Publication
Ask a Security Engineer: From DevSecOps to Cloud Security
http://244575.chinaqinyu.com/cybersecurity/devsecops-cloud-security-questions
Gökay is available for hire
Hire GökayGökay Pekşen
Verified Expert in Engineering
IT安全开发人员
Location
Istanbul, Turkey
至今成员总数
April 28, 2022
Gökay是专门从事网络安全的高级经理和首席顾问, 信息安全, audit, 标准和法规. 他精通企业安全架构,是提供可持续保护和提高声誉和数字存在的专家,同时能够降低风险以防止财务损失. Gökay has been working with different technologies, 编程语言, and frameworks and is willing to embrace new and challenging projects.
Portfolio
Prime Threat
网络安全,信息安全,项目咨询,审计,ISO 27001...
Olea Global Pte. Ltd. - Main
App 保护, 信息安全, CISO, Cybersecurity, IT Security...
丰田物料搬运
采购产品安全,风险评估,风险,风险模型,威胁建模,威胁分析...
Experience
Availability
Full-time
首选的环境
Zoom, MacOS, Linux, Windows
The most amazing...
...我设计的是土耳其第一个DevSecOps持续集成和持续交付管道.
Work Experience
Founder and CEO
2016 - PRESENT
Prime Threat
- Advised a firm on cybersecurity investments focusing on ISO 27001, PCI DSS, and COBIT to boost financial stability and global reach.
- 旨在通过使投资与国际GRC标准保持一致来增强市场竞争力.
- 创建了ISO 22301, 为土耳其的物流客户提供基于nist的安全框架,以增强弹性和合规性.
- 嵌入GRC原则,以保护资产并加强客户作为安全物流合作伙伴的声誉.
- Proposed a reorganization for a cybersecurity firm aligning with ISO 27001, NIST, and PCI DSS to improve governance and risk management.
- 强调重组战略, 提升公司对数据保护和网络安全卓越的承诺.
Technologies: 网络安全,信息安全,项目咨询,审计,ISO 27001, ISO 22301, ITIL 4, IT服务管理(ITSM), Windows, Linux, Training, ICT Training, Information & 通讯科技(ICT), COBIT 5, GDPR, 企业架构, 安全软件开发, 亚马逊网络服务(AWS), CISO, 谷歌云平台(GCP), Azure, 软件开发生命周期(SDLC), 静态应用安全测试(SAST), 动态应用安全测试(DAST), JavaScript, Go, Rust, Cloud Security, Architecture, Network Security, Security, CI/CD Pipelines, IT Security, 系统管理, CCNA, CCNA Security, 信息安全 Management Systems (ISMS), 业务连续性 & 灾难恢复(BCDR), Migration, NIST, Containers, Azure Active Directory, 产品策略顾问, 市场策, 安全工程, Group Policy, Data Protection, 安全体系结构, GRC, Security Audits, Compliance, 单点登录(SSO), Web Security, Computer Security, Risk Management, 安全管理, DevSecOps, 检测工程, Automation, Security Design, Lecturing, Learning, E-learning, PCI, SecOps, 安全代码最佳实践, Data Encryption, Docker, Kubernetes, Web App Security, Cloudflare, Google Workspace, DDoS, Grafana, Azure DevOps, SOC 2, Mobile Security, Certified Information Systems Security Professional, Amazon S3 (AWS S3), Malware Removal, CISSP, Python, Datadog, CISM, Data Privacy, 《欧博体育app下载》, Leadership, Audits, 人工智能(AI), App 保护, 高级加密标准(AES), Cryptography, IDS/IPS, 端点检测和响应(EDR), Microsoft Power Apps, 业务连续性计划(BCP), 基础设施安全, 网络体系结构, 云基础设施, 安全运营中心(SOC), 管理检测和响应(MDR), Splunk, Cloud, 基础设施即代码(IaC), IT项目管理, OWASP Top 10, Risk Analysis, Risk Modeling, SaaS Security, GCP Security, Code Review, 业务连续性计划(BCP), 业务连续性, 业务连续性 & 灾难恢复(BCDR), 灾难恢复咨询, Consulting, App 保护, Security, 软件即服务(SaaS), Technical Writing, Data Governance, AWS认证解决方案架构师, 数据风险评估(DRA), 漏洞扫描, Cyber Defense, Cisco, VPN, 托管安全服务提供商(MSSP), Advisory, Security Advisory, OWASP, Shell Scripting, Security Information and Event Management (SIEM)
网络安全顾问
2023 - 2023
Olea Global Pte. Ltd. - Main
- Completed an ISO 27001 audit with a GDPR focus to optimize our ISMS, enhancing data protection and security posture.
- Implemented advanced security measures adhering to GDPR, 加强对网络威胁的防御.
- 进行ISO 27001和GDPR审核,以完善我们的ISMS,整合符合GDPR的控制措施.
- Enhanced risk mitigation and regulatory compliance, improving our cybersecurity response capabilities.
- 检测能力增强, respond to, 并从网络威胁中恢复, 尽量减少业务中断.
- 通过加强网络安全措施和合规,加强敏感数据的保护.
技术:应用程序安全, 信息安全, CISO, Cybersecurity, IT Security, ISO 27001, ISO 27002, Compliance, Security, Azure Active Directory, 安全工程, Data Protection, 安全体系结构, GRC, Security Audits, Web Security, Computer Security, Risk Management, 安全管理, Security Design, PCI, Web App Security, Certified Information Systems Security Professional, CISSP, Leadership, Audits, IT项目管理, OWASP Top 10, Risk Analysis, Risk Modeling, App 保护, Security, 软件即服务(SaaS), OWASP
Security Lead
2022 - 2023
丰田物料搬运
- 设计了一个网络安全管理结构,将GRC原则与GDPR结合起来, advising leadership on compliance and security needs.
- Developed GDPR-compliant operational strategies, 嵌入治理, risk management, 遵守网络安全实践.
- Established cybersecurity policies aligned with GRC frameworks like ISO, IoTSF, and GDPR, addressing compliance and company-specific needs.
- 将全球标准和法规遵从性整合到网络安全实践中, 确保遵守GRC原则.
- 结合GRC和GDPR因素进行风险分析,积极应对和缓解网络安全威胁.
- GRC原理在威胁建模中的应用, 侧重于降低风险和保护数据,以防范潜在的收入影响.
Technologies: 采购产品安全,风险评估,风险,风险模型,威胁建模,威胁分析, Embedded Linux, Embedded Systems, Documentation, Technical Writing, Azure Active Directory, 安全工程, Data Protection, 安全体系结构, GRC, Security Audits, Compliance, Web Security, Computer Security, Risk Management, 安全管理, Security Design, 安全代码最佳实践, Data Encryption, Web App Security, Certified Information Systems Security Professional, Cybersecurity, CISSP, Leadership, Audits, App 保护, IT项目管理, OWASP Top 10, Risk Analysis, Risk Modeling, App 保护, Security, 企业网络安全, Enterprise Security, OWASP
安全合规顾问
2022 - 2023
Bonify, LLC
- 制定网络安全管理政策, integrating GRC principles with a focus on ISO 27001, GDPR, 以及网络应用开发公司与Wix和Shopify平台的合规性.
- 评估当前的IT和安全设置, recommending architectural enhancements for servers, tools/devices, and software in line with GRC frameworks to bolster infrastructure resilience.
- 制定战略路线图,以提升devops制造的产品和服务的安全状态, aligning future developments with GRC standards and organizational needs.
- 优先与国际和商业网络安全标准保持一致, ensuring governance, risk management, and compliance are central to security operations.
- 强调坚持GRC原则评估和升级安全架构的重要性, 加强对不断变化的威胁的保护.
- Proposed infrastructure improvements based on rigorous GRC assessments, 旨在加强组织IT环境的安全基础.
技术:资讯科技保安, Security, ISO 27001, Data Privacy, GDPR, Incident Response, Architecture, 安全工程, 安全体系结构, GRC, Security Audits, Compliance, Web Security, Computer Security, Risk Management, 安全管理, Security Design, Shopify, PCI, Web App Security, Certified Information Systems Security Professional, Cybersecurity, CISSP, Leadership, Audits, IT项目管理, OWASP Top 10, Risk Analysis, Risk Modeling, App 保护, Security, 软件即服务(SaaS), OWASP
首席信息官网络安全顾问
2019 - 2021
伊斯坦布尔市区
- 在多学科项目中合作,为伊斯坦布尔的智慧城市和物联网计划制定战略, integrating GRC principles for effective management and implementation.
- Enhanced enterprise security by developing a fortified infrastructure, ensuring ISO 27001, PCI-DSS, NIST, and GDPR compliance within a comprehensive GRC framework.
- Established an ISO and GDPR-compliant security management framework, 将其嵌入到企业架构中,以与全球数据保护标准保持一致.
- Launched initiatives to elevate secure operations expertise, focusing on ISO, NIST, GDPR合规性和整合GRC最佳实践以实现强大的网络安全.
- 在ISO中定义度量标准和kpi, NIST, and GDPR context to refine security operations, 强调治理, risk management, 以及IT流程中的遵从性.
- 旨在通过遵守ISO和GDPR规范来增强软件和基础设施的安全性, leveraging GRC strategies for continuous improvement and compliance.
技术:审计, 业务连续性, Cybersecurity, 信息安全, Data-level Security, Database Security, GDPR, Data Privacy, 《欧博体育app下载》, Identity & 访问管理(IAM), SIEM, 系统级芯片(SoC), Penetration Testing, 脆弱性管理, 漏洞评估, Acunetix, Netsparker, Nessus, Threat Modeling, Threat Intelligence, Web Intelligence, Red Teaming, Scanning, PCI DSS, ISO 27001, ISO 22301, ISO 27002, Firewalls, Endpoint Security, 软件开发生命周期(SDLC), 静态应用安全测试(SAST), 动态应用安全测试(DAST), Cloud Security, Architecture, Network Security, Secure Storage, Security, CI/CD Pipelines, IT Security, 系统管理, 信息安全 Management Systems (ISMS), 业务连续性 & 灾难恢复(BCDR), Migration, NIST, Containers, 安全工程, Data Protection, 安全体系结构, GRC, Security Audits, Compliance, 单点登录(SSO), Web Security, Computer Security, Risk Management, 安全管理, DevSecOps, 检测工程, Automation, Security Design, PCI, SecOps, 安全代码最佳实践, Data Encryption, Docker, Kubernetes, Web App Security, Cloudflare, DDoS, Grafana, Azure DevOps, Mobile Security, Certified Information Systems Security Professional, Malware Removal, CISSP, Datadog, CISM, Leadership, Audits, App 保护, IDS/IPS, 端点检测和响应(EDR), 业务连续性计划(BCP), 基础设施安全, 网络体系结构, 云基础设施, 安全运营中心(SOC), 管理检测和响应(MDR), Splunk, Cloud, IT项目管理, OWASP Top 10, Risk Analysis, Risk Modeling, SaaS Security, 业务连续性计划(BCP), 业务连续性, 业务连续性 & 灾难恢复(BCDR), App 保护, Security, 软件即服务(SaaS), Data Governance, AWS认证解决方案架构师, 漏洞扫描, Cyber Defense, Enterprise Security, 托管安全服务提供商(MSSP), Advisory, Security Advisory, OWASP, Security Information and Event Management (SIEM)
信息安全 VP and Enterprise Architect
2015 - 2016
Bankalararası Kart Merkezi (Interbank Card Center)
- Architected a state-of-the-art cybersecurity framework, 在本地交易中获得2500亿里拉, aligning with GRC principles for robust financial data protection.
- 通过TROY设想并为土耳其支付生态系统设定一个具有竞争力的基准, incorporating GRC strategies to ensure operational excellence and compliance.
- Executed the strategy through meticulous GRC-aligned stages: assessment, design, build, operation, testing, audit, and ongoing enhancement for cybersecurity resilience.
- 向行政领导汇报, 强调治理, risk management, and compliance in managing security and service, with a significant budget for strategic investments.
- 管理一个专注的团队, 专注于以grc为中心的安全操作, 监督重要的财政拨款,用于持续的基础设施和能力改进.
- 为正在进行的渗透测试和代码审查引入了一个严格的框架, 支持主动符合grc标准的网络安全态势,以应对新出现的威胁.
- Oversaw procurement and budgeting with a GRC lens, 确保在技术和咨询服务方面的投资符合合规和运营效率标准.
- 开发特洛伊的IT和支付基础设施,以反映全球基准,如发现卡, 整合PCI DSS和其他国际合规监管标准.
- Fostered a culture of continuous improvement in cybersecurity practices, leveraging GRC insights to enhance the security, compliance, 服务管理领域.
- Championed GRC principles in all phases of the payment system's lifecycle, from strategic planning to operational excellence, setting a precedent for payment security in Turkey.
技术:网络安全, 信息安全, SIEM, 系统级芯片(SoC), DevOps, DevSecOps, Microservices, Microservices架构, REST APIs, RESTful Microservices, Payment APIs, Card Payments, Mobile Payments, Digital Payments, Penetration Testing, Ethical Hacking, Scanning, Threat Modeling, Threat Intelligence, 脆弱性管理, 漏洞评估, 脆弱性识别, 零日漏洞, Accunetix漏洞扫描器, Nessus, Netsparker, CyberArk, Identity & 访问管理(IAM), Imperva Incapsula, IBM安全卫士, Endpoint Security, Web应用防火墙(WAF), 数据丢失预防(DLP), 软件开发生命周期(SDLC), 静态应用安全测试(SAST), 动态应用安全测试(DAST), Architecture, Network Security, Secure Storage, Security, CI/CD Pipelines, IT Security, 系统管理, 信息安全 Management Systems (ISMS), 业务连续性 & 灾难恢复(BCDR), Migration, NIST, 安全工程, Data Protection, 安全体系结构, GRC, Security Audits, Compliance, 单点登录(SSO), Web Security, Computer Security, Risk Management, 安全管理, 检测工程, Automation, Security Design, PCI, SecOps, 安全代码最佳实践, Data Encryption, Web App Security, DDoS, Mobile Security, Certified Information Systems Security Professional, Malware Removal, CISSP, CISM, Leadership, Audits, 高级加密标准(AES), AES, Cryptography, IDS/IPS, 端点检测和响应(EDR), 业务连续性计划(BCP), 基础设施安全, 网络体系结构, 云基础设施, 安全运营中心(SOC), IT项目管理, OWASP Top 10, Risk Analysis, Risk Modeling, Code Review, 业务连续性计划(BCP), 业务连续性, 业务连续性 & 灾难恢复(BCDR), App 保护, Security, 软件即服务(SaaS), Data Governance, 漏洞扫描, Cyber Defense, VPN, 托管安全服务提供商(MSSP), OWASP, Shell Scripting, Security Information and Event Management (SIEM)
高级网络安全顾问
2014 - 2015
PwC
- Formed a cybersecurity team grounded in GRC principles, 负责执行安全评估, penetration testing, and incident response to uphold data integrity and compliance.
- Enhanced client IT infrastructures across critical sectors, 采用GRC方法防范预期的和新的网络威胁, 加强韧性和合规性.
- Conducted thorough audits of client cybersecurity practices, leveraging GRC frameworks to evaluate adherence to international laws, regulations, 以及行业最佳实践, 确保全面合规.
- Developed and implemented a continuous monitoring strategy, 整合GRC原则,主动识别漏洞并响应事件, 从而减少风险暴露.
- Established a robust incident response process, 符合GRC标准, to manage and mitigate the impact of security breaches swiftly, ensuring regulatory compliance and operational continuity.
- 在客户组织中倡导与grc一致的网络安全教育和意识计划, 促进安全文化, compliance, 以及防范未来威胁的风险意识.
技术:网络安全, 信息安全, ISO 27001, ISO 22301, COBIT 5, IoT Security, SCADA, Accunetix漏洞扫描器, Acunetix, Netsparker, Auditing, 业务连续性, Governance, IT Governance, Data Governance, Risk, Compliance, PCI Compliance, Risk Models, Threat Modeling, Cloud Security, Architecture, Network Security, Secure Storage, Security, IT Security, 系统管理, 信息安全 Management Systems (ISMS), 业务连续性 & 灾难恢复(BCDR), Migration, NIST, 安全工程, Group Policy, 安全体系结构, GRC, Security Audits, 单点登录(SSO), Web Security, Computer Security, Risk Management, 安全管理, Lecturing, Learning, E-learning, SecOps, 安全代码最佳实践, Data Encryption, Web App Security, DDoS, Certified Information Systems Security Professional, CISSP, Leadership, Audits, App 保护, 高级加密标准(AES), AES, Cryptography, 端点检测和响应(EDR), 基础设施安全, 网络体系结构, IT项目管理, OWASP Top 10, Risk Analysis, Risk Modeling, Code Review, 业务连续性计划(BCP), 业务连续性, 业务连续性 & 灾难恢复(BCDR), Consulting, App 保护, Security, 漏洞扫描, VPN, 托管安全服务提供商(MSSP), Advisory, Security Advisory, OWASP, Shell Scripting
Experience
特洛伊支付项目
http://troyodeme.com/en/作为TROY的首席架构师, Turkey's inaugural card payment system aligned with the Discover Card schema, 我的职责包括根据GRC原则设计和执行基础设施. 我的职责扩展到管理涉及不同利益相关者的多方面项目, 比如地方政府和国际政府, banks, 支付机构, clients, 和其他卡供应商. These initiatives were conducted with a strong emphasis on governance, ensuring alignment with international standards, risk management to mitigate potential cybersecurity and operational risks, and compliance to adhere to both local and global regulatory requirements. This approach ensured TROY's successful deployment and operation, setting a benchmark for payment systems in the region.
Cyber Security Organization and Business Model Designing
As a principal advisor to the CEO of one of Turkey's largest ISP companies, 我设计并实施了一个新的组织结构和商业模式,以在国内和国际市场产生新的收入来源.
土耳其首个DevSecOps CI/CD管道
在银行同业卡中心(BKM), I spearheaded the pioneering DevSecOps CI/CD pipeline project in Turkey, integrating GRC principles to elevate software and infrastructure security. 该计划旨在建立一个健壮的、强化的安全软件开发生命周期, 尽量减少对人为干预的依赖,减少出错的可能性. By automating the assessment of software quality and security, 该项目不仅提高了运营效率,而且确保了符合行业标准, managed risks associated with software development and deployment, 并坚持治理框架, 从而为该地区的安全软件开发实践设定了新的标准.
Education
2005 - 2009
计算机工程学士学位
Istanbul Commerce University - Istanbul, Turkey
Certifications
2015年8月至今
ISO 22301
ISO
2015年6月至今
ITIL
HP
2015年6月至今
Iso / iec 27001:2013
ISO
2008年11月- 2011年11月
认证道德黑客
EC-Council
Skills
Libraries/APIs
REST APIs, AES
Tools
Acunetix, Netsparker, Nessus, Accunetix漏洞扫描器, Zoom, Grafana, Microsoft Power Apps, Splunk, GCP Security, VPN
Paradigms
Penetration Testing, DevSecOps, DDoS, 安全软件开发, DevOps, 安全代码最佳实践, Microservices, Microservices架构, 持续部署, 持续交付(CD), 持续发展(CD), 持续集成(CI), Automation, Azure DevOps
Industry Expertise
采购产品网络安全,网络安全,电子学习,安全咨询,企业安全
Platforms
Windows, MacOS, Linux, Azure, 亚马逊网络服务(AWS), Imperva Incapsula, 谷歌云平台(GCP), Embedded Linux, Shopify, Docker, Kubernetes
Storage
Database Security, Datadog, Azure Active Directory, Amazon S3 (AWS S3)
Frameworks
COBIT 5
Languages
JavaScript, Go, Rust, Python
Other
采购产品网络,信息安全,审计,ISO 27001,培训,ICT培训,信息 & 通讯科技(ICT), Ethical Hacking, 认证道德黑客(CEH), IT Infrastructure, Identity & 访问管理(IAM), Firewalls, 静态应用安全测试(SAST), 动态应用安全测试(DAST), Scanning, 系统级芯片(SoC), Web Intelligence, Threat Intelligence, Threat Modeling, CISO, Data-level Security, Data Privacy, 《欧博体育app下载》, 脆弱性管理, 漏洞评估, Red Teaming, PCI DSS, ISO 27002, Endpoint Security, 脆弱性识别, CyberArk, Web应用防火墙(WAF), 数据丢失预防(DLP), Data Governance, Compliance, Architecture, Security, IT Security, 信息安全 Management Systems (ISMS), NIST, 安全工程, 安全体系结构, GRC, Security Audits, Web Security, Computer Security, Risk Management, 安全管理, Security Design, Lecturing, Learning, PCI, Web App Security, Certified Information Systems Security Professional, Leadership, Audits, 基础设施安全, IT项目管理, OWASP Top 10, Risk Analysis, Risk Modeling, 业务连续性计划(BCP), 业务连续性, 业务连续性 & 灾难恢复(BCDR), Consulting, Security, Advisory, 工程咨询公司, ISO 22301, ITIL 4, IT服务管理(ITSM), GDPR, 企业架构, 业务连续性, SIEM, Mobile Payments, Digital Payments, 零日漏洞, IBM安全卫士, Cloud Security, CI/CD Pipelines, 系统管理, CCNA, CCNA Security, 业务连续性 & 灾难恢复(BCDR), Migration, App 保护, Data Protection, 单点登录(SSO), 检测工程, SecOps, Data Encryption, SOC 2, Mobile Security, Malware Removal, CISSP, Cryptography, IDS/IPS, 端点检测和响应(EDR), 业务连续性计划(BCP), 安全运营中心(SOC), 管理检测和响应(MDR), Cloud, 基础设施即代码(IaC), 灾难恢复咨询, App 保护, 漏洞扫描, Cyber Defense, 托管安全服务提供商(MSSP), OWASP, Security Information and Event Management (SIEM), Programming, Encryption, Data, Payment APIs, Card Payments, 灾难恢复计划(DRP), 软件开发生命周期(SDLC), RESTful Microservices, IoT Security, SCADA, Governance, IT Governance, Risk, PCI Compliance, Risk Models, Organization, 组织设计, 组织结构, Business, Business Ideas, Business Cases, 业务发展, Agile DevOps, High Code Quality, Secure Storage, Incident Response, Risk Assessment, Threat Analytics, Embedded Systems, Documentation, Technical Writing, Containers, 产品策略顾问, 市场策, Group Policy, Cloudflare, Google Workspace, CISM, 人工智能(AI), 高级加密标准(AES), 网络体系结构, 云基础设施, SaaS Security, Code Review, 软件即服务(SaaS), Technical Writing, AWS认证解决方案架构师, 数据风险评估(DRA), Cisco, 企业网络安全, Shell Scripting
有效的合作
如何使用Toptal
在数小时内,而不是数周或数月,我们的网络将为您直接匹配全球行业专家.
1
Share your needs
在与Toptal领域专家的电话中讨论您的需求并细化您的范围.
2
Choose your talent
在24小时内获得专业匹配人才的简短列表,以进行审查,面试和选择.
3
开始你的无风险人才试验
Work with your chosen talent on a trial basis for up to two weeks. 只有当你决定雇佣他们时才付钱.
对顶尖人才的需求很大.
Start hiring