Gábor Kisfaludi

Vendor Risk Assessment (VRA)

• Setting up process and protocol for VRA according to ITILv4 supplier management and NIST 850,
• Tracking down and F2F meeting with vendors' POC to assess maturity and readiness of IT Security of over 300 vendors in ServiceNow risk module
• Provided expert opinion for purchase strategy.

Project IT security consultancy

• Approving projects at stage gates
• Advising architects, project managers, developers and other interested parties on IT security

Business or sector: IT Security Consultancy and Operations in Chemical industry

DEUTSCHE TELECOM IT SOLUTIONS – Hungary / Budapest

Security consultancy for

• Linux and Windows distributed cluster systems in multiple projects at Shell Global Account based on ISO 2700x, NIST, ISO 22301, PCI DSS, ETSI, OWASP and internal T-Systems and Shell company standards using Waterfall and Scaled Agile Framework (SAFe) project management methodology for private and commercial cloud secure services,
• Security configuration and operations standards for security systems and applications, including policy assessment and compliance tools, network security appliances, and host-based security systems,
• Development and validation of baseline security configurations for operating systems, applications, and network equipment,
• Audit for internal and external technical control and vulnerability assessments to identify control weaknesses and assess effectiveness of existing controls, and recommend remedial action,
• Source code reviews,
• Remediation of findings of network and application penetration testing (Black box, Grey box and White box),
• Definition of detailed security architecture for HLD, DLD of IT systems,
• Remediation of technical security audits,
• Remediation of log analysis and security monitoring,
• Remediation of IT infrastructure/ Application Security configuration reviews,
• Design and implementation of technical security mechanisms and technologies,
• Design and implementation of technical security standards and procedures.

Business or sector: Telecom and IT Consultancy and Operations

Tools /Technologies and Methodologies: Linux, Windows, NIST, ISO 2700x, PCI DSS, GDPR, ETSI, OWASP, Waterfall, Agile, Cloud Secure service, Confluence, JIRA, Audit techniques

Total Cloud Consulting Ltd, -Budapest, Hungary

• Sales support on Amazon WEB Services
• Providing consultancy in compliance and security, DPA, GDPR, ISO27001, ISO22301, NIST850, handling intellectual property.
• Risk based project design, execution for GDPR compliance and implementation of regulations and IT solutions.
• System design, setup of IT environment, content design, project management of Moodle and Guru/Joomla LMS/CMS Web based e-learning systems.
• Creation and customization of learning materials and user support.

• Providing consultation services of financial institutions (banks and insurance comps) including BCP / DRP design, regulations based on ISO 27000 and ISO 22301 standards, OWASP, audit services on IT security and GDPR. Regulating, auditing and streamlining IT security processes.

Business or sector: Consulting

Tools /Technologies and Methodologies:

ISO 2700x, ISO 22301, PCI DSS, GDPR, OWASP, Hungarian and EU regulations for banking industries, audit techniques

• Setting up IT security function based on Hungarian Information Systems Security Act, Regulating, auditing and streamlining IT security processes.
• Designing, setting up distribution and providing information and regular education for all clients in IT security as support.
• Contracting and controlling vendors, suppliers, solution and service providers and contractor
  
  Business or sector: Public Sector
  Tools /Technologies and Methodologies: ISO 2700x, ISO 22301, PCI DSS, GDPR, Hungarian and EU regulations for banking industries, audit techniques

• Sales support on Amazon WEB Services
• Providing consultancy in compliance and security, DPA, GDPR, ISO27001, ISO22301, NIST850, handling intellectual property.
• Risk based project design, execution for GDPR compliance and implementation of regulations and IT solutions.
• System design, setup of IT environment, content design, project management of Moodle and Guru/Joomla LMS/CMS Web based e-learning systems.
• Creation and customization of learning materials and user support.
• General IT and IT Security Consulting – setup, improvement for Local Government of City of Szentendre,

Business or sector: IT Consulting

Tools /Technologies and Methodologies: DPA, GDPR, ISO27001, ISO22301, NIST850, GDPR

Compliance, Moodle and Guru/Joomla LMS/CMS Web based e-learning systems.

CENTRAL ADMINISTRATION OF NATIONAL PENSION INSURANCE – Budapest, Hungary

• Setting up IT security function, designing and ensuring compliance to local regulations and EU directives under State Audit for more than 130 systems ranging from Windows, Unix, AS400 and IBM39xx and networks, 4500 clients located in 200+ locations in Hungary.
• Regulating and streamlining IT security processes.
• Designing, setting up distribution and providing information and regular education for all clients in IT security as support, designing security architecture for infrastructure development projects costing 13M EUR, compounded.
• Controlling firewall and antivirus protection activities.
• Leading IT security administration group of 5 people.
• Contracting and controlling vendors, suppliers, solution and service providers and contractors. GDPR preparatory control

Business or sector: Public Sector

Tools /Technologies and Methodologies: Windows, Unix, AS400, IBM39xx, Control Firewall,

IT Security Administration

WIPCON Ltd -Budapest, Hungary

• System design, software and hardware development of COBIT/ISO 27000 audited legally compliant security entry system for poker cardrooms.
• Outsourced CRM management, DW/BI applications and sales information distribution infrastructure (MS SPPS) for HP Hungary; ISO 9001 audit
• As senior consultant to SMBs facilitating starting up web-based businesses.
• Led Siebel CRM deployment in Hungary
• Led projects for developing DW & reporting capability and data/information distribution infrastructure
• Development of webshops in HTML/MySQL/PHP in hosted environment.
• WEB design with Adobe DreamViewer MX. Website development in Joomla CMS.
• Algorithmic trading on FOREX with MetaTrader4 and MetaTrader5 platform

Business or sector: Consulting

Tools /Technologies and Methodologies: COBIT/ISO 27000, Outsourced CRM management, DW/BI applications, information distribution infrastructure (MS SPPS), ISO 9001 audit, Led Siebel CRM, HTML/MySQL/PHP, Adobe DreamViewer, MX, Joomla CMS, FOREX with MetaTrader4 and MetaTrader5, Web design

• Responsible for bids and sales processes, Developed and installed information supply and knowledge management systems

• Increased sales, Managed projects for the public sector

• Organization of structure, operations, staffing, marketing