Michal is available for hire

Michal Lewandowski

Verified Expert in Engineering

Risk Management Developer

Poznań, Poland

Toptal member since December 26, 2023

Expertise

Cybersecurity Slack Development Penetration Testing MacOS Python Tech Freelancing SCADA Windows Development Software Development Artificial Intelligence Linux

Bio

Michal is a highly skilled cybersecurity professional specializing in implementing ISO 27001 and Trusted Information Security Assessment Exchange (TISAX) standards. He's an expert in crafting security strategies, conducting comprehensive risk assessments, and developing advanced cybersecurity solutions. Michal is focused on continual professional development and remaining at the forefront of cybersecurity innovation, offering invaluable expertise in a dynamic technological landscape.

Portfolio

Avaus

Google Workspace, Slack, Kali Linux, Burp Suite...

mTAB

ISO 27001, Information Security Management Systems (ISMS)...

Seargin

IT Projects, IT Project Management, Vulnerability Management, SIEM...

Experience

Security - 10 years
Auditing - 10 years
Cybersecurity - 10 years
Risk Management - 10 years
Information Security - 10 years
Information Security Management Systems (ISMS) - 10 years
Vulnerability Management - 8 years
Lean Project Management - 6 years

Availability

Part-time

Preferred Environment

MacOS, Slack, Google Workspace

The most amazing...

...contribution I've made is in automotive cybersecurity, guiding an international project to first place with pivotal security enhancements.

Work Experience

Chief Information Security Officer

2021 - 2023

Avaus

Developed and executed comprehensive IT security strategies, collaborating proficiently with diverse IT teams and key business stakeholders and ensuring stringent security and information protection across projects.
Safeguarded organizations' security with meticulous monitoring and auditing of processes, applications, and IT infrastructure.
Implemented the ISO 27001 certification for Avaus, showcasing our steadfast dedication to robust information security management.
Conducted thorough security audits and utilized advanced penetration testing tools to assess and enhance the IT infrastructure's resilience.

Technologies: Google Workspace, Slack, Kali Linux, Burp Suite, Information Security Management Systems (ISMS), ISO 27001, ISO 27002, Ethical Hacking, Web Security, Cybersecurity, Risk Management, IT Security, CISSP, Management, Security Audits, Leadership, OWASP Top 10, Risk Analysis, CISO, Cyber Defense, Vulnerability Scanning, Vulnerability Identification, Nessus, OWASP, Security

IT Security Manager

2020 - 2021

mTAB

Led the initiative to achieve the ISO 27001 and TISAX certifications, maintaining high standards in information security management and automotive industry-specific information security in Poland, the UK, and the USA.
Leveraged Burp Suite for comprehensive penetration testing of web applications, uncovering potential security weaknesses and recommending effective countermeasures.
Conducted thorough audits and identified potential threats, effectively managing risk elements and ensuring compliance with industry standards and best practices.
Ensured the organization's compliance with GDPR by expertly navigating and enforcing data handling and privacy practices.

Technologies: ISO 27001, Information Security Management Systems (ISMS), Vulnerability Management, GDPR, Business Continuity, Trusted Information Security Assessment Exchange (TISAX), Burp Suite, Ethical Hacking, Web Security, Cybersecurity, Risk Management, Python, IT Security, Management, Security Audits, Audits, Leadership, OWASP Top 10, Risk Analysis, Risk Modeling, CISO, Cyber Defense, Vulnerability Scanning, Vulnerability Identification, Nessus, OWASP, Security

IT Security Team Leader

2018 - 2019

Seargin

Worked as project team leader for Volkswagen Group Poland, improving cybersecurity in the automotive industry by developing architectural concepts and implementing IT security solutions.
Implemented SIEM-based cybersecurity solutions to protect the organization from potential cyber threats.
Ensured compliance with industry standards, conducted security assessments, and implemented vulnerability scanning solutions.

Technologies: IT Projects, IT Project Management, Vulnerability Management, SIEM, Business Continuity, XD to HTML, Identity & Access Management (IAM), Web Security, Cybersecurity, Risk Management, IT Security, Management, Audits, Leadership, OWASP Top 10, Risk Analysis, Risk Modeling, Cyber Defense, Vulnerability Scanning, Vulnerability Identification, Nessus, OWASP, Security

Internal IT Auditor

2017 - 2018

IPS-SGB

Improved cybersecurity by conducting various audits, including black box, white box, internet services, and web app testing.
Conducted information security audits based on recommendation D and ISO/IEC 27001 standards. Additionally, I presented audit results to the bank's board of managers and directors.
Prepared security audit reports and coordinated corrective actions to improve security measures for 200 Polish banks.

Technologies: Security Audits, Penetration Testing, Kali Linux, Vulnerability Management, Reporting, Ethical Hacking, Web Security, Cybersecurity, Risk Management, IT Security, Audits, OWASP Top 10, Risk Analysis, Risk Modeling, Cyber Defense, Vulnerability Scanning, Vulnerability Identification, Nessus, OWASP, Security

IT Security Manager

2016 - 2017

Eurocash

Created comprehensive policies and procedures to ensure adequate security strategy implementation.
Monitored and audited processes, applications, and IT infrastructure to identify and mitigate potential risks.
Implemented security frameworks that follow industry standards, including NIST and CIS.

Technologies: Information Security Management Systems (ISMS), Auditing, Cybersecurity, Risk Management, IT Security, Audits, Leadership, OWASP Top 10, Risk Analysis, Risk Modeling, CISO, Security

IT Security Consultant

2014 - 2016

Pbsg

Led and participated in various projects to safeguard organizations' data, ensure compliance, and maintain business continuity.
Leveraged my expertise in information security, personal data protection, business continuity planning, ISO/IEC 27001 implementation, ITIL, and security training and auditing.
Conducted security audits on SCADA systems and implemented network management tools.

Technologies: GDPR, Information Security Management Systems (ISMS), ISO 27001, ISO 22301, ITIL, ISO 27002, ISO 20000, IT Networking, Security, Security Awareness, Training, SCADA, Cybersecurity, Risk Management, IT Security, Security Audits, Audits, Leadership, Risk Analysis

IT Administrator

2008 - 2014

ERGO International formerly Atena

Administered Windows servers for clients. Demonstrated technical proficiency and expertise in ensuring the seamless functioning of clients' servers.
Implemented software for insurance companies that improves efficiency and decision-making. Helped other companies with their software needs.
Ensured smooth operations and security for clients. Helped them optimize their systems to fit their business needs best.

Technologies: Windows Server, Windows Desktop Software, Networking, Computer Repair, Software, Software Implementation

Network and System Administrator

2006 - 2008

ZSK

Implemented FreeBSD on school servers and configured mail server, website, DNS, and databases.
Installed HR and payroll software and configured a server for an international project.
Managed a server-network infrastructure in a school team. Installed and configured systems and services on IBM and Dell servers.

Technologies: BSD, Linux, Windows Server, Networking

Experience

ISO 27001 and TISAX Standards Implementation

As a seasoned professional, I successfully implemented ISO 27001 and TISAX standards globally, spanning Europe and the United States. My extensive experience and knowledge in this area ensured that these standards were implemented efficiently and effectively, improving organizational performance and customer satisfaction.

Security Audits and Vulnerability Management

My expertise has helped these entities identify potential threats and attack vectors and implement effective measures to protect their valuable assets. By leveraging my skills and knowledge in the field, I have provided valuable insights and recommendations to clients, enabling them to stay ahead of potential security breaches and mitigate risks.

Security Audits

Throughout my professional journey, I have amassed significant expertise in performing comprehensive IT security audits, vulnerability scans, and pen-testing. My experience in this domain has been honed through my work with a diverse range of organizations and financial institutions, where I have been entrusted with safeguarding their digital assets against potential threats and vulnerabilities.

Education

2004 - 2008

Engineer's Degree in Information Technology

Collegium Da Vinci - Poznań, Poland

Certifications

MARCH 2024 - PRESENT

Generative AI in Cybersecurity

GSDC

AUGUST 2023 - JULY 2026

Certified Information Systems Security Professional

ISC2

MAY 2022 - MAY 2025

Certified ISO/IEC 27001 Lead Auditor

TÜV NORD

MARCH 2015 - PRESENT

Graduate Studies in Lean Management

WSB University

Skills

Tools

Nessus, Slack, Google Workspace

Paradigms

Management, Penetration Testing, ITIL

Platforms

Kali Linux, MacOS, Burp Suite, Windows Server, BSD, Linux

Industry Expertise

Cybersecurity

Languages

Python

Other

Auditing, ISO 27001, Security Audits, IT Security, Audits, Operating Systems, Vulnerability Management, Risk Management, Security, Ethical Hacking, Web Security, Leadership, OWASP Top 10, Risk Analysis, Risk Modeling, CISO, Cyber Defense, Vulnerability Scanning, Vulnerability Identification, Networking, Lean Project Management, Information Security Management Systems (ISMS), Programming, Information Security, ISO 27002, GDPR, Business Continuity, IT Projects, IT Project Management, SIEM, XD to HTML, Identity & Access Management (IAM), Reporting, ISO 22301, ISO 20000, IT Networking, Security Awareness, Training, Information Technology, Lean, Trusted Information Security Assessment Exchange (TISAX), SCADA, CISSP, Windows Desktop Software, Computer Repair, Software, Software Implementation, Artificial Intelligence (AI), OWASP

Collaboration That Works

How to Work with Toptal

Toptal matches you directly with global industry experts from our network in hours—not weeks or months.

Share your needs

Discuss your requirements and refine your scope in a call with a Toptal domain expert.

Choose your talent

Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.

Start your risk-free talent trial

Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.

Top talent is in high demand.

Start hiring