Gökay Pekşen
Verified Expert in Engineering
IT Security Developer
Istanbul, Turkey
Toptal member since April 28, 2022
Gökay is a senior manager and principal advisor specializing in cyber security, information security, audit, and standards and regulations. He is highly skilled in enterprise security architecture and an expert in delivering sustainable protection and enhancing reputation and digital existence while enabling risk mitigation to prevent financial loss. Gökay has been working with different technologies, programming languages, and frameworks and is willing to embrace new and challenging projects.
Portfolio
Experience
Availability
Preferred Environment
Zoom, MacOS, Linux, Windows
The most amazing...
...thing I've designed is Turkey's first DevSecOps continuous integration and continuous delivery pipeline.
Work Experience
Founder and CEO
Prime Threat
- Advised a firm on cybersecurity investments focusing on ISO 27001, PCI DSS, and COBIT to boost financial stability and global reach.
- Aimed to bolster market competitiveness by aligning investments with international GRC standards.
- Created an ISO 22301, NIST-based security framework for a logistics client in Turkey to enhance resilience and compliance.
- Embedded GRC principles to protect assets and reinforce the client's reputation as a secure logistics partner.
- Proposed a reorganization for a cybersecurity firm aligning with ISO 27001, NIST, and PCI DSS to improve governance and risk management.
- Emphasized the reorganization strategy, elevating the firm's commitment to data protection and cybersecurity excellence.
Cybersecurity Consultant
Olea Global Pte. Ltd. - Main
- Completed an ISO 27001 audit with a GDPR focus to optimize our ISMS, enhancing data protection and security posture.
- Implemented advanced security measures adhering to GDPR, strengthening defenses against cyber threats.
- Undertook an ISO 27001 and GDPR audit to refine our ISMS, integrating GDPR-compliant controls.
- Enhanced risk mitigation and regulatory compliance, improving our cybersecurity response capabilities.
- Increased ability to detect, respond to, and recover from cyber threats, minimizing business interruptions.
- Strengthened protection of sensitive data through enhanced cybersecurity measures and compliance.
Security Lead
Toyota Material Handling
- Designed a cybersecurity management structure incorporating GRC principles with a GDPR focus, advising leadership on compliance and security needs.
- Developed GDPR-compliant operational strategies, embedding governance, risk management, and compliance into cybersecurity practices.
- Established cybersecurity policies aligned with GRC frameworks like ISO, IoTSF, and GDPR, addressing compliance and company-specific needs.
- Integrated global standards and regulatory compliance into cybersecurity practices, ensuring adherence to GRC principles.
- Performed risk analysis incorporating GRC and GDPR considerations to proactively address and mitigate cybersecurity threats.
- Applied GRC principles in threat modeling, focusing on risk mitigation and data protection to safeguard against potential revenue impacts.
Security Compliance Consultant
Bonify, LLC
- Formulated a cybersecurity management policy, integrating GRC principles with a focus on ISO 27001, GDPR, and compliance with Wix and Shopify platforms for a web app development company.
- Assessed the current IT and security setup, recommending architectural enhancements for servers, tools/devices, and software in line with GRC frameworks to bolster infrastructure resilience.
- Crafted a strategic roadmap to elevate the security posture of DevOps-manufactured products and services, aligning future developments with GRC standards and organizational needs.
- Prioritized alignment with international and commercial cybersecurity standards, ensuring governance, risk management, and compliance are central to security operations.
- Emphasized the importance of adhering to GRC principles in evaluating and upgrading security architecture, enhancing protection against evolving threats.
- Proposed infrastructure improvements based on rigorous GRC assessments, aiming to fortify the security foundation of the organization's IT environment.
Cybersecurity Advisor to CIO
Istanbul Metropolitan Municipality
- Collaborated in multidisciplinary projects to strategize Istanbul's smart city and IoT initiatives, integrating GRC principles for effective management and implementation.
- Enhanced enterprise security by developing a fortified infrastructure, ensuring ISO 27001, PCI-DSS, NIST, and GDPR compliance within a comprehensive GRC framework.
- Established an ISO and GDPR-compliant security management framework, embedding it into the enterprise architecture to align with global data protection standards.
- Launched initiatives to elevate secure operations expertise, focusing on ISO, NIST, and GDPR compliance and integrating GRC best practices for robust cybersecurity.
- Defined metrics and KPIs within an ISO, NIST, and GDPR context to refine security operations, emphasizing governance, risk management, and compliance in IT processes.
- Aimed to enhance software and infrastructure security by adhering to ISO and GDPR norms, leveraging GRC strategies for continuous improvement and compliance.
Information Security VP and Enterprise Architect
Bankalararası Kart Merkezi (Interbank Card Center)
- Architected a state-of-the-art cybersecurity framework, securing 250 billion TL in local transactions, aligning with GRC principles for robust financial data protection.
- Envisioned and set a competitive benchmark for Turkey's payment ecosystem with TROY, incorporating GRC strategies to ensure operational excellence and compliance.
- Executed the strategy through meticulous GRC-aligned stages: assessment, design, build, operation, testing, audit, and ongoing enhancement for cybersecurity resilience.
- Reported to executive leadership, emphasizing governance, risk management, and compliance in managing security and service, with a significant budget for strategic investments.
- Managed a dedicated team, focusing on GRC-centric security operations, overseeing significant financial allocations for continuous infrastructure and capability improvement.
- Introduced a rigorous framework for ongoing penetration testing and code reviews, underpinning a proactive GRC-compliant cybersecurity posture against emerging threats.
- Oversaw procurement and budgeting with a GRC lens, ensuring investments in technology and consultancy services meet compliance and operational efficiency standards.
- Developed TROY’s IT and payment infrastructure to mirror global benchmarks like Discover Card, integrating PCI DSS and other regulatory standards for international compliance.
- Fostered a culture of continuous improvement in cybersecurity practices, leveraging GRC insights to enhance the security, compliance, and service management landscape.
- Championed GRC principles in all phases of the payment system's lifecycle, from strategic planning to operational excellence, setting a precedent for payment security in Turkey.
Senior Cybersecurity Consultant
PwC
- Formed a cybersecurity team grounded in GRC principles, tasked with executing security assessments, penetration testing, and incident response to uphold data integrity and compliance.
- Enhanced client IT infrastructures across critical sectors, employing GRC methodologies to safeguard against both anticipated and novel cyber threats, reinforcing resilience and compliance.
- Conducted thorough audits of client cybersecurity practices, leveraging GRC frameworks to evaluate adherence to international laws, regulations, and industry best practices, ensuring comprehensive compliance.
- Developed and implemented a continuous monitoring strategy, integrating GRC principles to proactively identify vulnerabilities and respond to incidents, thus minimizing risk exposure.
- Established a robust incident response process, informed by GRC standards, to manage and mitigate the impact of security breaches swiftly, ensuring regulatory compliance and operational continuity.
- Advocated for GRC-aligned cybersecurity education and awareness programs within client organizations, promoting a culture of security, compliance, and risk awareness to prevent future threats.
Experience
TROY Payment Project
Cyber Security Organization and Business Model Designing
Turkey's Very First DevSecOps CI/CD Pipeline
Education
Bachelor's Degree in Computer Engineering
Istanbul Commerce University - Istanbul, Turkey
Certifications
ISO 22301
ISO
ITIL
HP
ISO/IEC 27001:2013 LA
ISO
Certified Ethical Hacker
EC-Council
Skills
Libraries/APIs
REST API, AES
Tools
Acunetix, Invicti (Netsparker), System Security, Accunetix Vulnerability Scanner, Zoom Development, Google Workspace, Grafana, Microsoft Power Apps, Splunk, GCP Security, VPN, GitHub
Paradigms
Penetration Testing, DevSecOps, DDoS, Security Engineering, DevOps, Secure Code Best Practices, Microservices Development, Microservices Architecture, Agile Development, Agile Development, Continuous Development (CD), Continuous Integration (CI), Automation, Azure DevOps
Platforms
Linux, Windows Development, MacOS, Azure Design, AWS, Imperva Incapsula, CrowdStrike, Cloud Engineering, Linux, Shopify, Docker, Kubernetes
Industry Expertise
Cybersecurity, System Security, eLearning Design, Security Advisory, Enterprise Security
Storage
Database, Datadog, System Security, Azure, Amazon S3
Frameworks
COBIT 5, Django
Languages
JavaScript, Go, Rust, Python, TypeScript, SQL
Other
Networks, Information Security Analysis, Auditing, ISO 27001, Training, ICT Training, Information & Communications Technology (ICT), Ethical Hacking, Ethical Hacking, IT Infrastructure, Identity & Access Management (IAM), System Security, Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Scanning, System-on-a-Chip (SoC), Web Development, System Security, Threat Modeling, CISO, Data-level Security, Data Privacy, International Data Privacy Regulations, Vulnerability Management, Vulnerability Assessment, Red Teaming, PCI DSS, ISO 27002, System Security, Vulnerability Identification, CyberArk, Web Application Firewall (WAF), Data Loss Prevention (DLP), Data Science, Compliance, Architecture, Security, IT Security, Information Security Management Systems (ISMS), NIST, Security Engineering, Security Architecture, GRC, Security Audits, System Security, Computer Security, Risk Management, Security Management, Security Design, Lecturing, Learning, PCI, SecOps, System Security, Certified Information Systems Security Professional, Leadership, Audits, Infrastructure Security, IT Project Management, OWASP Top 10, Risk Analysis, Risk Modeling, Business Continuity Planning (BCP), Business Continuity, Business Continuity & Disaster Recovery (BCDR), Design Consulting, Security, Advisory, Root Cause Analysis, Cybersecurity Operations, Communication Coaching, Privileged Access Management (PAM), Enterprise Risk Management (ERM), Project Consultancy, ISO 22301, ITIL 4, IT Service Management (ITSM), GDPR, Enterprise Architecture, Business Continuity, SIEM, Mobile App Design, Digital Payments, Zero-day Vulnerabilities, IBM Security Guardium, Cloud Security, CI/CD Pipelines, System Administration, CCNA, CCNA Security, Business Continuity & Disaster Recovery (BCDR), Migration Engineering, Application Security, Data Protection, SSO Engineering, Detection Engineering, System Security, Cloudflare, SOC 2( Service Organization Control), Mobile Security, Malware Removal, CISSP, Crytographer, IDS/IPS, Endpoint Detection and Response (EDR), Business Continuity Planning (BCP), Security Operations Centers (SOC), Managed Detection and Response (MDR), Cloud Engineering, Infrastructure as Code (IaC), Disaster Recovery Consulting, Application Security, Vulnerability Scanning, Cyber Defense, Managed Security Service Providers (MSSP), OWASP, Security Information and Event Management (SIEM), Cloud Architecture, Release Engineering, Code Auditing, Digital Forensics, Cyber Forensics, Active Directory (AD), Email, Web Hosting, Freelance Programming, Encryption, Data, Payment APIs, Card Payments, Disaster Recovery Plans (DRP), Software Development Lifecycle (SDLC), RESTful Microservices, System Security, SCADA, Governance, IT Governance, Risk, PCI Compliance, Risk Models, Organization, Organizational Design, Organizational Structure, Business, Business Ideas, Business Cases, Business Development, Agile DevOps, High Code Quality, Secure Storage, Incident Response, Risk Assessment, System Security, Embedded Systems Engineering, Documentation, Technical Writing, Containers, Product Strategy Consulting, GTM Marketing, Group Policy, CISM, Artificial Intelligence, Advanced Encryption Standard (AES), Network Architecture, Cloud Infrastructure, SaaS Security, Code Review, SaaS, Technical Writing, AWS Certified Solution Architect, Data Risk Assessment (DRA), Cisco, Enterprise Cybersecurity, Shell Script, AI Security, OT Security, Forensics
How to Work with Toptal
Toptal matches you directly with global industry experts from our network in hours—not weeks or months.
Share your needs
Choose your talent
Start your risk-free talent trial
Top talent is in high demand.
Start hiring