FRATCH
Go to website Request project

Stefan Radushev

Cyber Security Consultant

Stefan Radushev
 Varna, Bulgaria

Experience

Jul 2023 - Jul 2024
1 year 1 month
Switzerland

Cyber Security Consultant

Galderma S.A Switzerland

  • Patch Management process and implementation SME
  • Penetration testing SME - define scope, create tender, support pen testing teams, approve the reports and translate them to the CLevel management
  • Policy Compliance / Asset Inventory - hardening standard
  • Qualys and ServiceNow Vuln. Response synchronization project Phase 2
  • CyberArk IAM/PAM integration and roll-our
  • Cloud Security Architecture Azure, AWS
  • OT Networks Design and Implementation Secure Factory Designs
  • O365 Azure Security Center - server hardening
  • KnowB4 staff awareness training and phishing simulations
  • PhishER phishing email protection integration and configuration
  • SME for Incident Response and Prevention
Oct 2022 - Jun 2023
9 months
Germany

Cyber Security Consultant

NTT DATA

  • Design and lead the Vulnerability Management transformation program for a big client in the construction field
  • Implement different roll-our strategies
  • PoC a vulnerability management solution Qualys
  • Project Manager and Lead for a team of 10 people
  • Create and implement custom dashboards, widgets and reports for the clients needs
  • Align and integrate the Vulnerability Management system Qualys with ServiceNow CMDB, NAC, SOAR and other solutions
  • Act as final level of support for troubleshooting or creating custom solutions in Qualys
  • Part of the Architecture board for the client
May 2022 - Nov 2022
7 months
Switzerland

Security and Patch Management Consultant

International Committee of the Red Cross

  • Assessment and evaluation of the VM/PM processes against ISO27005
  • Architectural design of a new VM/PM processes following ISO27005
  • Process involving over 200 apps and different teams
  • Security VM and PM workshops
  • Hands-on implementation and configuration of a Vulnerability and PM system(Qualys)
  • Implementation of hardening standards and following them with policy compliance(Qualys)
  • SME for SOC integration SOAR Playbooks, policies, procedures, use cases
  • Knowledge transfer
  • Lowering of the FTE needed for different teams to patch using semi-automation process
Jun 2021 - Jun 2022
1 year 1 month
France

Cyber Security Consultant

AXA Operational Resilience

  • Part of Operational Resilience team responsible for the whole AXA entity
  • DDoS topic Subject-Matter Expert
  • DDoS Protection Assessment on 50 entities
  • Reviewing DDoS protections technologies Volumetric and Application layers
  • XDR fast isolation and recovery use cases
  • Attack case scenarios creation Ransomware, DDoS, Data leakage, etc
  • Red Button creation use case creation following ISO standards
Oct 2020 - Jan 2022
1 year 4 months
Switzerland

Cyber Security Consultant

Galderma S.A Switzerland

  • Zscaler Administration
  • IAM system tender and architecture CyberArk
  • New Vulnerability Architecture Qualys
  • Policy Compliance / Asset Inventory - hardening standard
  • Security Awareness program KB4/PhishER
  • ServiceNow Vulnerability Response and Qualys integration Architecture and documentation Phase1
  • SecureWorks XDR Taegis RedCloak - tender, PoC, deployment and administration
  • XDR SOC - Workflows, RACI, Runbooks creation
  • O365 Azure Security Center - server hardening
  • Network Security Architecture SME
  • Cloud Security Architecture Azure, AWS
Sep 2019 - Present
5 years 6 months
Bulgaria

Cyber Security / Penetration Testing Consultant

3Cyber-Sec Ltd.

  • Cybersecurity and Penetration testing services for the Marine sector
  • Build comprehensive Penetration testing customers scenarios for compliance frameworks SANS Top 25, OWASP Top 10, NIST
  • Plan and execute Penetration tests services and Red team Exercises
  • Develop technical and executive reports
  • Present business oriented findings at front of customers executives
  • Assists customers remediation process
  • Project Management for Cyber Security
  • Static Code Analysis
  • SQLi, XSS, Overflows, DLLHijacking
  • Vulnerability management - Nessus/Tenable, Qualys
  • Wi-Fi testing
Sep 2019 - Oct 2020
1 year 2 months
Bulgaria

Cyber Security Consultant

myPOS AD

  • CyberSecurity and Penetration testing services
  • Lead PCI DSS Level 1 certification - Project Management and SME
  • Implement security measures following the new SPoC standard
  • IDS solutions implementation Kibana, Suricata, Splunk
  • HSM devices configuration, administration and PKI management(SafeNet)
  • POSIX security architecture and hardening
  • Remote office implementation and administration IDaaS F5 Big-IP
  • Secure email gateway PoC and implementation Proofpoint
  • Vulnerability Architecture and implementation into the CI/CD pipeline
  • Qualys VMDR
  • SIEM and EDR tender and implementation
  • Created Staff Awaness program KnowBe4
  • Phishing prevention Proofpoint
  • Implementation of ISO27001/2 security principles
Sep 2019 - Nov 2019
3 months
Bulgaria

Penetration Testing Consultant

External penetration test on the network infrastructure, Exchange servers, web servers, web applications, blog and more.

Recon-ng, Maltego, Burp, Dirbuster, Nessus/Tenable, sqlmap, XPath, XXE, XSS, File Inclusion, Fuzzing, DLLHijacking, Buffer Overflow, Metasploit, NMap, crackmapexec, BloodHound, Kerberoast

Bash/Python scripting

Oct 2017 - Present
7 years 5 months
Bulgaria

Data Protection Officer

Stargate Maritime LTD

  • Act as point of contact with EU residents, supervisory authorities and internal teams
  • Identify and evaluate the company's data processing activities
  • Provide advice and instructions on how to conduct Data Protection Impact Assessments DPIAs
  • Monitor data management procedures and compliance within the company
  • Participate in meetings with managers to ensure privacy by design at all levels
  • Maintain records of processing operations
  • Address all queries from data subjects within legal timeframes
  • Liaise with other organisations that process data on company behalf
  • Write and update detailed guides on data protection policies
  • Perform audits and determine whether we need to alter our procedures to comply with regulations
  • Offer consultation on how to deal with privacy breaches
  • Arrange for training on GDPR compliance for employees
  • Follow up with changes in law and issue recommendations to ensure compliance
Dec 2016 - Mar 2019
2 years 4 months
Bulgaria

Information Security Officer

iCard AD

  • Directing and approving the security designs of systems, applications, ATMs and PoS devices - hardware and SaaS, HSMs SafeNet, mobile applications/API
  • Conducting Vulnerability, SIE, Patch, AV management, log analysis (splunk, ELK and Firewall rules review
  • Involved in the process of testing and approving the security systems SIEM, AV, DLP, VM, IDP/IPS, OTP, web application firewalls
  • Participate in the integration projects for the major card schemes Visa, Master Card, JCB, UnionPay, AMEX, Bancontact and more
  • Reviewing and approving security policies, controls and cyber incident response planning
  • Ensuring compliance with the changing laws and applicable regulations PCIDSS, Cyber Security Act
  • Overseeing identity, access, BYOD, IoT, PKI management
  • Ensuring that disaster recovery and business continuity plans are in place and tested
  • Conducting Internal Penetration tests on the networks, servers, web applications, etc
  • Employee Information security and Anti-Phishing training and communicating best practices and risks to all parts of the business
Sep 2015 - Apr 2016
8 months
Bulgaria

Corporate Administrator

iCard AD

  • Evaluating network performance issues including availability, utilization, throughput, and latency
  • Planning and executing the selection, installation, configuration, and testing of equipment; defining network policies and procedures; establishing connections and firewalls
  • Securing network by developing network access, monitoring, control, and evaluation; maintaining documentation
  • Upgrades network by conferring with vendors; developing, testing, evaluating, and installing enhancements
  • Creating, installing and managing Virtual Machines on Hyper-V and VMWare
  • Worked and troubleshoot Microsoft Active Directory, Microsoft DHCP and DNS servers, Windows Server 2007 R2, Windows Server 2008 R1/R2, Windows Server 2012 R1/R2
  • Worked with Linux servers Debian and Ubuntu
  • Installed, configured and maintained network equipment – switches, routers, access points from Cisco and Fortinet
  • Installed and worked with VoIP servers and VoIP phones – FortiVoice, Freeswitch FusionPBX and Cisco Call Manager
  • Bash scripting
  • Installed and maintained monitoring
Jul 2012 - Present
12 years 8 months

IT & Cyber Security Consultant

Stargate Maritime LTD

  • Office 365 Administration SaaS
  • Reporting directly to CEO
  • Migration of IaaS email and storage servers to Office 365
  • Network segmentation External, DMZ, Internal
  • Upgrading, installing and troubleshooting networks, networking hardware devices and software
  • Analysing workflow, access, information, and security requirements for in-house software
  • Preparing users by designing and conducting training programs providing references and support
Feb 2011 - Sep 2015
4 years 8 months
Bulgaria

Level 2 Network Administrator

TCV AD

  • Serving as the security officer for the network
  • Recommending and scheduling repairs to the LAN/WAN
  • Upgrading, installing and troubleshooting networks, networking hardware devices and software
  • Establishing network specifications by conferring with users
  • Analysing workflow, access, information, and security requirements
  • Designing router administration, including interface configuration and routing protocols

Summary

My background, while extensive, isn't traditional and believe me I know that. After years working for the Blue team (Cyber Security), I decided that is not enough. I wanted to find ways to contribute even more to organizations. This is why I jumped the fence and started studying and working for the Red team (Penetration testers), as this allows me to be a Purple team member. Now I can do a penetration test on your infrastructure, do an educational phishing attack against your employees, after that sit with the IT and IS teams and do the Vulnerability, Patch and SIE management and after that stand in front of the Board of Directors and translate all that them in a way they understand. A true cultural changer that can work with any part of your organisation. MY LIFE PHILOSOPHY The wolf has a thick neck, because he does his job on his own. Bulgarian proverb

Languages

Bulgarian
Native
English
Native

Education

Oct 2006 - Jun 2012

Nikola Vaptsarov Naval Academy

Navigation · Varna, Bulgaria

Certifications & licenses

ISO 27001 Lead Auditor

RINA

Certified Data Privacy Solutions Engineer

ISACA

Web Application Scanning

Qualys Inc.

Patch Management

Qualys Inc.

Policy Compliance

Qualys Inc.

Vulnerability Management Detection & Response

Qualys Inc.

Offensive Security Certified Professional

Offensive Security

Similar Freelancers

Verified Expert
Valeri Milke

Senior IT Security & Compliance CISO ISO 27001 TISAX NIS2 DORA AI Act CRA BSI IT-Grundschutz Penetration Testing ISMS BCM

View Profile
Verified Expert
Pierre Gronau

IT Security and IT Compliance Consultant

View Profile
Verified Expert
Markus Willems

ISMS Implementation Consultant

View Profile
Verified Expert
Christian Fritsch

IT-Komplettlösungen

View Profile
Verified Expert
Sascha Leitner

DORA Senior Lead Manager

View Profile
Verified Expert
Patrick Upmann

Business Consulting | Project Management for Data Strategy, Data Governance, Artificial Intelligence & Information Security

View Profile
Verified Expert
Björn Bausch

External Data Protection Officer, Project Manager EU-GDPR

View Profile
Verified Expert
Christine Schmitt

Cybersecurity | IEC 62443 | GRC | IT/OT Project Management

View Profile
Verified Expert
Christian Decker

Managing Director and Senior Consultant

View Profile
Verified Expert
Christian Heutger

Lead Auditor

View Profile
Verified Expert
Thomas Bössl

Consultant

View Profile
Verified Expert
Matthias Steinmann

ISO/IEC 27001 Lead Auditor, CEH, PMP, Datenschutz

View Profile
Verified Expert
Gilbert Lintner

Cyber Security Expert, SOC Manager, CISO

View Profile
Verified Expert
Hakan Kücük

It-management & Administration

View Profile
Verified Expert
David Bleyer

Koordinator Für Datenschutz, Sicherheit Und IT-Sicherheit, BSI Grundschutz Praktiker, FIAE

View Profile
English
Website Projects Sign in Sign up Imprint Terms and Conditions Privacy Policy
Powered by FRATCH.IO GmbH