Stefan Radushev - ISO27001 Certification

Recommended expert

Varna, Bulgaria

Experience

Nov 2024 - Nov 2024

1 month

Bulgaria

ISO27001 Certification

Subject Matter Expert for certification

Nov 2024 - Nov 2024

1 month

Bulgaria

ISO9001 Certification

Subject Matter Expert for certification

Oct 2024 - Present

1 year 4 months

Zug, Switzerland

Qualys-ServiceNow Integration

Integration between Qualys VMDR/CORE/PC/API and SNOW SecOps module
Build Qualys TruRisk process and integration with IRM system to help implement risk register

Feb 2024 - Nov 2024

10 months

France

DORA Audit, Consulting and Red Teaming Exercise of International Bank

Help with necessary steps for full DORA compliance

Feb 2024 - Oct 2024

9 months

NIS 2 Compliance Consulting of International Naval Port

Analysis of compliance against NIS 2

Nov 2023 - Nov 2023

1 month

Bulgaria

ISO27001 Certification

Subject Matter Expert for certification

Nov 2023 - Nov 2023

1 month

Bulgaria

ISO9001 Certification

Subject Matter Expert for certification

Sep 2023 - Oct 2023

2 months

United Kingdom

Penetration Testing Team Lead

Subject Matter Expert / Team lead for an extensive Penetration test for an international B2B software company

Jul 2023 - Jul 2024

1 year 1 month

Switzerland

Cyber Security Consultant

Galderma S.A.

Patch Management process and implementation Subject Matter Expert
Penetration testing Subject Matter Expert - define scope, create tender, support penetration testing teams, approve the reports and translate them to the C-Level management
Policy Compliance / Asset Inventory - hardening standard
Qualys and ServiceNow Vulnerability Response synchronization project - Phase 2
CyberArk (IAM/PAM) integration and roll-out Subject Matter Expert for certification
Cloud Security Architecture (Azure, AWS)
OT Networks Design and Implementation (Secure Factory Designs)
O365 Azure Security Center - server hardening
KnowB4 staff awareness training and phishing simulations
PhishER phishing email protection integration and configuration
Subject Matter Expert for Incident Response and Prevention

Jun 2023 - Sep 2023

4 months

Bulgaria

Qualys Policy Compliance (CIS)

Proof of Concept for a Bank of Qualys PC module for hardening use cases

Jan 2023 - Apr 2023

4 months

Penetration Testing Team Lead

Subject Matter Expert / Team lead for an extensive Penetration test for an international gaming company

Dec 2022 - Jan 2023

2 months

Bulgaria

NRA BG - Penetration Testers Training - Project Manager / Lead

Tailor made training for Bulgaria National Revenue Agency penetration testing team of 9 people

Oct 2022 - Jun 2023

9 months

Germany

Cyber Security Consultant

NTT DATA

vCISO consultant and Subject Matter Expert for Penetration testing services
Design and lead the Vulnerability Management transformation program for a big client in the construction field
Implement different roll-out strategies
Proof of Concept a vulnerability management solution - Qualys
Project Manager and Lead for a team of 10+ people
Create and implement custom dashboards, widgets and reports for the clients needs
Align and integrate the Vulnerability Management system (Qualys) with ServiceNow CMDB, NAC, SOAR and other solutions
Act as final level of support for troubleshooting or creating custom solutions in Qualys
Part of the Architecture board for the client

Jul 2022 - Aug 2022

2 months

United Kingdom

Penetration Testing Team Lead

Subject Matter Expert / Project Manager

May 2022 - Nov 2022

7 months

Switzerland

Security Awareness Training

Integrated Security Awareness tailor made for the different teams (Management, IT, Backoffice etc) following ISO standards

May 2022 - Nov 2022

7 months

Geneva, Switzerland

Security and Patch Management Consultant

International Committee of the Red Cross

Assessment and evaluation of the VM/PM processes against ISO27005
Architectural design of a new VM/PM processes following ISO27005
Process involving over 200 apps and different teams
Security VM and PM workshops
Hands-on implementation and configuration of a Vulnerability and PM system (Qualys)
Implementation of hardening standards and following them with policy compliance (Qualys)
Subject Matter Expert for SOC integration (SOAR Playbooks, policies, procedures, use cases)
Knowledge transfer
Lowering of the FTE needed for different teams to patch using semi-automation process

Jan 2022 - Jun 2022

6 months

PKI Management

Design, build, deployment and knowledge transfer of enterprise PKI systems

Oct 2021 - Nov 2021

2 months

United Kingdom

Black/Gray Box Pen. Testing

Team lead / Project Manager for the test

Jun 2021 - Jun 2022

1 year 1 month

France

Cyber Security Consultant

AXA Operational Resilience

Part of Operational Resilience team responsible for the whole AXA entity
DDoS topic Subject-Matter Expert
DDoS Protection Assessment on 50+ entities
Reviewing DDoS protections technologies - Volumetric and Application layers
XDR - fast isolation and recovery use cases
Attack case scenarios creation - Ransomware, DDoS, Data leakage, etc.
Red Button creation use case creation following ISO standards

Dec 2020 - Present

5 years 2 months

Bulgaria

Vulnerability Management

Fraport Bulgaria

Vulnerability Management - architecture, integration and MSSP services with Qualys

Nov 2020 - Dec 2020

2 months

Bulgaria

Penetration Testers Training

BG National Revenue Agency

Training the NRA penetration testers team in OWASP TOP 10 / MITRE techniques

Nov 2020 - Nov 2020

1 month

London, United Kingdom

Penetration Test - Datacenter

Fin-tech company

Oct 2020 - Jan 2022

1 year 4 months

Switzerland

Cyber Security Consultant

Galderma S.A.

Zscaler Administration
IAM system tender and architecture - CyberArk
New Vulnerability Architecture - Qualys
Policy Compliance / Asset Inventory - hardening standard
Security Awareness program - KB4/PhishER
ServiceNow Vulnerability Response and Qualys integration - Architecture and documentation (Phase 1)
SecureWorks XDR Taegis (RedCloak) - tender, Proof of Concept, deployment and administration
XDR SOC - Workflows, RACI, Runbooks creation
O365 Azure Security Center - server hardening
Network Security Architecture Subject Matter Expert
Cloud Security Architecture (Azure, AWS)

Oct 2020 - Apr 2021

7 months

Switzerland

Qualys VMDR

M&A - New Datacenter Architecture, implementation and staff training

Sep 2020 - May 2021

9 months

United Kingdom

PCI CPoC - Tap to Phone

Solution architecture, cryptographic solutions management and certification documentation

Aug 2020 - Jan 2021

6 months

ISO 27001 Compliance

Leading (Project Management) the certification process and preparing the company for the certification cycle

Jun 2020 - Mar 2021

10 months

United Kingdom

Nessus/Tenable Vuln. Management

Architecture and management of more than 10k assets with Nessus/Tenable
Integration with existing OP processes
Onboarding new teams in the process - DevOps, Digital Marketing

May 2020 - Oct 2020

6 months

United Kingdom

DDoS Protection Integration

Tender, integration and testing of L4 and L7 protections for a Fin-Tech client

May 2020 - Sep 2020

5 months

Bulgaria

EDR Implementation Project

Replacing old AV solution with EDR one

Jan 2020 - Dec 2020

1 year

United Kingdom

Qualys VMDR

Tender, architecture, integration and management of Qualys VMDR platform

Jan 2020 - Aug 2020

8 months

London, United Kingdom

Penetration Test - Banking Web Application

Fin-tech company

Nov 2019 - Oct 2020

1 year

London, United Kingdom

PCI SPoC - Pin on Glass

Never seen on the market PoS software

Sep 2019 - Present

6 years 5 months

Bulgaria

Cyber Security / Penetration Testing Consultant

3Cyber-Sec Ltd.

Build comprehensive Penetration testing customers scenarios for compliance frameworks (SANS Top 25, OWASP Top 10, NIST)
Plan and execute Penetration tests services and Red team Exercises
Develop technical and executive reports
Present business oriented findings at front of customers executives
Assists customers remediation process
Project Management for Cyber Security
Static Code Analysis
SQLi, XSS, Overflows, DLL-Hijacking
Vulnerability management - (Nessus/Tenable, Qualys)
Wi-Fi testing

Sep 2019 - Oct 2020

1 year 2 months

Bulgaria

Cyber Security Consultant

myPOS AD

Lead PCI DSS Level 1 certification - Project Management and Subject Matter Expert
Implement security measures following the new SPoC standard
IDS solutions implementation (Kibana, Suricata, Splunk)
HSM devices configuration, administration and PKI management (SafeNet)
POSIX security architecture and hardening
Remote office implementation and administration - IDaaS (F5 Big-IP)
Secure email gateway - Proof of Concept and implementation (Proofpoint)
Vulnerability Architecture and implementation into the CI/CD pipeline (Qualys VMDR)
SIEM and EDR tender and implementation
Created Staff Awareness program - KnowBe4
Phishing prevention - Proofpoint
Implementation of ISO27001/2 security principles

Sep 2019 - Nov 2019

3 months

Sofia, Bulgaria

Penetration Testing Consultant

Fin-Tech company

External penetration test on the network infrastructure, Exchange servers, web servers, web applications, blog and more
Used tools including Recon-ng, Maltego, Burp, Dirbuster, Nessus/Tenable, sqlmap, XPath, XXE, XSS, File Inclusion, Fuzzing, DLL-Hijacking, Buffer Overflow, Metasploit, NMap, crackmapexec, BloodHound, Kerberoast
Bash/Python scripting

Jan 2019 - Dec 2020

2 years

London, United Kingdom

PCI DSS Level 1 Service Provider

Financial sector

Jan 2019 - Dec 2019

1 year

Bulgaria

PCI DSS Certification Service Provider Level 2

Jan 2019 - Dec 2019

1 year

London, United Kingdom

Qualys VM Integration

Tender, integration and management of Qualys VM platform

Jan 2019 - Dec 2019

1 year

Bulgaria

Swift Security Program

Jan 2018 - Dec 2018

1 year

Bulgaria

PCI DSS Certification Merchant Level 4

Jan 2018 - Dec 2018

1 year

Bulgaria

PCI DSS Certification Service Provider Level 1

Jan 2018 - Dec 2018

1 year

Bulgaria

Qualys VM Web Application

Integration and automation of Qualys WAS for a fin-tech company

Jan 2017 - Dec 2017

1 year

Bulgaria

PCI DSS Certification Service Provider Level 1

Jan 2017 - Dec 2017

1 year

Bulgaria

Qualys VM Integration

Tender, integration and management of Qualys VM platform

Dec 2016 - Mar 2019

2 years 4 months

Varna, Bulgaria

Information Security Officer

iCard AD

Directing and approving the security designs of systems, applications, ATMs and PoS devices - hardware and SaaS, HSMs (SafeNet), mobile applications/ API
Conducting Vulnerability, SIE, Patch, AV management, log analysis (splunk, ELK) and Firewall rules review
Involved in the process of testing and approving the security systems - SIEM, AV, DLP, VM, IDP/IPS, OTP, web application firewalls
Participate in the integration projects for the major card schemes - Visa, Master Card, JCB, UnionPay, AMEX, Bancontact and more
Reviewing and approving security policies, controls and cyber incident response planning
Ensuring compliance with the changing laws and applicable regulations (PCI-DSS, Cyber Security Act)
Overseeing identity, access, BYOD, IoT, PKI management
Ensuring that disaster recovery and business continuity plans are in place and tested
Conducting Internal Penetration tests on the networks, servers, web applications, etc
Employee Information security and Anti-Phishing training and communicating best practices and risks to all parts of the business

Sep 2015 - Apr 2016

8 months

Varna, Bulgaria

Corporate Administrator

iCard AD

Evaluating network performance issues including availability, utilization, throughput, and latency
Planning and executing the selection, installation, configuration, and testing of equipment; defining network policies and procedures; establishing connections and firewalls
Securing network by developing network access, monitoring, control, and evaluation; maintaining documentation
Upgrades network by conferring with vendors; developing, testing, evaluating, and installing enhancements
Creating, installing and managing Virtual Machines on Hyper-V and VMWare
Worked and troubleshoot Microsoft Active Directory, Microsoft DHCP and DNS servers, Windows Server 2007 R2, Windows Server 2008 R1/R2, Windows Server 2012 R1/R2
Worked with Linux servers – Debian and Ubuntu
Installed, configured and maintained network equipment – switches, routers, access points from Cisco and Fortinet
Installed and worked with VoIP servers and VoIP phones – FortiVoice, Freeswitch (FusionPBX) and Cisco Call Manager
Bash scripting
Installed and maintained monitoring

Jul 2012 - Present

13 years 7 months

Bulgaria

IT & Cyber Security Consultant / Data Protection Officer

Stargate Maritime Ltd.

Office 365 Administration (SaaS)
Reporting directly to CEO
Migration of IaaS (email and storage servers) to Office 365
Network segmentation - External, DMZ, Internal
Upgrading, installing and troubleshooting networks, networking hardware devices and software
Analysing workflow, access, information, and security requirements for in-house software
Preparing users by designing and conducting training programs providing references and support
Act as point of contact with EU residents, supervisory authorities and internal teams
Identify and evaluate the company’s data processing activities
Provide advice and instructions on how to conduct Data Protection Impact Assessments (DPIAs)
Monitor data management procedures and compliance within the company
Participate in meetings with managers to ensure privacy by design at all levels
Maintain records of processing operations
Address all queries from data subjects within legal timeframes
Liaise with other organisations that process data on company behalf
Write and update detailed guides on data protection policies
Perform audits and determine whether we need to alter our procedures to comply with regulations
Offer consultation on how to deal with privacy breaches
Arrange for training on GDPR compliance for employees
Follow up with changes in law and issue recommendations to ensure compliance

Feb 2011 - Sep 2015

4 years 8 months

Varna, Bulgaria

Level 2 Network Administrator

TCV AD

Serving as the security officer for the network
Recommending and scheduling repairs to the LAN/WAN
Upgrading, installing and troubleshooting networks, networking hardware devices and software
Establishing network specifications by conferring with users
Analysing workflow, access, information, and security requirements
Designing router administration, including interface configuration and routing protocols

Summary

My background, while extensive, isn't traditional and believe me I know that.

After years working for the Blue team (Cyber Security), I decided that is not enough. I wanted to find ways to contribute even more to organizations. This is why I jumped the fence and started studying and working for the Red team (Penetration testers), as this allows me to be a Purple team member.

Now I can do a penetration test on your infrastructure, do an educational phishing attack against your employees, after that sit with the IT and IS teams and do the Vulnerability, Patch and SIE management and after that stand in front of the Board of Directors and translate all that them in a way they understand. A true cultural changer that can work with any part of your organisation.