Discipline: Incident Response and Computer Forensics

Specialized in Security Operations Center, developed a SOC Framework based on maket best practices. That Framework was already presented in speeches (ISSA.org - ApRisco.org) and security magazines ( Antebellum - a Brazilian ISSA magazine ) to technical and executive audiences. The Framework is dinamicaly modified to follow security tendencies on MSS environments. ● Performed as Instructor, modules of the MCSO Certification ( Modulo… Show more Specialized in Security Operations Center, developed a SOC Framework based on maket best practices. That Framework was already presented in speeches (ISSA.org - ApRisco.org) and security magazines ( Antebellum - a Brazilian ISSA magazine ) to technical and executive audiences. The Framework is dinamicaly modified to follow security tendencies on MSS environments. ● Performed as Instructor, modules of the MCSO Certification ( Modulo Certified Security Officer ) and Computer Forensics classes to employes from companies like: Casa da Moeda, Petrobrás, Redecard, Banco Itaú, TRE do Maranhão and Banco Bradesco among others.● Responsible for the distribution and training of UTM platform Untangle in Brazil.● Performed PenTests at very critical environments at companies like Quattor and Rede Record.Project Maganer / Security Consultant at NEC do Brasil - SOC Resiliency Process Design Project● Interviews and audit activities were performed to generate a GAP Analysis document about the SOC environment. That document shows the maturity level of all SOC processes and was used as reference to new processes enhancement and improving the existing ones.● The online colaboration tool PBWIKI was used to collect and share the informations during the project and all the process were designed using the BPM Lombardi Blueprint online tool.● Using a very extensive methodology ( CERT-REF ), the Resiliency Project was aligned with the executive and commercial expectation's and market best practices resulting in 21 books of processes and a compliance catalog with 11 checklists for audit purposes and easy update. ● For this project the following refereces were considered: BS25999 / COBIT 4.1 / COSO ERM / CMMI / DRJ DRII GAP / FFIEC / ISO-IEC 20000-2 / ISO-IEC 24762 / ISO-IEC 27002 / NFPA 1600 / PCI DSS Show less

Project at Banco ABN +Banco Nossa Caixa (São Paulo) [contracted by Módulo Security] 07/2009 - 01/2010Advisor - Security Metrics Project● Using the data from Symantec SSIM tool all the reports were directed to Security Metrics showing in a very efective way the ROI of the Security Area combined with Forensics and Incident Handling results.● New executive presentations of the Information Security area were developed. Vivo (São Paulo) [contracted by Módulo… Show more Project at Banco ABN +Banco Nossa Caixa (São Paulo) [contracted by Módulo Security] 07/2009 - 01/2010Advisor - Security Metrics Project● Using the data from Symantec SSIM tool all the reports were directed to Security Metrics showing in a very efective way the ROI of the Security Area combined with Forensics and Incident Handling results.● New executive presentations of the Information Security area were developed. Vivo (São Paulo) [contracted by Módulo Security] 02/2010 - 06/2010Security Consultant - Risk Analisys Project● Performed Audit on dozens of network appliances from Vivo Company as team member of security consultants from Modulo Security. All the results were used in a management security master plan.● The "Check-up Tool" from Modulo Security was used during the whole project execution.Claro (São Paulo) [contracted by Módulo Security] 07/2010 - 11/2010Security Consultant - Incident Response and Security Metrics Project● After a Gathering Information phase, new and customized reports were created (Firewall, AV, Security Monitoring and Anti-Spam) in a security metrics format, driving all the results to effective management action plans. ● Service Agreement documents were created based on a RACI Matrix covering all services processes. ● The Incident Response process was revised and updated. Show less

Managed a technical support team to perform assistance with products like: Sourcefire, eIQ, Barracuda, Webinspect, Clearsigth e WatchGuard.● Performed security consultancy to channels and prospect new business opportunities.● Participated in events to speak about Security Operations Centers.

Participated in a developement of a “Reference Model for SOC Processes Standardization”, considering: detailed cycle of “Incident Handling” and interfaces among SOC and Incident Response teams. The market´s best practices and references were applied to elaborate this document, such as: GARTNER, ITIL, ISO 17799, COBIT, CERT, NIST, Sarbannes Oxley and BASEL II. ● Conducted a “Gathering Information” process focusing the mapping of SOC processes and procedures, risk… Show more Participated in a developement of a “Reference Model for SOC Processes Standardization”, considering: detailed cycle of “Incident Handling” and interfaces among SOC and Incident Response teams. The market´s best practices and references were applied to elaborate this document, such as: GARTNER, ITIL, ISO 17799, COBIT, CERT, NIST, Sarbannes Oxley and BASEL II. ● Conducted a “Gathering Information” process focusing the mapping of SOC processes and procedures, risk analysis, policies, tools, collection and correlation of data, incident escalation, metrics and SLAs. ● Established a Strategic, Tactical and Operational Plan to unify São Paulo and Chicago SOC´s processes and procedures and the conformity with the effective regulations in each country. ● Formalized “Services Agreements” to monitor services rendered globally, including: service description, coverage, availability, incidents classification, SLA's, incident escalation process and metrics. ● Deal daily with directly employees distributed in São Paulo and Chicago SOCs, with a global monitoring coverage for approximately 150 IDS sensors in Europe, Latin America, Asia, United States and Holland. Show less

Applied the best practices of the market to accomplish the plans with the SOX, ISO , ITIL and Basel IIcompliances. Focusing anti-frauding and forensics details during all the plannning of a Security OperationCentre Station.Prepared “Security Logic Plan” aiming the clear executive vision of gaps and helping the institutions toguidance for future strategic decisions. Responsible for design a Security Operations Center Architecture plan to Bradesco Bank… Show more Applied the best practices of the market to accomplish the plans with the SOX, ISO , ITIL and Basel IIcompliances. Focusing anti-frauding and forensics details during all the plannning of a Security OperationCentre Station.Prepared “Security Logic Plan” aiming the clear executive vision of gaps and helping the institutions toguidance for future strategic decisions. Responsible for design a Security Operations Center Architecture plan to Bradesco Bank S/A.Consulting project documentation using BS7799.Technical documentation.Security policies and guidelines.Security research and tools evaluation. Show less

Responsible for a SNOC team at AT&T monitoring the Bovespa network environment.● Implemented internal high risks equipments in critical financial environments.● Prepared contingency plans for forensics emergencies.● Implanted the most remarcable security appliances of the market ( CheckPoint, Nokia, RSA etc ) in critical environments attending Windows Networks and Unixlike solutions needs.Responsible for trainning security professionals.● Firewalls integration on… Show more Responsible for a SNOC team at AT&T monitoring the Bovespa network environment.● Implemented internal high risks equipments in critical financial environments.● Prepared contingency plans for forensics emergencies.● Implanted the most remarcable security appliances of the market ( CheckPoint, Nokia, RSA etc ) in critical environments attending Windows Networks and Unixlike solutions needs.Responsible for trainning security professionals.● Firewalls integration on critical mission environments.● Incident Handling.● Project management and documentation on mid and high level enterprises.● Instructor [Linux Security– Nokia – Security Sistems ].● Products and technologies [ Check Point – Nokia – Websense – WatchGuard – Axent(Symantec) – Trend Micro – StoneBeat – Astaro ]. Show less

Security Consultant / Instructor● Instructor [ TCP/IP – Linux I, II, III ].● Responsible for the security project on a Lawn Government Institution – all based on Linux.● Vulnerability analysis.● Products and technologies [ Snort – LIDS – IPTABLES – TripWire – Ntop – Nessus ].