Sr Cyber Security Consultant

WirelessCar is one of the world’s leading innovators of digital vehicle services. We accelerate service creation and turn vehicle data into business value for consumers, mobility providers, vehicle makers and society. Founded in 1999, WirelessCar has continuously built upon our heritage and grown our expertise within the automotive industry. Today, WirelessCar is a highly recognized and award-winning company, connecting more than twelve million vehicles in over 100 countries.

WirelessCar SOC organization participates actively in security related decision making for the whole security organization. We adopt NIST CyberSecurity Framework 2.0, and participate in all 6 functions, especially when the matter relates to Threats and Incidents.

Gustavo joined the team in 2022 and made important technical and management level contributions to different security teams and beyond such as: implementing SOC taxonomy, WoW according to NIST CSF 2.0, expanding operational threat detection capabilities, hands-on improvements on secure posture,conducting several threat modelling workshops for delivery teams and IT department, participates weekly in risk management activities, reporting and advisory to CISO and management teams, threat landscape, building business cases for investments, VSOC conceptualization, evaluating of third-party solutions, led the implementation of a new way of working related to handling Threat Intelligence, which also included Artificial Intelligence advisory and training in the realm of Cybersecurity and organization wide.

ENVIRONMENTS/TOOLS: AWS Platform, Microsoft Defender, Azure, Entra, Sentinel, Sumo Logic (legacy + CloudSIEM), Cortex, WAF, Suricata/IDS, EDR/XDR, Sonarqube, Confluence, Jira, Terraform, Visual Studio Code, Linux, Python, LLMs, AI Agents, ChatGPT, Ollama, Intune, Cisco Umbrella, Admin By Request, Purview.

METHODS/ARCHITECTURES/INDUSTRIES: SOC / VSOC, Cyber Threat Intelligence, ISO 21434, ISO27001, EU CRA,  UNR/UNECE-155, ADAS/DCAS/FSD tech, NIST 800-53, VDA-ISA, Auto-ISAC, Risk Management, Threat Management, Blue Teaming, Pent Test Report Analysis, DLP, Vulnerability Management, Threat Detection/Fine-Tuning, Threat Modelling, Incident Management and Response, SIEM, SOAR, EDR/XDR, PKI/Certificates, Kanban, Infra as Code, Disaster Recovery, Artificial Intelligence (LLM, GenAI, general advisory/training regarding workflows automation), onboard/offboard automotive architecture, tabletop exercises, security directives/processes/policies/procedures.

Core Consulting is a firm focused on provisioning and managing cloud infrastructure solutions to healthcare clients within private and public sectors. Their cloud platform solution is based on service-oriented architecture with the overall goal to provide integration and interoperability between international healthcare data standards such as HL7 FHIR, IHE and OpenEHR.

This project is related to the creation of infrastructure blueprints for cloud deployments (IaC - Infra as Code) for a variety of clients. The platform is based on EHRBase and e-health modeling architecture OpenEHR. Gustavo has engaged in designing and automating the creation of AWS/Azure cloud resources via Terraform and Git. IaC scope consists of automating the deployment of servers, storage, network services, policies, cloud access and general security and compliance services.

ENVIRONMENTS/TOOLS: EHRBase, Azure/AWS, Azure Security Services, Azure Sentinel, AWS Security Services, IAM, Networking, Certificate Manager, WAF, KMS, System Manager, Docker, Terraform, Git, Visual Studio Code, Linux

METHODS/ARCHITECTURES/INDUSTRIES: Healthcare, Infrastructure and Security Compliance, NIST, Cloud Access Policy, DevOps, Encryption, Capacity planning, Security Management/Auditing, OWASP, NIST, monitoring, CIS baselines/VM hardening, CVE, Risk Management, SIEM, Auditing

Gustavo has engaged in the startup scene helping a few startups with strategy and technology advisory. Gustavo has developed during the past year profound expertise within biohacking and general health. During this period, Gustavo has been consulting for Yogut, a startup in the homemade yogurt segment, Plexus Trading, an AI trading platform on the cloud, and Trueahead, an app for personal self-development. That aside, Gustavo has attended several international tech conferences and invested heavily in acquiring new competences and refreshing skills related to new cloud solutions from the 3 major cloud providers: AWS, Google and Microsoft, specifically in the realms of the latest technologies within Cloud Solution Architecture, Development, DevOps/Integrations and AI.

environments/TOOLS:  AWS, CI/CD, GCP, Azure, Kubernetes, Container, Docker, Jenkins, Terraform, Ansible, Python, Visual Studio, Git, HomeAssistant, Google IoT, Visual Studio Code

METHODS/architectures/Industries: AI, DevOps, Cloud Computing, Business Case, Go2Market strategies, foodtech, e-commerce, retail, bank & finance, IoT

TietoEVRY is the largest IT service provider in the Nordics. Its clients extend over several market segments, including banking/insurance, healthcare/welfare, and the public sector. City of Stockholm is arguably TietoEVRY’s largest client in Sweden, with billions SEK in orders/projects.

In 2012 Tieto was awarded to provide IT services, under SIKT contract (Stockholms Informations- och KommunikationsTeknik), to the whole City of Stockholm municipality. One of the major deliverables consisted of a whole new platform for the administration of schools and the municipality residents. The complete delivery was composed of over 6 different service providers, where Tieto played the key role of service manager and, service integrator to the almost totality of IT services for the City of Stockholm.  Gustavo acted as main Solution Architect for several projects related to development/implementation of new services and further development of legacy services. The main delivery consisted of over 7 major applications, with dependencies and integrations towards over 20 different systems. Gustavo’s main responsibilities consisted of deliveries within infrastructure, integrations, general cloud integrations, touching the whole delivery lifecycle such as requirement analysis, design, implementation, test, deployment, penetration test, security improvements and business continuity of different applications.

technologies/Products/Platforms: Azure Security Center (Microsoft Defender), Azure Sentinel, Azure Integrations Platform, BMC, Microsoft SQL, .Net, Jira, BizTalk, BankID, IAM, Identity Management, PRTG, Webtrends, ReqT, ServiceNow, Git, Powershell, Sentinet API Management, PowerBI, Visual Studio, Microsoft Teams, Graph API, SIEM

environments:  Microsoft Azure Cloud / Onprem, Vmware

METHODS/architectures/processes: Microservices, Migration, Functional and non-functional requirements, Continuous Integration and Delivery, SOA, Agile, Security, Penetration Testing, Application Performance Management, GDPR, Operation/Incident/Problem/Change Management, API management, Business Intelligence, Event-driven development, Data Warehouse, DevOps, GDPR, Environment Management (Test, SIT, AT, PreProd, Prod, Training)