Gökay Pekşen
Verified Expert in Engineering
IT安全开发人员
Gökay是专门从事网络安全的高级经理和首席顾问, 信息安全, audit, 标准和法规. 他精通企业安全架构,是提供可持续保护和提高声誉和数字存在的专家,同时能够降低风险以防止财务损失. Gökay has been working with different technologies, 编程语言, and frameworks and is willing to embrace new and challenging projects.
Portfolio
Experience
Availability
首选的环境
Zoom, MacOS, Linux, Windows
The most amazing...
...我设计的是土耳其第一个DevSecOps持续集成和持续交付管道.
Work Experience
Founder and CEO
Prime Threat
- Advised a firm on cybersecurity investments focusing on ISO 27001, PCI DSS, and COBIT to boost financial stability and global reach.
- 旨在通过使投资与国际GRC标准保持一致来增强市场竞争力.
- 创建了ISO 22301, 为土耳其的物流客户提供基于nist的安全框架,以增强弹性和合规性.
- 嵌入GRC原则,以保护资产并加强客户作为安全物流合作伙伴的声誉.
- Proposed a reorganization for a cybersecurity firm aligning with ISO 27001, NIST, and PCI DSS to improve governance and risk management.
- 强调重组战略, 提升公司对数据保护和网络安全卓越的承诺.
网络安全顾问
Olea Global Pte. Ltd. - Main
- Completed an ISO 27001 audit with a GDPR focus to optimize our ISMS, enhancing data protection and security posture.
- Implemented advanced security measures adhering to GDPR, 加强对网络威胁的防御.
- 进行ISO 27001和GDPR审核,以完善我们的ISMS,整合符合GDPR的控制措施.
- Enhanced risk mitigation and regulatory compliance, improving our cybersecurity response capabilities.
- 检测能力增强, respond to, 并从网络威胁中恢复, 尽量减少业务中断.
- 通过加强网络安全措施和合规,加强敏感数据的保护.
Security Lead
丰田物料搬运
- 设计了一个网络安全管理结构,将GRC原则与GDPR结合起来, advising leadership on compliance and security needs.
- Developed GDPR-compliant operational strategies, 嵌入治理, risk management, 遵守网络安全实践.
- Established cybersecurity policies aligned with GRC frameworks like ISO, IoTSF, and GDPR, addressing compliance and company-specific needs.
- 将全球标准和法规遵从性整合到网络安全实践中, 确保遵守GRC原则.
- 结合GRC和GDPR因素进行风险分析,积极应对和缓解网络安全威胁.
- GRC原理在威胁建模中的应用, 侧重于降低风险和保护数据,以防范潜在的收入影响.
安全合规顾问
Bonify, LLC
- 制定网络安全管理政策, integrating GRC principles with a focus on ISO 27001, GDPR, 以及网络应用开发公司与Wix和Shopify平台的合规性.
- 评估当前的IT和安全设置, recommending architectural enhancements for servers, tools/devices, and software in line with GRC frameworks to bolster infrastructure resilience.
- 制定战略路线图,以提升devops制造的产品和服务的安全状态, aligning future developments with GRC standards and organizational needs.
- 优先与国际和商业网络安全标准保持一致, ensuring governance, risk management, and compliance are central to security operations.
- 强调坚持GRC原则评估和升级安全架构的重要性, 加强对不断变化的威胁的保护.
- Proposed infrastructure improvements based on rigorous GRC assessments, 旨在加强组织IT环境的安全基础.
首席信息官网络安全顾问
伊斯坦布尔市区
- 在多学科项目中合作,为伊斯坦布尔的智慧城市和物联网计划制定战略, integrating GRC principles for effective management and implementation.
- Enhanced enterprise security by developing a fortified infrastructure, ensuring ISO 27001, PCI-DSS, NIST, and GDPR compliance within a comprehensive GRC framework.
- Established an ISO and GDPR-compliant security management framework, 将其嵌入到企业架构中,以与全球数据保护标准保持一致.
- Launched initiatives to elevate secure operations expertise, focusing on ISO, NIST, GDPR合规性和整合GRC最佳实践以实现强大的网络安全.
- 在ISO中定义度量标准和kpi, NIST, and GDPR context to refine security operations, 强调治理, risk management, 以及IT流程中的遵从性.
- 旨在通过遵守ISO和GDPR规范来增强软件和基础设施的安全性, leveraging GRC strategies for continuous improvement and compliance.
信息安全 VP and Enterprise Architect
Bankalararası Kart Merkezi (Interbank Card Center)
- Architected a state-of-the-art cybersecurity framework, 在本地交易中获得2500亿里拉, aligning with GRC principles for robust financial data protection.
- 通过TROY设想并为土耳其支付生态系统设定一个具有竞争力的基准, incorporating GRC strategies to ensure operational excellence and compliance.
- Executed the strategy through meticulous GRC-aligned stages: assessment, design, build, operation, testing, audit, and ongoing enhancement for cybersecurity resilience.
- 向行政领导汇报, 强调治理, risk management, and compliance in managing security and service, with a significant budget for strategic investments.
- 管理一个专注的团队, 专注于以grc为中心的安全操作, 监督重要的财政拨款,用于持续的基础设施和能力改进.
- 为正在进行的渗透测试和代码审查引入了一个严格的框架, 支持主动符合grc标准的网络安全态势,以应对新出现的威胁.
- Oversaw procurement and budgeting with a GRC lens, 确保在技术和咨询服务方面的投资符合合规和运营效率标准.
- 开发特洛伊的IT和支付基础设施,以反映全球基准,如发现卡, 整合PCI DSS和其他国际合规监管标准.
- Fostered a culture of continuous improvement in cybersecurity practices, leveraging GRC insights to enhance the security, compliance, 服务管理领域.
- Championed GRC principles in all phases of the payment system's lifecycle, from strategic planning to operational excellence, setting a precedent for payment security in Turkey.
高级网络安全顾问
PwC
- Formed a cybersecurity team grounded in GRC principles, 负责执行安全评估, penetration testing, and incident response to uphold data integrity and compliance.
- Enhanced client IT infrastructures across critical sectors, 采用GRC方法防范预期的和新的网络威胁, 加强韧性和合规性.
- Conducted thorough audits of client cybersecurity practices, leveraging GRC frameworks to evaluate adherence to international laws, regulations, 以及行业最佳实践, 确保全面合规.
- Developed and implemented a continuous monitoring strategy, 整合GRC原则,主动识别漏洞并响应事件, 从而减少风险暴露.
- Established a robust incident response process, 符合GRC标准, to manage and mitigate the impact of security breaches swiftly, ensuring regulatory compliance and operational continuity.
- 在客户组织中倡导与grc一致的网络安全教育和意识计划, 促进安全文化, compliance, 以及防范未来威胁的风险意识.
Experience
特洛伊支付项目
http://troyodeme.com/en/Cyber Security Organization and Business Model Designing
土耳其首个DevSecOps CI/CD管道
Education
计算机工程学士学位
Istanbul Commerce University - Istanbul, Turkey
Certifications
ISO 22301
ISO
ITIL
HP
Iso / iec 27001:2013
ISO
认证道德黑客
EC-Council
Skills
Libraries/APIs
REST APIs, AES
Tools
Acunetix, Netsparker, Nessus, Accunetix漏洞扫描器, Zoom, Grafana, Microsoft Power Apps, Splunk, GCP Security, VPN
Paradigms
Penetration Testing, DevSecOps, DDoS, 安全软件开发, DevOps, 安全代码最佳实践, Microservices, Microservices架构, 持续部署, 持续交付(CD), 持续发展(CD), 持续集成(CI), Automation, Azure DevOps
Industry Expertise
采购产品网络安全,网络安全,电子学习,安全咨询,企业安全
Platforms
Windows, MacOS, Linux, Azure, 亚马逊网络服务(AWS), Imperva Incapsula, 谷歌云平台(GCP), Embedded Linux, Shopify, Docker, Kubernetes
Storage
Database Security, Datadog, Azure Active Directory, Amazon S3 (AWS S3)
Frameworks
COBIT 5
Languages
JavaScript, Go, Rust, Python
Other
采购产品网络,信息安全,审计,ISO 27001,培训,ICT培训,信息 & 通讯科技(ICT), Ethical Hacking, 认证道德黑客(CEH), IT Infrastructure, Identity & 访问管理(IAM), Firewalls, 静态应用安全测试(SAST), 动态应用安全测试(DAST), Scanning, 系统级芯片(SoC), Web Intelligence, Threat Intelligence, Threat Modeling, CISO, Data-level Security, Data Privacy, 《欧博体育app下载》, 脆弱性管理, 漏洞评估, Red Teaming, PCI DSS, ISO 27002, Endpoint Security, 脆弱性识别, CyberArk, Web应用防火墙(WAF), 数据丢失预防(DLP), Data Governance, Compliance, Architecture, Security, IT Security, 信息安全 Management Systems (ISMS), NIST, 安全工程, 安全体系结构, GRC, Security Audits, Web Security, Computer Security, Risk Management, 安全管理, Security Design, Lecturing, Learning, PCI, Web App Security, Certified Information Systems Security Professional, Leadership, Audits, 基础设施安全, IT项目管理, OWASP Top 10, Risk Analysis, Risk Modeling, 业务连续性计划(BCP), 业务连续性, 业务连续性 & 灾难恢复(BCDR), Consulting, Security, Advisory, 工程咨询公司, ISO 22301, ITIL 4, IT服务管理(ITSM), GDPR, 企业架构, 业务连续性, SIEM, Mobile Payments, Digital Payments, 零日漏洞, IBM安全卫士, Cloud Security, CI/CD Pipelines, 系统管理, CCNA, CCNA Security, 业务连续性 & 灾难恢复(BCDR), Migration, App 保护, Data Protection, 单点登录(SSO), 检测工程, SecOps, Data Encryption, SOC 2, Mobile Security, Malware Removal, CISSP, Cryptography, IDS/IPS, 端点检测和响应(EDR), 业务连续性计划(BCP), 安全运营中心(SOC), 管理检测和响应(MDR), Cloud, 基础设施即代码(IaC), 灾难恢复咨询, App 保护, 漏洞扫描, Cyber Defense, 托管安全服务提供商(MSSP), OWASP, Security Information and Event Management (SIEM), Programming, Encryption, Data, Payment APIs, Card Payments, 灾难恢复计划(DRP), 软件开发生命周期(SDLC), RESTful Microservices, IoT Security, SCADA, Governance, IT Governance, Risk, PCI Compliance, Risk Models, Organization, 组织设计, 组织结构, Business, Business Ideas, Business Cases, 业务发展, Agile DevOps, High Code Quality, Secure Storage, Incident Response, Risk Assessment, Threat Analytics, Embedded Systems, Documentation, Technical Writing, Containers, 产品策略顾问, 市场策, Group Policy, Cloudflare, Google Workspace, CISM, 人工智能(AI), 高级加密标准(AES), 网络体系结构, 云基础设施, SaaS Security, Code Review, 软件即服务(SaaS), Technical Writing, AWS认证解决方案架构师, 数据风险评估(DRA), Cisco, 企业网络安全, Shell Scripting
如何使用Toptal
在数小时内,而不是数周或数月,我们的网络将为您直接匹配全球行业专家.
Share your needs
Choose your talent
开始你的无风险人才试验
对顶尖人才的需求很大.
Start hiring