Product Security Lead London, UK

Può essere disponibile

(Aggiornato% updatedDate%)

Product Security Lead

London, UK

Nativo English, Romanian, Moldavian, Moldovan, Fluente Italian, Debuttante Spanish

  • Product Security
  • Penetration Testing
  • Risk Assessment

Competenze (45)

NEXPOSE

MARKET RESEARCH

SPACE SECURITY

BEST PRACTICES

DATA PROTECTION

TESTING TOOLS

SELF MOTIVATED

TELCO SECURITY

NMAP

SECURITY POLICIES

Secure by Design

BUSINESS CONTINUITY

RELATIONSHIP MANAGEMENT

Product Security

HEALHCARE SECURITY

VULNERABILITY ASSESSMENT

RISK ASSESSMENT

Tcpdump

Security Vulnerability

THREAT MODELING

CUSTOMER SERVICE

QUALYS

TELECOMMUNICATIONS EQUIPMENT

Penetration Testing

METASPLOIT

CONTRACTS

WIRESHARK

CUSTOMER SERVICE ORIENTED

MEDICAL DEVICES SECURITY

NESSUS

INFORMATION SECURITY

COACHING

DOCUMENTATION

SOC

AUDIT

PROCESS IMPROVEMENTS

CODING

EDUCATING

TRAINING PROGRAMS

LIFE CYCLE

RETAIL SALES

SHIPPING

PRICING

CORRECTIVE ACTION

REMEDIATION

Riassunto

With over 20 years' experience and as Founder of Cyber Legion, I focus on Cyber Strategy and Product Security. My aim is to enhance security maturity for businesses, individuals, and families, safeguarding reputations and well-being.

Expertise:
- Product Security: Ensuring the security of your digital products through rigorous testing and secure design practices.
- Penetration Testing & Vulnerability Assessments: Detailed testing and vulnerability reporting for security enhancement and prompt remediation.
- Risk Assessment & Attack Surface Management: Strengthening resilience across organizations and digital assets.
- Secure by Design & Threat Modelling: Embedding security in early design stages for solid architecture.
- Application Security Testing & Automation: Employing SAST, SCA, and DAST for efficient testing.
- Customized Consultancy & Strategy: Tailored solutions for client-specific needs, ensuring optimal service.
- Security Frameworks & Strategies: Crafting and implementing frameworks for secure environments.
- Security Learning Content: Educating employees in security best practices, fostering a security-aware culture.
- Support in Architecture & Implementation: Assisting product architects and engineers in security solutions.
-  Customized Consultancy & Strategy: Tailored solutions for client-specific needs, ensuring optimal service.
- Client & Business Growth: Nurturing long-term client relationships for sustained business growth.

 

Cyber Legion provides targeted cybersecurity services, such as product security consulting for healthcare medical devices, ensuring they meet strict security standards. We also perform comprehensive risk assessments for telecommunications projects and conduct CREST Approved penetration testing on critical components like applications, APIs, and networks. Our streamlined approach ensures robust security measures are in place, safeguarding vital industry operations with efficiency and expertise.

 

See https://cyberlegion.io

Esperienze professionali

eCommerce Administrator
TOP BUILDING DEVELOPMENT LIMITED

2006-05 - 2012-05

As an eCommerce Administrator, I:
- Successfully launched and managed an eCommerce business specializing in power tools.
- Conducted extensive market research, sourced suppliers, and built a comprehensive customer database.
- Expertly negotiated pricing, placed orders, and managed delivery schedules.
- Optimized product advertisements and improved website SEO for increased visibility and sales.
- Efficiently handled customer orders, shipping, returns, and claims to ensure a seamless customer experience.
- Established and managed a presence on major online selling platforms such as Amazon and eBay.
- Demonstrated technical proficiency by troubleshooting, configuring, and upgrading web applications.
- Conducted daily analysis of business operations to identify areas for improvement and implement data-driven solutions.
- Displayed creativity and resourcefulness by developing innovative solutions to complex business challenges.
- Proactively self-motivated, with a strong sense of personal responsibility and a commitment to delivering results.As an eCommerce Administrator, I: - Successfully launched and managed an eCommerce business specializing in power tools. - Conducted extensive market research, sourced suppliers, and built a comprehensive customer database. - Expertly negotiated pricing, placed orders, and managed delivery schedules. - Optimized product advertisements and improved website SEO for increased visibility and sales. - Efficiently handled customer orders, shipping, returns, and claims to ensure a seamless customer experience. - Established and managed a presence on major online selling platforms such as Amazon and eBay. - Demonstrated technical proficiency by troubleshooting, configuring, and upgrading web applications. - Conducted daily analysis of business operations to identify areas for improvement and implement data-driven solutions. - Displayed creativity and resourcefulness by developing innovative solutions to complex business challenges. - Proactively self-motivated, with a strong sense of personal responsibility and a commitment to delivering results.

Skills: WooCommerce · Cloud Security · Information Security · Microsoft Office · Business Development · Website Administration · Woocommerce Administration · Networking · Product Management · Customer Base · Strategic Planning · Source Intelligence

Security Consultant
Self Employed

2018-11 - 2019-04

As freelancer , I:
- Conducted open-source intelligence gathering for target customers to prepare for security assessments and penetration testing.
- Configured and monitored automated security vulnerability scanners, including Nessus, OpenVAS, Nexpose, Sparta, and Wpscan.
- Installed software upgrades, resolved software issues, and diagnosed software issues.
- Conducted penetration testing using Kali Linux and other distributions to identify, evaluate, and exploit vulnerabilities.
- Conducted network mapping to identify open ports and services using Nmap, Scripting, Hping, and Netcat.
- Fingerprinted servers, operating systems, enumerated users, plugins, and themes using Nmap and Sparta.
- Conducted manual validation of vulnerabilities and networks using BurpSuite to confirm security issues.
- Intercepted and manipulated HTTP web requests using BurpSuite and OWASP ZAP.
- Sniffed, captured, and analyzed network traffic packets using Wireshark and Tcpdump.
- Modified and updated scripts to run exploits and exploited vulnerabilities such as injections, XSS, broken authentication, and misconfigurations using Sqlmap, BurpSuite, and Metasploit.
- Reported on findings of target penetration tests, including mitigation and remediation.
- Utilized Linux command line and Python scripts to perform tasks efficiently.As freelancer , I: - Conducted open-source intelligence gathering for target customers to prepare for security assessments and penetration testing. - Configured and monitored automated security vulnerability scanners, including Nessus, OpenVAS, Nexpose, Sparta, and Wpscan. - Installed software upgrades, resolved software issues, and diagnosed software issues. - Conducted penetration testing using Kali Linux and other distributions to identify, evaluate, and exploit vulnerabilities. - Conducted network mapping to identify open ports and services using Nmap, Scripting, Hping, and Netcat. - Fingerprinted servers, operating systems, enumerated users, plugins, and themes using Nmap and Sparta. - Conducted manual validation of vulnerabilities and networks using BurpSuite to confirm security issues. - Intercepted and manipulated HTTP web requests using BurpSuite and OWASP ZAP. - Sniffed, captured, and analyzed network traffic packets using Wireshark and Tcpdump. - Modified and updated scripts to run exploits and exploited vulnerabilities such as injections, XSS, broken authentication, and misconfigurations using Sqlmap, BurpSuite, and Metasploit. - Reported on findings of target penetration tests, including mitigation and remediation. - Utilized Linux command line and Python scripts to perform tasks efficiently.

Skills: Threat & Vulnerability Management · Vulnerability Scanning · Account Management · Web Application Security Assessment · Cloud Security · Website Administration · Security Risk Assessment · Dynamic Application Security Testing (DAST Scans) · Vulnerability Assessment · Product Security

Vulnerability Threat Engineer
Hireright

2019-04 - 2020-03

At HireRight, as a Vulnerability Threat Engineer, I am deeply involved in the Application Security and Vulnerability Management Program.

Vulnerability Management:
- Configured and maintained vulnerability assessment tools for web applications and networks.
- Conducted scans, analyzed vulnerabilities, and identified relevant threats to prepare corrective action recommendations.
- Addressed vulnerabilities through system patching, specialized controls, code/infrastructure changes, and process improvements.
- Resolved false positive findings in assessment results and validated results with infrastructure teams.
- Generated information security reports on system and network accesses and analyzed policy violations.
- Monitored vulnerability assessments to identify weaknesses and recommended remediation actions.
- Reported residual risks, vulnerabilities, and security exposures to management.
- Collaborated on critical IT projects to address security issues throughout the project life cycle.
- Assisted in the development of security architecture and policies, principles, and standards.
- Supported SLAs to ensure security controls are managed and maintained.
- Validated baseline security configurations for operating systems, applications, networking, and telecommunications equipment.
- Resolved negative audit findings reported by internal or external auditors.
- Used security tools to prepare security reports and propose resolution of security issues.

Penetration Testing:
- Conducted black/white box penetration testing on company web applications, APIs, and networks.
- Expert in using Burp Suite proxy tools for mapping and analysis of attack surface and finding/exploiting security vulnerabilities.
- Performed static (SAST) and dynamic (DAST) code analysis using Checkmarx and Veracode.
- Analyzed penetration testing results and engaged with technology partners and business units to resolve vulnerabilities within SLAs.At HireRight, as a Vulnerability Threat Engineer, I am deeply involved in the Application Security and Vulnerability Management Program. Vulnerability Management: - Configured and maintained vulnerability assessment tools for web applications and networks. - Conducted scans, analyzed vulnerabilities, and identified relevant threats to prepare corrective action recommendations. - Addressed vulnerabilities through system patching, specialized controls, code/infrastructure changes, and process improvements. - Resolved false positive findings in assessment results and validated results with infrastructure teams. - Generated information security reports on system and network accesses and analyzed policy violations. - Monitored vulnerability assessments to identify weaknesses and recommended remediation actions. - Reported residual risks, vulnerabilities, and security exposures to management. - Collaborated on critical IT projects to address security issues throughout the project life cycle. - Assisted in the development of security architecture and policies, principles, and standards. - Supported SLAs to ensure security controls are managed and maintained. - Validated baseline security configurations for operating systems, applications, networking, and telecommunications equipment. - Resolved negative audit findings reported by internal or external auditors. - Used security tools to prepare security reports and propose resolution of security issues. Penetration Testing: - Conducted black/white box penetration testing on company web applications, APIs, and networks. - Expert in using Burp Suite proxy tools for mapping and analysis of attack surface and finding/exploiting security vulnerabilities. - Performed static (SAST) and dynamic (DAST) code analysis using Checkmarx and Veracode. - Analyzed penetration testing results and engaged with technology partners and business units to resolve vulnerabilities within SLAs.

Skills: Threat & Vulnerability Management · IT Security Assessments · Web Application Security · Penetration Testing · Web Application Security Assessment · Cloud Security · Information Security · Adversary Emulation · Security Risk Assessment · Dynamic Application Security Testing (DAST Scans) · Attack Surface Management · Vulnerability Assessment · Network Security · Risk Assessment · Application Security

Sr. IT Security Analyst | Web Application Security
GFK

2020-04 - 2021-11

At GFK, as a Senior Security Analyst, my focus was on the security of public-facing applications and servers.

Product Security (app, microservices, network):
- Configured and maintained security testing tools, such as Veracode, NetSparker, and Burp.
- Conducted dynamic web application security testing (DAST) on over 2,000 public websites and microservices in both authenticated and unauthenticated modes.
- Validated security testing findings and eliminated false positives.
- Managed attacking surface management (ASM) and risk assessment program using RiskIQ and Cycognito.
- Tracked and updated vulnerability tickets in Jira and ServiceNow, ensuring technical remediation plans were completed.
- Coordinated and performed penetration tests and security assessments on web apps, APIs, and networks.
- Provided KPI reports to executive and management staff.
- Worked with engineering teams (developers, SREs, and QAs) to ensure projects were secure.
- Advised business owners and technical teams on risk and criticality of identified vulnerabilities and remediation activities.
- Supported engineering teams with security remediations to meet KPIs and SLAs.
- Integrated security tools into product teams' CI/CD pipelines as part of the software development life cycle.
- Contributed to defining and maintaining the application security framework and associated standards.
- Conducted dynamic and static security testing on product artifacts, including source code and containerized environments.
- Assisted the SOC during security incidents involving cloud environments and web services.
- Provided coaching and training on application security to junior security peers and engineering colleagues.At GFK, as a Senior Security Analyst, my focus was on the security of public-facing applications and servers. Product Security (app, microservices, network): - Configured and maintained security testing tools, such as Veracode, NetSparker, and Burp. - Conducted dynamic web application security testing (DAST) on over 2,000 public websites and microservices in both authenticated and unauthenticated modes. - Validated security testing findings and eliminated false positives. - Managed attacking surface management (ASM) and risk assessment program using RiskIQ and Cycognito. - Tracked and updated vulnerability tickets in Jira and ServiceNow, ensuring technical remediation plans were completed. - Coordinated and performed penetration tests and security assessments on web apps, APIs, and networks. - Provided KPI reports to executive and management staff. - Worked with engineering teams (developers, SREs, and QAs) to ensure projects were secure. - Advised business owners and technical teams on risk and criticality of identified vulnerabilities and remediation activities. - Supported engineering teams with security remediations to meet KPIs and SLAs. - Integrated security tools into product teams' CI/CD pipelines as part of the software development life cycle. - Contributed to defining and maintaining the application security framework and associated standards. - Conducted dynamic and static security testing on product artifacts, including source code and containerized environments. - Assisted the SOC during security incidents involving cloud environments and web services. - Provided coaching and training on application security to junior security peers and engineering colleagues.

Skills: Threat & Vulnerability Management · Web Application Security · Attack Surface Management · Product Security · Dynamic Application Security Testing (DAST Scans) · Account Management · IT Security Assessments · Penetration Testing · Cloud Security · Information Security · Security Risk Assessment · Vulnerability Assessment · Network Security · Application Security · API Testing · Static AnalysisSkills: Threat & Vulnerability Management · Web Application Security · Attack Surface Management · Product Security · Dynamic Application Security Testing (DAST Scans) · Account Management · IT Security Assessments · Penetration Testing · Cloud Security · Information Security · Security Risk Assessment · Vulnerability Assessment · Network Security · Application Security · API Testing · Static Analysis

 

IT Security Analyst | Web Application SecurityIT Security Analyst | Web Application Security

Apr 2020 - Jul 2020 · 4 mosApr 2020 - Jul 2020 · 4 mos

 

Web Applications & APIs Security:
- Built and maintained CMDB of over 4K web application products, conducting risk assessments for each.
- Conducted dynamic web application security testing (DAST) on over 2K public websites/microservices using Veracode, NetSparker, Burp, and other tools.
- Validated vulnerability scan findings to reduce false positives, identifying and resolving vulnerabilities in the process.
- Advised business owners and technical teams on risk and criticality of identified vulnerabilities, guiding remediation activities.
- Provided engineering teams with security guidance for web applications, APIs, and cloud native services.
- Tracked and updated ticket status for application vulnerabilities, ensuring successful remediation and closure.
- Conducted re-scans and produced documentation to confirm remediation efforts and vulnerability resolution.
- Performed penetration tests and security assessments on web applications, APIs, and networks, reporting findings to executive and management staff.
- Monitored and reported key performance indicators (KPIs) to executive and management staff.Web Applications & APIs Security: - Built and maintained CMDB of over 4K web application products, conducting risk assessments for each. - Conducted dynamic web application security testing (DAST) on over 2K public websites/microservices using Veracode, NetSparker, Burp, and other tools. - Validated vulnerability scan findings to reduce false positives, identifying and resolving vulnerabilities in the process. - Advised business owners and technical teams on risk and criticality of identified vulnerabilities, guiding remediation activities. - Provided engineering teams with security guidance for web applications, APIs, and cloud native services. - Tracked and updated ticket status for application vulnerabilities, ensuring successful remediation and closure. - Conducted re-scans and produced documentation to confirm remediation efforts and vulnerability resolution. - Performed penetration tests and security assessments on web applications, APIs, and networks, reporting findings to executive and management staff. - Monitored and reported key performance indicators (KPIs) to executive and management staff.

Skills: Networking · Web Application Security Assessment · Product Security · Pentration Testing · Source Intelligence · Cloud Security · Microsoft Office · Security Risk Assessment · Dynamic Application Security Testing (DAST Scans) · Attack Surface Management · Customer Base · Risk Assessment

Cyber Security Lead
Qualitestgroup

2021-11 - 2023-05

At Qualitestgroup, I led the integration of advanced security measures across various products and projects, focusing on enhancing cybersecurity resilience and embedding security best practices throughout the development lifecycle.

- Demonstrated expertise in risk assessment and threat mitigation strategies, achieving a more secure environment.
- Implemented effective security frameworks to identify and mitigate potential security threats.
- Conducted and led thorough Penetration Testing projects, pinpointing vulnerabilities and driving improved security measures.
- Utilized cutting-edge SAST, SCA, and DAST solutions for rigorous application security testing, automating for efficiency and precision.
- Performed risk assessments on Secure by Design, advising and guiding the integration of security into new systems and applications from inception.
- Established a vibrant Cyber Community of Practice (CoP), promoting collaboration, knowledge sharing, and stakeholder education on security trends and practices.
- Pioneered the integration of AI and ML in security workflows, leading innovative research and automation to enhance threat detection and response.
- Developed custom security tools, using programming skills to strengthen the organization's defense against emerging threats.
- Created engaging security learning content, conducting training programs to educate employees on security best practices and procedures.At Qualitestgroup, I led the integration of advanced security measures across various products and projects, focusing on enhancing cybersecurity resilience and embedding security best practices throughout the development lifecycle. - Demonstrated expertise in risk assessment and threat mitigation strategies, achieving a more secure environment. - Implemented effective security frameworks to identify and mitigate potential security threats. - Conducted and led thorough Penetration Testing projects, pinpointing vulnerabilities and driving improved security measures. - Utilized cutting-edge SAST, SCA, and DAST solutions for rigorous application security testing, automating for efficiency and precision. - Performed risk assessments on Secure by Design, advising and guiding the integration of security into new systems and applications from inception. - Established a vibrant Cyber Community of Practice (CoP), promoting collaboration, knowledge sharing, and stakeholder education on security trends and practices. - Pioneered the integration of AI and ML in security workflows, leading innovative research and automation to enhance threat detection and response. - Developed custom security tools, using programming skills to strengthen the organization's defense against emerging threats. - Created engaging security learning content, conducting training programs to educate employees on security best practices and procedures.

Skills: Application Security · Security Risk Assessment · Penetration Testing · Product Security · Cloud Security · Threat & Vulnerability Management · Information Security · Attack Surface Management · Vulnerability Scanning · Network Security

Cyber Security Lead | Product Security & Pen Testing | Cyber Legion Founder
Cyber Legion

2021-03 - Presente

With over 20 years' experience and as Founder of Cyber Legion, I focus on Cyber Strategy and Product Security. My aim is to enhance security maturity for businesses, individuals, and families, safeguarding reputations and well-being.

Expertise:
- Product Security: Ensuring the security of your digital products through rigorous testing and secure design practices.
- Penetration Testing & Vulnerability Assessments: Detailed testing and vulnerability reporting for security enhancement and prompt remediation.
- Risk Assessment & Attack Surface Management: Strengthening resilience across organizations and digital assets.
- Secure by Design & Threat Modelling: Embedding security in early design stages for solid architecture.
- Application Security Testing & Automation: Employing SAST, SCA, and DAST for efficient testing.
- Customized Consultancy & Strategy: Tailored solutions for client-specific needs, ensuring optimal service.
- Security Frameworks & Strategies: Crafting and implementing frameworks for secure environments.
- Security Learning Content: Educating employees in security best practices, fostering a security-aware culture.
- Support in Architecture & Implementation: Assisting product architects and engineers in security solutions.
- Customized Consultancy & Strategy: Tailored solutions for client-specific needs, ensuring optimal service.
- Client & Business Growth: Nurturing long-term client relationships for sustained business growth.

Cyber Legion provides targeted cybersecurity services, such as product security consulting for healthcare medical devices, ensuring they meet strict security standards. We also perform comprehensive risk assessments for telecommunications projects and conduct CREST Approved penetration testing on critical components like applications, APIs, and networks. Our streamlined approach ensures robust security measures are in place, safeguarding vital industry operations with efficiency and expertise.

See https://cyberlegion.ioWith over 20 years' experience and as Founder of Cyber Legion, I focus on Cyber Strategy and Product Security. My aim is to enhance security maturity for businesses, individuals, and families, safeguarding reputations and well-being. Expertise: - Product Security: Ensuring the security of your digital products through rigorous testing and secure design practices. - Penetration Testing & Vulnerability Assessments: Detailed testing and vulnerability reporting for security enhancement and prompt remediation. - Risk Assessment & Attack Surface Management: Strengthening resilience across organizations and digital assets. - Secure by Design & Threat Modelling: Embedding security in early design stages for solid architecture. - Application Security Testing & Automation: Employing SAST, SCA, and DAST for efficient testing. - Customized Consultancy & Strategy: Tailored solutions for client-specific needs, ensuring optimal service. - Security Frameworks & Strategies: Crafting and implementing frameworks for secure environments. - Security Learning Content: Educating employees in security best practices, fostering a security-aware culture. - Support in Architecture & Implementation: Assisting product architects and engineers in security solutions. - Customized Consultancy & Strategy: Tailored solutions for client-specific needs, ensuring optimal service. - Client & Business Growth: Nurturing long-term client relationships for sustained business growth. Cyber Legion provides targeted cybersecurity services, such as product security consulting for healthcare medical devices, ensuring they meet strict security standards. We also perform comprehensive risk assessments for telecommunications projects and conduct CREST Approved penetration testing on critical components like applications, APIs, and networks. Our streamlined approach ensures robust security measures are in place, safeguarding vital industry operations with efficiency and expertise. See https://cyberlegion.io

Skills: Product Security · Penetration Testing · Application Security · Network Security · Cloud Security · Threat & Vulnerability Management · Security Awareness · Information Security · API Testing · Security Risk Assessment · Attack Surface ManagementSkills: Product Security · Penetration Testing · Application Security · Network Security · Cloud Security · Threat & Vulnerability Management · Security Awareness · Information Security · API Testing · Security Risk Assessment · Attack Surface Management

 

Cyber Legion - IT Security Services that suit all business needs - UK, EUCyber Legion - IT Security Services that suit all business needs - UK, EU

Cyber Legion has developed an optimized process to identify, assess and report Vulnerabilities.IT security services that suit all UK business

Esperienze formative

Baccalaureate Diploma
GCSE A-Level "BOGDAN VODA" Viseu de Sus, Romania

1997-01 - 2001-12

Contatta il consulente

/