Download PDF

Summary

  • Deep technical and managerial competence, skills, experience, and credibility to design, engineer, implement and manage overall information security program to protect organisations from growing sophisticated attacks.
  • Last 12 years information security and first 8 years data networking experience
  • Bachelor’s degree in Electronics and Communication Engineering
  • Industry recognised security certifications: CISSP, CSSLP, CEH, CWSP, CCSP and more
  • Familiar with security technologies (SIEM, Firewall, IPS, VPN, DDOS Protection, WAF, SSL Inspection, DDI, MFA, APT Protection, Advanced Malware Protection, Secure Web Gateway, Secure e-mail gateway, Endpoint Detection and Response, Security Analytics, Vulnerability Assessment and Pen-test tools)
  • Familiar with common security standards (NIST, FIPS, ISO 27000 Series, PCI-DSS)
  • Familiar with Regulations, Privacy and Compliance (HIPAA, GDPR)
  • Familiar with Software Development (Waterfall, Iterative, Spiral, Agile) and Assurance (Socratic, Six Sigma, CMMI, OCTAVE, STRIDE and DREAD, OSSTMM, FHM) Methodologies

Work History

Jun 2016Present

Information Security Manager

Destel | Istanbul | www.destel.com.tr
  • Defining technological roadmap according to IT security trends and market business demand
  • Building verified security architecture with components that cover different attack vectors including Firewall, DDOS protection, IPS, Secure Content Gateway, SIEM, WAF, DLP, NAC, EDR, Security Analytics
  • Partnering with the customers in the translation of business requirements into the security strategy
  • Consulting the customers to build Security Operation Center and develop incident response capabilities
  • As principal security architect, to verify suggested final security architecture and solution for customers
  • Managing partnership relations with security vendors including Fortinet, Splunk, Cisco, Arbor Networks, F5 Networks, Gigamon, CyberArk and Tufin
  • Continuous improvement of IT security support services, evaluate and optimize security monitoring, incident reporting, and incident response to enhance customer relationships
  • Managing Security, Operations Intelligence and Support teams that about 10 security consultant and 2 software developers
  • Establishes goals and objectives for team performance and manages attainment of those goals
  • Anticipating gaps in staff member skills and planning appropriate compensating skill development
Dec 2014Apr 2016

Information Security Consultant - Freelancer

Lynos Technology | Istanbul | www.lynos.com
  • Guidance to customers for compliance requirements for local privacy laws and industry-specific regulations like as PCI-DSS and ISO 27000 Series
  • Collaborating with the customers in the definition and implementation of information security policies, strategies, procedures and configurations to ensure the confidentiality, integrity and availability of customers’ environment and data
  • Performing risk assessments of IT systems and infrastructure, develop appropriate risk treatment and mitigation options, and effectively articulate findings and recommendations to customers.
  • Evaluate network architecture risks, firewall, VPN, IPS architecture practices, and network vulnerabilities for hardening security configurations
Oct 2009Oct 2014

Information Security Manager

Netas | Istanbul | www.netas.com.tr
  • Managing IT security consultancy team that has 5 engineer member and supporting presales activities
  • Provide guidance to account teams for building solutions to address specific customer security needs
  • Understand business requirements for customer and translate them into technical requirements
  • Perform in-depth and high-level technical presentations for customers
  • Consulting to Telecom operators for offer new value added MSSP services (Three DDOS protection project was completed with Arbor Networks telco grade products)
  • Managing partnership relations with security vendors including Cisco, Arbor Networks, Thales, Check Point, Palo Alto Networks, Blue Coat, Symantec, FireEye, F5 Networks, Trend Micro and Websense
  • Work with technology experts to help them position right security solutions effectively against competing offerings and architecting secure network infrastructure design for turn-key complex projects
  • Drive identified major account opportunities (technical consulting, upper-level management presentations) while allowing local account team to maintain long-term ownership
  • Consulting to internal R&D Security Group responsible all product security including secure software development lifecycle, application security, security testing, security architecture review, threat modeling
May 2006Aug 2009

Information Security Architect

Coca-Cola | Istanbul | www.cci.com.tr
  • Providing direction and leadership for all Information Security architecture and technology
  • Build security roadmaps detailing strategy, budget and ROI benefits that meet the target state architecture and business needs
  • Applying security governance principles and managing IT security and regulatory compliance program
  • Developing strategic, tactical and operational security plans and managing of security investments
  • Developing and maintaining information security policy, standards, guidelines, frameworks and supporting processes to ensure the IT security program is aligned with organisational goals
  • Managing IT Security and Network infrastructure operations
  • Developing business continuity plan (BCP) and disaster recovery plans (DRP)
  • Managing internal and external audits and reviewing network vulnerability scan reports for risks, making remediation recommendations and taking actions to configure network security systems
  • Promote and develop security awareness programs
Jun 2005May 2006

Information Security Engineer

Turkcell | Istanbul | www.turkcell.com.tr
  • Managing daily security operation of Firewall, IPS, WAF, VPN, DDOS protection, authentication systems and maintaining and monitoring existing controls as one of senior member of security operations team
  • Defining firewall and VPN policy standards and IPS blocking policies, reviewing firewall/IDS logs and firewall/IDS log monitoring reports for malicious activity or incidents, generating firewall policy reports, identifying outdated policies and making risk recommendations
  • Evaluate security risks for various change requests coming out of ever changing business needs; considering the risks which could be introduced, the existing security controls
  • Monitoring and analysing threat trends to ensure security architecture and protection mechanisms address potential vulnerabilities
  • Provide technical solutions to mitigate the vulnerabilities identified during vulnerability analysis
  • Serve as a security expert in application development, network or operating system efforts, helping project teams comply with information security policies, industry regulations, and best practices
  • Perform information security incident response, resolution and investigations and keeping senior management apprised of the status of information security issues and initiatives
Feb 2003Jun 2005

Network and Security Engineer

IBM | Istanbul | www.ibm.com.tr
  • Identify initial high-level design, choosing correct products and solutions for customer needs 

  • Presenting solution proposal to the customers and project management at implementation.
  • Technical account management, bid management and coordination vendor relationship

Education

19911996

Electronics and Communications Engineering, BSc                   

Istanbul Technical University | Istanbul | www.itu.edu.tr

Faculty of Electrical and Electronics Engineering

Certifications

  • Certified Secure Software Lifecycle Professional (CSSLP) | 2017 | 505432 | (ISC)2
  • Certified Information Systems Security Professional (CISSP) | 2017 | 505432 | (ISC)2
  • Advanced Security Architecture for AM | 2017 | Cisco Systems
  • Accredited Configuration Engineer (ACE) | 2014 | Palo Alto Networks
  • F5 Accredited Security Sales Professional | 2014 | F5 Networks
  • Security Analytics Platform - SE Accreditation | 2014 | Blue Coat Systems
  • Check Point Partner Sales Certification |2014 | Check Point Software Technologies
  • Certified Wireless Security Professional (CWSP) | 2007 | CWNP396459
  • Certified Ethical Hacker (CEH) | 2006 | ECC916327
  • Cisco Certified Security Professional (CCSP) | 2004 | CSCO10347870
  • Cisco Firewall Specialist (CQS-CFS) | 2004 | CSCO10347870
  • Cisco IDS Specialist (CQS-IDSS) |2004 | CSCO10347870
  • Cisco VPN Specialist (CQS-VPNS) | 2004 | CSCO10347870
  • Cisco Certified Network Professional (CCNP) | 2002 | CSCO10347870
  • Cisco Certified Network Associate (CCNA) | 2001 | CSCO10347870