IT SEC

ניהול IT לסטארטאפים בסיד וארגונים קטנים

תל אביב-יפו, ישראל

פרילנסר

צור קשר

אודותינו

למעלה מ-20 שנות ניסיון בניהול It, מערכות מידע ואבטחת מידע, בסביבות ענן, on prem, מייקרוסופט, לינוקס ורשתות. יצירתי ומסביב לשעון.
אם את.ה עסק שצריך ניהול IT שוטף, אבל עדיין לא בשלב גיוס מנהל IT במשרה מלאה, אני הפתרון האידיאלי.

שפות

עברית

שפת אם

אנגלית

שליטה קרובה לשפת אם

תחומי התמחות

בכירים

350 ₪ לשעה

מנהל אבטחת מידע (CISO)

ניהול אבטחת מידע, הן תהליכית והן הנדס און במגוון ארגונים

טכנולוגיה

350 ₪ לשעה

אבטחת מידע ורשתות

ניהול רשתות בסביבות חלונות, מק ולינוקס, מקומיות, ענן והיברידיות בענן.

אפיון ותפעול רשתות

Planning and Design:

Developing comprehensive plans for network architecture, considering organizational requirements, scalability, and future growth.
Designing network topologies, addressing schemes, and selecting appropriate hardware and software components.
Implementation:

Deploying and configuring network infrastructure based on the design specifications.
Ensuring proper installation of routers, switches, servers, and other networking devices.
Configuration and Optimization:

Configuring network devices for optimal performance, including setting up protocols, security measures, and Quality of Service (QoS) parameters.
Continuously optimizing network configurations to enhance efficiency and adapt to changing needs.
Monitoring and Maintenance:

Implementing monitoring tools to track network performance, identify potential issues, and ensure reliability.
Performing routine maintenance tasks, such as applying updates, patches, and addressing hardware/software issues.
Security Implementation:

Incorporating security measures, including firewalls, intrusion detection systems, and encryption, to protect against unauthorized access and cyber threats.
Troubleshooting and Support:

Identifying and resolving network issues promptly to minimize downtime and maintain uninterrupted connectivity.
Providing support to end-users and addressing connectivity or performance-related concerns.
Capacity Planning:

Assessing current network usage and planning for future capacity needs.
Scaling the network infrastructure to accommodate growing data demands and user requirements.
Documentation:

Creating and maintaining documentation for network configurations, protocols, and troubleshooting procedures.
Keeping an updated inventory of network assets.
Collaboration:

Collaborating with other IT professionals and departments to align network infrastructure with organizational goals.
Participating in cross-functional teams for project implementations and technology integrations.
Adaptation to Technological Advances:

Staying informed about emerging technologies and industry best practices.
Evaluating and incorporating new technologies that can enhance network performance and security.

ניהול מערכות מידע

גיבוש מדיניות וקביעת אסטרטגיית מערכות מידע, בהתאם למדיניות הארגון ובראיה כוללת של צרכיו.
ניהול תחום מערכות המחשוב והמידע בארגון.
אחריות לבנית תקציב מערכות מידע ומחשוב ולניהול התקציבים.
הכנת תוכניות עבודה שנתיות בתחום המחשוב ומערכות המידע ומימושן.
אחריות לכלל תשתיות טכנולוגית המידע, בדיקת ישימותן והתאמתן לתשתיות הקיימות, המלצה על שדרוג, החלפה, השבחה, הכנסת טכנולוגיות מתקדמות משולבות מחשוב וטכנולוגיות מידע בהתחשב בשיקולים מקצועיים ושיקולי עלות- תועלת.

נסיון תעסוקתי

ינואר 2020 - דצמבר 2023

CISO- Chief Information security Officer

Pentera (pcysys)

In short, the Chief Information Security Officer (CISO) is responsible for:
Developing and Implementing Security Strategy:
Creating and executing an organization-wide information security strategy aligned with business goals.
Risk Management:
Identifying, assessing, and mitigating cybersecurity risks to protect the organization.
Policy Development and Compliance:
Establishing and enforcing security policies, standards, and procedures to ensure compliance.
Incident Response:
Leading efforts to respond to and recover from cybersecurity incidents, ensuring a swift and effective response.
Security Architecture:
Designing and maintaining a secure IT infrastructure and overseeing the implementation of security technologies.
Security Awareness and Training:
Implementing programs to raise awareness and providing training on security best practices.
Vendor and Third-Party Risk Management:
Assessing and managing security risks associated with third-party vendors and partners.
Governance and Leadership:
Providing leadership and direction to the organization's security governance structure.
Budgeting and Resource Allocation:
Developing and managing the information security budget, allocating resources effectively.
Collaboration and Communication:
Collaborating with IT teams and business units to align security measures with organizational objectives.
Continuous Improvement:
Monitoring the effectiveness of security measures and making continuous improvements.
Reporting:
Communicating security-related information to various stakeholders, including executive leadership.

2020 - דצמבר 2023

Head Of IT

Pentera (pcysys) , ישראל

In short, the Chief Information Security Officer (CISO) is responsible for:
Developing and Implementing Security Strategy:
Creating and executing an organization-wide information security strategy aligned with business goals.
Risk Management:
Identifying, assessing, and mitigating cybersecurity risks to protect the organization.
Policy Development and Compliance:
Establishing and enforcing security policies, standards, and procedures to ensure compliance.
Incident Response:
Leading efforts to respond to and recover from cybersecurity incidents, ensuring a swift and effective response.
Security Architecture:
Designing and maintaining a secure IT infrastructure and overseeing the implementation of security technologies.
Security Awareness and Training:
Implementing programs to raise awareness and providing training on security best practices.
Vendor and Third-Party Risk Management:
Assessing and managing security risks associated with third-party vendors and partners.
Governance and Leadership:
Providing leadership and direction to the organization's security governance structure.
Budgeting and Resource Allocation:
Developing and managing the information security budget, allocating resources effectively.
Collaboration and Communication:
Collaborating with IT teams and business units to align security measures with organizational objectives.
Continuous Improvement:
Monitoring the effectiveness of security measures and making continuous improvements.
Reporting:
Communicating security-related information to various stakeholders, including executive leadership.

ינואר 2016 - דצמבר 2019

PCI DSS team manager

Comsec

Assessment and Validation:
Conducting comprehensive assessments of an organization's cardholder data environment (CDE) to ensure compliance with PCI DSS requirements.
Validating the implementation and effectiveness of security controls and practices.
Documentation Review:
Reviewing and evaluating the documentation related to security policies, procedures, and processes to ensure alignment with PCI DSS requirements.
Gap Analysis:
Identifying any gaps or deficiencies in the organization's security measures and providing recommendations for remediation.
Report Generation:
Generating detailed reports outlining the assessment findings, including compliance status, vulnerabilities, and recommended improvements.
Communication with Stakeholders:
Interacting with various stakeholders, including executive leadership, IT teams, and relevant personnel, to communicate assessment results and recommendations.
Guidance on Compliance:
Providing guidance and recommendations to the organization on achieving and maintaining PCI DSS compliance.
Offering advice on best practices for securing cardholder data.
Risk Management:
Assessing and identifying risks to cardholder data and providing guidance on risk mitigation strategies.
Helping the organization develop and implement a risk management program.
Continuous Monitoring:
Advising on the implementation of continuous monitoring processes to ensure ongoing compliance with PCI DSS requirements.
Recommending tools and technologies for monitoring and detecting security incidents.
Training and Awareness:
Providing training and awareness programs to educate the organization's staff on PCI DSS requirements and security best practices.
Assistance with Remediation:
Assisting the organization in developing and implementing remediation plans to address identified vulnerabilities and deficiencies.
Offering ongoing support to ensure successful remediation efforts.
Engagement with Acquiring Banks:
Interfacing with acquiring banks and payment card brands on behalf of the organization to communicate compliance status and assessment results.
Maintaining QSA Qualification:
Staying current with PCI DSS standards and industry developments.
Meeting ongoing certification requirements to maintain QSA status.
In summary, a PCI QSA is responsible for conducting thorough assessments of an organization's compliance with PCI DSS, providing guidance on security measures, and facilitating the remediation of any identified issues. Their role is essential in ensuring the security of cardholder data within the payment card industry.

ינואר 2013 - ינואר 2016

PCI QSA

קןמסק בעם , ישראל

A Payment Card Industry Qualified Security Assessor (PCI QSA) plays a crucial role in helping organizations achieve and maintain compliance with the Payment Card Industry Data Security Standard (PCI DSS). Their responsibilities include:
Assessment and Validation:
Conducting comprehensive assessments of an organization's cardholder data environment (CDE) to ensure compliance with PCI DSS requirements.
Validating the implementation and effectiveness of security controls and practices.
Documentation Review:
Reviewing and evaluating the documentation related to security policies, procedures, and processes to ensure alignment with PCI DSS requirements.
Gap Analysis:
Identifying any gaps or deficiencies in the organization's security measures and providing recommendations for remediation.
Report Generation:
Generating detailed reports outlining the assessment findings, including compliance status, vulnerabilities, and recommended improvements.
Communication with Stakeholders:
Interacting with various stakeholders, including executive leadership, IT teams, and relevant personnel, to communicate assessment results and recommendations.
Guidance on Compliance:
Providing guidance and recommendations to the organization on achieving and maintaining PCI DSS compliance.
Offering advice on best practices for securing cardholder data.
Risk Management:
Assessing and identifying risks to cardholder data and providing guidance on risk mitigation strategies.
Helping the organization develop and implement a risk management program.
Continuous Monitoring:
Advising on the implementation of continuous monitoring processes to ensure ongoing compliance with PCI DSS requirements.
Recommending tools and technologies for monitoring and detecting security incidents.
Training and Awareness:
Providing training and awareness programs to educate the organization's staff on PCI DSS requirements and security best practices.
Assistance with Remediation:
Assisting the organization in developing and implementing remediation plans to address identified vulnerabilities and deficiencies.
Offering ongoing support to ensure successful remediation efforts.
Engagement with Acquiring Banks:
Interfacing with acquiring banks and payment card brands on behalf of the organization to communicate compliance status and assessment results.
Maintaining QSA Qualification:
Staying current with PCI DSS standards and industry developments.
Meeting ongoing certification requirements to maintain QSA status.
In summary, a PCI QSA is responsible for conducting thorough assessments of an organization's compliance with PCI DSS, providing guidance on security measures, and facilitating the remediation of any identified issues. Their role is essential in ensuring the security of cardholder data within the payment card industry.

ינואר 2010 - ינואר 2013

Infrastructure security Consultant

Comsec

An Information Security Consultant is responsible for providing expertise and guidance to organizations seeking to enhance their cybersecurity posture. Duties typically include:
Risk Assessment:
Conducting comprehensive risk assessments to identify vulnerabilities and threats to an organization's information systems.
Security Audits and Assessments:
Performing security audits and assessments to evaluate the effectiveness of existing security controls and policies.
Policy Development:
Developing and updating information security policies, procedures, and guidelines to align with industry standards and best practices.
Compliance Management:
Ensuring that organizations adhere to relevant laws, regulations, and industry standards by establishing and maintaining compliance frameworks.
Security Architecture Design:
Designing and recommending security architectures to protect against cyber threats and ensure the confidentiality, integrity, and availability of information assets.
Incident Response Planning:
Assisting in the development of incident response plans and providing guidance during security incidents to minimize impact and facilitate recovery.
Security Awareness Training:
Creating and delivering training programs to educate employees on security best practices and raise awareness about potential threats.
Vulnerability Management:
Identifying and prioritizing vulnerabilities in information systems and providing guidance on remediation strategies.
Security Technology Evaluation:
Assessing and recommending security technologies, tools, and solutions to enhance the organization's security posture.
Security Consulting and Advisory:
Providing expert advice on security-related matters to executives, IT teams, and other stakeholders.
Penetration Testing:
Conducting penetration testing to simulate cyberattacks and identify weaknesses in the organization's defenses.
Security Awareness and Education Programs:
Developing and implementing ongoing security awareness programs to create a culture of cybersecurity within the organization.
Collaboration with Stakeholders:
Collaborating with internal and external stakeholders, including IT teams, executives, and third-party vendors, to address security concerns.
Documentation and Reporting:
Generating reports and documentation detailing assessment findings, recommendations, and remediation plans.
Continuous Learning:
Staying abreast of the latest cybersecurity trends, threats, and technologies to provide up-to-date and effective security solutions.

ינואר 2008 - ינואר 2010

IT manager

Sec Tech

ינואר 2006 - ינואר 2008

System administrator

פניקס חברה לביטוח

Server Management:
Installing, configuring, and maintaining servers to ensure optimal performance and reliability.
Network Administration:
Managing and maintaining network infrastructure, addressing connectivity issues, and optimizing network performance.
User Account Management:
Creating, modifying, and managing user accounts, permissions, and access controls.
Hardware and Software Maintenance:
Overseeing hardware and software installations, updates, and troubleshooting.
Security Measures:
Implementing and maintaining security measures, including firewalls, antivirus, and access controls.
Backup and Recovery:
Performing regular data backups and developing recovery plans to safeguard against data loss.
Troubleshooting:
Identifying and resolving technical issues promptly to minimize downtime.
Documentation:
Creating and maintaining documentation for system configurations, procedures, and troubleshooting guides.
Virtualization:
Managing virtualized environments, including the configuration and optimization of virtual machines.
Collaboration:
Collaborating with other IT professionals and departments to address technical challenges and support organizational goals.
Remote Administration:
Providing remote administration services, allowing for efficient support across different locations.
Continuous Improvement:
Monitoring and optimizing system performance, as well as implementing improvements to enhance overall efficiency.