Gökay Pekşen
Verified Expert in Engineering
IT Security Developer
Istanbul, Turkey
Toptal member since April 28, 2022
Gökay is a senior manager and principal advisor specializing in cyber security, information security, audit, and standards and regulations. He is highly skilled in enterprise security architecture and an expert in delivering sustainable protection and enhancing reputation and digital existence while enabling risk mitigation to prevent financial loss. Gökay has been working with different technologies, programming languages, and frameworks and is willing to embrace new and challenging projects.
Portfolio
Experience
- Information Security - 15 years
- Training - 15 years
- Cybersecurity - 15 years
- Penetration Testing - 12 years
- Ethical Hacking - 12 years
- ISO 27001 - 12 years
- Linux - 10 years
- Networks - 10 years
Availability
Preferred Environment
Zoom, MacOS, Linux, Windows
The most amazing...
...thing I've designed is Turkey's first DevSecOps continuous integration and continuous delivery pipeline.
Work Experience
Founder and CEO
Prime Threat
- Advised a firm on cybersecurity investments focusing on ISO 27001, PCI DSS, and COBIT to boost financial stability and global reach.
- Aimed to bolster market competitiveness by aligning investments with international GRC standards.
- Created an ISO 22301, NIST-based security framework for a logistics client in Turkey to enhance resilience and compliance.
- Embedded GRC principles to protect assets and reinforce the client's reputation as a secure logistics partner.
- Proposed a reorganization for a cybersecurity firm aligning with ISO 27001, NIST, and PCI DSS to improve governance and risk management.
- Emphasized the reorganization strategy, elevating the firm's commitment to data protection and cybersecurity excellence.
- Developed custom STRIDE threat modeling application for enterprise-wide security assessment, resulting in 90% faster threat identification and remediation planning across cloud and on-premise environments.
- Engineered infrastructure-as-code solutions using Terraform and Python, automating security configurations across multi-cloud environments, reducing deployment time by 85% while ensuring security compliance for the clients.
- Designed and implemented security operations framework integrating ArcSight, Qradar, and TrendMicro, achieving 24/7 monitoring coverage and reducing incident response time by 70% for the clients.
Senior DevSecOps Architect
Honda
- Designed and executed a comprehensive AWS cloud migration strategy for the enterprise DevSecOps ecosystem, reducing infrastructure costs by 45% while maintaining 99.99% availability and implementing end-to-end security controls.
- Architected unified MLOps and DevSecOps framework using Amazon SageMaker and security services, enabling a secure machine learning pipeline with automated compliance checks and reduced model deployment time by 70%.
- Conducted extensive STRIDE threat modeling across cloud infrastructure, identifying and mitigating 85% of potential security risks before production deployment, significantly enhancing system resilience.
- Created multi-account, multi-branch AWS landing zone with advanced security guardrails, implementing least privilege access and automated compliance monitoring across development, staging, and production environments.
- Developed scalable, secure microservices architecture leveraging AWS containerization and serverless technologies, improving system modularity and reducing operational overhead by 60% while maintaining stringent security standards.
IT Security Consultant | Secure Hosting Setup
Heart Gate Enterprises, LLC
- Engineered a NIST-compliant zero-trust security framework with multi-layered defense mechanisms, reducing attack surface by 85% through strategic implementation of preventive controls and threat detection systems.
- Designed a high-availability hybrid cloud infrastructure supporting exponential growth, achieving 99.99% uptime while reducing operational costs by 40% through optimized resource allocation and capacity management.
- Established an enterprise-grade CI/CD framework using AWS CodePipeline, CodeBuild, and CodeDeploy, implementing IaC practices that reduced deployment cycles by 85% and automated 70% of compliance checks.
- Crafted a vendor-neutral microservices architecture using Amazon ECS and EKS, enabling seamless containerization and orchestration while improving system modularity and resource efficiency.
- Implemented comprehensive observability using Amazon CloudWatch, X-Ray, and Prometheus, delivering full-stack monitoring with automated incident response, reducing MTTR by 60% through predictive analytics.
DevSecOps Engineer (via Toptal)
ArtsMarketing Suite LLC
- Designed and architected a comprehensive security framework incorporating NIST cybersecurity standards, resulting in an 85% reduction in potential attack vectors through multi-layered security controls and advanced threat prevention mechanisms.
- Architected a scalable hybrid cloud-native infrastructure blueprint supporting 10x growth with 99.99% availability, optimizing resource utilization by 65% while reducing projected operational costs by 40% through efficient capacity planning.
- Designed an enterprise-level Azure DevOps pipeline architecture implementing GitOps practices and shift-left security approach, leveraging Azure Boards, Repos, Pipelines, and Test Plans to reduce deployment time by 85%.
- Developed a cloud-agnostic microservices architecture blueprint with containerized workloads, implementing Kubernetes orchestration for optimal resource utilization, enhanced system modularity, and seamless vendor flexibility.
- Architected a comprehensive observability and monitoring framework providing 360° system visibility, incorporating automated incident response mechanisms reducing resolution time by 60%, supported by advanced metrics collection.
Cybersecurity Consultant
Olea Global Pte. Ltd. - Main
- Completed an ISO 27001 audit with a GDPR focus to optimize our ISMS, enhancing data protection and security posture.
- Implemented advanced security measures adhering to GDPR, strengthening defenses against cyber threats.
- Undertook an ISO 27001 and GDPR audit to refine our ISMS, integrating GDPR-compliant controls.
- Enhanced risk mitigation and regulatory compliance, improving our cybersecurity response capabilities.
- Increased ability to detect, respond to, and recover from cyber threats, minimizing business interruptions.
- Strengthened protection of sensitive data through enhanced cybersecurity measures and compliance.
Security Lead
Toyota Material Handling
- Designed a cybersecurity management structure incorporating GRC principles with a GDPR focus, advising leadership on compliance and security needs.
- Developed GDPR-compliant operational strategies, embedding governance, risk management, and compliance into cybersecurity practices.
- Established cybersecurity policies aligned with GRC frameworks like ISO, IoTSF, and GDPR, addressing compliance and company-specific needs.
- Integrated global standards and regulatory compliance into cybersecurity practices, ensuring adherence to GRC principles.
- Performed risk analysis incorporating GRC and GDPR considerations to proactively address and mitigate cybersecurity threats.
- Applied GRC principles in threat modeling, focusing on risk mitigation and data protection to safeguard against potential revenue impacts.
- Developed custom STRIDE threat modeling application for enterprise-wide security assessment, resulting in 90% faster threat identification and remediation planning across cloud and on-premise environments.
Security Compliance Consultant
Bonify, LLC
- Formulated a cybersecurity management policy, integrating GRC principles with a focus on ISO 27001, GDPR, and compliance with Wix and Shopify platforms for a web app development company.
- Assessed the current IT and security setup, recommending architectural enhancements for servers, tools/devices, and software in line with GRC frameworks to bolster infrastructure resilience.
- Crafted a strategic roadmap to elevate the security posture of DevOps-manufactured products and services, aligning future developments with GRC standards and organizational needs.
- Prioritized alignment with international and commercial cybersecurity standards, ensuring governance, risk management, and compliance are central to security operations.
- Emphasized the importance of adhering to GRC principles in evaluating and upgrading security architecture, enhancing protection against evolving threats.
- Proposed infrastructure improvements based on rigorous GRC assessments, aiming to fortify the security foundation of the organization's IT environment.
Cybersecurity Advisor to CIO
Istanbul Metropolitan Municipality
- Collaborated in multidisciplinary projects to strategize Istanbul's smart city and IoT initiatives, integrating GRC principles for effective management and implementation.
- Enhanced enterprise security by developing a fortified infrastructure, ensuring ISO 27001, PCI-DSS, NIST, and GDPR compliance within a comprehensive GRC framework.
- Established an ISO and GDPR-compliant security management framework, embedding it into the enterprise architecture to align with global data protection standards.
- Launched initiatives to elevate secure operations expertise, focusing on ISO, NIST, and GDPR compliance and integrating GRC best practices for robust cybersecurity.
- Defined metrics and KPIs within an ISO, NIST, and GDPR context to refine security operations, emphasizing governance, risk management, and compliance in IT processes.
- Aimed to enhance software and infrastructure security by adhering to ISO and GDPR norms, leveraging GRC strategies for continuous improvement and compliance.
- Established enterprise-wide PKI infrastructure and certificate management system, implementing HTTPS enforcement and cryptographic policies that achieved 100% compliance with security standards.
- Designed and implemented security operations framework integrating ArcSight, Qradar, and TrendMicro, achieving 24/7 monitoring coverage and reducing incident response time.
- Orchestrated integration of advanced security stack (FortiWAF, Tenable, Trellix EDR, Vectra AI) with existing SIEM solutions, improving threat detection capability by 80% and reducing false positives by 85%.
Information Security VP and Enterprise Architect
Bankalararası Kart Merkezi (Interbank Card Center)
- Architected a state-of-the-art cybersecurity framework, securing 250 billion TL in local transactions, aligning with GRC principles for robust financial data protection.
- Envisioned and set a competitive benchmark for Turkey's payment ecosystem with TROY, incorporating GRC strategies to ensure operational excellence and compliance.
- Executed the strategy through meticulous GRC-aligned stages: assessment, design, build, operation, testing, audit, and ongoing enhancement for cybersecurity resilience.
- Reported to executive leadership, emphasizing governance, risk management, and compliance in managing security and service, with a significant budget for strategic investments.
- Managed a dedicated team, focusing on GRC-centric security operations, overseeing significant financial allocations for continuous infrastructure and capability improvement.
- Introduced a rigorous framework for ongoing penetration testing and code reviews, underpinning a proactive GRC-compliant cybersecurity posture against emerging threats.
- Established enterprise-wide PKI infrastructure and certificate management system, implementing HTTPS enforcement and cryptographic policies that achieved 100% compliance with security standards.
- Developed TROY’s IT and payment infrastructure to mirror global benchmarks like Discover Card, integrating PCI DSS and other regulatory standards for international compliance.
- Orchestrated integration of advanced security stack (Tenable, Trellix EDR, Fortify, Citrix WAF/LB, CyberArk PAM) with ArcSight, improving threat detection capability.
- Championed GRC principles in all phases of the payment system's lifecycle, from strategic planning to operational excellence, setting a precedent for payment security in Turkey.
Senior Cybersecurity Consultant
PwC
- Formed a cybersecurity team grounded in GRC principles, tasked with executing security assessments, penetration testing, and incident response to uphold data integrity and compliance.
- Enhanced client IT infrastructures across critical sectors, employing GRC methodologies to safeguard against both anticipated and novel cyber threats, reinforcing resilience and compliance.
- Conducted thorough audits of client cybersecurity practices, leveraging GRC frameworks to evaluate adherence to international laws, regulations, and industry best practices, ensuring comprehensive compliance.
- Developed and implemented a continuous monitoring strategy, integrating GRC principles to proactively identify vulnerabilities and respond to incidents, thus minimizing risk exposure.
- Established a robust incident response process, informed by GRC standards, to manage and mitigate the impact of security breaches swiftly, ensuring regulatory compliance and operational continuity.
- Advocated for GRC-aligned cybersecurity education and awareness programs within client organizations, promoting a culture of security, compliance, and risk awareness to prevent future threats.
Experience
TROY Payment Project
Cybersecurity Organization and Business Model Designing
Turkey's Very First DevSecOps CI/CD Pipeline
Education
Bachelor's Degree in Computer Engineering
Istanbul Commerce University - Istanbul, Turkey
Certifications
ISO 22301
ISO
ITIL
HP
ISO/IEC 27001:2013 LA
ISO
Certified Ethical Hacker
EC-Council
Skills
Libraries/APIs
REST APIs, AES
Tools
Acunetix, Invicti (Netsparker), Nessus, Accunetix Vulnerability Scanner, Zoom, Google Workspace, Grafana, Microsoft Power Apps, Splunk, GCP Security, VPN, GitHub
Paradigms
Penetration Testing, DevSecOps, DDoS, Security Software Development, DevOps, Secure Code Best Practices, Microservices, Microservices Architecture, Continuous Deployment, Continuous Delivery (CD), Continuous Development (CD), Continuous Integration (CI), Automation, Azure DevOps
Platforms
Linux, Windows, MacOS, Azure, Amazon Web Services (AWS), Imperva Incapsula, CrowdStrike, Google Cloud Platform (GCP), Embedded Linux, Shopify, Docker, Kubernetes
Industry Expertise
Cybersecurity, Network Security, E-learning, Security Advisory, Enterprise Security
Storage
Database Security, Datadog, SQL Injection Protection, Azure Active Directory, Amazon S3 (AWS S3)
Frameworks
COBIT 5, Django
Languages
JavaScript, Go, Rust, Python, TypeScript, SQL
Other
Networks, Information Security, Auditing, ISO 27001, Training, ICT Training, Information & Communications Technology (ICT), Ethical Hacking, Certified Ethical Hacker (CEH), IT Infrastructure, Identity & Access Management (IAM), Firewalls, Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Scanning, System-on-a-Chip (SoC), Web Intelligence, Threat Intelligence, Threat Modeling, CISO, Data-level Security, Data Privacy, International Data Privacy Regulations, Vulnerability Management, Vulnerability Assessment, Red Teaming, PCI DSS, ISO 27002, Endpoint Security, Vulnerability Identification, CyberArk, Web Application Firewall (WAF), Data Loss Prevention (DLP), Data Governance, Compliance, Architecture, Security, IT Security, Information Security Management Systems (ISMS), NIST, Security Engineering, Security Architecture, GRC, Security Audits, Web Security, Computer Security, Risk Management, Security Management, Security Design, Lecturing, Learning, PCI, SecOps, Web App Security, Certified Information Systems Security Professional, Leadership, Audits, Infrastructure Security, IT Project Management, OWASP Top 10, Risk Analysis, Risk Modeling, Business Continuity Planning (BCP), Business Continuity, Business Continuity & Disaster Recovery (BCDR), Consulting, Security, Advisory, Root Cause Analysis, Cybersecurity Operations, Communication, Privileged Access Management (PAM), Enterprise Risk Management (ERM), Project Consultancy, ISO 22301, ITIL 4, IT Service Management (ITSM), GDPR, Enterprise Architecture, Business Continuity, SIEM, Mobile Payments, Digital Payments, Zero-day Vulnerabilities, IBM Security Guardium, Cloud Security, CI/CD Pipelines, System Administration, CCNA, CCNA Security, Business Continuity & Disaster Recovery (BCDR), Migration, Application Security, Data Protection, Single Sign-on (SSO), Detection Engineering, Data Encryption, Cloudflare, SOC 2, Mobile Security, Malware Removal, CISSP, Cryptography, IDS/IPS, Endpoint Detection and Response (EDR), Business Continuity Planning (BCP), Security Operations Centers (SOC), Managed Detection and Response (MDR), Cloud, Infrastructure as Code (IaC), Disaster Recovery Consulting, Application Security, Vulnerability Scanning, Cyber Defense, Managed Security Service Providers (MSSP), OWASP, Security Information and Event Management (SIEM), Cloud Architecture, Release Management, Code Auditing, Digital Forensics, Cyber Forensics, Active Directory (AD), Email, Web Hosting, Programming, Encryption, Data, Payment APIs, Card Payments, Disaster Recovery Plans (DRP), Software Development Lifecycle (SDLC), RESTful Microservices, IoT Security, SCADA, Governance, IT Governance, Risk, PCI Compliance, Risk Models, Organization, Organizational Design, Organizational Structure, Business, Business Ideas, Business Cases, Business Development, Agile DevOps, High Code Quality, Secure Storage, Incident Response, Risk Assessment, Threat Analytics, Embedded Systems, Documentation, Technical Writing, Containers, Product Strategy Consultant, Go-to-market Strategy, Group Policy, CISM, Artificial Intelligence (AI), Advanced Encryption Standard (AES), Network Architecture, Cloud Infrastructure, SaaS Security, Code Review, Software as a Service (SaaS), Technical Writing, AWS Certified Solution Architect, Data Risk Assessment (DRA), Cisco, Enterprise Cybersecurity, Shell Scripting, AI Security, OT Security, Forensics, Machine Learning Operations (MLOps), AWS Cloud Architecture, SOC Compliance
How to Work with Toptal
Toptal matches you directly with global industry experts from our network in hours—not weeks or months.
Share your needs
Choose your talent
Start your risk-free talent trial
Top talent is in high demand.
Start hiring