More than 19 years of experience in IT Risk assessment & Management, IT Security, ICT Auditing, OWASP, VA/PT, security solutions design and implementation. SIEM & Security event correlation and analysis principles and technology, Vulnerability Assessment and Ethical Hacking. Expert in Business Impact Analysis and DR/BC Planning & Test. In-depth knowledge and full understanding of the main GRC, security, compliance, IS Auditing and IT Governance processes.
I have, particularly, a deep understanding of the ISO 27001 and globally of PCI and ISO marketplace and the published standards, i.e. PCI DSS; an holistic understanding of the creation, management, and oversight of Information Security Programs, Business Continuity Planning and Change Control functions within the PCI/ISO context. Currently Freelance Consultant/Manager for IT security, governance, compliance, Risk management and techniques appropriate to large/medium/small enterprises, including IT architecture; TOGAF; data centre operations; cloud services; networking; software development processes, change management, Data Protection, National and European Personal Data legislation, eIDAS and ETSI standards.
Knowledge of standards and best practices; good understanding of ISO 27001, familiarity with COBIT, PCI DSS, SOX, IT Security Standards, IT Auditing & IT Risk Assessment methodologies.