Director cyber security

Experiencia

Director Cyber Security

Best Day

feb 2019 - Actualmente

●Strategic assessment of cyber functions.
●Security roadmap design.
●Team coaching and development. (9 direct reports 42 complete team)
●Coordinate efforts amongst the CSEC, SOC and other teams on identifying and
●Mitigating internal and external threats.
●Present results to senior management in a non-technical manner.
●BCP and DRP design in coordination with enterprise incident response team.
●Provide and coordinate security awareness to the business.
●Review and adjust budget to meet the business objectives and goals
●Create OKRs for the security function.
●Cloud security controls definition and implementation (AWS) 
●Cloud security controls definition, implementation, automation and orchestration (GCP)
●S4 Hanna security controls definition and implementation. 
●Cyber security awareness program
●Stakeholder strategic negotiation

Sr Manager Cyber Security Operations

Oportun

jul 2016 - ene 2019

●Creation of the SOC function.
●Creation of the cyber intelligence function.
●Oversee and manage the forensic and incident response function.
●Review policies and procedures for an effective at optimal operation level.
●Coordinate efforts amongst the CSEC, SOC and other teams on identifying and mitigating internal and external threats.
●Present results to senior management in a non-technical manner.
●Gather with 3rd party and vendors in order to improve, develop and implement security, solutions for the company.
●Security and risk assessment.
●Creation of objectives and goals for the technical teams.
●Budget planning.
●Serve as a liaison between the business and the cyber security operations generating and providing metrics.
●Review vendor on boarding process
●Team management (10 people in two countries)
●Cloud security controls definition and implementation (AWS)

Information Security Manager

HSBC

oct 2013 - jul 2016

●Creation of the forensic lab, of politics and procedures on evidence and case handling, extraction of the evidence, analysis of data and presenting results
●Handling security incidents as well as analyzing the evidence gathered during the incident, deploy information security solutions
●Analyzing malware sample obtained from the network and traffic, perform all forensic analysis for the institution.
●Manage the forensic and incident response team.
●Identifying and mitigating internal and external threats.
●Present case results to senior management in a non-technical manner.
●Gather with 3rd party and vendors in order to improve, develop and implement security, forensic and e-discovery solutions for the institution.
●Present new and innovative threat solutions to senior management.
●Perform security and risk assessment periodically.

Formación

Ing en telematica

UNAD

Idiomas

Español - Nativo

Ingles - Experto Negocios

Portugues - Intermedio

Otros datos

Cursos y Certificaciones

●AWS Security: Definition and implementation of security controls such as: AWS SSO, IaM, GuardDuty, Inspector, SecurityHub, Shield, Inspector, WAF, Security groups, cloudwatch. 
●GCP: definition, implementation and automation of security controls in Forseti, Security Command Center, security groups, WAF, TenableIO, implementation of a GRR (incident response framework. 
●Endpoint protection: Analysis and sizing of endpoint protection solution and develop an operational strategy, negotiating contract with vendor. 
●Forcepoint: sizing and business understanding of a data loss prevention solution and strategy, sit down with key stakeholders to negotiate strategy and implementation. 
●SAP Security: implementation of SAP cybersecurity framework 4.0, defining controls and securing systems against attacks. define security processes. 
●TenableIO: deploy and create a vulnerability and patch management strategy, set goals to reduce vulnerabilities found across the different lines of business, negotiation with key stakeholders to align the strategy and create commitment. 
●SIEM Technologies:  evaluate and choose vendor, define with technological  stakeholders information that SIEM technology is going to ingest, define metrics that will be generated from the SIEM and refine expressions to create a security analytics platform. 
●DevSecOps:  utilize tools such as sonarqube, jenkins, arachni scanner to integrate security testing as part of the development pipeline. define and guide implementation on a security baseline 
●IaM: use tools such as Okta and MSFT to research business needs for a identity and access management definition, implement roles and responsibilities for conditional access. 

Education and Certifications


Rochester Institute of Technology, Mini Masters in Cyber Security Risk Management
Area of Expertise: Cyber Security Risk
2018 – 2019

Universidad Abierta y a Distancia, Ingenieria en Gestion Industrial 
Area of Expertise: Engineering
2020 – 2023

Universidad del Valle de México, Ingenieria en Tecnologias Interactivas
Area of Expertise: Engineering
2008-2011

ECCouncil, CHFI
Area of Expertise: Computer Forensics and Incident Response

SANS GIAC Advance Computer Forensics and Incident Response GCFA Certified
Area of Expertise: Computer Forensics and Incident Response

Guidance Software EnCase Certified Examiner
Area of Expertise:  Computer Forensics and Incident Response

 ISO 27001 Lead Auditor Certified
Area of Expertise: ISO Auditing

SumoLogic Power Admin and User
Area of Expertise: Data analytics 



Specialized Training

GCP Certified Security Engineer
2020

CISCO C LEVEL ( Director skills)
2020

SAP Security
2019

Defining metrics and OKRs
2019

Transition from engineer to management
2018

Data recovery 
2018

Advance Network Forensics
2017