IT- og cybersikkerhedsspecialist København, Danmark

Può essere disponibile

(Aggiornato% updatedDate%)

IT- og cybersikkerhedsspecialist

København, Danmark

Nativo Danish, Debutante English

  • Cybersikkerhed
  • IT-sikkerhed
  • Informationssikkerhed

Competenze (27)

ISO

Security Testing

Programming

Cloud

SCANNING

PAYMENT CARD INDUSTRY

BEST PRACTICES

CISSP

OPEN SOURCE

SYSTEMS SECURITY

INFORMATION SECURITY

IT Security

Cyber Security

SYSTEM DEVELOPMENT

Linux

SECURE DEVELOPMENT

MITIGATION

Penetration Testing

PCI

NIST

SECURITY POLICIES

CRYPTOGRAPHY

LANGSEC

MICROSOFT OFFICE

SOCIAL ENGINEERING

Agile

FINANCE

Riassunto

Information and cyber security expert mastering strong technical skills in combination with
information security management and an arsenal of security best practices.

 

I want to lead people in making targeted operations very difficult for skilled and
resourceful threat actors, such as advanced persistent threats and other criminals, to
protect the nation and citizen.

Esperienze professionali

Cyber Security Specialist
PFA

2020-02 - Presente

As the CISO's right hand, I add valuable technical security knowledge and experiences to
improve the organisation's maturity and security levels in all areas within the domains of information and cyber security. I do this primarily by being an active and visible
information security advisor (internal consultant) for multiple (non-)technical roles in the organisation, and secondary by my involvement in several security projects including a
years-long project to implement Secure Development Lifecycle across all development
teams (300+ employees), DevSecOps team (CoE), other infrastructure and operations
teams among other.
Information Security Officer, KMD; Ballerup
KMD, I

2018-12 - 2020-01

pushed the information security level to new heights across the organisation by
adding my broad and deep knowledge about information security. I did this with several
strategic and tactical actions such as:


+ improvements to policies and standards based on security best practices and with the cyber kill chain in mind

+ building a coherent security awareness program with material and training for different
roles such as

- Regular employees to withstand phishing, etc.

- business architects to identify needed security controls

- enterprise architects to build secure enterprise designs

- developers to code and perform continuous integration securely

- DevSecOps to perform secure continuous deployment and hardening


1 of 3
- management to make the right decisions which decreases risks

+ performing internal security assessments and tests

+ providing internal consulting to the business in security best practices
Head of Information Security
NNE

2018-04 - 2018-11

As head of information security, I was responsible for the development and
implementation of a new information security strategy, extensive improvements to the information security management system, and technical controls within the infrastructure.
To realise a strong information security strategy, I was defining a new set of information
security policies, processes, procedures, and standards based on security best practices.
Security Consultant
F-Secure Danmark

2016-03 - 2018-03

I performed security reviews, assessments, and tests for large organisations (10,000+ employees) in different industries including finance, insurance, transport, energy, and government where PCI DSS among other standards are required. The reviews,
assessments, and tests include networks, operating systems, security solutions, cloud
architecture, web applications and APIs, mobile applications, cryptography, targeted
(spear)-phishing attacks simulating APTs, open source intelligence among other. I
delivered detailed reports of findings with recommendations for best security practises to remediate the findings. In addition, I provided root cause analysis and executive
summaries for C-level and management to help them improve their information security
management system (ISO 2700x, NIST Cybersecurity Framework, CIS Critical Security Controls). Furthermore, I held workshops for organisations to train them in vulnerability
assessment and management.


Among accomplishments can be mentioned:


+ Harvested Windows domain credentials during a simulated APT phishing campaign
against Microsoft Office 365 protected by Microsoft ATP which could be used in escalated
attacks against the organisation.

+ Found Java-based remote code execution (CVSS 10.0) in a financial web application
which could be exploited to compromise critical infrastructure affecting millions of users.

+ Discovered multiple missing mitigation techniques within industry-leading security
solutions (WAF) which could lead to many types of attacks against thousands of web
applications and millions of users.

+ Developed a Java plugin for Burp Suite to enable efficient automatic scanning of web
applications with strong cross-site request forgery (CSRF) mitigation techniques.
CEH (Certified Ethical Hacker)
EC-Council

2015-01 - 2018-01

Security Consultant, Digicure
Deloitte

2014-12 - 2016-02

I performed security assessments and tests for some of the biggest and medium-sized
Danish organisations in different industries. Amongst the assessments and tests were in-
depth open source intelligence to discover exposure of valuable information which could
be used in escalated attacks, vulnerability assessments of internal and external networks,
web applications and APIs, and mobile applications. I delivered detailed reports of the findings including recommendations to remediate the findings, and executive summaries.


2 of 3
Developer and System Administrator
Skiklubben Hareskov

2013-01 - 2014-01

I developed a new member portal for the skiing club to increase member activity and new
member signups. In addition, I designed and hardened the system design and server
setup to decrease the risks of compromises of the member portal.
Network and System Administrator
2BM

2011-01 - 2012-01

As a student worker, I administered existing networks and systems for a Danish SAP
consultancy and development company. In addition, I implemented new systems and technologies to improve the daily work efficiency for the employees.


Certificates & Courses + OSCP (Offensive Security Certified Professional); Offensive Security - To be continued

+ CISSP (Certified Information Systems Security Professional); (ISC)2 - 2017-2020

+ SEC642 (Advanced Web App Penetration Testing, Ethical Hacking, and Exploitation Techniques); SANS - 2016

+ Cybersecurity Specialization; University of Maryland via Coursera - To be continued

Esperienze formative

AP in Computer Science
Zealand Institute of Business and Technology

2021-08 - 2012-01

Certificazioni

+ CISSP (Certified Information Systems Security Professional)
+ CEH (Certified Ethical Hacker)

Contatta il consulente

/