Elias Diab
Verified Expert in Engineering
vCISO和安全程序开发人员
伊莱亚斯是个非常敬业的人, technical, and strategic information security, cybersecurity, and risk management officer, executive, consultant, advisor, expert, and specialist. 拥有超过30年的全球经验, he specializes in building, managing, 维护信息安全和网络安全计划,以保护组织的系统和资产免受内部和外部威胁,并帮助组织实现其法规遵从性要求.
Portfolio
Experience
Availability
Preferred Environment
Windows, Linux, Cloud
The most amazing...
...我开发了一个网络安全准备项目,旨在帮助受监管的金融交易商成员在全球范围内开展业务.
Work Experience
首席资讯保安主任(CISO)
Infotechglobe
- Developed, implemented, 并管理了信息安全, cybersecurity, 以及各种金融服务机构的风险合规计划, insurance, telecom, private, retail, food, oil and gas, real estate, and technology sectors.
- 建立企业安全风险管理方案,实现对风险的持续评估, mitigation tactics, escalation, 监测和反应活动, 并全面符合正式的审计职能.
- 构建网络安全仪表板,展示关键绩效指标(kpi), 为执行团队提供与安全项目成功相关的有价值的见解,同时支持和发展组织的网络安全战略.
- 建立并执行一个全面运作的信息安全供应商风险管理计划, including strategy, framework, processes, etc.
- 在将安全实践集成到既定的战略和操作流程中,向高级领导团队和客户执行人员提供必要和急需的建议和指导.
- 创建网络取证业务,调查所有报告的安全事件.
- 计划、开发并交付公司安全意识培训计划.
- 建立并交付安全的软件开发生命周期(SDLC)程序和框架,遵循左移方法.
- 根据风险和监管框架,指导信息安全管理项目的实施和审核, standards, and best practices, such as ISO 27001/27002/27005, PCI DSS, COBIT, OWASP, CIS v8, SOC 2, and NIST SSDF/CSF/800-53.
- 评估和管理许多与GRC相关的安全解决方案, SIEM, DLP, IAM, PAM, penetration testing, endpoint protection, malware defense, application security, IPS/IDS, firewalls, vulnerability management, 以及云安全CASB和零信任.
Experience
网络安全和风险管理计划
这个项目从开始到完成大约花了18个月, 它是基于采用和整合定制的信息安全和风险管理框架的组合, policies, standards, guidelines, and procedures, such as ISO 27001, ISO 27002 controls, NIST CSF, and SP 800-53 controls. 程序组件和需求作为一个完全建立和管理良好的信息安全管理系统生命周期来实现和管理. 这个项目取得了巨大的成功,因为它为所有这些金融公司提供了所需的网络安全保护措施.
Skillset
Platforms
Windows, Linux
Industry Expertise
Cybersecurity, Network Security
Other
Enterprise Risk Management (ERM), IT Service Management (ITSM), 资讯保安管理系统(ISMS), ISO 27001, ISO 27002, Threat Risk Assessment (TRA), Policies & 程序、合规、安全策略 & Procedures, CISO, CISSP, Security Audits, GRC, NIST, 关键安全控制(CIS控制), Certified Trainer, IT Audits, Threat Intelligence, Endpoint Security, Data Loss Prevention (DLP), Vulnerability Management, Advisory, Consulting, Incident Management, Incident Response, SOC 2, GAP Analysis, Roadmaps, SWOT Analysis, 能力成熟度模型集成(CMMI), Information Security, 认证信息系统安全专业人员, Risk Management, Computer Science, Business Information Systems, IT Governance, Compliance, Executive Coaching, Program Management, Cross-functional Collaboration, Communication, Process Management, Reporting, Motivational Speaking, Frameworks, IT Security, Security, System-on-a-Chip (SoC), Strategic Planning & 执行,流程设计,指导 & Coaching, Third-party Management, Third-party Risk, Process Execution, Operational Risk, Risk Assessment, 安全软件开发架构(SSDF), Security Awareness, Teamwork, Vulnerability Assessment, Unified Threat Management (UTM), Technical Consulting, Security Architecture, 软件开发生命周期(SDLC), Web App Security, Threat Modeling, Cloud Security, 业务转型计划管理, Technical Writing, Architecture, Identity & Access Management (IAM), Web Security, 静态应用安全测试(SAST), 动态应用安全测试(DAST)
Paradigms
安全代码最佳实践,渗透测试,DevSecOps, DevOps
Languages
Java
Certifications
认证云安全专家(CCSP)
Cybrary
Certified ISO 27005
PECB
Certified ISO 27001 Lead Auditor
PECB
通过ISO 27001认证
PECB
认证首席资讯保安主任(CCISO)
EC Council
风险与信息系统控制认证(CRISC)
ISACA
ITIL
Loyalist
认证资讯安全经理(CISM)
ISACA
认证资讯系统保安专业人员(CISSP)
ISC2
How to Work with Toptal
在数小时内,而不是数周或数月,我们的网络将为您直接匹配全球行业专家.
Share your needs
Choose your talent
Start your risk-free talent trial
Top talent is in high demand.
Start hiring