Download PDF

Summary

  • BSc degree in Electronics and Communication Engineering from one of the Turkey's most reputable university
  • Last 12 years IT Security and first 8 years Network experience
  • Experienced from global companies (IBM, Coca-Cola, Alcatel-Lucent)
  • Industry recognised security certifications (CISSP, CSSLP, CEH etc)
  • Deep technical and managerial competence, skills, experience, to design, implement and manage overall information security program to protect organisations from growing sophisticated attacks
  • Familiar with security standards (NIST, FIPS, ISO 27000 Series, PCI-DSS)
  • Familiar with Regulations, Privacy, and Compliance (HIPAA, GDPR)
  • Familiar with Software Development (Waterfall, Iterative, Spiral, Agile) and Assurance (Socratic, Six Sigma, CMMI, OCTAVE, STRIDE and DREAD, OSSTMM, FHM) Methodologies
  • Familiar with Enterprise Application and Security Frameworks (Zachman, COBIT, COSO, SABSA, OWASP)
  • Familiar with security technologies (SIEM, Firewall, IPS, VPN, DDOS, WAF, SSL Inspection, DDI, MFA, Advanced Malware Protection, Secure Web/E-mail Gateway, Security Analytics, Vulnerability Assessment)
  • Familiar with basic software development and scripting
  • Familiar with Cloud services and platforms (AWS, Google Cloud)

Work History

Dec 2014Present

Information Security Manager

Destel IT Solutions Inc
  • Building verified security architecture with components that cover different attack vectors including Firewall, DDOS protection, IPS, Secure Content Gateway, DDI, SIEM, WAF, DLP, NAC, EDR, Security Analytics
  • Partnering with the customers in the translation of business requirements into the security strategy and architecture
  • Guidance to customers for compliance requirements for local privacy and industry-specific regulations like as PCI-DSS and ISO 27000 Series
  • Collaborating with the customers in the definition and implementation of information security policies, strategies, procedures and configurations to ensure the confidentiality, integrity and availability of the customers’ environment and data
  • Performing risk assessments of information systems and infrastructure, develop appropriate risk treatment and mitigation options, and effectively articulate findings and recommendations to customers
  • Evaluate network architecture risks and network vulnerabilities for hardening security configurations
  • Consulting the customers to build their Security Operation Centers (SOC) and develop incident response capabilities
  • As principal security architect, to verify suggested final security architecture and solution for customers
  • Managing partnership relations with security vendors including Fortinet, Splunk, Cisco, Arbor Networks, F5 Networks, Gigamon, CyberArk and Tufin
  • Continuous improvement of IT security support services, evaluate and optimize security monitoring, incident reporting, and incident response to enhance customer relationships
  • Managing Security, Operations Intelligence and Support teams that about 10 security consultant and 2 software developers
Oct 2009Oct 2014

Information Security Manager

Nortel Networks Netas Telecommunication Inc
  • Managing IT security consultancy team that has 5 engineer member and supporting presales activities
  • Provide guidance to account teams for building solutions to address specific customer security needs
  • Understand business requirements for customer and translate them into technical requirements
  • Perform in-depth and high-level technical presentations for customers
  • Consulting to Telecom operators for offer new value added MSSP services (Three DDOS protection project was completed with Arbor Networks telco grade products)
  • Managing partnership relations with security vendors including Cisco, Arbor Networks, Thales, Check Point, Palo Alto Networks, Blue Coat, Symantec, FireEye, F5 Networks, Trend Micro and Websense
  • Work with technology experts to help them position right security solutions effectively against competing offerings and architecting secure network infrastructure design for turn-key complex projects
  • Drive identified major account opportunities (technical consulting, upper-level management presentations) while allowing local account team to maintain long-term ownership
  • Consulting to internal R&D Security Group responsible all product security including secure software development lifecycle, application security, security testing, security architecture review, threat modeling
May 2006Aug 2009

Information Security Architect

Coca-Cola Turkey Inc.
  • Providing direction and leadership for all Information Security architecture and technology
  • Build security roadmaps detailing strategy, budget and ROI benefits that meet the target state architecture and business needs
  • Applying security governance principles and managing IT security and regulatory compliance program
  • Developing strategic, tactical and operational security plans and managing of security investments
  • Developing and maintaining information security policy, standards, guidelines, frameworks and supporting processes to ensure the IT security program is aligned with organisational goals
  • Managing IT Security and Network infrastructure operations
  • Developing business continuity plan (BCP) and disaster recovery plans (DRP)
  • Managing internal and external audits and reviewing network vulnerability scan reports for risks, making remediation recommendations and taking actions to configure security systems
  • Promote and develop security awareness programs
Jun 2005May 2006

Information Security Engineer

Turkcell Telecommunication Services Inc.
  • Managing daily security operation of Firewall, IPS, WAF, VPN, DDOS protection, authentication systems and maintaining and monitoring existing controls as one of senior member of security operations team
  • Defining firewall and VPN policy standards and IPS blocking policies, reviewing firewall/IDS logs and firewall/IDS log monitoring reports for malicious activity or incidents, generating firewall policy reports, identifying outdated policies and making risk recommendations
  • Evaluate security risks for various change requests coming out of ever changing business needs; considering the risks which could be introduced, the existing security controls
  • Monitoring and analysing threat trends to ensure security architecture and protection mechanisms address potential vulnerabilities
  • Provide technical solutions to mitigate the vulnerabilities identified during vulnerability analysis
  • Serve as a security expert in application development, network or operating system efforts, helping project teams comply with information security policies, industry regulations, and best practices
  • Perform information security incident response, resolution and investigations and keeping senior management apprised of the status of information security issues and initiatives
Feb 2003Jun 2005

Network and Security Engineer

International Business Machines (IBM)
  • Identify initial high-level design, choosing correct products and solutions for customer needs 

  • Presenting solution proposal to the customers and project management at implementation.
  • Technical account management, bid management and coordination vendor relationship