Gökay Pekşen, Developer in Istanbul, Turkey
Gökay is available for hire
Hire Gökay

Gökay Pekşen

Verified Expert  in Engineering

IT Security Developer

Location
Istanbul, Turkey
Toptal Member Since
April 28, 2022

Gökay is a senior manager and principal advisor specializing in cyber security, information security, audit, and standards and regulations. He is highly skilled in enterprise security architecture and an expert in delivering sustainable protection and enhancing reputation and digital existence while enabling risk mitigation to prevent financial loss. Gökay has been working with different technologies, programming languages, and frameworks and is willing to embrace new and challenging projects.

Portfolio

Prime Threat
Cybersecurity, Information Security, Project Consultancy, Auditing, ISO 27001...
Olea Global Pte. Ltd. - Main
Application Security, Information Security, CISO, Cybersecurity, IT Security...
Toyota Material Handling, Inc - Main
Security, Risk Assessment, Risk, Risk Models, Threat Modeling, Threat Analytics...

Experience

Availability

Full-time

Preferred Environment

Zoom, MacOS, Linux, Windows

The most amazing...

...thing I've designed is Turkey's first DevSecOps continuous integration and continuous delivery pipeline.

Work Experience

Founder and CEO

2016 - PRESENT
Prime Threat
  • Launched a consultancy project to guide a local firm in investing in cyber security startups, emphasizing GDPR compliance to enhance their financial stability by expanding their domestic and international market presence.
  • Developed a GDPR-compliant security framework for a key global logistics client in Turkey, ensuring adherence to local and international norms. This initiative aimed to cultivate a culture that is deeply aware of security and risk management.
  • Offered reorganization solutions to a cyber security firm, aligning its structure, infrastructure, and operations with GDPR requirements.
Technologies: Cybersecurity, Information Security, Project Consultancy, Auditing, ISO 27001, ISO 22301, ITIL 4, IT Service Management (ITSM), Windows, Linux, Training, ICT Training, Information & Communications Technology (ICT), COBIT 5, GDPR, Enterprise Architecture, Security Software Development, Amazon Web Services (AWS), CISO, Google Cloud Platform (GCP), Azure, Software Development Lifecycle (SDLC), Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), JavaScript, Go, Rust, Cloud Security, Architecture, Network Security, Security, CI/CD Pipelines, IT Security, System Administration, CCNA, CCNA Security, Information Security Management Systems (ISMS), Business Continuity & Disaster Recovery (BCDR), Migration, NIST, Containers, Azure Active Directory, Product Strategy Consultant, Go-to-market Strategy, Security Engineering, Group Policy, Data Protection, Security Architecture, GRC, Security Audits, Compliance, Single Sign-on (SSO), Web Security, Computer Security, Risk Management, Security Management, DevSecOps, Detection Engineering, Automation, Security Design, Lecturing, Learning, E-learning, PCI, SecOps, Secure Code Best Practices, Data Encryption, Docker, Kubernetes, Web App Security, Cloudflare, Google Workspace, DDoS, Grafana, Azure DevOps, SOC 2, Mobile Security, Certified Information Systems Security Professional, Amazon S3 (AWS S3), Malware Removal, CISSP, Python, Datadog, CISM, Data Privacy, International Data Privacy Regulations, Leadership, Audits, Artificial Intelligence (AI), Application Security, Advanced Encryption Standard (AES), Cryptography, IDS/IPS, Endpoint Detection and Response (EDR)

Cybersecurity Consultant

2023 - 2023
Olea Global Pte. Ltd. - Main
  • Completed an ISO 27001 audit, focusing on GDPR compliance, to optimize our ISMS. Advanced security measures were implemented, adhering to GDPR and industry standards, bolstering our defenses against cyber threats, and safeguarding sensitive data.
  • Undertook a detailed ISO 27001 and GDPR internal audit to refine our ISMS. This led to integrating GDPR-compliant security controls, enhancing risk mitigation, and aligning with regulatory standards, thus improving our response to cyber threats.
  • Increased ability to detect, respond to, and recover from potential cyber threats, thereby minimizing business interruptions and protecting sensitive data.
Technologies: Application Security, Information Security, CISO, Cybersecurity, IT Security, ISO 27001, ISO 27002, Compliance, Security, Azure Active Directory, Security Engineering, Data Protection, Security Architecture, GRC, Security Audits, Web Security, Computer Security, Risk Management, Security Management, Security Design, PCI, Web App Security, Certified Information Systems Security Professional, CISSP, Leadership, Audits

Security Lead

2022 - 2023
Toyota Material Handling, Inc - Main
  • Crafted a cybersecurity management structure with a GDPR focus, informing leadership about cybersecurity necessities and formulating GDPR-compliant operational methods.
  • Established cybersecurity policies and practices aligned with global standards like ISO, IoTSF, and GDPR, catering to the company's specific needs and regulatory compliance.
  • Conducted risk analysis and threat modeling, integrating GDPR considerations to anticipate future threats and their potential impact on revenue, emphasizing risk mitigation and data protection.
Technologies: Security, Risk Assessment, Risk, Risk Models, Threat Modeling, Threat Analytics, Embedded Linux, Embedded Systems, Documentation, Technical Writing, Azure Active Directory, Security Engineering, Data Protection, Security Architecture, GRC, Security Audits, Compliance, Web Security, Computer Security, Risk Management, Security Management, Security Design, Secure Code Best Practices, Data Encryption, Web App Security, Certified Information Systems Security Professional, Cybersecurity, CISSP, Leadership, Audits, Application Security

Security Compliance Consultant

2022 - 2023
Bonify, LLC
  • Established a cyber security management policy with an overarching strategy for running security operations in accordance with international and commercial standards, such as ISO 27001, GDPR, and Wix and Shopify platform compliance for a web app development company.
  • Reviewed the current IT and security architecture and suggested architectural improvements for servers, security tools/devices, and software to strengthen infrastructure.
  • Developed a roadmap to enhance the entire security posture of future DevOps-manufactured products and services and proposed revisions based on requirements and needs.
Technologies: IT Security, Security, ISO 27001, Data Privacy, GDPR, Incident Response, Architecture, Security Engineering, Security Architecture, GRC, Security Audits, Compliance, Web Security, Computer Security, Risk Management, Security Management, Security Design, Shopify, PCI, Web App Security, Certified Information Systems Security Professional, Cybersecurity, CISSP, Leadership, Audits

Cybersecurity Advisor to CIO

2019 - 2021
Istanbul Metropolitan Municipality
  • Participated in cross-functional team projects involving IoT, SCADA, and smart city concepts to strategize the management and implementation of administering Istanbul.
  • Upgraded enterprise security by developing a next-gen fortified security infrastructure, incorporating GDPR guidelines. Established a GDPR-compliant security management and enterprise architecture framework.
  • Initiated projects to boost expertise and infrastructure for secure operations, focusing on GDPR compliance. Defined metrics, KPIs, and IT processes under GDPR norms to improve security operations and the security of software and infrastructure.
Technologies: Auditing, Business Continuity, Cybersecurity, Information Security, Data-level Security, Database Security, GDPR, Data Privacy, International Data Privacy Regulations, Identity & Access Management (IAM), SIEM, System-on-a-Chip (SoC), Penetration Testing, Vulnerability Management, Vulnerability Assessment, Acunetix, Netsparker, Nessus, Threat Modeling, Threat Intelligence, Web Intelligence, Red Teaming, Scanning, PCI DSS, ISO 27001, ISO 22301, ISO 27002, Firewalls, Endpoint Security, Software Development Lifecycle (SDLC), Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Cloud Security, Architecture, Network Security, Secure Storage, Security, CI/CD Pipelines, IT Security, System Administration, Information Security Management Systems (ISMS), Business Continuity & Disaster Recovery (BCDR), Migration, NIST, Containers, Security Engineering, Data Protection, Security Architecture, GRC, Security Audits, Compliance, Single Sign-on (SSO), Web Security, Computer Security, Risk Management, Security Management, DevSecOps, Detection Engineering, Automation, Security Design, PCI, SecOps, Secure Code Best Practices, Data Encryption, Docker, Kubernetes, Web App Security, Cloudflare, DDoS, Grafana, Azure DevOps, Mobile Security, Certified Information Systems Security Professional, Malware Removal, CISSP, Datadog, CISM, Leadership, Audits, Application Security, IDS/IPS, Endpoint Detection and Response (EDR)

Information Security VP and Enterprise Architect

2015 - 2016
Bankalararası Kart Merkezi (Interbank Card Center)
  • Designed and constructed a world-class cyber security infrastructure to safeguard 250 billion TL in annual local payment transactions.
  • Created a vision of success to compete with other banking and payment organizations and establish Turkey's first payment system and scheme (TROY).
  • Implemented the strategy in stages, including assessment phases, design, construction, operation, testing, auditing, and continuous improvement.
  • Reported to the senior vice president of security, compliance, and service management. Managed a team of four direct and twenty indirect employees overseeing a 1.5 million dollar annual CAPEX and OPEX budget.
  • Implemented a framework for continuous penetration testing and code reviews to develop a proactive security management system to ward off cyber threats.
  • Managed and led the procurement and budgeting processes to acquire products and services and consultation for operations.
  • Constructed TROY's payment and information technology infrastructure following global payment schemes like Discover Card and international regulations such as PCI DSS.
Technologies: Cybersecurity, Information Security, SIEM, System-on-a-Chip (SoC), DevOps, DevSecOps, Microservices, Microservices Architecture, REST APIs, RESTful Microservices, Payment APIs, Card Payments, Mobile Payments, Digital Payments, Penetration Testing, Ethical Hacking, Scanning, Threat Modeling, Threat Intelligence, Vulnerability Management, Vulnerability Assessment, Vulnerability Identification, Zero-day Vulnerabilities, Accunetix Vulnerability Scanner, Nessus, Netsparker, CyberArk, Identity & Access Management (IAM), Imperva Incapsula, IBM Security Guardium, Endpoint Security, Web Application Firewall (WAF), Data Loss Prevention (DLP), Software Development Lifecycle (SDLC), Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Architecture, Network Security, Secure Storage, Security, CI/CD Pipelines, IT Security, System Administration, Information Security Management Systems (ISMS), Business Continuity & Disaster Recovery (BCDR), Migration, NIST, Security Engineering, Data Protection, Security Architecture, GRC, Security Audits, Compliance, Single Sign-on (SSO), Web Security, Computer Security, Risk Management, Security Management, Detection Engineering, Automation, Security Design, PCI, SecOps, Secure Code Best Practices, Data Encryption, Web App Security, DDoS, Mobile Security, Certified Information Systems Security Professional, Malware Removal, CISSP, CISM, Leadership, Audits, Advanced Encryption Standard (AES), AES, Cryptography, IDS/IPS, Endpoint Detection and Response (EDR)

Senior Cybersecurity Consultant

2014 - 2015
PwC
  • Designed and built a cyber security team to conduct security assessments, penetration and vulnerability testing, and incident response processes.
  • Strengthened and fortified customers' information technology infrastructure and applications to prevent known and unknown cyber threats in significant industries.
  • Oversaw auditing customers' cyber security and information security processes to inform them about their compliance with global law, regulations, and best practices.
Technologies: Cybersecurity, Information Security, ISO 27001, ISO 22301, COBIT 5, IoT Security, SCADA, Accunetix Vulnerability Scanner, Acunetix, Netsparker, Auditing, Business Continuity, Governance, IT Governance, Data Governance, Risk, Compliance, PCI Compliance, Risk Models, Threat Modeling, Cloud Security, Architecture, Network Security, Secure Storage, Security, IT Security, System Administration, Information Security Management Systems (ISMS), Business Continuity & Disaster Recovery (BCDR), Migration, NIST, Security Engineering, Group Policy, Security Architecture, GRC, Security Audits, Single Sign-on (SSO), Web Security, Computer Security, Risk Management, Security Management, Lecturing, Learning, E-learning, SecOps, Secure Code Best Practices, Data Encryption, Web App Security, DDoS, Certified Information Systems Security Professional, CISSP, Leadership, Audits, Application Security, Advanced Encryption Standard (AES), AES, Cryptography, Endpoint Detection and Response (EDR)

TROY Payment Project

https://troyodeme.com/en/
TROY is Turkey's first card payment vendor operating under the discover card schema. I was responsible for the infrastructure's design and implementation. Additionally, I have successfully managed projects involving various stakeholders, including local governments, banks, payment companies, customers, international governments, and other card vendors.

Cyber Security Organization and Business Model Designing

As a principal advisor to the CEO of one of Turkey's largest ISP companies, I designed and implemented a new organizational structure and business model to generate new revenue streams in domestic and international markets.

Turkey's Very First DevSecOps CI/CD Pipeline

I managed Turkey's first DevSecOps CI/CD pipeline project at Interbank Card Center (BKM) to assess software quality and security and infrastructure security needed for building a solid and fortified secure software development lifecycle devoid of human intervention or error.

Tools

Acunetix, Netsparker, Nessus, Accunetix Vulnerability Scanner, Zoom, Grafana

Paradigms

Penetration Testing, DevSecOps, DDoS, Security Software Development, DevOps, Secure Code Best Practices, Microservices, Microservices Architecture, Continuous Deployment, Continuous Delivery (CD), Continuous Development (CD), Continuous Integration (CI), Automation, Azure DevOps

Platforms

Windows, MacOS, Linux, Azure, Imperva Incapsula, Google Cloud Platform (GCP), Amazon Web Services (AWS), Embedded Linux, Shopify, Docker, Kubernetes

Industry Expertise

Cybersecurity, Network Security, E-learning

Storage

Database Security, Datadog, Azure Active Directory, Amazon S3 (AWS S3)

Other

Networks, Information Security, Auditing, ISO 27001, Training, ICT Training, Information & Communications Technology (ICT), Ethical Hacking, Certified Ethical Hacker (CEH), IT Infrastructure, Identity & Access Management (IAM), Firewalls, Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Scanning, System-on-a-Chip (SoC), Web Intelligence, Threat Intelligence, Threat Modeling, CISO, Data-level Security, Data Privacy, International Data Privacy Regulations, Vulnerability Management, Vulnerability Assessment, Red Teaming, PCI DSS, ISO 27002, Endpoint Security, Vulnerability Identification, CyberArk, Web Application Firewall (WAF), Data Loss Prevention (DLP), Compliance, Architecture, Security, IT Security, Information Security Management Systems (ISMS), NIST, Security Engineering, Security Architecture, GRC, Security Audits, Web Security, Computer Security, Risk Management, Security Management, Security Design, Lecturing, Learning, PCI, Web App Security, Certified Information Systems Security Professional, Leadership, Audits, Project Consultancy, ISO 22301, ITIL 4, IT Service Management (ITSM), GDPR, Enterprise Architecture, Business Continuity, SIEM, Mobile Payments, Digital Payments, Zero-day Vulnerabilities, IBM Security Guardium, Cloud Security, CI/CD Pipelines, System Administration, CCNA, CCNA Security, Business Continuity & Disaster Recovery (BCDR), Migration, Application Security, Data Protection, Single Sign-on (SSO), Detection Engineering, SecOps, Data Encryption, SOC 2, Mobile Security, Malware Removal, CISSP, Cryptography, IDS/IPS, Endpoint Detection and Response (EDR), Programming, Encryption, Data, Payment APIs, Card Payments, Disaster Recovery Plans (DRP), Software Development Lifecycle (SDLC), RESTful Microservices, IoT Security, SCADA, Governance, IT Governance, Data Governance, Risk, PCI Compliance, Risk Models, Organization, Organizational Design, Organizational Structure, Business, Business Ideas, Business Cases, Business Development, Agile DevOps, High Code Quality, Secure Storage, Incident Response, Risk Assessment, Threat Analytics, Embedded Systems, Documentation, Technical Writing, Containers, Product Strategy Consultant, Go-to-market Strategy, Group Policy, Cloudflare, Google Workspace, CISM, Artificial Intelligence (AI), Advanced Encryption Standard (AES)

Frameworks

COBIT 5

Languages

JavaScript, Go, Rust, Python

Libraries/APIs

REST APIs, AES

2005 - 2009

Bachelor's Degree in Computer Engineering

Istanbul Commerce University - Istanbul, Turkey

AUGUST 2015 - PRESENT

ISO 22301

ISO

JUNE 2015 - PRESENT

ITIL

HP

JUNE 2015 - PRESENT

ISO/IEC 27001:2013 LA

ISO

NOVEMBER 2008 - NOVEMBER 2011

Certified Ethical Hacker

EC-Council

Collaboration That Works

How to Work with Toptal

Toptal matches you directly with global industry experts from our network in hours—not weeks or months.

1

Share your needs

Discuss your requirements and refine your scope in a call with a Toptal domain expert.
2

Choose your talent

Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.
3

Start your risk-free talent trial

Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.

Top talent is in high demand.

Start hiring