Podría estar disponible
(Actualizado 2021-08-29.)IT- og cybersikkerhedsspecialist
København, Danmark
Nativo Danish, Principiante English
- Cybersikkerhed
- IT-sikkerhed
- Informationssikkerhed
Habilidades (27)
ISO
Security Testing
Programming
Cloud
SCANNING
PAYMENT CARD INDUSTRY
BEST PRACTICES
CISSP
OPEN SOURCE
SYSTEMS SECURITY
INFORMATION SECURITY
IT Security
Cyber Security
SYSTEM DEVELOPMENT
Linux
SECURE DEVELOPMENT
MITIGATION
Penetration Testing
PCI
NIST
SECURITY POLICIES
CRYPTOGRAPHY
LANGSEC
MICROSOFT OFFICE
SOCIAL ENGINEERING
Agile
FINANCE
Resumen
Information and cyber security expert mastering strong technical skills in combination with
information security management and an arsenal of security best practices.
I want to lead people in making targeted operations very difficult for skilled and
resourceful threat actors, such as advanced persistent threats and other criminals, to
protect the nation and citizen.
Experiencia profesional
2020-02 - Presente
improve the organisation's maturity and security levels in all areas within the domains of information and cyber security. I do this primarily by being an active and visible
information security advisor (internal consultant) for multiple (non-)technical roles in the organisation, and secondary by my involvement in several security projects including a
years-long project to implement Secure Development Lifecycle across all development
teams (300+ employees), DevSecOps team (CoE), other infrastructure and operations
teams among other.
2018-12 - 2020-01
adding my broad and deep knowledge about information security. I did this with several
strategic and tactical actions such as:
+ improvements to policies and standards based on security best practices and with the cyber kill chain in mind
+ building a coherent security awareness program with material and training for different
roles such as
- Regular employees to withstand phishing, etc.
- business architects to identify needed security controls
- enterprise architects to build secure enterprise designs
- developers to code and perform continuous integration securely
- DevSecOps to perform secure continuous deployment and hardening
1 of 3
- management to make the right decisions which decreases risks
+ performing internal security assessments and tests
+ providing internal consulting to the business in security best practices
2018-04 - 2018-11
implementation of a new information security strategy, extensive improvements to the information security management system, and technical controls within the infrastructure.
To realise a strong information security strategy, I was defining a new set of information
security policies, processes, procedures, and standards based on security best practices.
2016-03 - 2018-03
assessments, and tests include networks, operating systems, security solutions, cloud
architecture, web applications and APIs, mobile applications, cryptography, targeted
(spear)-phishing attacks simulating APTs, open source intelligence among other. I
delivered detailed reports of findings with recommendations for best security practises to remediate the findings. In addition, I provided root cause analysis and executive
summaries for C-level and management to help them improve their information security
management system (ISO 2700x, NIST Cybersecurity Framework, CIS Critical Security Controls). Furthermore, I held workshops for organisations to train them in vulnerability
assessment and management.
Among accomplishments can be mentioned:
+ Harvested Windows domain credentials during a simulated APT phishing campaign
against Microsoft Office 365 protected by Microsoft ATP which could be used in escalated
attacks against the organisation.
+ Found Java-based remote code execution (CVSS 10.0) in a financial web application
which could be exploited to compromise critical infrastructure affecting millions of users.
+ Discovered multiple missing mitigation techniques within industry-leading security
solutions (WAF) which could lead to many types of attacks against thousands of web
applications and millions of users.
+ Developed a Java plugin for Burp Suite to enable efficient automatic scanning of web
applications with strong cross-site request forgery (CSRF) mitigation techniques.
2015-01 - 2018-01
2014-12 - 2016-02
Danish organisations in different industries. Amongst the assessments and tests were in-
depth open source intelligence to discover exposure of valuable information which could
be used in escalated attacks, vulnerability assessments of internal and external networks,
web applications and APIs, and mobile applications. I delivered detailed reports of the findings including recommendations to remediate the findings, and executive summaries.
2 of 3
2013-01 - 2014-01
member signups. In addition, I designed and hardened the system design and server
setup to decrease the risks of compromises of the member portal.
2011-01 - 2012-01
consultancy and development company. In addition, I implemented new systems and technologies to improve the daily work efficiency for the employees.
Certificates & Courses + OSCP (Offensive Security Certified Professional); Offensive Security - To be continued
+ CISSP (Certified Information Systems Security Professional); (ISC)2 - 2017-2020
+ SEC642 (Advanced Web App Penetration Testing, Ethical Hacking, and Exploitation Techniques); SANS - 2016
+ Cybersecurity Specialization; University of Maryland via Coursera - To be continued
Formación académica
2021-08 - 2012-01