Працював в 1 компанії 5 років 10 місяців
IT - консалтинг / Послуги / Виробництво устаткування
Chief Information Security Officer (CISO)
KR. Laboratories
IT - консалтинг / Послуги / Виробництво устаткування
5 років 9 місяців
03.2019 - до теперішнього часу
- CISO: Was involved as personal vCISO for 50+ customers. Prevented potential personal data leaks and breaches. Collaborated with developers, managers, SOC and Blue teams to help remediate the impact of identified attacks, vulnerabilities and potential risks. Was a mentor for newcomers and conducted training for interns. Contributed to the programmers for enhancement of secure coding practices. Conducted security training, consultations and presentations for employees. Prepared 80+ detailed instructions on operational and information security, which led to a 40% reduction in overall security incidents.
- Web Application Penetration Testing: Internal/External, Black-Box/Grey-Box/White-Box. Utilizing such tools as: Burp Suite, Metasploit, NMAP, SQLmap, Wireshark, Acunetix, Nessus, OpenVAS, OWASP Zap, WPScan, Joomscan, Cobalt Strike etc. Including such phases as: Information Gathering, Reconnaissance, Fuzzing, Enumeration, Fingerprinting, Bypassing, Spoofing, Exploitation, Post-Exploitation, Privilege Escalation, Reporting.
- Security Audits and Vulnerability Assessment: Manual/Automated, including DAST/SAST/IAST instruments. Prepared more than 20 detailed reports with recommendations, according to different methodologies: OWASP Top 10, OWASP WSTG, OWASP ASVS, SANS Top 25, MITRE ATTACK, OSSTMM, PTES, BSI, ISSAF, WASC, PTF, DISA STIG.
- Web Application Security, Endpoint Security: Protecting web applications and preventing security risks for IT-systems, using WAF, NGFW, IPS/IDS, DLP. Mitigated 100 attacks, blocked over 400 threats. Improved security for 100 WordPress customers websites. Mitigated more than 50 attacks of various types: DDOS, Brute Force, APT, SQL/XSS/PHPi, CSRF/SSRF, LFI/RFI/RCE.
- Cyber Threat Intelligence: Conducted 5 OSINT Investigations, which revealed malicious domains, suspicious operations and deanonymize intruders.Was involved as vCISO for 5 customers. Prevented potential 10 data leaks. Created more than 10 training documents and materials on cybersecurity.
Ключова інформація
- Scripting/Programming languages: Python, JavaScript, Bash, PowerShell, PHP,HTML/CSS, XML, YAML, JSON.
- Offensive Security tools: Burp Suite, Metasploit, NMAP, OWASP Amass, OWASPNettacker, OWASP Zap, SQLmap, Cobalt Strike, Wireshark, Hashcat, THC Hydra,John the Reaper, Aircrack NG, Intercepter-NG, BeeF, XSStriker, FFUF, Dirb, Dirbuster,Dirhunt, Photon, Maigret, Sherlock etc.
- OSINT tools: Maltego, Shodan, Censys, DNSdumpster, Nuclei, Nikto, Metagoofil,exiftool, theHarvester, SecurityTrails, SimilarTech, Wappalyzer, BuiltWidth, Netcraft,DNSlytics, PublicWWW, OPSWAT, GHUNT, SpiderFoot, IBM QRadar etc.
- Soft Skills: Critical Thinking, Analytical Thinking, Planning, Reporting, Auditing, Troubleshooting, Responsibility, Management.
Навчався в 1 закладі
European University
IT Engineering
Kyiv, 2008
Володіє мовами
Англійська
вище середнього
Українська
рідна
Може проходити співбесіду на цій мові
Може проходити співбесіду на цій мові
Курси, тренінги, сертифікати
Certified Ethical Hacker (C|EH)
Link: https://mega.nz/file/NIYHyI5Q#5jOXpDbLce5Ttc4zfboBPc9mKpgZzFkKCDOaZWaYxPg
Додаткова інформація
Summary
IT Security Professional with 3+ years of experience. Focused on Web Application Security, Penetration Testing (White/Grey/Black box), Vulnerability Assessment, Information Security. Has deep technical background in Ethical Hacking. Understanding business objectives and needs for cybersecurity.
- My articles: https://kr-labs.com.ua/author/konrad-ravenstone/
- Some clarifications:
My English - only technical!!
Jobs, which I'm considering - only REMOTE!!
I do not respond to irrelevant offers!!
Konrad
Konrad
Chief Information Security Officer (CISO)
Львів
Готовий переїхати: Київ, Одеса, Дніпро, Вінниця, Запоріжжя, Івано-Франківськ, Рівне, Харків, Хмельницький, Чернівці, Ужгород, Мукачево, Трускавець, Червоноград, Кам'янець-Подільський
повна зайнятість, неповна зайнятість, проектна робота
Характер роботи: віддалена робота
Оновлено 2 місяці тому