It looks like you are in United States. Would you like to go to https://onsiter.com/us/ instead?
Kan være tilgængelig
(Opdateret 2021-08-29)IT- og cybersikkerhedsspecialist
København, Danmark
Modersmål Danish, Begynder English
- Cybersikkerhed
- IT-sikkerhed
- Informationssikkerhed
Kvalifikationer (27)
ISO
Security Testing
Programming
Cloud
SCANNING
PAYMENT CARD INDUSTRY
BEST PRACTICES
CISSP
OPEN SOURCE
SYSTEMS SECURITY
INFORMATION SECURITY
IT Security
Cyber Security
SYSTEM DEVELOPMENT
Linux
SECURE DEVELOPMENT
MITIGATION
Penetration Testing
PCI
NIST
SECURITY POLICIES
CRYPTOGRAPHY
LANGSEC
MICROSOFT OFFICE
SOCIAL ENGINEERING
Agile
FINANCE
Resumé
Information and cyber security expert mastering strong technical skills in combination with
information security management and an arsenal of security best practices.
I want to lead people in making targeted operations very difficult for skilled and
resourceful threat actors, such as advanced persistent threats and other criminals, to
protect the nation and citizen.
Professionel erfaring
Cyber Security Specialist
PFA
2020-02 - Nuværende
As the CISO's right hand, I add valuable technical security knowledge and experiences to
improve the organisation's maturity and security levels in all areas within the domains of information and cyber security. I do this primarily by being an active and visible
information security advisor (internal consultant) for multiple (non-)technical roles in the organisation, and secondary by my involvement in several security projects including a
years-long project to implement Secure Development Lifecycle across all development
teams (300+ employees), DevSecOps team (CoE), other infrastructure and operations
teams among other.
improve the organisation's maturity and security levels in all areas within the domains of information and cyber security. I do this primarily by being an active and visible
information security advisor (internal consultant) for multiple (non-)technical roles in the organisation, and secondary by my involvement in several security projects including a
years-long project to implement Secure Development Lifecycle across all development
teams (300+ employees), DevSecOps team (CoE), other infrastructure and operations
teams among other.
Information Security Officer, KMD; Ballerup
KMD, I
2018-12 - 2020-01
pushed the information security level to new heights across the organisation by
adding my broad and deep knowledge about information security. I did this with several
strategic and tactical actions such as:
+ improvements to policies and standards based on security best practices and with the cyber kill chain in mind
+ building a coherent security awareness program with material and training for different
roles such as
- Regular employees to withstand phishing, etc.
- business architects to identify needed security controls
- enterprise architects to build secure enterprise designs
- developers to code and perform continuous integration securely
- DevSecOps to perform secure continuous deployment and hardening
1 of 3
- management to make the right decisions which decreases risks
+ performing internal security assessments and tests
+ providing internal consulting to the business in security best practices
adding my broad and deep knowledge about information security. I did this with several
strategic and tactical actions such as:
+ improvements to policies and standards based on security best practices and with the cyber kill chain in mind
+ building a coherent security awareness program with material and training for different
roles such as
- Regular employees to withstand phishing, etc.
- business architects to identify needed security controls
- enterprise architects to build secure enterprise designs
- developers to code and perform continuous integration securely
- DevSecOps to perform secure continuous deployment and hardening
1 of 3
- management to make the right decisions which decreases risks
+ performing internal security assessments and tests
+ providing internal consulting to the business in security best practices
Head of Information Security
NNE
2018-04 - 2018-11
As head of information security, I was responsible for the development and
implementation of a new information security strategy, extensive improvements to the information security management system, and technical controls within the infrastructure.
To realise a strong information security strategy, I was defining a new set of information
security policies, processes, procedures, and standards based on security best practices.
implementation of a new information security strategy, extensive improvements to the information security management system, and technical controls within the infrastructure.
To realise a strong information security strategy, I was defining a new set of information
security policies, processes, procedures, and standards based on security best practices.
Security Consultant
F-Secure Danmark
2016-03 - 2018-03
I performed security reviews, assessments, and tests for large organisations (10,000+ employees) in different industries including finance, insurance, transport, energy, and government where PCI DSS among other standards are required. The reviews,
assessments, and tests include networks, operating systems, security solutions, cloud
architecture, web applications and APIs, mobile applications, cryptography, targeted
(spear)-phishing attacks simulating APTs, open source intelligence among other. I
delivered detailed reports of findings with recommendations for best security practises to remediate the findings. In addition, I provided root cause analysis and executive
summaries for C-level and management to help them improve their information security
management system (ISO 2700x, NIST Cybersecurity Framework, CIS Critical Security Controls). Furthermore, I held workshops for organisations to train them in vulnerability
assessment and management.
Among accomplishments can be mentioned:
+ Harvested Windows domain credentials during a simulated APT phishing campaign
against Microsoft Office 365 protected by Microsoft ATP which could be used in escalated
attacks against the organisation.
+ Found Java-based remote code execution (CVSS 10.0) in a financial web application
which could be exploited to compromise critical infrastructure affecting millions of users.
+ Discovered multiple missing mitigation techniques within industry-leading security
solutions (WAF) which could lead to many types of attacks against thousands of web
applications and millions of users.
+ Developed a Java plugin for Burp Suite to enable efficient automatic scanning of web
applications with strong cross-site request forgery (CSRF) mitigation techniques.
assessments, and tests include networks, operating systems, security solutions, cloud
architecture, web applications and APIs, mobile applications, cryptography, targeted
(spear)-phishing attacks simulating APTs, open source intelligence among other. I
delivered detailed reports of findings with recommendations for best security practises to remediate the findings. In addition, I provided root cause analysis and executive
summaries for C-level and management to help them improve their information security
management system (ISO 2700x, NIST Cybersecurity Framework, CIS Critical Security Controls). Furthermore, I held workshops for organisations to train them in vulnerability
assessment and management.
Among accomplishments can be mentioned:
+ Harvested Windows domain credentials during a simulated APT phishing campaign
against Microsoft Office 365 protected by Microsoft ATP which could be used in escalated
attacks against the organisation.
+ Found Java-based remote code execution (CVSS 10.0) in a financial web application
which could be exploited to compromise critical infrastructure affecting millions of users.
+ Discovered multiple missing mitigation techniques within industry-leading security
solutions (WAF) which could lead to many types of attacks against thousands of web
applications and millions of users.
+ Developed a Java plugin for Burp Suite to enable efficient automatic scanning of web
applications with strong cross-site request forgery (CSRF) mitigation techniques.
CEH (Certified Ethical Hacker)
EC-Council
2015-01 - 2018-01
Security Consultant, Digicure
Deloitte
2014-12 - 2016-02
I performed security assessments and tests for some of the biggest and medium-sized
Danish organisations in different industries. Amongst the assessments and tests were in-
depth open source intelligence to discover exposure of valuable information which could
be used in escalated attacks, vulnerability assessments of internal and external networks,
web applications and APIs, and mobile applications. I delivered detailed reports of the findings including recommendations to remediate the findings, and executive summaries.
2 of 3
Danish organisations in different industries. Amongst the assessments and tests were in-
depth open source intelligence to discover exposure of valuable information which could
be used in escalated attacks, vulnerability assessments of internal and external networks,
web applications and APIs, and mobile applications. I delivered detailed reports of the findings including recommendations to remediate the findings, and executive summaries.
2 of 3
Developer and System Administrator
Skiklubben Hareskov
2013-01 - 2014-01
I developed a new member portal for the skiing club to increase member activity and new
member signups. In addition, I designed and hardened the system design and server
setup to decrease the risks of compromises of the member portal.
member signups. In addition, I designed and hardened the system design and server
setup to decrease the risks of compromises of the member portal.
Network and System Administrator
2BM
2011-01 - 2012-01
As a student worker, I administered existing networks and systems for a Danish SAP
consultancy and development company. In addition, I implemented new systems and technologies to improve the daily work efficiency for the employees.
Certificates & Courses + OSCP (Offensive Security Certified Professional); Offensive Security - To be continued
+ CISSP (Certified Information Systems Security Professional); (ISC)2 - 2017-2020
+ SEC642 (Advanced Web App Penetration Testing, Ethical Hacking, and Exploitation Techniques); SANS - 2016
+ Cybersecurity Specialization; University of Maryland via Coursera - To be continued
consultancy and development company. In addition, I implemented new systems and technologies to improve the daily work efficiency for the employees.
Certificates & Courses + OSCP (Offensive Security Certified Professional); Offensive Security - To be continued
+ CISSP (Certified Information Systems Security Professional); (ISC)2 - 2017-2020
+ SEC642 (Advanced Web App Penetration Testing, Ethical Hacking, and Exploitation Techniques); SANS - 2016
+ Cybersecurity Specialization; University of Maryland via Coursera - To be continued
Akademisk baggrund
AP in Computer Science
Zealand Institute of Business and Technology
2021-08 - 2012-01
Certificeringer
+ CISSP (Certified Information Systems Security Professional)
+ CEH (Certified Ethical Hacker)