Download PDF

Summary

Computer Security Engineer by Universidad TecMilenio (México) since 2011 and graduated as MSc Cyber Security in University of Birmingham on 2016. I have been working in the computer security field since 2009 in Alestra, a telecom company based in Monterrey, México. Currently working and living in Monterrey, México.

Work experience

2009Present

Sr. Cybersecurity Consultant

Alestra/Axtel

On Alestra/Axtel I have played several roles in the Information Security Area. During my experience in I have lead and participated in the processes of Security Awareness, Risk Management, Business Continuity, Access Control, Security Audit, Incident Handling, Vulnerability Management and Cybersecurity. Currently, I am leading the Company's internal SOC.

Some of the activities I have been part of:

  • Business Continuity:
    • Direct participation in the development and update of BIA and its related documents, as well as managing and developing the disaster recovery and business continuity plans (BCP/DRP), from the governance point of view.
  • Information Security Awareness
    • Being responsible for the material development, its distribution and the overall participation of employees. Also, train special teams in more specific matters, as incident handling, business continuity, internal auditors, etc.
  • Risk Management:
    • During a couple of years, I was responsible for the overall Risk Management process, from the process documentation and update, the risk identification, assessment, treatment and documentation. During this time, I was given the opportunity to redesign the process in order to make it more efficient and easier to implement for more teams and projects on the company.
  • Development and maintenance of Baselines, Policies, and procedures
    • Development and update of security related guidelines, baselines, procedures, policies and standards for the organization, taking into account the contractual, legal and organizational requirements.
  • Vulnerability Management and Technical Compliance
    • My experience on this area contemplates the whole spectrum of the process, from the definition of the requirements, vulnerability and deviation identification, analysis, prioritization, measurement and validation once they were addressed.
  • Operation under ISO 27001 annual program
    • Operation of the different processes and activities under the scope of an ISO27001 Certified ISMS as well as maintaining different key documents for the ISMS as the SOA (Statement of Applicability) and Information Security Manual.
  • ISO 27001, 20000 and 9000 Internal Audits
    • Participating as part of the internal audits special team.
  • Logical Access Control
    • Responsible for the Logical Access Control Process from 2013 until 2015. The activities included the development and review of access control policies, as well as the maintenance and operation of the companies internal IAM (Identity and Access Management) System.
  • Project Management
    • Being responsible for security architecture projects and implementations.
  • Incident Handling and Response
    • As part of the Incident Response Team, and the Blue Team of the organization.
  • Management of security appliances and applications (VPN, APT, AV, SIEM, FW, IDS/IPS, etc).
    • From 2017, leading the internal security operations team, having the responsibility over the correct operation of the different information security solutions deployed on the organization.
    • During this time, one key goal has been to increase the overall maturity level of the team.
20152015

Instructor for CRISC Certification (UK)

Knowledge Academy

Instructor for the ISACA's CRISC Certification in UK.

2017Present

Instructor for the CISSP Certification

Independent

Instructor for a weekly training course for the CISSP certification in Monterrey, México.

20092011

Technical Support Engineer

Grupo ViBa

Technical Support Engineer

Certifications

2018

EC-Council Certified Incident Handler (ECIH)

EC-Council
2015

ISO 27001:2013 Lead Auditor

BSI Group
2015

ISO 22301 Implementer and Internal Auditor

BSI Group
2015

ISO 20000 Internal Auditor

IVAC
2014

Certified Information Systems Auditor (CISA)

ISACA
2014

Certified Ethical Hacker (CEH)

EC-COUNCIL
2013

ITIL v3 Foundations

EXIN
2012

Certified in Risk and Information Systems Control (CRISC)

ISACA
2011

Certified Information Systems Security Professional (CISSP) 

ISC2

Skills

Soft Skills (Leadership, Teamwork, Communication, Commitment, Responsibility)
Vulnerability Assesment
Networking
Pentesting
Unix OS
Windows OS
Office Suite

Education

20152016

MSc Cybersecurity

University of Birmingham

Relevant Modules: Privacy, Cryptography, Network Security, Operating Systems, Incident Management and Forensics, Secure Programming, Pentesting.

20082011

BSc Computer Security Engineering

Universidad TecMilenio

Relevant Modules: Six Sigma, Disaster Recovery, Risk Administration, Information Security, Network Security, Administration of Information Technologies, Planning and Control.