infrastructure, Security Operations Centers (SOC), Managed Detection and Response (MDR), Splunk, Cloud, Infrastructure as Code (IaC), IT Project Management, OWASP Top 10, Risk Analysis, Risk Modeling, SaaS Security, GCP Security, Code Review, Business Continuity Planning (BCP), Business Continuity, Business Continuity & Disaster Recovery (BCDR), Disaster Recovery Consulting, Consulting, Application Security, Security, Software as a Service (SaaS), Technical Writing, Data Governance, AWS Certified Solution Architect, Data Risk Assessment (DRA), Vulnerability Scanning, Cyber Defense, Cisco, VPN

Cybersecurity Consultant

2023 - 2023
Olea Global Pte. Ltd. - Main
  • Completed an ISO 27001 audit with a GDPR focus to optimize our ISMS, enhancing data protection and security posture.
  • Implemented advanced security measures adhering to GDPR, strengthening defenses against cyber threats.
  • Undertook an ISO 27001 and GDPR audit to refine our ISMS, integrating GDPR-compliant controls.
  • Enhanced risk mitigation and regulatory compliance, improving our cybersecurity response capabilities.
  • Increased ability to detect, respond to, and recover from cyber threats, minimizing business interruptions.
  • Strengthened protection of sensitive data through enhanced cybersecurity measures and compliance.
Technologies: Application Security, Information Security, CISO, Cybersecurity, IT Security, ISO 27001, ISO 27002, Compliance, Security, Azure Active Directory, Security Engineering, Data Protection, Security Architecture, GRC, Security Audits, Web Security, Computer Security, Risk Management, Security Management, Security Design, PCI, Web App Security, Certified Information Systems Security Professional, CISSP, Leadership, Audits, IT Project Management, OWASP Top 10, Risk Analysis, Risk Modeling, Application Security, Security, Software as a Service (SaaS)

Security Lead

2022 - 2023
Toyota Material Handling
  • Designed a cybersecurity management structure incorporating GRC principles with a GDPR focus, advising leadership on compliance and security needs.
  • Developed GDPR-compliant operational strategies, embedding governance, risk management, and compliance into cybersecurity practices.
  • Established cybersecurity policies aligned with GRC frameworks like ISO, IoTSF, and GDPR, addressing compliance and company-specific needs.
  • Integrated global standards and regulatory compliance into cybersecurity practices, ensuring adherence to GRC principles.
  • Performed risk analysis incorporating GRC and GDPR considerations to proactively address and mitigate cybersecurity threats.
  • Applied GRC principles in threat modeling, focusing on risk mitigation and data protection to safeguard against potential revenue impacts.
Technologies: Security, Risk Assessment, Risk, Risk Models, Threat Modeling, Threat Analytics, Embedded Linux, Embedded Systems, Documentation, Technical Writing, Azure Active Directory, Security Engineering, Data Protection, Security Architecture, GRC, Security Audits, Compliance, Web Security, Computer Security, Risk Management, Security Management, Security Design, Secure Code Best Practices, Data Encryption, Web App Security, Certified Information Systems Security Professional, Cybersecurity, CISSP, Leadership, Audits, Application Security, IT Project Management, OWASP Top 10, Risk Analysis, Risk Modeling, Application Security, Security

Security Compliance Consultant

2022 - 2023
Bonify, LLC
  • Formulated a cybersecurity management policy, integrating GRC principles with a focus on ISO 27001, GDPR, and compliance with Wix and Shopify platforms for a web app development company.
  • Assessed the current IT and security setup, recommending architectural enhancements for servers, tools/devices, and software in line with GRC frameworks to bolster infrastructure resilience.
  • Crafted a strategic roadmap to elevate the security posture of DevOps-manufactured products and services, aligning future developments with GRC standards and organizational needs.
  • Prioritized alignment with international and commercial cybersecurity standards, ensuring governance, risk management, and compliance are central to security operations.
  • Emphasized the importance of adhering to GRC principles in evaluating and upgrading security architecture, enhancing protection against evolving threats.
  • Proposed infrastructure improvements based on rigorous GRC assessments, aiming to fortify the security foundation of the organization's IT environment.
Technologies: IT Security, Security, ISO 27001, Data Privacy, GDPR, Incident Response, Architecture, Security Engineering, Security Architecture, GRC, Security Audits, Compliance, Web Security, Computer Security, Risk Management, Security Management, Security Design, Shopify, PCI, Web App Security, Certified Information Systems Security Professional, Cybersecurity, CISSP, Leadership, Audits, IT Project Management, OWASP Top 10, Risk Analysis, Risk Modeling, Application Security, Security, Software as a Service (SaaS)

Cybersecurity Advisor to CIO

2019 - 2021
Istanbul Metropolitan Municipality
  • Collaborated in multidisciplinary projects to strategize Istanbul's smart city and IoT initiatives, integrating GRC principles for effective management and implementation.
  • Enhanced enterprise security by developing a fortified infrastructure, ensuring ISO 27001, PCI-DSS, NIST, and GDPR compliance within a comprehensive GRC framework.
  • Established an ISO and GDPR-compliant security management framework, embedding it into the enterprise architecture to align with global data protection standards.
  • Launched initiatives to elevate secure operations expertise, focusing on ISO, NIST, and GDPR compliance and integrating GRC best practices for robust cybersecurity.
  • Defined metrics and KPIs within an ISO, NIST, and GDPR context to refine security operations, emphasizing governance, risk management, and compliance in IT processes.
  • Aimed to enhance software and infrastructure security by adhering to ISO and GDPR norms, leveraging GRC strategies for continuous improvement and compliance.
Technologies: Auditing, Business Continuity, Cybersecurity, Information Security, Data-level Security, Database Security, GDPR, Data Privacy, International Data Privacy Regulations, Identity & Access Management (IAM), SIEM, System-on-a-Chip (SoC), Penetration Testing, Vulnerability Management, Vulnerability Assessment, Acunetix, Netsparker, Nessus, Threat Modeling, Threat Intelligence, Web Intelligence, Red Teaming, Scanning, PCI DSS, ISO 27001, ISO 22301, ISO 27002, Firewalls, Endpoint Security, Software Development Lifecycle (SDLC), Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Cloud Security, Architecture, Network Security, Secure Storage, Security, CI/CD Pipelines, IT Security, System Administration, Information Security Management Systems (ISMS), Business Continuity & Disaster Recovery (BCDR), Migration, NIST, Containers, Security Engineering, Data Protection, Security Architecture, GRC, Security Audits, Compliance, Single Sign-on (SSO), Web Security, Computer Security, Risk Management, Security Management, DevSecOps, Detection Engineering, Automation, Security Design, PCI, SecOps, Secure Code Best Practices, Data Encryption, Docker, Kubernetes, Web App Security, Cloudflare, DDoS, Grafana, Azure DevOps, Mobile Security, Certified Information Systems Security Professional, Malware Removal, CISSP, Datadog, CISM, Leadership, Audits, Application Security, IDS/IPS, Endpoint Detection and Response (EDR), Business Continuity Planning (BCP), Infrastructure Security, Network Architecture, Cloud Infrastructure, Security Operations Centers (SOC), Managed Detection and Response (MDR), Splunk, Cloud, IT Project Management, OWASP Top 10, Risk Analysis, Risk Modeling, SaaS Security, Business Continuity Planning (BCP), Business Continuity, Business Continuity & Disaster Recovery (BCDR), Application Security, Security, Software as a Service (SaaS), Data Governance, AWS Certified Solution Architect, Vulnerability Scanning, Cyber Defense

Information Security VP and Enterprise Architect

2015 - 2016
Bankalararası Kart Merkezi (Interbank Card Center)
  • Architected a state-of-the-art cybersecurity framework, securing 250 billion TL in local transactions, aligning with GRC principles for robust financial data protection.
  • Envisioned and set a competitive benchmark for Turkey's payment ecosystem with TROY, incorporating GRC strategies to ensure operational excellence and compliance.
  • Executed the strategy through meticulous GRC-aligned stages: assessment, design, build, operation, testing, audit, and ongoing enhancement for cybersecurity resilience.
  • Reported to executive leadership, emphasizing governance, risk management, and compliance in managing security and service, with a significant budget for strategic investments.
  • Managed a dedicated team, focusing on GRC-centric security operations, overseeing significant financial allocations for continuous infrastructure and capability improvement.
  • Introduced a rigorous framework for ongoing penetration testing and code reviews, underpinning a proactive GRC-compliant cybersecurity posture against emerging threats.
  • Oversaw procurement and budgeting with a GRC lens, ensuring investments in technology and consultancy services meet compliance and operational efficiency standards.
  • Developed TROY’s IT and payment infrastructure to mirror global benchmarks like Discover Card, integrating PCI DSS and other regulatory standards for international compliance.
  • Fostered a culture of continuous improvement in cybersecurity practices, leveraging GRC insights to enhance the security, compliance, and service management landscape.
  • Championed GRC principles in all phases of the payment system's lifecycle, from strategic planning to operational excellence, setting a precedent for payment security in Turkey.
Technologies: Cybersecurity, Information Security, SIEM, System-on-a-Chip (SoC), DevOps, DevSecOps, Microservices, Microservices Architecture, REST APIs, RESTful Microservices, Payment APIs, Card Payments, Mobile Payments, Digital Payments, Penetration Testing, Ethical Hacking, Scanning, Threat Modeling, Threat Intelligence, Vulnerability Management, Vulnerability Assessment, Vulnerability Identification, Zero-day Vulnerabilities, Accunetix Vulnerability Scanner, Nessus, Netsparker, CyberArk, Identity & Access Management (IAM), Imperva Incapsula, IBM Security Guardium, Endpoint Security, Web Application Firewall (WAF), Data Loss Prevention (DLP), Software Development Lifecycle (SDLC), Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Architecture, Network Security, Secure Storage, Security, CI/CD Pipelines, IT Security, System Administration, Information Security Management Systems (ISMS), Business Continuity & Disaster Recovery (BCDR), Migration, NIST, Security Engineering, Data Protection, Security Architecture, GRC, Security Audits, Compliance, Single Sign-on (SSO), Web Security, Computer Security, Risk Management, Security Management, Detection Engineering, Automation, Security Design, PCI, SecOps, Secure Code Best Practices, Data Encryption, Web App Security, DDoS, Mobile Security, Certified Information Systems Security Professional, Malware Removal, CISSP, CISM, Leadership, Audits, Advanced Encryption Standard (AES), AES, Cryptography, IDS/IPS, Endpoint Detection and Response (EDR), Business Continuity Planning (BCP), Infrastructure Security, Network Architecture, Cloud Infrastructure, Security Operations Centers (SOC), IT Project Management, OWASP Top 10, Risk Analysis, Risk Modeling, Code Review, Business Continuity Planning (BCP), Business Continuity, Business Continuity & Disaster Recovery (BCDR), Application Security, Security, Software as a Service (SaaS), Data Governance, Vulnerability Scanning, Cyber Defense, VPN

Senior Cybersecurity Consultant

2014 - 2015
PwC
  • Formed a cybersecurity team grounded in GRC principles, tasked with executing security assessments, penetration testing, and incident response to uphold data integrity and compliance.
  • Enhanced client IT infrastructures across critical sectors, employing GRC methodologies to safeguard against both anticipated and novel cyber threats, reinforcing resilience and compliance.
  • Conducted thorough audits of client cybersecurity practices, leveraging GRC frameworks to evaluate adherence to international laws, regulations, and industry best practices, ensuring comprehensive compliance.
  • Developed and implemented a continuous monitoring strategy, integrating GRC principles to proactively identify vulnerabilities and respond to incidents, thus minimizing risk exposure.
  • Established a robust incident response process, informed by GRC standards, to manage and mitigate the impact of security breaches swiftly, ensuring regulatory compliance and operational continuity.
  • Advocated for GRC-aligned cybersecurity education and awareness programs within client organizations, promoting a culture of security, compliance, and risk awareness to prevent future threats.
Technologies: Cybersecurity, Information Security, ISO 27001, ISO 22301, COBIT 5, IoT Security, SCADA, Accunetix Vulnerability Scanner, Acunetix, Netsparker, Auditing, Business Continuity, Governance, IT Governance, Data Governance, Risk, Compliance, PCI Compliance, Risk Models, Threat Modeling, Cloud Security, Architecture, Network Security, Secure Storage, Security, IT Security, System Administration, Information Security Management Systems (ISMS), Business Continuity & Disaster Recovery (BCDR), Migration, NIST, Security Engineering, Group Policy, Security Architecture, GRC, Security Audits, Single Sign-on (SSO), Web Security, Computer Security, Risk Management, Security Management, Lecturing, Learning, E-learning, SecOps, Secure Code Best Practices, Data Encryption, Web App Security, DDoS, Certified Information Systems Security Professional, CISSP, Leadership, Audits, Application Security, Advanced Encryption Standard (AES), AES, Cryptography, Endpoint Detection and Response (EDR), Infrastructure Security, Network Architecture, IT Project Management, OWASP Top 10, Risk Analysis, Risk Modeling, Code Review, Business Continuity Planning (BCP), Business Continuity, Business Continuity & Disaster Recovery (BCDR), Consulting, Application Security, Security, Vulnerability Scanning, VPN

TROY Payment Project

https://troyodeme.com/en/
As the lead architect for TROY, Turkey's inaugural card payment system aligned with the Discover Card schema, my role encompassed designing and executing the infrastructure in accordance with GRC principles. My responsibilities extended to managing multifaceted projects that engaged a diverse array of stakeholders, such as local and international governments, banks, payment organizations, clients, and other card vendors. These initiatives were conducted with a strong emphasis on governance, ensuring alignment with international standards, risk management to mitigate potential cybersecurity and operational risks, and compliance to adhere to both local and global regulatory requirements. This approach ensured TROY's successful deployment and operation, setting a benchmark for payment systems in the region.

Cyber Security Organization and Business Model Designing

As a principal advisor to the CEO of one of Turkey's largest ISP companies, I designed and implemented a new organizational structure and business model to generate new revenue streams in domestic and international markets.

Turkey's Very First DevSecOps CI/CD Pipeline

At the Interbank Card Center (BKM), I spearheaded the pioneering DevSecOps CI/CD pipeline project in Turkey, integrating GRC principles to elevate software and infrastructure security. This initiative aimed to establish a robust and fortified secure software development lifecycle, minimizing reliance on human intervention and reducing the likelihood of errors. By automating the assessment of software quality and security, the project not only enhanced operational efficiency but also ensured compliance with industry standards, managed risks associated with software development and deployment, and adhered to governance frameworks, thus setting a new standard for secure software development practices within the region.
Image of Ask a Security Engineer: From DevSecOps to Cloud Security publication
Publication

Ask a Security Engineer: From DevSecOps to Cloud Security

https://www.toptal.com/cybersecurity/devsecops-cloud-security-questions

Tools

Acunetix, Netsparker, Nessus, Accunetix Vulnerability Scanner, Zoom, Grafana, Microsoft Power Apps, Splunk, GCP Security, VPN

Paradigms

Penetration Testing, DevSecOps, DDoS, Security Software Development, DevOps, Secure Code Best Practices, Microservices, Microservices Architecture, Continuous Deployment, Continuous Delivery (CD), Continuous Development (CD), Continuous Integration (CI), Automation, Azure DevOps

Platforms

Windows, MacOS, Linux, Azure, Imperva Incapsula, Google Cloud Platform (GCP), Amazon Web Services (AWS), Embedded Linux, Shopify, Docker, Kubernetes

Industry Expertise

Cybersecurity, Network Security, E-learning

Storage

Database Security, Datadog, Azure Active Directory, Amazon S3 (AWS S3)

Other

Networks, Information Security, Auditing, ISO 27001, Training, ICT Training, Information & Communications Technology (ICT), Ethical Hacking, Certified Ethical Hacker (CEH), IT Infrastructure, Identity & Access Management (IAM), Firewalls, Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Scanning, System-on-a-Chip (SoC), Web Intelligence, Threat Intelligence, Threat Modeling, CISO, Data-level Security, Data Privacy, International Data Privacy Regulations, Vulnerability Management, Vulnerability Assessment, Red Teaming, PCI DSS, ISO 27002, Endpoint Security, Vulnerability Identification, CyberArk, Web Application Firewall (WAF), Data Loss Prevention (DLP), Data Governance, Compliance, Architecture, Security, IT Security, Information Security Management Systems (ISMS), NIST, Security Engineering, Security Architecture, GRC, Security Audits, Web Security, Computer Security, Risk Management, Security Management, Security Design, Lecturing, Learning, PCI, Web App Security, Certified Information Systems Security Professional, Leadership, Audits, Infrastructure Security, IT Project Management, OWASP Top 10, Risk Analysis, Risk Modeling, Business Continuity Planning (BCP), Business Continuity, Business Continuity & Disaster Recovery (BCDR), Consulting, Security, Project Consultancy, ISO 22301, ITIL 4, IT Service Management (ITSM), GDPR, Enterprise Architecture, Business Continuity, SIEM, Mobile Payments, Digital Payments, Zero-day Vulnerabilities, IBM Security Guardium, Cloud Security, CI/CD Pipelines, System Administration, CCNA, CCNA Security, Business Continuity & Disaster Recovery (BCDR), Migration, Application Security, Data Protection, Single Sign-on (SSO), Detection Engineering, SecOps, Data Encryption, SOC 2, Mobile Security, Malware Removal, CISSP, Cryptography, IDS/IPS, Endpoint Detection and Response (EDR), Business Continuity Planning (BCP), Security Operations Centers (SOC), Managed Detection and Response (MDR), Cloud, Infrastructure as Code (IaC), Disaster Recovery Consulting, Application Security, Vulnerability Scanning, Cyber Defense, Programming, Encryption, Data, Payment APIs, Card Payments, Disaster Recovery Plans (DRP), Software Development Lifecycle (SDLC), RESTful Microservices, IoT Security, SCADA, Governance, IT Governance, Risk, PCI Compliance, Risk Models, Organization, Organizational Design, Organizational Structure, Business, Business Ideas, Business Cases, Business Development, Agile DevOps, High Code Quality, Secure Storage, Incident Response, Risk Assessment, Threat Analytics, Embedded Systems, Documentation, Technical Writing, Containers, Product Strategy Consultant, Go-to-market Strategy, Group Policy, Cloudflare, Google Workspace, CISM, Artificial Intelligence (AI), Advanced Encryption Standard (AES), Network Architecture, Cloud Infrastructure, SaaS Security, Code Review, Software as a Service (SaaS), Technical Writing, AWS Certified Solution Architect, Data Risk Assessment (DRA), Cisco

Frameworks

COBIT 5

Languages

JavaScript, Go, Rust, Python

Libraries/APIs

REST APIs, AES

2005 - 2009

Bachelor's Degree in Computer Engineering

Istanbul Commerce University - Istanbul, Turkey

AUGUST 2015 - PRESENT

ISO 22301

ISO

JUNE 2015 - PRESENT

ITIL

HP

JUNE 2015 - PRESENT

ISO/IEC 27001:2013 LA

ISO

NOVEMBER 2008 - NOVEMBER 2011

Certified Ethical Hacker

EC-Council

Collaboration That Works

How to Work with Toptal

Toptal matches you directly with global industry experts from our network in hours—not weeks or months.

1

Share your needs

Discuss your requirements and refine your scope in a call with a Toptal domain expert.
2

Choose your talent

Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.
3

Start your risk-free talent trial

Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.

Top talent is in high demand.

Start hiring