lcl - professional experience overview
DESCRIPTION
Main Projects: –> Lead ArcSight SIEM Engineer –– Responsible for Project Management, Use Case Design and Full Implementation including Configuration, Documentation and User Formation. (HP ArcSight) –> Business Process Reengineering –– Responsible for optimizing tasks and aligning IT processes/solutions to efficiently support business needs. –> Security Architect –– Developing end-to-end Security Model for the Protection of Customer Information for Data Loss Prevention (DLP). I have seven (7+) years experience, and six (6) in Information Security Engineering in banking and insurance industries, working for the largest financial institutions: –> ING –– global financial institution; (ongoing) –> Millennium bcp –– largest private portuguese bank; (~3 years) –> CGD –– biggest portuguese public owned bank; (18 months) –> Crédito Agrícola –– private co-operative financial group; (6 months) –> SIBS Forward Payment Solutions - (1+ month) Specialties: – SIEM –– Security Information and Event Management (mainly HP ArcSight technology) – Data Protection and Data Loss Prevention – Computer Security – Project and Business Change Management – Ethical Hacking / Penetration TestingTRANSCRIPT
Ludovico do Canto Lopes
Information Security Engineer
1
Leadership Business Consulting 4
Millennium bcp 3
Experience Overview 1
Professional Journey (7+ Years)
IT Engineer Highlights and Professional Skill Set
Main Security Experience - SIEM Architect and Engineer
Industry Experience - Banking and Insurance
ING Group - NN 2
Document updated in 2014-XII-06
pt.linkedin.com/in/ludovicolopes/
Professional Journey (7+ Years)
Information Security Engineer
– Responsible for projects demanding comprehensive analysis
2
SIEM - Security Information and Event Management
Current Position
‒ SOC - Senior Security Engineer
‒ ArcSight SIEM Migration Manager
DLP – Data Loss Prevention
Past Experience
‒ Lead SIEM Architect and Engineer (HP ArcSight)
‒ Ethical Hacker
‒ Forensic Analyst
‒ Business Process Reengineering
‒ Project and Change Management
‒ Data Protection and DLP Engineer
‒ ITIL - Operation and Management Implementer
Since May 2014
3 years
1.5 years
2.5 years
pt.linkedin.com/in/ludovicolopes/
IT Engineer Highlights and Professional Skill Set (1 of 2)
Delivering Information Security as partner for Business Strategic needs
Transversal knowledge and experience
Most valued outcomes
3
Business Needs
Security
IT Infrastructure
Strategic goals
Efficient processes
Best practices
Technology
Servers
Services
Reliable information
Client expectations
Threats
Risk assessment
Policies
Network
‒ Reliable approaches for plausible threads
‒ Knowledge agnostic from vendor and technology
‒ Practical experience implementing and testing security control mechanisms
‒ Documentation oriented
pt.linkedin.com/in/ludovicolopes/
IT Engineer Highlights and Professional Skill Set (2 of 2)
Wide “Skill Set” focusing what is important for the Business:
– Efficiently align the IT with the business needs, and keep both secure and resilient
4 SIEM –– Security Information and Event Management
Technical IT Security
Data Protection
Data Loss Prevention
SIEM Architect
Ethical Hacking
Business Process Reengineering
Business Change Management
Project Management
Forensic Analysis Penetration Testing
ITIL Operation and Management C
om
ple
xity
an
d O
rgan
izat
ion
al Im
pac
t
IT T
ech
nic
al S
kills
Business Management
SIEM Implementation
SIEM Auditing
pt.linkedin.com/in/ludovicolopes/
Main Security Experience - SIEM Architect and Engineer (1 of 2)
Lead Engineer for Security Information and Event Management (SIEM)
– Main individual responsibilities through SIEM value chain
5
Project Management
‒ Heath Check
‒ Problem Diagnostics
‒ Technical Support Mgmt.
‒ Service Providers Mgmt.
‒ User Training
‒ Advance Incident Analyst
‒ Audit
‒ Use Case Design
‒ Implementation
‒ Development
‒ Documentation
‒ Network Modelling
‒ Customization
‒ Parameterization
‒ Tuning/ Hardening
‒ Integration with third party solutions
Platform Administration SIEM Engineering Security Operations
Center
‒ Scope and Use Case Design
‒ Risk and Change Management
‒ Issues Management
‒ Quality Control
‒ Project Documentation and Reporting
‒ Interconnection with external entities
Mainly for:
pt.linkedin.com/in/ludovicolopes/
Main Security Experience - SIEM Architect and Engineer (2 of 2)
Examples of project outcomes
6 These images were sanitized
pt.linkedin.com/in/ludovicolopes/
Insurance companies
Industry Experience - Banking and Insurance
Fulltime projects developed for the largest financial institutions
7 Employee values as December 2012
‒ Biggest PT public owned bank
‒ 23.000 employees
18 months Caixa Geral de Depósitos www.cgd.pt
‒ Largest private Portuguese bank
‒ 20.200 employees (9.000 in Portugal)
‒ Joint venture with Ageas
3 years Millennium bcp www.millenniumbcp.pt
‒ Private co-operative financial group
‒ 4.300 employees
6 months Crédito Agrícola www.creditoagricola.pt
‒ Dutch multinational banking and financial services
‒ 84.700 employees
Since May 2014 ING Group www.ing.com
Ludovico do Canto Lopes
Information Security Engineer
8
Leadership Business Consulting 4
Millennium bcp 3
Experience Overview 1
Senior SOC Engineer
Responsibilities as Senior SOC Engineer
ING Group - NN 2
pt.linkedin.com/in/ludovicolopes/
‒ Insurance and investment management company
‒ Active in 18 countries
Senior SOC Engineer for ING Group - NN
9
ING Group - Nationale-Nederlanden www.nn-group.com
Netherlands
Slovakia
Romania
Hungary
Poland
Bulgaria Greece
Czech Republic
Since 2nd July 2014
‒ NN company turns independent from ING
‒ Traded in Euronext Amsterdam stock (NN)
‒ 12,000 Employees
Security Operation Centre Coverage
pt.linkedin.com/in/ludovicolopes/
Responsibilities as Senior SOC Engineer for ING Group - NN
10
Top Management
Infrastructure Team
Customers
Security Operation Centre
Main Responsibilities
Use Case Design
Deep Incident Analysis
Service Quality Improvement
Requests Response
Content Development and Assessment
Training and Coaching
Baseline Definition
SOC Management Advisory
Active Member in Critical Incident Response Team
Manage Impact on SOC Service
Assess Infrastructure Design and Implementation
Identify, Report and Track Issues
Reporting
Service Assessment
Project Manager (SOC activities) in Mission Critical Projects
Bond and Fulfil needs from multiple parties
Activities carried fiscally in Prague (CZ) and Amsterdam (NL)
Ludovico do Canto Lopes
Information Security Engineer
11
Leadership Business Consulting 4
Millennium bcp 3
Experience Overview 1
Information Security Engineer for Millennium bcp
SIEM Architect and Engineer – Responsibilities
Ethical Hacking and Forensic Analysis – Responsibilities
ING Group - NN 2
pt.linkedin.com/in/ludovicolopes/
Main Responsibilities
‒ Largest private Portuguese bank
‒ Insurance Group (joint venture with Ageas)
‒ Traded in Euronext stock Exchange (ELI:BCP)
‒ Active in:
Information Security Engineer for Millennium bcp
12
Millennium bcp - Banco Comercial Português www.millenniumbcp.pt
SIEM Architect and Engineer
Ethical Hacking Forensic Analysis
Portugal Mozambique Angola Poland Romania Switzerland
Retail Banking
Corporate Banking
Investment Banking
Private Banking
Asset Mgmt.
Insurance
SIEM –– Security Information and Event Management
pt.linkedin.com/in/ludovicolopes/
SIEM Architect and Engineer – Responsibilities
(As described before)
13
pt.linkedin.com/in/ludovicolopes/
Ethical Hacking and Forensic Analysis – Responsibilities
Other skills develop as Information Security Engineer for Millennium bcp
14
‒ Comprehensive Investigation (Servers and Workstations)
‒ Malware (Windows and Android binaries)
‒ Fraud Analysis
‒ Reverse Engineering
‒ Phishing Scams
Forensic Analysis
‒ Public Websites
‒ Internet Infrastructure
‒ Mobile Application
‒ Software Behavior Analysis
Ethical Hacking
Ludovico do Canto Lopes
Information Security Engineer
15
Leadership Business Consulting 4
Millennium bcp 3
Experience Overview 1
Business Consultant for Leadership Business Consulting
Santo SGPS Project – Scope and Responsibilities
Santo SGPS Project – Results and Deliverables
ING Group - NN 2
pt.linkedin.com/in/ludovicolopes/
Business Consultant for “Leadership Business Consulting”
16
Responsibilities
Complete organizational restructuring of the Holding and its 10 companies
ERP – Enterprise Resource Planning – Microsoft Dynamics NAV
Lead Project and Change Management for the ERP implementation
www.leadership-bg.com
Project done as “Leadership Business Consulting“ employee
‒ Main Client: Santo SGPS
‒ Holding composed by companies on several areas:
‒ 121M€ equity in 2011
‒ 40 years since its first company was founded
Construction Property
Promotion Industry Energy
International Joint
Ventures
www.santo.pt
Project Example: Information Technology & Process Reengineering
pt.linkedin.com/in/ludovicolopes/
Santo SGPS Project – Scope and Responsibilities (1 of 2)
Project Manager and Pivot for all project activities and stakeholders interests
– Main interactions and deliveries
17 Simplified list of activities and outcomes
‒ Technical requirements ‒ Quality control and
assessment ‒ Issue identification and
mitigation
Project Manager
‒ Optimize business activities ‒ Ease the migration ‒ Documentation ‒ Risk mitigation ‒ User formation (new processes)
‒ Technical implementation ‒ Expertise ‒ User formation (IT solution)
External Service Provider
pt.linkedin.com/in/ludovicolopes/
Santo SGPS Project – Scope and Responsibilities (2 of 2)
18
External Service Provider
ERP Solution 7 Consultants Project Managers
Marketing
Legal
Human Resources
Board
Finance
Accounting
Architecture
Production
Mediation
Costumer Support
Administrative
Procurement
IT
Santo SGPS All SGPS Departments
25 Key Users
85 Processes
Assure a perfect match from ERP implementation and Santo SGPS needs.
Goal
‒ Project and Change Management
‒ Risk Management
‒ Organizational Restructuring
‒ Business Process Reengineering
‒ Direct Board Reporting
‒ Rollout Support
‒ Incident and Issues Management
‒ Quality Control
‒ Project Documentation
Responsibilities
pt.linkedin.com/in/ludovicolopes/
Santo SGPS Project – Results and Deliverables
Examples of project outcomes
19 These images were sanitized
Ludovico do Canto Lopes
Information Security Engineer
20
More Information
pt.linkedin.com/in/ludovicolopes/
Thank you
Document updated in 2014-XII-06