Sr. Cybersecurity Consultant
On Alestra/Axtel I have played several roles in the Information Security Area. During my experience in I have lead and participated in the processes of Security Awareness, Risk Management, Business Continuity, Access Control, Security Audit, Incident Handling, Vulnerability Management and Cybersecurity. Currently, I am leading the Company's internal SOC.
Some of the activities I have been part of:
- Business Continuity:
- Direct participation in the development and update of BIA and its related documents, as well as managing and developing the disaster recovery and business continuity plans (BCP/DRP), from the governance point of view.
- Information Security Awareness
- Being responsible for the material development, its distribution and the overall participation of employees. Also, train special teams in more specific matters, as incident handling, business continuity, internal auditors, etc.
- Risk Management:
- During a couple of years, I was responsible for the overall Risk Management process, from the process documentation and update, the risk identification, assessment, treatment and documentation. During this time, I was given the opportunity to redesign the process in order to make it more efficient and easier to implement for more teams and projects on the company.
- Development and maintenance of Baselines, Policies, and procedures
- Development and update of security related guidelines, baselines, procedures, policies and standards for the organization, taking into account the contractual, legal and organizational requirements.
- Vulnerability Management and Technical Compliance
- My experience on this area contemplates the whole spectrum of the process, from the definition of the requirements, vulnerability and deviation identification, analysis, prioritization, measurement and validation once they were addressed.
- Operation under ISO 27001 annual program
- Operation of the different processes and activities under the scope of an ISO27001 Certified ISMS as well as maintaining different key documents for the ISMS as the SOA (Statement of Applicability) and Information Security Manual.
- ISO 27001, 20000 and 9000 Internal Audits
- Participating as part of the internal audits special team.
- Logical Access Control
- Responsible for the Logical Access Control Process from 2013 until 2015. The activities included the development and review of access control policies, as well as the maintenance and operation of the companies internal IAM (Identity and Access Management) System.
- Project Management
- Being responsible for security architecture projects and implementations.
- Incident Handling and Response
- As part of the Incident Response Team, and the Blue Team of the organization.
- Management of security appliances and applications (VPN, APT, AV, SIEM, FW, IDS/IPS, etc).
- From 2017, leading the internal security operations team, having the responsibility over the correct operation of the different information security solutions deployed on the organization.
- During this time, one key goal has been to increase the overall maturity level of the team.