Information Security professional focused in to protection of information assets, according to operational needs,strategic plans and general guidelines, through the definition of policies, standards, procedures and control mechanisms that ensure and guarantee a proper management of the processes at enterprise level, in compliance
with the government and industry regulations.
Information Security Specialist at Mercantil Banco Universal
August 2008 – September 2015 (7 years 2 months)
- Selecting, monitoring and supporting implementation process of information security controls on various enterprise platforms, applying international best practices frameworks including: ISO-27000, PCI-DSS, NIST and COBIT.
- Conducting risk assessments to identify and mitigate potential vulnerabilities.
- Keeping the development of a culture of information security throughout the organization, developing security awareness programs in order to minimize operational risks.
- Managing information security metrics, in order to establish parameters for evaluating the performance of management.
- Leading information security projects, ensuring the proper implementation of the security architecture in terms of security controls, seeking to minimize potential vulnerabilities.
- Consulting information security projects.
- Managing implementation of the mitigation measures to close audit findings.
- Investigating and keeping abreast of cutting-edge technologies that will maintain the information security technology platform, in a cost-effective manner.
- Evaluating information security processes, in order to achieve, maintain and / or increase the maturity level thereof.
- Performing digital forensics analysis and incident response processes, generating reports and proposals for mitigation.
- Performing monitoring and analysis on different Information Security platforms like antivirus, IPS, IDS, Firewalls and SIEM. Generating reports of incidents and indicators of risk behavior.
- Developing alerts controls, performing analysis and incident escalation.
Senior Consultant at Independent
January 2006 – August 2008 (2 years 8 months)
- Design & deployment of Networks (LAN, WAN) in multiples companies in areas like retail, finance and manufacturing.
- Budgeting and coordination of work groups to achieve objectives on time.
- Conducting security controls assessments by utilizing NIST SP 800-53a, PCI-DSS, ISO 27001 and performing interviews, examination of documentation, and technical testing of the required security controls.
- Security Assessment Report.
IT Supervisor at Crystallex International Corporation
October 2004 – January 2006 (1 year 4 months)
- Deployment of communications via satellite and local networks (voice and data).
- Design of IT Corporate Budget for “Las Cristinas” Project, including supply and maintenance of equipment in a mining operation environment.
- System administration of Windows servers and clients, enabling multiples services like e-mail, voice over IP, accountant, and Payroll & HR systems.
Head of IT Department at Masisa
July 1999 – October 2004 (5 years 4 months)
During the project stage, was in charge of managing, design and implementation of various telecommunication systems in the three areas of the company (Caracas, Macapaima and Puerto Ordaz) and integrating them to provide service to an ever-changing number of professionals from various fields.
Provisioning file, print, email, Internet, and telephony, Internet firewall systems.
After the design stage, I was dedicated to the management of resources, I have integrated video conferencing services and interconnection of PBXs using private channels to reduce communication costs with users in multiples locations.
Technical Support at FerroAtlantica
July 1994 – July 1999 (5 years 1 month)
Responsible for the administration and support of the computing platform enterprise administrator playing roles as database administrator (Informix) network administrator (TCP / IP) and System Administrator (Unix / Microsoft), creation of operational practices, property and maintaining firewall, e-mail, telephone and Internet services.
Honors and Awards
Best Information Security Initiatives in Latin America
Global Finance – July 2014
Global Finance magazine announced the winners of the “World’s Best Internet Banks”, having selected Mercantil Banco in the category per country as “Best Consumer Internet Banks in Venezuela” and also in the regional category as “Best Information Security Initiatives in Latin America”. Global Finance considered the strategy for attracting and servicing online customers, growth of online customers, breadth of products offerings, benefits gained from Internet initiatives and web site design and functionality. Source: https://www.slideshare.net/slideshow/embed_code/key/kLSaUIymnRMYCk
- E-Commerce & Marketing Digital – SENAC/SC 2016 –
Prof. Adriano Vermolhem
- Data Manipulation at Scale: Sys & Algorithms – Univ.
Washington 2016 – Prof. Bill Howe
- Developing Innovative Ideas for New Companies –
University of Maryland 2014.
- Usable Security – University of Maryland 2014 – Prof.
- Application Security and Vulnerability Analysis – NYU
Virtual Academy 2012
- Software Security – University of Maryland 2014 –
Prof. Michael Hicks
- Analisis Forense Digital – CGSI 2012
- CNTI 124 Advanced Ethical Hacking – SAMSCLASS
- Cryptography – University of Maryland 2014 – Prof.
- Administración RSA enVision 4.0 – Compuquip
- Hardware Security – University of Maryland 2014 –
Prof. Gang Qu
- Windows Azure Platform – Microsoft Virtual Academy
- Cloud Computing Concepts – University of Illinois
2015 – Prof. Indranil Gupta
- Cloud Computing – Microsoft Virtual Academy 2012
- Spanish (Native or bilingual proficiency)
- English (Working proficiency)
- Portuguese (Working proficiency)
Skills & Expertise
- Information Security Engineering
- Information Security Consultancy
- Information Security Standards
- Information Security Awareness
- Information Security Management
- Qlik View
- RSA enVision
- Application Security Architecture
- Web Application Security
- Web Application Firewall
- Web Application Security Assessment
- Computer Forensics
- Security Policy Development
- Security Architecture Design
- Cloud Security
- Cloud Computing
- Windows Security
- Information Security
- ISO 27001
- PCI DSS
- Network Security
- Strategic Planning
- Project Management
- Microsoft Office
- Universidad Nacional Experimental de Guayana
Engineer’s degree, Computer Software Engineering, 1987 – 1995
- Travel, Photography, Art, Read, Blogging, New technologies.