Gökay Pekşen
Verified Expert in Engineering
IT Security Developer
Istanbul, Turkey
Toptal member since April 28, 2022
Gökay is a senior manager and principal advisor specializing in cyber security, information security, audit, and standards and regulations. He is highly skilled in enterprise security architecture and an expert in delivering sustainable protection and enhancing reputation and digital existence while enabling risk mitigation to prevent financial loss. Gökay has been working with different technologies, programming languages, and frameworks and is willing to embrace new and challenging projects.
Portfolio
Experience
Availability
Preferred Environment
Zoom, MacOS, Linux, Windows
The most amazing...
...thing I've designed is Turkey's first DevSecOps continuous integration and continuous delivery pipeline.
Work Experience
Founder and CEO
Prime Threat
- Advised a firm on cybersecurity investments focusing on ISO 27001, PCI DSS, and COBIT to boost financial stability and global reach.
- Aimed to bolster market competitiveness by aligning investments with international GRC standards.
- Created an ISO 22301, NIST-based security framework for a logistics client in Turkey to enhance resilience and compliance.
- Embedded GRC principles to protect assets and reinforce the client's reputation as a secure logistics partner.
- Proposed a reorganization for a cybersecurity firm aligning with ISO 27001, NIST, and PCI DSS to improve governance and risk management.
- Emphasized the reorganization strategy, elevating the firm's commitment to data protection and cybersecurity excellence.
Cybersecurity Consultant
Olea Global Pte. Ltd. - Main
- Completed an ISO 27001 audit with a GDPR focus to optimize our ISMS, enhancing data protection and security posture.
- Implemented advanced security measures adhering to GDPR, strengthening defenses against cyber threats.
- Undertook an ISO 27001 and GDPR audit to refine our ISMS, integrating GDPR-compliant controls.
- Enhanced risk mitigation and regulatory compliance, improving our cybersecurity response capabilities.
- Increased ability to detect, respond to, and recover from cyber threats, minimizing business interruptions.
- Strengthened protection of sensitive data through enhanced cybersecurity measures and compliance.
Security Lead
Toyota Material Handling
- Designed a cybersecurity management structure incorporating GRC principles with a GDPR focus, advising leadership on compliance and security needs.
- Developed GDPR-compliant operational strategies, embedding governance, risk management, and compliance into cybersecurity practices.
- Established cybersecurity policies aligned with GRC frameworks like ISO, IoTSF, and GDPR, addressing compliance and company-specific needs.
- Integrated global standards and regulatory compliance into cybersecurity practices, ensuring adherence to GRC principles.
- Performed risk analysis incorporating GRC and GDPR considerations to proactively address and mitigate cybersecurity threats.
- Applied GRC principles in threat modeling, focusing on risk mitigation and data protection to safeguard against potential revenue impacts.
Security Compliance Consultant
Bonify, LLC
- Formulated a cybersecurity management policy, integrating GRC principles with a focus on ISO 27001, GDPR, and compliance with Wix and Shopify platforms for a web app development company.
- Assessed the current IT and security setup, recommending architectural enhancements for servers, tools/devices, and software in line with GRC frameworks to bolster infrastructure resilience.
- Crafted a strategic roadmap to elevate the security posture of DevOps-manufactured products and services, aligning future developments with GRC standards and organizational needs.
- Prioritized alignment with international and commercial cybersecurity standards, ensuring governance, risk management, and compliance are central to security operations.
- Emphasized the importance of adhering to GRC principles in evaluating and upgrading security architecture, enhancing protection against evolving threats.
- Proposed infrastructure improvements based on rigorous GRC assessments, aiming to fortify the security foundation of the organization's IT environment.
Cybersecurity Advisor to CIO
Istanbul Metropolitan Municipality
- Collaborated in multidisciplinary projects to strategize Istanbul's smart city and IoT initiatives, integrating GRC principles for effective management and implementation.
- Enhanced enterprise security by developing a fortified infrastructure, ensuring ISO 27001, PCI-DSS, NIST, and GDPR compliance within a comprehensive GRC framework.
- Established an ISO and GDPR-compliant security management framework, embedding it into the enterprise architecture to align with global data protection standards.
- Launched initiatives to elevate secure operations expertise, focusing on ISO, NIST, and GDPR compliance and integrating GRC best practices for robust cybersecurity.
- Defined metrics and KPIs within an ISO, NIST, and GDPR context to refine security operations, emphasizing governance, risk management, and compliance in IT processes.
- Aimed to enhance software and infrastructure security by adhering to ISO and GDPR norms, leveraging GRC strategies for continuous improvement and compliance.
Information Security VP and Enterprise Architect
Bankalararası Kart Merkezi (Interbank Card Center)
- Architected a state-of-the-art cybersecurity framework, securing 250 billion TL in local transactions, aligning with GRC principles for robust financial data protection.
- Envisioned and set a competitive benchmark for Turkey's payment ecosystem with TROY, incorporating GRC strategies to ensure operational excellence and compliance.
- Executed the strategy through meticulous GRC-aligned stages: assessment, design, build, operation, testing, audit, and ongoing enhancement for cybersecurity resilience.
- Reported to executive leadership, emphasizing governance, risk management, and compliance in managing security and service, with a significant budget for strategic investments.
- Managed a dedicated team, focusing on GRC-centric security operations, overseeing significant financial allocations for continuous infrastructure and capability improvement.
- Introduced a rigorous framework for ongoing penetration testing and code reviews, underpinning a proactive GRC-compliant cybersecurity posture against emerging threats.
- Oversaw procurement and budgeting with a GRC lens, ensuring investments in technology and consultancy services meet compliance and operational efficiency standards.
- Developed TROY’s IT and payment infrastructure to mirror global benchmarks like Discover Card, integrating PCI DSS and other regulatory standards for international compliance.
- Fostered a culture of continuous improvement in cybersecurity practices, leveraging GRC insights to enhance the security, compliance, and service management landscape.
- Championed GRC principles in all phases of the payment system's lifecycle, from strategic planning to operational excellence, setting a precedent for payment security in Turkey.
Senior Cybersecurity Consultant
PwC
- Formed a cybersecurity team grounded in GRC principles, tasked with executing security assessments, penetration testing, and incident response to uphold data integrity and compliance.
- Enhanced client IT infrastructures across critical sectors, employing GRC methodologies to safeguard against both anticipated and novel cyber threats, reinforcing resilience and compliance.
- Conducted thorough audits of client cybersecurity practices, leveraging GRC frameworks to evaluate adherence to international laws, regulations, and industry best practices, ensuring comprehensive compliance.
- Developed and implemented a continuous monitoring strategy, integrating GRC principles to proactively identify vulnerabilities and respond to incidents, thus minimizing risk exposure.
- Established a robust incident response process, informed by GRC standards, to manage and mitigate the impact of security breaches swiftly, ensuring regulatory compliance and operational continuity.
- Advocated for GRC-aligned cybersecurity education and awareness programs within client organizations, promoting a culture of security, compliance, and risk awareness to prevent future threats.
Experience
TROY Payment Project
Cyber Security Organization and Business Model Designing
Turkey's Very First DevSecOps CI/CD Pipeline
Education
Bachelor's Degree in Computer Engineering
Istanbul Commerce University - Istanbul, Turkey
Certifications
ISO 22301
ISO
ITIL
HP
ISO/IEC 27001:2013 LA
ISO
Certified Ethical Hacker
EC-Council
Skills
Libraries/APIs
REST APIs, AES
Tools
Acunetix, Invicti (Netsparker), Nessus, Accunetix Vulnerability Scanner, Zoom, Google Workspace, Grafana, Microsoft Power Apps, Splunk, GCP Security, VPN
Paradigms
Penetration Testing, DevSecOps, DDoS, Security Software Development, DevOps, Secure Code Best Practices, Microservices, Microservices Architecture, Continuous Deployment, Continuous Delivery (CD), Continuous Development (CD), Continuous Integration (CI), Automation, Azure DevOps
Platforms
Linux, Windows, MacOS, Azure, Amazon Web Services (AWS), Imperva Incapsula, CrowdStrike, Google Cloud Platform (GCP), Embedded Linux, Shopify, Docker, Kubernetes
Industry Expertise
Cybersecurity, Network Security, E-learning, Security Advisory, Enterprise Security
Storage
Database Security, Datadog, SQL Injection Protection, Azure Active Directory, Amazon S3 (AWS S3)
Frameworks
COBIT 5, Django
Languages
JavaScript, Go, Rust, Python, TypeScript, SQL
Other
Networks, Information Security, Auditing, ISO 27001, Training, ICT Training, Information & Communications Technology (ICT), Ethical Hacking, Certified Ethical Hacker (CEH), IT Infrastructure, Identity & Access Management (IAM), Firewalls, Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Scanning, System-on-a-Chip (SoC), Web Intelligence, Threat Intelligence, Threat Modeling, CISO, Data-level Security, Data Privacy, International Data Privacy Regulations, Vulnerability Management, Vulnerability Assessment, Red Teaming, PCI DSS, ISO 27002, Endpoint Security, Vulnerability Identification, CyberArk, Web Application Firewall (WAF), Data Loss Prevention (DLP), Data Governance, Compliance, Architecture, Security, IT Security, Information Security Management Systems (ISMS), NIST, Security Engineering, Security Architecture, GRC, Security Audits, Web Security, Computer Security, Risk Management, Security Management, Security Design, Lecturing, Learning, PCI, SecOps, Web App Security, Certified Information Systems Security Professional, Leadership, Audits, Infrastructure Security, IT Project Management, OWASP Top 10, Risk Analysis, Risk Modeling, Business Continuity Planning (BCP), Business Continuity, Business Continuity & Disaster Recovery (BCDR), Consulting, Security, Advisory, Root Cause Analysis, Cybersecurity Operations, Communication, Privileged Access Management (PAM), Project Consultancy, ISO 22301, ITIL 4, IT Service Management (ITSM), GDPR, Enterprise Architecture, Business Continuity, SIEM, Mobile Payments, Digital Payments, Zero-day Vulnerabilities, IBM Security Guardium, Cloud Security, CI/CD Pipelines, System Administration, CCNA, CCNA Security, Business Continuity & Disaster Recovery (BCDR), Migration, Application Security, Data Protection, Single Sign-on (SSO), Detection Engineering, Data Encryption, Cloudflare, SOC 2, Mobile Security, Malware Removal, CISSP, Cryptography, IDS/IPS, Endpoint Detection and Response (EDR), Business Continuity Planning (BCP), Security Operations Centers (SOC), Managed Detection and Response (MDR), Cloud, Infrastructure as Code (IaC), Disaster Recovery Consulting, Application Security, Vulnerability Scanning, Cyber Defense, Managed Security Service Providers (MSSP), OWASP, Security Information and Event Management (SIEM), Cloud Architecture, Release Management, Code Auditing, Digital Forensics, Cyber Forensics, Active Directory (AD), Programming, Encryption, Data, Payment APIs, Card Payments, Disaster Recovery Plans (DRP), Software Development Lifecycle (SDLC), RESTful Microservices, IoT Security, SCADA, Governance, IT Governance, Risk, PCI Compliance, Risk Models, Organization, Organizational Design, Organizational Structure, Business, Business Ideas, Business Cases, Business Development, Agile DevOps, High Code Quality, Secure Storage, Incident Response, Risk Assessment, Threat Analytics, Embedded Systems, Documentation, Technical Writing, Containers, Product Strategy Consultant, Go-to-market Strategy, Group Policy, CISM, Artificial Intelligence (AI), Advanced Encryption Standard (AES), Network Architecture, Cloud Infrastructure, SaaS Security, Code Review, Software as a Service (SaaS), Technical Writing, AWS Certified Solution Architect, Data Risk Assessment (DRA), Cisco, Enterprise Cybersecurity, Shell Scripting, AI Security, OT Security, Forensics
How to Work with Toptal
Toptal matches you directly with global industry experts from our network in hours—not weeks or months.
Share your needs
Choose your talent
Start your risk-free talent trial
Top talent is in high demand.
Start hiring