toptal.com
Contact us: +1.888.867.7001
Gökay Pekşen, IT Security Developer in Istanbul, Turkey
Gökay Pekşen

IT Security Developer in Istanbul, Turkey

Member since April 28, 2022
Gökay is a senior manager and principal advisor specializing in cyber security, information security, audit, and standards and regulations. He is highly skilled in enterprise security architecture and an expert in delivering sustainable protection and enhancing reputation and digital existence while enabling risk mitigation to prevent financial loss. Gökay has been working with different technologies, programming languages, and frameworks and is willing to embrace new and challenging projects.
Gökay is now available for hire
Hire Gökay

Portfolio

Experience

  • Information Security 15 years
  • Training 15 years
  • Cybersecurity 15 years
  • Penetration Testing 12 years
  • Ethical Hacking 12 years
  • ISO 27001 12 years
  • Networks 10 years
  • Linux 10 years

Location

Istanbul, Turkey

Availability

Full-time

Preferred Environment

Zoom, MacOS, Linux, Windows

The most amazing...

...thing I've designed is Turkey's first DevSecOps continuous integration and continuous delivery pipeline.

Employment

  • Founder and CEO

    2016 - PRESENT
    Prime Threat
    • Provided reorganization services to align the cyber security organization, infrastructure, and operations with the secure vision, while also establishing a strong market perception focused on cyber threat and risk management.
    • Designed and implemented a security framework for a major global logistics customer in Turkey in accordance with local and international standards and regulations to foster a risk and security culture and risk management.
    • Initiated an investment consulting project in cyber security startups for a local company to assist them in strengthening their financial structure through increased market share and volume and global expansion.
    Technologies: Cybersecurity, Information Security, Project Consultancy, Auditing, ISO 27001, ISO 22301, ITIL 4, IT Service Management (ITSM), Management Systems, Windows, Linux, Training, ICT Training, Information & Communications Technology (ICT), COBIT 5, GDPR, Enterprise Architecture, Security Software Development, Amazon Web Services (AWS), CISO, Google Cloud Platform (GCP), Azure, Software Development Lifecycle (SDLC), Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), JavaScript, Go, Rust, Cloud Security, Architecture, Network Security, Security, CI/CD Pipelines, IT Security, System Administration, CCNA, CCNA Security, Information Security Management Systems (ISMS), Business Continuity & Disaster Recovery (BCDR), Migration, NIST

  • Security Lead (Policies & Procedures)

    2022 - 2023
    Toyota Material Handling, Inc - Main
    • Designed a cybersecurity management skeleton to inform management of the company's cybersecurity needs and developed operational methodologies.
    • Developed cybersecurity policies and practices by worldwide standards and frameworks such as ISO, IoTSF, etc., to meet the company's needs.
    • Performed risk analysis and threat modeling to comprehend future and potential threats that will unavoidably produce risks that can result in lost revenue.
    Technologies: Security, Risk Assessment, Risk, Risk Models, Threat Modeling, Threat Analytics, Embedded Linux, Embedded Systems, Documentation, Technical Writing

  • Security Compliance Consultant

    2022 - 2023
    Bonify, LLC
    • Established a cyber security management policy with an overarching strategy for running security operations in accordance with international and commercial standards, such as ISO 27001, GDPR, and Wix and Shopify platform compliance for a web app development company.
    • Reviewed the current IT and security architecture and suggested architectural improvements for servers, security tools/devices, and software to strengthen infrastructure.
    • Developed a roadmap to enhance the entire security posture of future DevOps-manufactured products and services and proposed revisions based on requirements and needs.
    Technologies: IT Security, Security, ISO 27001, Data Privacy, GDPR, Incident Response, Architecture

  • Cyber Security Advisor to CIO

    2019 - 2021
    Istanbul Metropolitan Municipality
    • Participated in cross-functional teams projects involving IoT, SCADA, and smart city concepts to strategize the management and implementation of administering Istanbul.
    • Enhanced enterprise security by creating a new generation of fortified security infrastructure. Built a framework for security management and enterprise architecture.
    • Planned projects to improve know-how and infrastructure for a reliable and secure operation. Set the metrics, KPIs, and operational IT processes for the security organization to enhance security operations and software and infrastructure security.
    Technologies: Auditing, Business Continuity, Cybersecurity, Information Security, Data-level Security, Database Security, GDPR, Data Privacy, International Data Privacy Regulations, Identity & Access Management (IAM), SIEM, SoC, Penetration Testing, Vulnerability Management, Vulnerability Assessment, Acunetix, Netsparker, Nessus, Threat Modeling, Threat Intelligence, Web Intelligence, Red Teaming, Scanning, PCI DSS, ISO 27001, ISO 22301, ISO 27002, Firewalls, Endpoint Security, Software Development Lifecycle (SDLC), Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Cloud Security, Architecture, Network Security, Secure Storage, Security, CI/CD Pipelines, IT Security, System Administration, Information Security Management Systems (ISMS), Business Continuity & Disaster Recovery (BCDR), Migration, NIST

  • Information Security VP and Enterprise Architect

    2015 - 2016
    Bankalararası Kart Merkezi (Interbank Card Center)
    • Designed and constructed a world-class cyber security infrastructure to safeguard 250 billion TL in annual local payment transactions.
    • Created a vision of success to compete with other banking and payment organizations and establish Turkey's first payment system and scheme (TROY).
    • Implemented the strategy in stages, including assessment phases, design, construction, operation, testing, auditing, and continuous improvement.
    • Reported to the senior vice president of security, compliance, and service management. Managed a team of four direct and twenty indirect employees overseeing a 1.5 million dollar annual CAPEX and OPEX budget.
    • Implemented a framework for continuous penetration testing and code reviews to develop a proactive security management system to ward off cyber threats.
    • Managed and led the procurement and budgeting processes to acquire products and services and consultation for operations.
    • Constructed TROY's payment and information technology infrastructure following global payment schemes like Discover Card and international regulations such as PCI DSS.
    Technologies: Cybersecurity, Information Security, SIEM, SoC, DevOps, DevSecOps, Microservices, Microservices Architecture, REST APIs, RESTful Microservices, Payment APIs, Card Payments, Mobile Payments, Digital Payments, Penetration Testing, Ethical Hacking, Scanning, Threat Modeling, Threat Intelligence, Vulnerability Management, Vulnerability Assessment, Vulnerability Identification, Zero-day Vulnerabilities, Accunetix Vulnerability Scanner, Nessus, Netsparker, CyberArk, Identity & Access Management (IAM), Imperva Incapsula, IBM Security Guardium, Endpoint Security, Web Application Firewall (WAF), Data Loss Prevention (DLP), Software Development Lifecycle (SDLC), Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Architecture, Network Security, Secure Storage, Security, CI/CD Pipelines, IT Security, System Administration, Information Security Management Systems (ISMS), Business Continuity & Disaster Recovery (BCDR), Migration, NIST

  • Senior Cyber Security Consultant

    2014 - 2015
    PwC
    • Designed and built a cyber security team to conduct security assessments, penetration and vulnerability testing, and incident response processes.
    • Strengthened and fortified customers' information technology infrastructure and applications to prevent known and unknown cyber threats in significant industries.
    • Oversaw auditing customers' cyber security and information security processes to inform them about their compliance with global law, regulations, and best practices.
    Technologies: Cybersecurity, Information Security, ISO 27001, ISO 22301, COBIT 5, IoT Security, SCADA, Accunetix Vulnerability Scanner, Acunetix, Netsparker, Auditing, Business Continuity, Governance, IT Governance, Data Governance, Risk, Compliance, PCI Compliance, Risk Models, Threat Modeling, Cloud Security, Architecture, Network Security, Secure Storage, Security, IT Security, System Administration, Information Security Management Systems (ISMS), Business Continuity & Disaster Recovery (BCDR), Migration, NIST

Experience

  • TROY Payment Project
    https://troyodeme.com/en/

    TROY is Turkey's first card payment vendor operating under the discover card schema. I was responsible for the infrastructure's design and implementation. Additionally, I have successfully managed projects involving various stakeholders, including local governments, banks, payment companies, customers, international governments, and other card vendors.

  • Cyber Security Organization and Business Model Designing

    As a principal advisor to the CEO of one of Turkey's largest ISP companies, I designed and implemented a new organizational structure and business model to generate new revenue streams in domestic and international markets.

  • Turkey's Very First DevSecOps CI/CD Pipeline

    I managed Turkey's first DevSecOps CI/CD pipeline project at Interbank Card Center (BKM) to assess software quality and security and infrastructure security needed for building a solid and fortified secure software development lifecycle devoid of human intervention or error.

Skills

  • Tools

    Acunetix, Netsparker, Nessus, Accunetix Vulnerability Scanner, Zoom

  • Paradigms

    Penetration Testing, Security Software Development, DevOps, DevSecOps, Microservices, Microservices Architecture, Continuous Deployment, Continuous Delivery (CD), Continuous Development (CD), Continuous Integration (CI)

  • Platforms

    Windows, MacOS, Linux, Imperva Incapsula, Google Cloud Platform (GCP), Azure, Amazon Web Services (AWS), Embedded Linux

  • Industry Expertise

    Cybersecurity, Network Security, Security, IT Security

  • Storage

    Database Security

  • Other

    Networks, Information Security, Auditing, ISO 27001, Training, ICT Training, Information & Communications Technology (ICT), Ethical Hacking, Certified Ethical Hacker (CEH), IT Infrastructure, Identity & Access Management (IAM), Firewalls, Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Scanning, SoC, Web Intelligence, Threat Intelligence, Threat Modeling, CISO, Data-level Security, Data Privacy, International Data Privacy Regulations, Vulnerability Management, Vulnerability Assessment, Red Teaming, PCI DSS, ISO 27002, Endpoint Security, Vulnerability Identification, CyberArk, Web Application Firewall (WAF), Data Loss Prevention (DLP), Architecture, Information Security Management Systems (ISMS), NIST, Project Consultancy, ISO 22301, ITIL 4, IT Service Management (ITSM), GDPR, Enterprise Architecture, Business Continuity, SIEM, Mobile Payments, Digital Payments, Zero-day Vulnerabilities, IBM Security Guardium, Cloud Security, CI/CD Pipelines, System Administration, CCNA, CCNA Security, Business Continuity & Disaster Recovery (BCDR), Migration, Programming, Encryption, Data, Payment APIs, Card Payments, Disaster Recovery Plans (DRP), Software Development Lifecycle (SDLC), RESTful Microservices, IoT Security, SCADA, Governance, IT Governance, Data Governance, Risk, Compliance, PCI Compliance, Risk Models, Organization, Organizational Design, Organizational Structure, Business, Business Ideas, Business Cases, Business Development, Agile DevOps, High Code Quality, Secure Storage, Incident Response, Risk Assessment, Threat Analytics, Embedded Systems, Documentation, Technical Writing

  • Frameworks

    COBIT 5

  • Languages

    JavaScript, Go, Rust

  • Libraries/APIs

    REST APIs

Education

  • Bachelor's Degree in Computer Engineering
    2005 - 2009
    Istanbul Commerce University - Istanbul, Turkey

Certifications

  • ISO 22301
    AUGUST 2015 - PRESENT
    ISO
  • ITIL
    JUNE 2015 - PRESENT
    HP
  • ISO/IEC 27001:2013 LA
    JUNE 2015 - PRESENT
    ISO
  • Certified Ethical Hacker
    NOVEMBER 2008 - NOVEMBER 2011
    EC-Council

To view more profiles

Join Toptal
Share it with others
Hire the top 3% of freelance developers TM