Gökay Pekşen, Developer in Istanbul, Turkey
Gökay is available for hire
Hire Gökay

Gökay Pekşen

Verified Expert  in Engineering

Bio

Gökay is a senior manager and principal advisor specializing in cyber security, information security, audit, and standards and regulations. He is highly skilled in enterprise security architecture and an expert in delivering sustainable protection and enhancing reputation and digital existence while enabling risk mitigation to prevent financial loss. Gökay has been working with different technologies, programming languages, and frameworks and is willing to embrace new and challenging projects.

Portfolio

Prime Threat
Cybersecurity, Information Security, Project Consultancy, Auditing, ISO 27001...
Honda
DevOps, DevSecOps, Machine Learning Operations (MLOps), Architecture, Cloud...
Heart Gate Enterprises, LLC
IT Security, Web Hosting, GitHub, DevOps, Security

Experience

  • Information Security - 15 years
  • Training - 15 years
  • Cybersecurity - 15 years
  • Penetration Testing - 12 years
  • Ethical Hacking - 12 years
  • ISO 27001 - 12 years
  • Linux - 10 years
  • Networks - 10 years

Availability

Part-time

Preferred Environment

Zoom, MacOS, Linux, Windows

The most amazing...

...thing I've designed is Turkey's first DevSecOps continuous integration and continuous delivery pipeline.

Work Experience

Founder and CEO

2016 - PRESENT
Prime Threat
  • Advised a firm on cybersecurity investments focusing on ISO 27001, PCI DSS, and COBIT to boost financial stability and global reach.
  • Aimed to bolster market competitiveness by aligning investments with international GRC standards.
  • Created an ISO 22301, NIST-based security framework for a logistics client in Turkey to enhance resilience and compliance.
  • Embedded GRC principles to protect assets and reinforce the client's reputation as a secure logistics partner.
  • Proposed a reorganization for a cybersecurity firm aligning with ISO 27001, NIST, and PCI DSS to improve governance and risk management.
  • Emphasized the reorganization strategy, elevating the firm's commitment to data protection and cybersecurity excellence.
  • Developed custom STRIDE threat modeling application for enterprise-wide security assessment, resulting in 90% faster threat identification and remediation planning across cloud and on-premise environments.
  • Engineered infrastructure-as-code solutions using Terraform and Python, automating security configurations across multi-cloud environments, reducing deployment time by 85% while ensuring security compliance for the clients.
  • Designed and implemented security operations framework integrating ArcSight, Qradar, and TrendMicro, achieving 24/7 monitoring coverage and reducing incident response time by 70% for the clients.
Technologies: Cybersecurity, Information Security, Project Consultancy, Auditing, ISO 27001, ISO 22301, ITIL 4, IT Service Management (ITSM), Windows, Linux, Training, ICT Training, Information & Communications Technology (ICT), COBIT 5, General Data Protection Regulation (GDPR), Enterprise Architecture, Security Software Development, Amazon Web Services (AWS), CISO, Google Cloud Platform (GCP), Azure, Software Development Lifecycle (SDLC), Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), JavaScript, Go, Rust, Cloud Security, Architecture, Network Security, Security, CI/CD Pipelines, IT Security, System Administration, CCNA, CCNA Security, Information Security Management Systems (ISMS), Business Continuity & Disaster Recovery (BCDR), Migration, NIST, Containers, Azure Active Directory, Product Strategy Consultant, Go-to-market Strategy, Security Engineering, Group Policy, Data Protection, Security Architecture, GRC, Security Audits, Compliance, Single Sign-on (SSO), Web Security, Computer Security, Risk Management, Security Management, DevSecOps, Detection Engineering, Automation, Security Design, Lecturing, Learning, E-learning, PCI, SecOps, Secure Code Best Practices, Data Encryption, Docker, Kubernetes, Web App Security, Cloudflare, Google Workspace, DDoS, Grafana, Azure DevOps, SOC 2, Mobile Security, Certified Information Systems Security Professional, Amazon S3 (AWS S3), Malware Removal, CISSP, Python, Datadog, CISM, Data Privacy, International Data Privacy Regulations, Leadership, Audits, Artificial Intelligence (AI), Application Security, Advanced Encryption Standard (AES), Cryptography, IDS/IPS, Endpoint Detection and Response (EDR), Microsoft Power Apps, Business Continuity Planning (BCP), Infrastructure Security, Network Architecture, Cloud Infrastructure, Security Operations Centers (SOC), Managed Detection and Response (MDR), Splunk, Cloud, Infrastructure as Code (IaC), IT Project Management, OWASP Top 10, Risk Analysis, Risk Modeling, SaaS Security, GCP Security, Code Review, Business Continuity Planning (BCP), Business Continuity, Business Continuity & Disaster Recovery (BCDR), Disaster Recovery Consulting, Consulting, Application Security, Security, Software as a Service (SaaS), Technical Writing, Data Governance, AWS Certified Solution Architect, Data Risk Assessment (DRA), Vulnerability Scanning, Cyber Defense, Cisco, VPN, Managed Security Service Providers (MSSP), Advisory, Security Advisory, OWASP, Shell Scripting, Security Information and Event Management (SIEM), Cloud Architecture, Release Management, Root Cause Analysis, AI Security, TypeScript, Code Auditing, Digital Forensics, Cyber Forensics, Cybersecurity Operations, Communication, CrowdStrike, Django, Active Directory (AD), SQL Injection Protection, Forensics, SQL, Privileged Access Management (PAM), Enterprise Risk Management (ERM), Email, GitHub, Web Hosting, SOC Compliance

Senior DevSecOps Architect

2024 - 2024
Honda
  • Designed and executed a comprehensive AWS cloud migration strategy for the enterprise DevSecOps ecosystem, reducing infrastructure costs by 45% while maintaining 99.99% availability and implementing end-to-end security controls.
  • Architected unified MLOps and DevSecOps framework using Amazon SageMaker and security services, enabling a secure machine learning pipeline with automated compliance checks and reduced model deployment time by 70%.
  • Conducted extensive STRIDE threat modeling across cloud infrastructure, identifying and mitigating 85% of potential security risks before production deployment, significantly enhancing system resilience.
  • Created multi-account, multi-branch AWS landing zone with advanced security guardrails, implementing least privilege access and automated compliance monitoring across development, staging, and production environments.
  • Developed scalable, secure microservices architecture leveraging AWS containerization and serverless technologies, improving system modularity and reducing operational overhead by 60% while maintaining stringent security standards.
Technologies: DevOps, DevSecOps, Machine Learning Operations (MLOps), Architecture, Cloud, Cloud Architecture, AWS Cloud Architecture, Security, IT Security

IT Security Consultant | Secure Hosting Setup

2024 - 2024
Heart Gate Enterprises, LLC
  • Engineered a NIST-compliant zero-trust security framework with multi-layered defense mechanisms, reducing attack surface by 85% through strategic implementation of preventive controls and threat detection systems.
  • Designed a high-availability hybrid cloud infrastructure supporting exponential growth, achieving 99.99% uptime while reducing operational costs by 40% through optimized resource allocation and capacity management.
  • Established an enterprise-grade CI/CD framework using AWS CodePipeline, CodeBuild, and CodeDeploy, implementing IaC practices that reduced deployment cycles by 85% and automated 70% of compliance checks.
  • Crafted a vendor-neutral microservices architecture using Amazon ECS and EKS, enabling seamless containerization and orchestration while improving system modularity and resource efficiency.
  • Implemented comprehensive observability using Amazon CloudWatch, X-Ray, and Prometheus, delivering full-stack monitoring with automated incident response, reducing MTTR by 60% through predictive analytics.
Technologies: IT Security, Web Hosting, GitHub, DevOps, Security

DevSecOps Engineer (via Toptal)

2024 - 2024
ArtsMarketing Suite LLC
  • Designed and architected a comprehensive security framework incorporating NIST cybersecurity standards, resulting in an 85% reduction in potential attack vectors through multi-layered security controls and advanced threat prevention mechanisms.
  • Architected a scalable hybrid cloud-native infrastructure blueprint supporting 10x growth with 99.99% availability, optimizing resource utilization by 65% while reducing projected operational costs by 40% through efficient capacity planning.
  • Designed an enterprise-level Azure DevOps pipeline architecture implementing GitOps practices and shift-left security approach, leveraging Azure Boards, Repos, Pipelines, and Test Plans to reduce deployment time by 85%.
  • Developed a cloud-agnostic microservices architecture blueprint with containerized workloads, implementing Kubernetes orchestration for optimal resource utilization, enhanced system modularity, and seamless vendor flexibility.
  • Architected a comprehensive observability and monitoring framework providing 360° system visibility, incorporating automated incident response mechanisms reducing resolution time by 60%, supported by advanced metrics collection.
Technologies: IT Security, DevSecOps, SecOps, Amazon Web Services (AWS), Security, Infrastructure as Code (IaC), DevOps

Cybersecurity Consultant

2023 - 2023
Olea Global Pte. Ltd. - Main
  • Completed an ISO 27001 audit with a GDPR focus to optimize our ISMS, enhancing data protection and security posture.
  • Implemented advanced security measures adhering to GDPR, strengthening defenses against cyber threats.
  • Undertook an ISO 27001 and GDPR audit to refine our ISMS, integrating GDPR-compliant controls.
  • Enhanced risk mitigation and regulatory compliance, improving our cybersecurity response capabilities.
  • Increased ability to detect, respond to, and recover from cyber threats, minimizing business interruptions.
  • Strengthened protection of sensitive data through enhanced cybersecurity measures and compliance.
Technologies: Application Security, Information Security, CISO, Cybersecurity, IT Security, ISO 27001, ISO 27002, Compliance, Security, Azure Active Directory, Security Engineering, Data Protection, Security Architecture, GRC, Security Audits, Web Security, Computer Security, Risk Management, Security Management, Security Design, PCI, Web App Security, Certified Information Systems Security Professional, CISSP, Leadership, Audits, IT Project Management, OWASP Top 10, Risk Analysis, Risk Modeling, Application Security, Security, Software as a Service (SaaS), OWASP, Root Cause Analysis, Cybersecurity Operations

Security Lead

2022 - 2023
Toyota Material Handling
  • Designed a cybersecurity management structure incorporating GRC principles with a GDPR focus, advising leadership on compliance and security needs.
  • Developed GDPR-compliant operational strategies, embedding governance, risk management, and compliance into cybersecurity practices.
  • Established cybersecurity policies aligned with GRC frameworks like ISO, IoTSF, and GDPR, addressing compliance and company-specific needs.
  • Integrated global standards and regulatory compliance into cybersecurity practices, ensuring adherence to GRC principles.
  • Performed risk analysis incorporating GRC and GDPR considerations to proactively address and mitigate cybersecurity threats.
  • Applied GRC principles in threat modeling, focusing on risk mitigation and data protection to safeguard against potential revenue impacts.
  • Developed custom STRIDE threat modeling application for enterprise-wide security assessment, resulting in 90% faster threat identification and remediation planning across cloud and on-premise environments.
Technologies: Security, Risk Assessment, Risk, Risk Models, Threat Modeling, Threat Analytics, Embedded Linux, Embedded Systems, Documentation, Technical Writing, Azure Active Directory, Security Engineering, Data Protection, Security Architecture, GRC, Security Audits, Compliance, Web Security, Computer Security, Risk Management, Security Management, Security Design, Secure Code Best Practices, Data Encryption, Web App Security, Certified Information Systems Security Professional, Cybersecurity, CISSP, Leadership, Audits, Application Security, IT Project Management, OWASP Top 10, Risk Analysis, Risk Modeling, Application Security, Security, Enterprise Cybersecurity, Enterprise Security, OWASP, Cloud Architecture, Root Cause Analysis, Cybersecurity Operations, Enterprise Risk Management (ERM), SOC Compliance

Security Compliance Consultant

2022 - 2023
Bonify, LLC
  • Formulated a cybersecurity management policy, integrating GRC principles with a focus on ISO 27001, GDPR, and compliance with Wix and Shopify platforms for a web app development company.
  • Assessed the current IT and security setup, recommending architectural enhancements for servers, tools/devices, and software in line with GRC frameworks to bolster infrastructure resilience.
  • Crafted a strategic roadmap to elevate the security posture of DevOps-manufactured products and services, aligning future developments with GRC standards and organizational needs.
  • Prioritized alignment with international and commercial cybersecurity standards, ensuring governance, risk management, and compliance are central to security operations.
  • Emphasized the importance of adhering to GRC principles in evaluating and upgrading security architecture, enhancing protection against evolving threats.
  • Proposed infrastructure improvements based on rigorous GRC assessments, aiming to fortify the security foundation of the organization's IT environment.
Technologies: IT Security, Security, ISO 27001, Data Privacy, General Data Protection Regulation (GDPR), Incident Response, Architecture, Security Engineering, Security Architecture, GRC, Security Audits, Compliance, Web Security, Computer Security, Risk Management, Security Management, Security Design, Shopify, PCI, Web App Security, Certified Information Systems Security Professional, Cybersecurity, CISSP, Leadership, Audits, IT Project Management, OWASP Top 10, Risk Analysis, Risk Modeling, Application Security, Security, Software as a Service (SaaS), OWASP, Root Cause Analysis, Cybersecurity Operations

Cybersecurity Advisor to CIO

2019 - 2021
Istanbul Metropolitan Municipality
  • Collaborated in multidisciplinary projects to strategize Istanbul's smart city and IoT initiatives, integrating GRC principles for effective management and implementation.
  • Enhanced enterprise security by developing a fortified infrastructure, ensuring ISO 27001, PCI-DSS, NIST, and GDPR compliance within a comprehensive GRC framework.
  • Established an ISO and GDPR-compliant security management framework, embedding it into the enterprise architecture to align with global data protection standards.
  • Launched initiatives to elevate secure operations expertise, focusing on ISO, NIST, and GDPR compliance and integrating GRC best practices for robust cybersecurity.
  • Defined metrics and KPIs within an ISO, NIST, and GDPR context to refine security operations, emphasizing governance, risk management, and compliance in IT processes.
  • Aimed to enhance software and infrastructure security by adhering to ISO and GDPR norms, leveraging GRC strategies for continuous improvement and compliance.
  • Established enterprise-wide PKI infrastructure and certificate management system, implementing HTTPS enforcement and cryptographic policies that achieved 100% compliance with security standards.
  • Designed and implemented security operations framework integrating ArcSight, Qradar, and TrendMicro, achieving 24/7 monitoring coverage and reducing incident response time.
  • Orchestrated integration of advanced security stack (FortiWAF, Tenable, Trellix EDR, Vectra AI) with existing SIEM solutions, improving threat detection capability by 80% and reducing false positives by 85%.
Technologies: Auditing, Business Continuity, Cybersecurity, Information Security, Data-level Security, Database Security, General Data Protection Regulation (GDPR), Data Privacy, International Data Privacy Regulations, Identity & Access Management (IAM), SIEM, System-on-a-Chip (SoC), Penetration Testing, Vulnerability Management, Vulnerability Assessment, Acunetix, Invicti (Netsparker), Nessus, Threat Modeling, Threat Intelligence, Web Intelligence, Red Teaming, Scanning, PCI DSS, ISO 27001, ISO 22301, ISO 27002, Firewalls, Endpoint Security, Software Development Lifecycle (SDLC), Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Cloud Security, Architecture, Network Security, Secure Storage, Security, CI/CD Pipelines, IT Security, System Administration, Information Security Management Systems (ISMS), Business Continuity & Disaster Recovery (BCDR), Migration, NIST, Containers, Security Engineering, Data Protection, Security Architecture, GRC, Security Audits, Compliance, Single Sign-on (SSO), Web Security, Computer Security, Risk Management, Security Management, DevSecOps, Detection Engineering, Automation, Security Design, PCI, SecOps, Secure Code Best Practices, Data Encryption, Docker, Kubernetes, Web App Security, Cloudflare, DDoS, Grafana, Azure DevOps, Mobile Security, Certified Information Systems Security Professional, Malware Removal, CISSP, Datadog, CISM, Leadership, Audits, Application Security, IDS/IPS, Endpoint Detection and Response (EDR), Business Continuity Planning (BCP), Infrastructure Security, Network Architecture, Cloud Infrastructure, Security Operations Centers (SOC), Managed Detection and Response (MDR), Splunk, Cloud, IT Project Management, OWASP Top 10, Risk Analysis, Risk Modeling, SaaS Security, Business Continuity Planning (BCP), Business Continuity, Business Continuity & Disaster Recovery (BCDR), Application Security, Security, Software as a Service (SaaS), Data Governance, AWS Certified Solution Architect, Vulnerability Scanning, Cyber Defense, Enterprise Security, Managed Security Service Providers (MSSP), Advisory, Security Advisory, OWASP, Security Information and Event Management (SIEM), Cloud Architecture, Root Cause Analysis, Cybersecurity Operations, Active Directory (AD), Privileged Access Management (PAM), Enterprise Risk Management (ERM)

Information Security VP and Enterprise Architect

2015 - 2016
Bankalararası Kart Merkezi (Interbank Card Center)
  • Architected a state-of-the-art cybersecurity framework, securing 250 billion TL in local transactions, aligning with GRC principles for robust financial data protection.
  • Envisioned and set a competitive benchmark for Turkey's payment ecosystem with TROY, incorporating GRC strategies to ensure operational excellence and compliance.
  • Executed the strategy through meticulous GRC-aligned stages: assessment, design, build, operation, testing, audit, and ongoing enhancement for cybersecurity resilience.
  • Reported to executive leadership, emphasizing governance, risk management, and compliance in managing security and service, with a significant budget for strategic investments.
  • Managed a dedicated team, focusing on GRC-centric security operations, overseeing significant financial allocations for continuous infrastructure and capability improvement.
  • Introduced a rigorous framework for ongoing penetration testing and code reviews, underpinning a proactive GRC-compliant cybersecurity posture against emerging threats.
  • Established enterprise-wide PKI infrastructure and certificate management system, implementing HTTPS enforcement and cryptographic policies that achieved 100% compliance with security standards.
  • Developed TROY’s IT and payment infrastructure to mirror global benchmarks like Discover Card, integrating PCI DSS and other regulatory standards for international compliance.
  • Orchestrated integration of advanced security stack (Tenable, Trellix EDR, Fortify, Citrix WAF/LB, CyberArk PAM) with ArcSight, improving threat detection capability.
  • Championed GRC principles in all phases of the payment system's lifecycle, from strategic planning to operational excellence, setting a precedent for payment security in Turkey.
Technologies: Cybersecurity, Information Security, SIEM, System-on-a-Chip (SoC), DevOps, DevSecOps, Microservices, Microservices Architecture, REST APIs, RESTful Microservices, Payment APIs, Card Payments, Mobile Payments, Digital Payments, Penetration Testing, Ethical Hacking, Scanning, Threat Modeling, Threat Intelligence, Vulnerability Management, Vulnerability Assessment, Vulnerability Identification, Zero-day Vulnerabilities, Accunetix Vulnerability Scanner, Nessus, Invicti (Netsparker), CyberArk, Identity & Access Management (IAM), Imperva Incapsula, IBM Security Guardium, Endpoint Security, Web Application Firewall (WAF), Data Loss Prevention (DLP), Software Development Lifecycle (SDLC), Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Architecture, Network Security, Secure Storage, Security, CI/CD Pipelines, IT Security, System Administration, Information Security Management Systems (ISMS), Business Continuity & Disaster Recovery (BCDR), Migration, NIST, Security Engineering, Data Protection, Security Architecture, GRC, Security Audits, Compliance, Single Sign-on (SSO), Web Security, Computer Security, Risk Management, Security Management, Detection Engineering, Automation, Security Design, PCI, SecOps, Secure Code Best Practices, Data Encryption, Web App Security, DDoS, Mobile Security, Certified Information Systems Security Professional, Malware Removal, CISSP, CISM, Leadership, Audits, Advanced Encryption Standard (AES), AES, Cryptography, IDS/IPS, Endpoint Detection and Response (EDR), Business Continuity Planning (BCP), Infrastructure Security, Network Architecture, Cloud Infrastructure, Security Operations Centers (SOC), IT Project Management, OWASP Top 10, Risk Analysis, Risk Modeling, Code Review, Business Continuity Planning (BCP), Business Continuity, Business Continuity & Disaster Recovery (BCDR), Application Security, Security, Software as a Service (SaaS), Data Governance, Vulnerability Scanning, Cyber Defense, VPN, Managed Security Service Providers (MSSP), OWASP, Shell Scripting, Security Information and Event Management (SIEM), Release Management, Root Cause Analysis, Code Auditing, Cybersecurity Operations, Active Directory (AD), SQL Injection Protection, SQL, Privileged Access Management (PAM), Enterprise Risk Management (ERM)

Senior Cybersecurity Consultant

2014 - 2015
PwC
  • Formed a cybersecurity team grounded in GRC principles, tasked with executing security assessments, penetration testing, and incident response to uphold data integrity and compliance.
  • Enhanced client IT infrastructures across critical sectors, employing GRC methodologies to safeguard against both anticipated and novel cyber threats, reinforcing resilience and compliance.
  • Conducted thorough audits of client cybersecurity practices, leveraging GRC frameworks to evaluate adherence to international laws, regulations, and industry best practices, ensuring comprehensive compliance.
  • Developed and implemented a continuous monitoring strategy, integrating GRC principles to proactively identify vulnerabilities and respond to incidents, thus minimizing risk exposure.
  • Established a robust incident response process, informed by GRC standards, to manage and mitigate the impact of security breaches swiftly, ensuring regulatory compliance and operational continuity.
  • Advocated for GRC-aligned cybersecurity education and awareness programs within client organizations, promoting a culture of security, compliance, and risk awareness to prevent future threats.
Technologies: Cybersecurity, Information Security, ISO 27001, ISO 22301, COBIT 5, IoT Security, SCADA, Accunetix Vulnerability Scanner, Acunetix, Invicti (Netsparker), Auditing, Business Continuity, Governance, IT Governance, Data Governance, Risk, Compliance, PCI Compliance, Risk Models, Threat Modeling, Cloud Security, Architecture, Network Security, Secure Storage, Security, IT Security, System Administration, Information Security Management Systems (ISMS), Business Continuity & Disaster Recovery (BCDR), Migration, NIST, Security Engineering, Group Policy, Security Architecture, GRC, Security Audits, Single Sign-on (SSO), Web Security, Computer Security, Risk Management, Security Management, Lecturing, Learning, E-learning, SecOps, Secure Code Best Practices, Data Encryption, Web App Security, DDoS, Certified Information Systems Security Professional, CISSP, Leadership, Audits, Application Security, Advanced Encryption Standard (AES), AES, Cryptography, Endpoint Detection and Response (EDR), Infrastructure Security, Network Architecture, IT Project Management, OWASP Top 10, Risk Analysis, Risk Modeling, Code Review, Business Continuity Planning (BCP), Business Continuity, Business Continuity & Disaster Recovery (BCDR), Consulting, Application Security, Security, Vulnerability Scanning, VPN, Managed Security Service Providers (MSSP), Advisory, Security Advisory, OWASP, Shell Scripting, Root Cause Analysis, Cybersecurity Operations, Active Directory (AD), Enterprise Risk Management (ERM)

Experience

TROY Payment Project

As the lead architect for TROY, Turkey's inaugural card payment system aligned with the Discover Card schema, my role encompassed designing and executing the infrastructure in accordance with GRC principles. My responsibilities extended to managing multifaceted projects that engaged a diverse array of stakeholders, such as local and international governments, banks, payment organizations, clients, and other card vendors. These initiatives were conducted with a strong emphasis on governance, ensuring alignment with international standards, risk management to mitigate potential cybersecurity and operational risks, and compliance to adhere to both local and global regulatory requirements. This approach ensured TROY's successful deployment and operation, setting a benchmark for payment systems in the region.

Cybersecurity Organization and Business Model Designing

As a principal advisor to the CEO of one of Turkey's largest ISP companies, I designed and implemented a new organizational structure and business model to generate new revenue streams in domestic and international markets.

Turkey's Very First DevSecOps CI/CD Pipeline

At the Interbank Card Center (BKM), I spearheaded the pioneering DevSecOps CI/CD pipeline project in Turkey, integrating GRC principles to elevate software and infrastructure security. This initiative aimed to establish a robust and fortified secure software development lifecycle, minimizing reliance on human intervention and reducing the likelihood of errors. By automating the assessment of software quality and security, the project not only enhanced operational efficiency but also ensured compliance with industry standards, managed risks associated with software development and deployment, and adhered to governance frameworks, thus setting a new standard for secure software development practices within the region.

Education

2005 - 2009

Bachelor's Degree in Computer Engineering

Istanbul Commerce University - Istanbul, Turkey

Certifications

AUGUST 2015 - PRESENT

ISO 22301

ISO

JUNE 2015 - PRESENT

ITIL

HP

JUNE 2015 - PRESENT

ISO/IEC 27001:2013 LA

ISO

NOVEMBER 2008 - NOVEMBER 2011

Certified Ethical Hacker

EC-Council

Skills

Libraries/APIs

REST APIs, AES

Tools

Acunetix, Invicti (Netsparker), Nessus, Accunetix Vulnerability Scanner, Zoom, Google Workspace, Grafana, Microsoft Power Apps, Splunk, GCP Security, VPN, GitHub

Paradigms

Penetration Testing, DevSecOps, DDoS, Security Software Development, DevOps, Secure Code Best Practices, Microservices, Microservices Architecture, Continuous Deployment, Continuous Delivery (CD), Continuous Development (CD), Continuous Integration (CI), Automation, Azure DevOps

Platforms

Linux, Windows, MacOS, Azure, Amazon Web Services (AWS), Imperva Incapsula, CrowdStrike, Google Cloud Platform (GCP), Embedded Linux, Shopify, Docker, Kubernetes

Industry Expertise

Cybersecurity, E-learning, Security Advisory, Enterprise Security

Storage

Database Security, Datadog, SQL Injection Protection, Azure Active Directory, Amazon S3 (AWS S3)

Frameworks

COBIT 5, Django

Languages

JavaScript, Go, Rust, Python, TypeScript, SQL

Other

Networks, Information Security, Auditing, ISO 27001, Training, ICT Training, Information & Communications Technology (ICT), Ethical Hacking, Certified Ethical Hacker (CEH), IT Infrastructure, Identity & Access Management (IAM), Firewalls, Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Scanning, System-on-a-Chip (SoC), Web Intelligence, Threat Intelligence, Threat Modeling, CISO, Data-level Security, Data Privacy, International Data Privacy Regulations, Vulnerability Management, Vulnerability Assessment, Red Teaming, PCI DSS, ISO 27002, Endpoint Security, Vulnerability Identification, CyberArk, Web Application Firewall (WAF), Data Loss Prevention (DLP), Data Governance, Compliance, Architecture, Network Security, Security, IT Security, Information Security Management Systems (ISMS), NIST, Security Engineering, Security Architecture, GRC, Security Audits, Web Security, Computer Security, Risk Management, Security Management, Security Design, Lecturing, Learning, PCI, SecOps, Web App Security, Certified Information Systems Security Professional, Leadership, Audits, Infrastructure Security, IT Project Management, OWASP Top 10, Risk Analysis, Risk Modeling, Business Continuity Planning (BCP), Business Continuity, Business Continuity & Disaster Recovery (BCDR), Consulting, Security, Advisory, Root Cause Analysis, Cybersecurity Operations, Communication, Privileged Access Management (PAM), Enterprise Risk Management (ERM), Project Consultancy, ISO 22301, ITIL 4, IT Service Management (ITSM), General Data Protection Regulation (GDPR), Enterprise Architecture, Business Continuity, SIEM, Mobile Payments, Digital Payments, Zero-day Vulnerabilities, IBM Security Guardium, Cloud Security, CI/CD Pipelines, System Administration, CCNA, CCNA Security, Business Continuity & Disaster Recovery (BCDR), Migration, Application Security, Data Protection, Single Sign-on (SSO), Detection Engineering, Data Encryption, Cloudflare, SOC 2, Mobile Security, Malware Removal, CISSP, Cryptography, IDS/IPS, Endpoint Detection and Response (EDR), Business Continuity Planning (BCP), Security Operations Centers (SOC), Managed Detection and Response (MDR), Cloud, Infrastructure as Code (IaC), Disaster Recovery Consulting, Application Security, Vulnerability Scanning, Cyber Defense, Managed Security Service Providers (MSSP), OWASP, Security Information and Event Management (SIEM), Cloud Architecture, Release Management, Code Auditing, Digital Forensics, Cyber Forensics, Active Directory (AD), Email, Web Hosting, Programming, Encryption, Data, Payment APIs, Card Payments, Disaster Recovery Plans (DRP), Software Development Lifecycle (SDLC), RESTful Microservices, IoT Security, SCADA, Governance, IT Governance, Risk, PCI Compliance, Risk Models, Organization, Organizational Design, Organizational Structure, Business, Business Ideas, Business Cases, Business Development, Agile DevOps, High Code Quality, Secure Storage, Incident Response, Risk Assessment, Threat Analytics, Embedded Systems, Documentation, Technical Writing, Containers, Product Strategy Consultant, Go-to-market Strategy, Group Policy, CISM, Artificial Intelligence (AI), Advanced Encryption Standard (AES), Network Architecture, Cloud Infrastructure, SaaS Security, Code Review, Software as a Service (SaaS), Technical Writing, AWS Certified Solution Architect, Data Risk Assessment (DRA), Cisco, Enterprise Cybersecurity, Shell Scripting, AI Security, OT Security, Forensics, Machine Learning Operations (MLOps), AWS Cloud Architecture, SOC Compliance

Collaboration That Works

How to Work with Toptal

Toptal matches you directly with global industry experts from our network in hours—not weeks or months.

1

Share your needs

Discuss your requirements and refine your scope in a call with a Toptal domain expert.
2

Choose your talent

Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.
3

Start your risk-free talent trial

Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.

Top talent is in high demand.

Start hiring