Gökay Pekşen
Verified Expert in Engineering
IT Security Developer
Gökay是专门从事网络安全的高级经理和首席顾问, information security, audit, and standards and regulations. 他精通企业安全架构,是提供可持续保护和提高声誉和数字存在的专家,同时能够降低风险以防止财务损失. Gökay一直在使用不同的技术, programming languages, 并且愿意接受新的和具有挑战性的项目.
Portfolio
Experience
Availability
Preferred Environment
Zoom, MacOS, Linux, Windows
The most amazing...
...我设计的是土耳其第一个DevSecOps持续集成和持续交付管道.
Work Experience
Founder and CEO
Prime Threat
- 向某公司就网络安全投资提供咨询,重点关注ISO 27001, PCI DSS, 以及促进金融稳定和全球影响力的COBIT.
- 旨在通过使投资与国际GRC标准保持一致来增强市场竞争力.
- Created an ISO 22301, 为土耳其的物流客户提供基于nist的安全框架,以增强弹性和合规性.
- 嵌入GRC原则,以保护资产并加强客户作为安全物流合作伙伴的声誉.
- 建议对网络安全公司进行重组,以符合ISO 27001标准, NIST, PCI - DSS改善治理和风险管理.
- Emphasized the reorganization strategy, 提升公司对数据保护和网络安全卓越的承诺.
Cybersecurity Consultant
Olea Global Pte. Ltd. - Main
- 完成以GDPR为重点的ISO 27001审核,优化我们的ISMS, 加强数据保护和安全态势.
- 实施符合GDPR的高级安全措施, strengthening defenses against cyber threats.
- 进行ISO 27001和GDPR审核,以完善我们的ISMS,整合符合GDPR的控制措施.
- 增强的风险缓解和法规遵从性, 提高网络安全响应能力.
- Increased ability to detect, respond to, and recover from cyber threats, minimizing business interruptions.
- 通过加强网络安全措施和合规,加强敏感数据的保护.
Security Lead
Toyota Material Handling
- 设计了一个网络安全管理结构,将GRC原则与GDPR结合起来, 就合规和安全需求向领导提供建议.
- 制定符合gdpr的运营策略, embedding governance, risk management, and compliance into cybersecurity practices.
- 建立符合GRC框架(如ISO)的网络安全政策, IoTSF, and GDPR, 处理法规遵从性和公司特定的需求.
- 将全球标准和法规遵从性整合到网络安全实践中, ensuring adherence to GRC principles.
- 结合GRC和GDPR因素进行风险分析,积极应对和缓解网络安全威胁.
- Applied GRC principles in threat modeling, 侧重于降低风险和保护数据,以防范潜在的收入影响.
Security Compliance Consultant
Bonify, LLC
- Formulated a cybersecurity management policy, 将GRC原则与ISO 27001相结合, GDPR, 以及网络应用开发公司与Wix和Shopify平台的合规性.
- Assessed the current IT and security setup, 推荐服务器的体系结构增强, tools/devices, 以及符合GRC框架的软件,以增强基础设施的弹性.
- 制定战略路线图,以提升devops制造的产品和服务的安全状态, 使未来的发展与GRC标准和组织需求保持一致.
- 优先与国际和商业网络安全标准保持一致, ensuring governance, risk management, 合规性是安全操作的核心.
- 强调坚持GRC原则评估和升级安全架构的重要性, enhancing protection against evolving threats.
- 根据严格的GRC评估提出的基础设施改善建议, 旨在加强组织IT环境的安全基础.
Cybersecurity Advisor to CIO
Istanbul Metropolitan Municipality
- 在多学科项目中合作,为伊斯坦布尔的智慧城市和物联网计划制定战略, 整合GRC原则,有效管理和实施.
- 通过开发强化的基础设施来增强企业安全性, ensuring ISO 27001, PCI-DSS, NIST, 在全面的GRC框架内遵守GDPR.
- 建立符合ISO和gdpr的安全管理框架, 将其嵌入到企业架构中,以与全球数据保护标准保持一致.
- 推出提升安全操作专业知识的举措, focusing on ISO, NIST, GDPR合规性和整合GRC最佳实践以实现强大的网络安全.
- Defined metrics and KPIs within an ISO, NIST, 和GDPR背景下,以完善安全操作, emphasizing governance, risk management, and compliance in IT processes.
- 旨在通过遵守ISO和GDPR规范来增强软件和基础设施的安全性, 利用GRC策略进行持续改进和合规.
信息安全副总裁和企业架构师
bankalararaski Kart Merkezi(银行间银行卡中心)
- 构建了最先进的网络安全框架, securing 250 billion TL in local transactions, 与GRC原则保持一致,以实现强有力的财务数据保护.
- 通过TROY设想并为土耳其支付生态系统设定一个具有竞争力的基准, 结合GRC策略,确保卓越运作和合规.
- 通过细致的grc -对齐阶段执行战略:评估, design, build, operation, testing, audit, 持续增强网络安全弹性.
- Reported to executive leadership, emphasizing governance, risk management, 以及管理安全性和服务的遵从性, 有可观的战略投资预算.
- Managed a dedicated team, focusing on GRC-centric security operations, 监督重要的财政拨款,用于持续的基础设施和能力改进.
- 为正在进行的渗透测试和代码审查引入了一个严格的框架, 支持主动符合grc标准的网络安全态势,以应对新出现的威胁.
- 以GRC的视角监督采购和预算, 确保在技术和咨询服务方面的投资符合合规和运营效率标准.
- 开发特洛伊的IT和支付基础设施,以反映全球基准,如发现卡, 整合PCI DSS和其他国际合规监管标准.
- 在网络安全实践中培养持续改进的文化, 利用GRC的洞察力来增强安全性, compliance, and service management landscape.
- 在支付系统生命周期的各个阶段倡导GRC原则, 从战略规划到卓越运营, 这在土耳其开创了支付安全的先例.
Senior Cybersecurity Consultant
PwC
- 组建了一个基于GRC原则的网络安全团队, tasked with executing security assessments, penetration testing, 以及事件响应,以维护数据完整性和遵从性.
- 增强了跨关键部门的客户IT基础设施, 采用GRC方法防范预期的和新的网络威胁, reinforcing resilience and compliance.
- 对客户网络安全实践进行彻底的审计, 利用GRC框架评估遵守国际法的情况, regulations, and industry best practices, ensuring comprehensive compliance.
- 制定和实施持续监测战略, 整合GRC原则,主动识别漏洞并响应事件, thus minimizing risk exposure.
- 建立健壮的事件响应流程, informed by GRC standards, 迅速管理和减轻安全漏洞的影响, 确保法规遵从性和运营连续性.
- 在客户组织中倡导与grc一致的网络安全教育和意识计划, promoting a culture of security, compliance, and risk awareness to prevent future threats.
Experience
TROY Payment Project
http://troyodeme.com/en/网络安全组织与商业模式设计
Turkey's Very First DevSecOps CI/CD Pipeline
Education
Bachelor's Degree in Computer Engineering
伊斯坦布尔商业大学-伊斯坦布尔,土耳其
Certifications
ISO 22301
ISO
ITIL
HP
ISO/IEC 27001:2013 LA
ISO
Certified Ethical Hacker
EC-Council
Skills
Libraries/APIs
REST APIs, AES
Tools
Acunetix, Netsparker, Nessus, Accunetix Vulnerability Scanner, Zoom, Grafana, Microsoft Power Apps, Splunk, GCP Security, VPN
Paradigms
Penetration Testing, DevSecOps, DDoS, Security Software Development, DevOps, Secure Code Best Practices, Microservices, Microservices Architecture, Continuous Deployment, Continuous Delivery (CD), Continuous Development (CD), Continuous Integration (CI), Automation, Azure DevOps
Industry Expertise
采购产品网络安全,网络安全,电子学习,安全咨询,企业安全
Platforms
Windows, MacOS, Linux, Azure, Amazon Web Services (AWS), Imperva Incapsula, Google Cloud Platform (GCP), Embedded Linux, Shopify, Docker, Kubernetes
Storage
数据库安全、Datadog、Azure Active Directory、Amazon S3 (AWS S3)
Frameworks
COBIT 5
Languages
JavaScript, Go, Rust, Python
Other
采购产品网络,信息安全,审计,ISO 27001,培训,ICT培训,信息 & Communications Technology (ICT), Ethical Hacking, Certified Ethical Hacker (CEH), IT Infrastructure, Identity & Access Management (IAM), Firewalls, Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Scanning, System-on-a-Chip (SoC), Web Intelligence, Threat Intelligence, Threat Modeling, CISO, Data-level Security, Data Privacy, International Data Privacy Regulations, Vulnerability Management, Vulnerability Assessment, Red Teaming, PCI DSS, ISO 27002, Endpoint Security, Vulnerability Identification, CyberArk, Web Application Firewall (WAF), Data Loss Prevention (DLP), Data Governance, Compliance, Architecture, Security, IT Security, 资讯保安管理系统(ISMS), NIST, Security Engineering, Security Architecture, GRC, Security Audits, Web Security, Computer Security, Risk Management, Security Management, Security Design, Lecturing, Learning, PCI, Web App Security, 认证信息系统安全专业人员, Leadership, Audits, Infrastructure Security, IT Project Management, OWASP Top 10, Risk Analysis, Risk Modeling, Business Continuity Planning (BCP), Business Continuity, Business Continuity & Disaster Recovery (BCDR), Consulting, Security, Advisory, Project Consultancy, ISO 22301, ITIL 4, IT Service Management (ITSM), GDPR, Enterprise Architecture, Business Continuity, SIEM, Mobile Payments, Digital Payments, Zero-day Vulnerabilities, IBM Security Guardium, Cloud Security, CI/CD Pipelines, System Administration, CCNA, CCNA Security, Business Continuity & Disaster Recovery (BCDR), Migration, Application Security, Data Protection, Single Sign-on (SSO), Detection Engineering, SecOps, Data Encryption, SOC 2, Mobile Security, Malware Removal, CISSP, Cryptography, IDS/IPS, Endpoint Detection and Response (EDR), Business Continuity Planning (BCP), Security Operations Centers (SOC), Managed Detection and Response (MDR), Cloud, Infrastructure as Code (IaC), Disaster Recovery Consulting, Application Security, Vulnerability Scanning, Cyber Defense, Managed Security Service Providers (MSSP), OWASP, 安全信息和事件管理(SIEM), Programming, Encryption, Data, Payment APIs, Card Payments, Disaster Recovery Plans (DRP), Software Development Lifecycle (SDLC), RESTful Microservices, IoT Security, SCADA, Governance, IT Governance, Risk, PCI Compliance, Risk Models, Organization, Organizational Design, Organizational Structure, Business, Business Ideas, Business Cases, Business Development, Agile DevOps, High Code Quality, Secure Storage, Incident Response, Risk Assessment, Threat Analytics, Embedded Systems, Documentation, Technical Writing, Containers, Product Strategy Consultant, Go-to-market Strategy, Group Policy, Cloudflare, Google Workspace, CISM, Artificial Intelligence (AI), Advanced Encryption Standard (AES), Network Architecture, Cloud Infrastructure, SaaS Security, Code Review, Software as a Service (SaaS), Technical Writing, AWS Certified Solution Architect, Data Risk Assessment (DRA), Cisco, Enterprise Cybersecurity, Shell Scripting
How to Work with Toptal
在数小时内,而不是数周或数月,我们的网络将为您直接匹配全球行业专家.
Share your needs
Choose your talent
Start your risk-free talent trial
Top talent is in high demand.
Start hiring