The following is a brief summary of my relevant experience. You can also download my CV.
Engineering
I have seven years of engineering experience at Adevinta, previously known as Schibsted.
I joined Schibsted as a Security Engineer in the Purple Team, focused in continuous security and automation. The team grew and I became its manager, doubling as technical product owner for Vulcan, our main product. Later, I became engineering manager of the Security area, including the Purple, Red, Blue and Access teams. I finally decided to transition back to being an individual contributor, where I felt that I had the most impact.
In both Schibsted and Adevinta, my team and I focused on building internal security tools and services that allowed our company to scale security to a massive organization. Our goal was to allow every engineer to take ownership of the security of their products without significant effort or expert knowledge. We created automated and self-serve security products related to vulnerability scanning, asset discovery, cloud infrastructure, metrics, monitoring, alerting, network access and other areas. We advised the company on how to make effective use of those products, integrated them into existing workflows and researched how to improve our offering based on the needs of our stakeholders.
Consulting
I have consulting and contracting experience by working at Deloitte and Ernst & Young.
In Deloitte I was a member and eventually leader of the on-site electronic crime team for a major bank. I analyzed banking malware behaviour and developed countermeasures to extract money mules and detect infected customers. I developed services to enrich SIEM logs with threat intelligence data and automatically analyze phishing emails for the remote SOC. I tested anti-malware solutions and integrated existing ones. I responded to malware incidents, performed forensic analysis and participated in government security exercises.
In Ernst & Young I worked for multiple clients before focusing on an automotive company. I performed penetration testing of web applications, internal infrastructure, wireless networks and network access control. I handled the RFP process for a large IDS/IPS device deployment, including designing and executing a technical benchmarking plan. As part of the security office of the client, I worked on security monitoring and incident response.