Stefan Radushev

ISO27001 Certification

Varna, Bulgaria

Experience

Nov 2024 - Nov 2024
1 month
Bulgaria

ISO27001 Certification

SME for certification.

Nov 2024 - Nov 2024
1 month
Bulgaria

ISO9001 Certification

SME for certification.

Nov 2024 - Nov 2024
1 month
Bulgaria

ISO9001 Certification

SME for certification.

Oct 2024 - Present
9 months
Zug, Switzerland

Cyber Security Consultant

Galderma S.A.

  • Integration between Qualys VMDR/CORE/PC/API and SNOW SecOps module.
  • Build Qualys TruRisk process and integration with IRM system to help implement risk register.
Feb 2024 - Nov 2024
10 months
France

DORA audit, consulting and Red teaming exercise

International Bank

Help with necessary steps for full DORA compliance.

Feb 2024 - Oct 2024
9 months

NIS 2 compliance consulting

International Naval Port

Analysis of compliance against NIS 2.

Nov 2023 - Nov 2023
1 month
Bulgaria

ISO27001 Certification

SME for certification.

Nov 2023 - Nov 2023
1 month
Bulgaria

ISO9001 Certification

SME for certification.

Sep 2023 - Oct 2023
2 months
United Kingdom

Penetration testing Team lead

International B2B software company

SME / Team lead for an extensive Penetration test.

Jul 2023 - Jul 2024
1 year 1 month
Geneva, Switzerland

Cyber Security Consultant

Galderma S.A.

  • Patch Management process and implementation SME
  • Penetration testing SME - define scope, create tender, support pen. testing teams, approve the reports and translate them to the C-Level management.
  • Policy Compliance / Asset Inventory - hardening standard
  • Qualys and ServiceNow Vuln. Response synchronization project - Phase 2
  • CyberArk (IAM/PAM) integration and roll-our SME for certification.
  • Cloud Security Architecture (Azure, AWS)
  • OT Networks Design and Implementation (Secure Factory Designs)
  • O365 Azure Security Center - server hardening
  • KnowB4 staff awareness training and phishing simulations
  • PhishER phishing email protection integration and configuration
  • SME for Incident Response and Prevention
Jun 2023 - Sep 2023
4 months
Bulgaria

Qualys Policy Compliance (CIS)

Bank

PoC for a Bank of Qualys PC module for hardening use cases.

Jan 2022 - Apr 2023
4 months

Penetration testing Team lead

International gaming company

SME / Team lead for an extensive Penetration test.

Dec 2022 - Jan 2023
2 months
Bulgaria

Project Manager / Lead

NRA BG

Tailor made training for Bulgaria National Revenue Agency penetration testing team of 9 people.

Oct 2022 - Jun 2023
9 months
Germany

Cyber Security Consultant

NTT DATA

vCISO consultant and SME for Penetration testing services.

  • Design and lead the Vulnerability Management transformation program for a big client in the construction field
  • Implement different roll-our strategies
  • PoC a vulnerability management solution - Qualys
  • Project Manager and Lead for a team of 10+ people
  • Create and implement custom dashboards, widgets and reports for the clients needs
  • Align and integrate the Vulnerability Management system (Qualys) with ServiceNow CMDB, NAC, SOAR and other solutions
  • Act as final level of support for troubleshooting or creating custom solutions in Qualys
  • Part of the Architecture board for the client
Jul 2022 - Aug 2022
2 months
United Kingdom

Penetration testing Team lead / Project Manager

SME / Project Manager.

May 2022 - Nov 2022
7 months
Switzerland

Security Awareness Training

Intergrated Security Awareness tailor made for the different teams (Management,IT, Backoffice etc) following ISO standards.

May 2022 - Nov 2022
7 months
Geneva, Switzerland

Security and Patch Management Consultant

International Committee of the Red Cross

  • Assessment and evaluation of the VM/PM processes against ISO27005
  • Architectural design of a new VM/PM processes following ISO27005
  • Process involving over 200 apps and different teams.
  • Security VM and PM workshops
  • Hands-on implementation and configuration of a Vulnerability and PM system(Qualys)
  • Implementation of hardening standards and following them with policy compliance(Qualys)
  • SME for SOC integration (SOAR Playbooks, policies, procedures, use cases)
  • Knowledge transfer
  • Lowering of the FTE needed for different teams to patch using semi-automation process
Jan 2021 - Jun 2022
6 months

PKI management

Design, build, deployment and knowledge transfer of enterprise PKI systems.

Oct 2021 - Nov 2021
2 months
United Kingdom

Black/Gray box pen. testing

Team lead / Project Manager for the test.

Jun 2021 - Jun 2022
1 year 1 month
France

Cyber Security Consultant

AXA

  • Part of Operational Resilience team responsible for the whole AXA entity
  • DDoS topic Subject-Matter Expert
  • DDoS Protection Assessment on 50+ entities
  • Reviewing DDoS protections technologies - Volumetric and Application layers
  • XDR - fast isolation and recovery use cases
  • Attack case scenarios creation - Ransomware, DDoS, Data leakage, etc.
  • Red Button creation use case creation following ISO standards.
Dec 2020 - Present
4 years 7 months
Bulgaria
Lorem ipsum dolor sit amet

Fraport Bulgaria

Vulnerability Management - architecture, integration and MSSP services with Qualys

Nov 2020 - Dec 2020
2 months
Bulgaria
Lorem ipsum dolor sit amet

BG National Revenue Agency

Training the NRA pen. testers team in OWASP TOP 10 / MITRE techniques.

Nov 2020 - Nov 2020
1 month
London, United Kingdom

Penetration test - Datacenter

Fin-tech company

Oct 2020 - Jan 2022
1 year 4 months
Geneva, Switzerland

Cyber Security Consultant

Galderma S.A.

  • Zscaler Administration
  • IAM system tender and architecture - CyberArk
  • New Vulnerability Architecture - Qualys
  • Policy Compliance / Asset Inventory - hardening standard
  • Security Awareness program - KB4/PhishER
  • ServiceNow Vulnerability Response and Qualys integration - Architecture and documentation (Phase1)
  • SecureWorks XDR Taegis (RedCloak) - tender, PoC,deployment and administration
  • XDR SOC - Workflows, RACI, Runbooks creation
  • O365 Azure Security Center - server hardening
  • Network Security Architecture SME
  • Cloud Security Architecture (Azure, AWS)
Oct 2020 - Apr 2021
7 months
Switzerland

Qualys VMDR Project

M&A - New Datacenter Architecture, implementation and staff training.

Sep 2020 - May 2021
9 months
United Kingdom

PCI CPoC - Tap to Phone Project

CPoC Solution architecture, cryptographic solutions management and certification documentation.

Aug 2020 - Jan 2021
6 months

ISO 27001 Compliance Lead

Leading (Project Management) the certification process and preparing the company for the certification cycle.

Jun 2020 - Mar 2021
10 months
United Kingdom

Nessus/Tenable Vuln. Management Project

Architecture and management of more than 10k assets with Nessus/Tenable. Integration with existing OP processes. Onboarding new teams in the process - DevOps, Digital Marketing.

May 2020 - Oct 2020
6 months
United Kingdom

DDoS Protection integration

Fin-Tech client

Tender, integration and testing of L4 and L7 protections.

May 2020 - Sep 2020
5 months
United Kingdom

EDR implementation project

Replacing old AV solution with EDR one.

Jan 2020 - Dec 2020
1 year
United Kingdom

Qualys VMDR Project

Tender, architecture, integration and management of Qualys VMDR platform.

Jan 2020 - Aug 2020
8 months
London, United Kingdom

Penetration test - Banking web application

Fin-tech company

Nov 2019 - Oct 2020
1 year
London, United Kingdom

PCI SPoC - Pin on Glass Project

Never seen on the market PoS software.

Sep 2019 - Present
5 years 10 months
Bulgaria

Cyber Security / Penetration Testing Consultant

3Cyber-Sec Ltd.

Cybersecurity and Penetration testing services for the Marine sector.

  • Build comprehensive Penetration testing customers scenarios for compliance frameworks ( SANS Top 25, OWASP Top 10, NIST )
  • Plan and execute Penetration tests services and Red team Exercises
  • Develop technical and executive reports
  • Present business oriented findings at front of customers executives
  • Assists customers remediation process
  • Project Management for Cyber Security
  • Static Code Analysis
  • SQLi, XSS, Overflows, DLL-Hijacking
  • Vulnerability management - ( Nessus/Tenable, Qualys)
  • Wi-Fi testing
Sep 2019 - Oct 2020
1 year 2 months
Bulgaria

Cyber Security Consultant

myPOS AD

CyberSecurity and Penetration testing services

  • Lead PCI DSS Level 1 certification - Project Management and SME
  • Implement security measures following the new SPoC standard
  • IDS solutions implementation (Kibana, Suricata, Splunk )
  • HSM devices configuration, administration and PKI management(SafeNet)
  • POSIX security architecture and hardening
  • Remote office implementation and administration - IDaaS ( F5 Big-IP)
  • Secure email gateway - PoC and implementation ( Proofpoint )
  • Vulnerability Architecture and implementation into the CI/CD pipeline. (Qualys VMDR )
  • SIEM and EDR tender and implementation
  • Created Staff Awaness program - KnowBe4
  • Phishing prevention - Proofpoint
  • Implementation of ISO27001/2 security principles
Sep 2019 - Nov 2019
3 months
Sofia, Bulgaria

Penetration Testing Consultant

Fin-Tech company (NDA)

Digital Bank

  • External penetration test on the network infrastructure, Exchange servers, web servers, web applications, blog and more.
  • Recon-ng, Maltego, Burp ,Dirbuster, Nessus/Tenable, sqlmap, XPath, XXE, XSS, File Inclusion, Fuzzing, DLL-Hijacking, Buffer Overflow, Metasploit, NMap, crackmapexec, BloodHound, Kerberoast
  • Bash/Python scripting
Jan 2019 - Dec 2020
2 years
London, United Kingdom

PCI DSS Level 1 Service Provider Certification Project

Financial sector

Jan 2019 - Dec 2020
1 year
Bulgaria

PCI DSS Certification - Service Provider Level 2

Jan 2019 - Dec 2020
1 year
London, United Kingdom

Qualys VM integration Project

Tender, integration and management of Qualys VM platform.

Jan 2019 - Dec 2020
1 year
Bulgaria

Swift Security Program Compliance Project

Jan 2018 - Dec 2019
1 year
Bulgaria

PCI DSS Certification - Merchant Level 4

Jan 2018 - Dec 2019
1 year
Bulgaria

PCI DSS Certification - Service Provider Level 1

Jan 2018 - Dec 2019
1 year
Bulgaria

Qualys VM Web Application Integration Project

fin-tech company

Integration and automation of Qualys WAS.

Oct 2017 - Present
7 years 9 months
Varna, Bulgaria

Data Protection Officer

Stargate Maritime Ltd.

Seafarers recruitment and consulting.

  • Act as point of contact with EU residents, supervisory authorities and internal teams;
  • Identify and evaluate the company’s data processing activities;
  • Provide advice and instructions on how to conduct Data Protection Impact Assessments (DPIAs);
  • Monitor data management procedures and compliance within the company;
  • Participate in meetings with managers to ensure privacy by design at all levels;
  • Maintain records of processing operations;
  • Address all queries from data subjects within legal timeframes;
  • Liaise with other organisations that process data on company behalf;
  • Write and update detailed guides on data protection policies;
  • Perform audits and determine whether we need to alter our procedures to comply with regulations;
  • Offer consultation on how to deal with privacy breaches;
  • Arrange for training on GDPR compliance for employees;
  • Follow up with changes in law and issue recommendations to ensure compliance;
Jan 2016 - Dec 2017
1 year
Bulgaria

PCI DSS Certification - Service Provider Level 1

Jan 2016 - Dec 2017
1 year
Bulgaria

Qualys VM integration Project

Tender, integration and management of Qualys VM platform.

Dec 2016 - Mar 2019
2 years 4 months
Varna, Bulgaria

Information Security Officer

iCard AD

Digital Bank( Fin-Tech company)

  • Directing and approving the security designs of systems, applications, ATMs and PoS devices - hardware and SaaS, HSMs (SafeNet), mobile applications/ API, Fin-tech company
  • Conducting Vulnerability, SIE, Patch, AV management, log analysis (splunk, ELK) and Firewall rules review;
  • Involved in the process of testing and approving the security systems - SIEM, AV, DLP, VM, IDP/IPS, OTP, web application firewalls
  • Participate in the integration projects for the major card schemes - Visa, Master Card, JCB, UnionPay, AMEX, Bancontact and more.
  • Reviewing and approving security policies, controls and cyber incident response planning;
  • Ensuring compliance with the changing laws and applicable regulations ( PCI-DSS, Cyber Security Act );
  • Overseeing identity, access, BYOD , IoT, PKI management,
  • Ensuring that disaster recovery and business continuity plans are in place and tested;
  • Conducting Internal Penetration tests on the networks, servers, web applications, etc;
  • Employee Information security and Anti-Phishing training and communicating best practices and risks to all parts of the business;
Sep 2015 - Apr 2016
8 months
Varna, Bulgaria

Corporate Administrator

iCard AD

Digital Bank( Fin-Tech company)

  • Evaluating network performance issues including availability, utilization, throughput, and latency;
  • Planning and executing the selection, installation, configuration, and testing of equipment; defining network policies and procedures; establishing connections and firewalls;
  • Securing network by developing network access, monitoring, control, and evaluation; maintaining documentation;
  • Upgrades network by conferring with vendors; developing, testing, evaluating, and installing enhancements;
  • Creating, installing and managing Virtual Machines on Hyper-V and VMWare;
  • Worked and troubleshoot Microsoft Active Directory, Microsoft DHCP and DNS servers, Windows Server 2007 R2, Windows Server 2008 R1/R2, Windows Server 2012 R1/R2;
  • Worked with Linux servers – Debian and Ubuntu;
  • Installed, configured and maintained network equipment – switches, routers, access points from Cisco and Fortinet;
  • Installed and worked with VoIP servers and VoIP phones – FortiVoice, Freeswitch (FusionPBX) and Cisco Call Manager;
  • Bash scripting
  • Installed and maintained monitoring.
Jul 2012 - Present
13 years

IT & Cyber Security Consultant

Stargate Maritime Ltd.

Seafarers recruitment and consulting

  • Office 365 Administration ( SaaS)
  • Reporting directly to CEO
  • Migration of IaaS ( email and storage servers) to Office 365;
  • Network segmentation - External, DMZ, Internal
  • Upgrading, installing and troubleshooting networks, networking hardware devices and software;
  • Analysing workflow, access, information, and security requirements for in-house software;
  • Preparing users by designing and conducting training programs providing references and support;
Feb 2011 - Sep 2015
4 years 8 months
Varna, Bulgaria

Level 2 Network Administrator

TCV AD

Ethernet Service Provider

  • Serving as the security officer for the network;
  • Recommending and scheduling repairs to the LAN/WAN
  • Upgrading, installing and troubleshooting networks, networking hardware devices and software;
  • Establishing network specifications by conferring with users;
  • Analysing workflow, access, information, and security requirements;
  • designing router administration, including interface configuration and routing protocols;

Summary

My background, while extensive, isn't traditional and believe me I know that.

After years working for the Blue team ( Cyber Security), I decided that is not enough. I wanted to find ways to contribute even more to organizations. This is why I jumped the fence and started studying and working for the Red team ( Penetration testers), as this allows me to be a Purple team member. Now I can do a penetration test on your infrastructure, do an educational phishing attack against your employees, after that sit with the IT and IS teams and do the Vulnerability, Patch and SIE management and after that stand in front of the Board of Directors and translate all that them in a way they understand. A true cultural changer that can work with any part of your organisation.

Languages

Bulgarian
Native
English
Advanced

Education

Oct 2006 - Jun 2012

Nikola Vaptsarov Naval Academy

Varna, Bulgaria

Certifications & licenses

ISO 27001 Lead Auditor

RINA

Certified Data Privacy Solutions Engineer (CDPSE)

ISACA

Offensive Security Certified Professional (OSCP)

Offensive Security

PCI DSS Certification Service Provider Level 2

PCI DSS Certification Merchant Level 4

PCI DSS Certification Service Provider Level 1

PCI DSS Certification Service Provider Level 1