Работал в 1 компании 5 лет 9 месяцев
IT-консалтинг / Услуги / Производство оборудования
Chief Information Security Officer (CISO)
KR. Laboratories
IT-консалтинг / Услуги / Производство оборудования
5 лет 8 месяцев
03.2019 - по настоящее время
- CISO: Was involved as personal vCISO for 50+ customers. Prevented potential personal data leaks and breaches. Collaborated with developers, managers, SOC and Blue teams to help remediate the impact of identified attacks, vulnerabilities and potential risks. Was a mentor for newcomers and conducted training for interns. Contributed to the programmers for enhancement of secure coding practices. Conducted security training, consultations and presentations for employees. Prepared 80+ detailed instructions on operational and information security, which led to a 40% reduction in overall security incidents.
- Web Application Penetration Testing: Internal/External, Black-Box/Grey-Box/White-Box. Utilizing such tools as: Burp Suite, Metasploit, NMAP, SQLmap, Wireshark, Acunetix, Nessus, OpenVAS, OWASP Zap, WPScan, Joomscan, Cobalt Strike etc. Including such phases as: Information Gathering, Reconnaissance, Fuzzing, Enumeration, Fingerprinting, Bypassing, Spoofing, Exploitation, Post-Exploitation, Privilege Escalation, Reporting.
- Security Audits and Vulnerability Assessment: Manual/Automated, including DAST/SAST/IAST instruments. Prepared more than 20 detailed reports with recommendations, according to different methodologies: OWASP Top 10, OWASP WSTG, OWASP ASVS, SANS Top 25, MITRE ATTACK, OSSTMM, PTES, BSI, ISSAF, WASC, PTF, DISA STIG.
- Web Application Security, Endpoint Security: Protecting web applications and preventing security risks for IT-systems, using WAF, NGFW, IPS/IDS, DLP. Mitigated 100 attacks, blocked over 400 threats. Improved security for 100 WordPress customers websites. Mitigated more than 50 attacks of various types: DDOS, Brute Force, APT, SQL/XSS/PHPi, CSRF/SSRF, LFI/RFI/RCE.
- Cyber Threat Intelligence: Conducted 5 OSINT Investigations, which revealed malicious domains, suspicious operations and deanonymize intruders.Was involved as vCISO for 5 customers. Prevented potential 10 data leaks. Created more than 10 training documents and materials on cybersecurity.
Ключевая информация
- Scripting/Programming languages: Python, JavaScript, Bash, PowerShell, PHP,HTML/CSS, XML, YAML, JSON.
- Offensive Security tools: Burp Suite, Metasploit, NMAP, OWASP Amass, OWASPNettacker, OWASP Zap, SQLmap, Cobalt Strike, Wireshark, Hashcat, THC Hydra,John the Reaper, Aircrack NG, Intercepter-NG, BeeF, XSStriker, FFUF, Dirb, Dirbuster,Dirhunt, Photon, Maigret, Sherlock etc.
- OSINT tools: Maltego, Shodan, Censys, DNSdumpster, Nuclei, Nikto, Metagoofil,exiftool, theHarvester, SecurityTrails, SimilarTech, Wappalyzer, BuiltWidth, Netcraft,DNSlytics, PublicWWW, OPSWAT, GHUNT, SpiderFoot, IBM QRadar etc.
- Soft Skills: Critical Thinking, Analytical Thinking, Planning, Reporting, Auditing, Troubleshooting, Responsibility, Management.
Учился в 1 заведении
European University
IT Engineering
Kyiv, 2008
Владеет языками
Английский
выше среднего
Украинский
родной
Может проходить собеседование на этом языке
Может проходить собеседование на этом языке
Курсы, тренинги, сертификаты
Certified Ethical Hacker (C|EH)
Link: https://mega.nz/file/NIYHyI5Q#5jOXpDbLce5Ttc4zfboBPc9mKpgZzFkKCDOaZWaYxPg
Дополнительная информация
Summary
IT Security Professional with 3+ years of experience. Focused on Web Application Security, Penetration Testing (White/Grey/Black box), Vulnerability Assessment, Information Security. Has deep technical background in Ethical Hacking. Understanding business objectives and needs for cybersecurity.
- My articles: https://kr-labs.com.ua/author/konrad-ravenstone/
- Some clarifications:
My English - only technical!!
Jobs, which I'm considering - only REMOTE!!
I do not respond to irrelevant offers!!
Konrad
Konrad
Chief Information Security Officer (CISO)
Львов
Готов переехать: Киев, Одесса, Днепр, Винница, Запорожье, Ивано-Франковск, Ровно, Харьков, Хмельницкий, Черновцы, Ужгород, Мукачево, Трускавец, Червоноград, Каменец-Подольский
полная занятость, неполная занятость, проектная работа
Характер работы: удаленная работа
Обновлено 1 месяц назад