Vous êtes sur la page 1sur 34

CV FRONT PAGE

Surname, first name: Mr. KALANTZIS Panagiotis


Date of last update: 24/06/2014 Paraphe of the person, for approval :
e-mail address: pkalantzis@gmail.com
Date of birth: 30/10/1975
Type of contract: Employer:
Permanent (Check the appropriate)
Non-permanent
Freelancer :
Name of freelance company:
Date of recruitment: In progress
Number of months working for the
tenderer: 0 months
Comments:
Current function: IS Security Expert - Freelancer
Profile for which
employee is entered:
Check the appropriate(s):
Project manager (PM)
Application Architect (AA)
Analyst (AN)
Senior Analyst-Programmer (SAP)
Analyst-Programmer (AP)
Programmer (PR)
Interface Designer (ID)
Technical Writer (TW)
IS Senior Consultant (SCO)
IS Consultant (CO)
Senior Architect (SAR)
Architect (AR)
IS Tester (TE)
IS Senior User Assistance (SUA)
IS User Assistance (UA)
Webmaster (WM)
IS coordinator (CD)
Periods worked at the
Commission as Intra
Muros:
From: until: .. DG :
From: until: .. DG :
Total : ----- months
Highest relevant
educational
qualification:
Check the appropriate :
Master degree or
equivalent (>=4
years)
Bachelor degree
Secondary school
Number of (successful)
years of study after
secondary school: 5
Certificate and/or diploma
obtained:
Master of Science in
Information Systems
Bachelor of Science in
Mathematics
Institute:
Athens University of
Economics and Business /
Department of Informatics
Start date: 09/1998
End date: 12/1999
Institute:
University of Patras,
Greece,
Start date: 09/1993
End date: 02/1998
Languages:
(indicate level of skill:
from 1=basic to
5=excellent)
English:
Greek:
Spoken
5
5
Written
5
5
Professional
experience:
Date IT career started: 01/2003 Number of years/months of experience
(apart from the studies): 11years & 1
month (133 months)
Specific expertises
(with number of months
experience for each)
ISO/IEC 27001 Information Security Standard (51 months), ISO/IEC 27002
Information Security Standard (51 months), ISO/IEC 27005 Information
Security Standard (35 months)
Date available: 3 weeks after acceptance
CV Summary
The candidate possesses over 11 years of experience driving Information Security & Risk Management
initiatives for leading telecom, banking, consumer/trade, and public sector organizations. He is passionate
about integrating risk into IT & business culture and appropriately aligning information security needs with
business goals. He is experienced in Information Security and Cyber Defence, Business & Information Risk
Management, Business Continuity & Disaster Recovery, Penetration Testing, and IT Audit.
Mr. Kalantzis is currently serving as an Information Risk & Security, Business Continuity and GRC
professional, participating in various information security projects as an independent consultant.
Academically he holds a BSc in Mathematics from the University of Patras (GR) and an MSc in Information
Systems from the Athens University of Economics and Business (GR).
He has demonstrated success record in:
Developing, implementing and leading comprehensiveInformation Security programs;
Designing, establishing and maintaining Information Security Management Systems, ensuring
compliance to industry standards, regulatory and legal requirements;
Establishing and maintaining Business Continuity, Disaster Recovery and Emergency Response
frameworks;
Implementing Business Risk Management frameworks, to identify business risks and guide
management to define risk appetite;
Establishing and maintaining Fraud Management frameworks, implementing fraud prevention and
investigation mechanisms mitigating the fraud risk to acceptable risk level;
Designing and implementinginformation security awareness programs for employees leading to
the development of a security awareness culture;
Delivering on time and budget complex Information Security & Risk Management projects.
Mr. Kalantziss expertise in the field of Information Security and Risk Management includes areas such as
Information Security Strategy development, Business & Information Risk Management, Information Security
Risk Assessment and Privacy Review, Penetration Testing and Vulnerability Assessment, Information
Security Management Systems (ISMS) development in accordance to International standards and best
practices, ISMS implementation and review, Compliance Assessment, Business Impact Assessment (BIA),
Business Continuity & Disaster Recovery planning, Information Classification, Information Security
Architecture design, Network Security, Defence in Depth strategies, Internal Control design and evaluation,
Internal Control assurance, IT audit, Bid and Tender management, Business Processes modelling and
improvement, IT governance and Senior Staff Training.
Highlighted career achievements in the respective fields:
Information Security Strategy Established the first Information Security function in MTN
Cyprus and executed a strategic 3-year plan aimed to implement key tenants of the department;
Information Security Management System Designed and maintained in MTN Cyprus the first
at group level ISMS framework, in compliance with ISO/IEC 27000 standard;
Business Continuity Management Designed and implemented in MTN Cyprus the first Business
Continuity, Disaster Recovery and Emergency Response framework;
Enterprise Risk Management Designed and implemented in MTN Cyprus the first Internal
Financial Controls (IFC) framework and the respective assessment methodology as well as the first
holistic Customer Experience (CX) Assessment methodology;
IT Audit Successfully remediated ~88% of past outstanding IT Audit findings in first two years at
MTN Cyprus;
ISO Standardization Participating as Cyprus national representative at the international ISO/IEC
J TC 1/SC 27 - IT Security techniques working group;
Research Activities Participating as a Senior Subject Matter Expert in various national and
European funded research projects;
Team Leading/Mentoring Awarded as YelloStars Winner for the category of Knowledge Share.
CV training page
CV training page number for this CV: 1
TRAINING
Training name: Company/institute
organising the
training:
Dates training
followed:
Exams or certificates:
1. Research
Methodologies Seminar
Athens University of
Economics and
Business
1998 N/A
2. Cisco Certified
Networking Associate
(CCNA)
Cisco 2004 Cisco CCNA Certificate
3. Cisco INTRO
(Introduction to
Networking
Technologies) Training
Cisco Training
Academy
2004 N/A
4. Cisco ICND
(Interconnecting Cisco
Network Devices)
Training
Cisco Training
Academy
2004 N/A
5. Intensive Programme on
Information and
Communication
Security (IPICS)
University of Aegean 2005 N/A
6. CHFI (Computer
Hacking Forensic
Investigator)
Preparation Course
ECCouncil 2006 N/A
7. CEH (Cetified Ethical
Hacker) Preparation
Course
ECCouncil 2006 N/A
8. Computer Hacking
Forensic Investigator
(C|HFI)
ECCouncil 2006 C|HFI Certificate
9. Certified Ethical Hacker
(C|EH)
ECCouncil 2006 C|EH Certificate
10. Certified Information
Systems Security
Professional (CISSP)
International Standard
for Information
Security (ISC)
2
Consortium
2007 CISSP Certificate
CV training page
CV training page number for this CV: 2
TRAINING
Training name: Company/institute
organising the
training:
Dates training
followed:
Exams or certificates:
11. Certified Information
Systems Auditor
(CISA)
Information Systems
Audit and Control
Association (ISACA)
2008 CISA Certificate
12. Microsoft Products
Technology & Security
Features
ICTC Training Center 2008 N/A
13. Certified Information
Security Manager
(CISM)
Information Systems
Audit and Control
Association (ISACA)
2008 CISM Certificate
14. Introduction to
Telecoms
MTN Academy 2009 N/A
15. Leading Bold Change MTN Academy 2010 N/A
16. Business Continuity
Management (BCM)
Preparation Course
Business Continuity
Institute
2010 CBCI Certificate
17. Certified Risk Manager
(CRISK)
Information Systems
Audit and Control
Association (ISACA)
2011 CRISK Certificate
18. Introduction to
Enterprise Risk
Management
MTN Academy 2011 N/A
19. Introduction to Fraud
Risk Management
MTN Academy 2011 N/A
20. Introduction to
Insurance Risk
Management
MTN Academy 2012 N/A
21. ISO 31000/27005 Risk
Manager
Professional
Evaluation and
Certification Board
(PECB)
2013 Certified ISO 31000/27005
RM
22. Train the Trainer Professional
Evaluation and
Certification Board
(PECB)
2013 Certified Trainer
CV training page
CV training page number for this CV: 3
TRAINING
Training name: Company/institute
organising the
training:
Dates training
followed:
Exams or certificates:
23. Lead Forensic Examiner
(CLFE)
Professional
Evaluation and
Certification Board
(PECB)
2014 Certified CLFE
24. ISO/IEC 27001 Lead
Auditor
Professional
Evaluation and
Certification Board
(PECB)
2014 Certified ISO 27001 LA
25. ISO/IEC 27001 Lead
Implementer
Professional
Evaluation and
Certification Board
(PECB)
2014 Certified ISO 27001 LI
26. ISO/IEC 22301 Lead
Implementer
Professional
Evaluation and
Certification Board
(PECB)
2014 Certified ISO 22301 LI
27. ISO/IEC 22301 Lead
Auditor
Professional
Evaluation and
Certification Board
(PECB)
2014 Certified ISO 22301 LA
CV software expertise page
CV software expertise page number for this
CV:
1
Software expertise
Tool (when possible
precise manufacturer,
product name and
version(s)):
Competence
(rating : 1 -
5):
Duration (in
months):
Description (reference to relevant
entries under professional
experience is mandatory):
1
ISO/IEC 22301 Business
Continuity Standard and
respective toolboxes
5
12 1,8,15
2
Data Security and Privacy
EU & Member state
regulation
4
2 2
3
ISO/IEC 27001
Information Security
Standard
5
51 1,3,9,10,11,14,18
4
ISO/IEC 27002
Information Security
Standard
5
51 1,3,9,10,11,14,18
5
Information Security
Awareness Principles
5
7 1,3
6 Learning Models 2
6 3
7
ISO/IEC 27005
Information Security
Standard
5
35 9,10,11,14
8
OCTAVE Risk
Assessment Methodology
4
35 9,10,11,14
9
Fair Risk Assessment
Methodology
4
35 9,10,11,14
10 CISCO 2
10 5,17,23
11 RSA 2
1 5
12 Syslog 3
2 6
CV software expertise page
CV software expertise page number for this
CV:
2
Software expertise
Tool (when possible
precise manufacturer,
product name and
version(s)):
Competence
(rating : 1 -
5):
Duration (in
months):
Description (reference to relevant
entries under professional
experience is mandatory):
13 Splunk 2
2 6
14
European & Cypriot Data
Protection and
Telecommunications
Regulatory Framework
4
2 7
15 Oracle Enterprise Manager 2
2 7
16
Segregation of Duties best
practices
4
10 4,14
17 COBIT framework 4
5 11,14
18
MTN Cyprus internal RA
Methodology
5
5 11
19 NMAP 4
6 11,12
20 Nessus 4
6 11,12
21 OpenVAS 3
5 11
22 Backtrack 5 3
5 11
23 PCI DSS Standard 4
1 12
24
KPMG Internal PCI DSS
Compliance Assessment
Methodology
4
1 12
25 Retina 2
1 12
26 SOX 404 Chapter 4
6 13
27
KPMG SOX Compliance
internal methodology
4
6 13
CV software expertise page
CV software expertise page number for this
CV:
3
Software expertise
Tool (when possible
precise manufacturer,
product name and
version(s)):
Competence
(rating : 1 -
5):
Duration (in
months):
Description (reference to relevant
entries under professional
experience is mandatory):
28
Internal IT Audit KMPG
Methodology (KAM)
4
8 14
29 PKI 4
13 16,19,24
30 Smartcard standards 3
16 16,17,18
31 Technical infrastructure 4
16 16,17,18
32 Cryptography 4
7 16,17
33 Sensor Networks 3
2 2
34
Secure Network
Architecture
4
2 2
35 SDLC methodology 3
4 15,20
36 Juniper 1
4 17
37
ID cards and access
control systems
2
9 18
39 Data storage security 4
9 18
40 OpenCA 2
1 19
41 J2EE 2
2 20
42
STIBO Native
Environment
3
17 21
43 XMLSPY 3
17 21
44 XML Stylus Studio 3
17 21
CV software expertise page
CV software expertise page number for this
CV:
4
Software expertise
Tool (when possible
precise manufacturer,
product name and
version(s)):
Competence
(rating : 1 -
5):
Duration (in
months):
Description (reference to relevant
entries under professional
experience is mandatory):
45 Dreamweaver Studio 3
6 22
46
Internet Information
Server (IIS)
3
6 22
47 Access 3
6 22
48
Microsoft SQL Server
2000
3
6 22
49 SQL/Plus 3
6 22
50 CiscoWorks 2000 3
5 23
51 UniCERT PKI 2
9 24
52 iPlanet Directory Server 2
9 24
53 Tomcat Web Server 2
9 24
54 Apache Web Server 3
9 24
55 Oracle9.x 3
9 24
56 FreeBSD 3
9 24
57 Debian Linux 3
9 24
58 IBM DB2 2
8 25
59 Sybase PowerBuilder 2
8 25
60 ASOS ERP 2
8 25
CV professional experi ence page
CV experience page number for this CV: 1
PROJECT EXPERIENCE
Project name: Business Impact Assessment,
Information Security Awareness Training based on ISO/IEC 27000 and best
practices
Company (employer): BESECURE (Freelancer)
Dates (start-end):
Effective number of
months achieved:
05/2014 05/2014
1
Client (customer): Greek Insurance Broker & Major Telecom Provider
Project size: 20 people, 140 people
Project description:
1. Review of the Business Impact Assessment of the organization in the context of the regular BCM review;
2. Design and delivery of the training session covering Information Security best practices as well as the
Greek Legal& Regulatory framework requirements.
Employees Roles & Responsibilities in the project
Role: Subject Matter Expert / Senior Associate
Responsibilities:
Project management;
Interview client key stakeholders;
Validating findings;
Reporting and presenting to management.
Role: Information Security Trainer
Responsibilities:
Design of awareness training material;
Delivery of training.
Technologies and methodologies used by the employee in the project:
ISO/IEC 22301 Business Continuity Standard and respective toolboxes;
ISO/IEC 27001 Information Security Standard;
ISO/IEC 27002 Information Security Standard;
Information Security Awareness Principles.
CV professional experi ence page
CV experience page number for this CV: 2
PROJECT EXPERIENCE
Project name: ADvanced monitoring serVices of Elder via sensor NeTworks- ADVENT
Company (employer): BESECURE (Freelancer)
Dates (start-end):
Effective number of
months achieved:
10/2013 Present
2
Client (customer): Funded Greek research project
Project size: 30
Project description:
The main objectives of the project are the development and implementation of the platform ADVENT and
of a set of medical and general purpose assistive services. The ultimate goal is to create the right conditions to
assist the elderly in the execution of their daily activities with increased security, safety and efficiency. The
ADVENT platform will implement architecture for receiving real-time data from heterogeneous sources:
bio-sensors, context sensors (e.g. location) and user profiles, which will provide personal data enriched with
context data. These data will be processed to produce medical knowledge to support decision-making and to
provide customized services.
Employees Roles & Responsibilities in the project
Role: Senior Researcher / Subject Matter Expert
Responsibilities:
Research on Information Security and Privacy;
Coordination BESECUREs team;
Security and Privacy controls recommendation;
Platform Security Architecture design and review.
Technologies and methodologies used by the employee in the project:
Data Security and Privacy EU & Member state regulation;
Sensor Networks;
Secure Network Architecture.
CV professional experi ence page
CV experience page number for this CV: 3
PROJECT EXPERIENCE
Project name: v-Alert
Company (employer): BESECURE (Freelancer)
Dates (start-end):
Effective number of
months achieved:
10/2013 Present
6
Client (customer): Funded EU research project
Project size: 25
Project description:
The vision of V-ALERT is to use a uniform environment that will simulate real-life security threat scenarios,
examples and counter examples in a way that different groups of users will experience the risks and combine
critical skills, knowledge and collaboration to overcome them, without exposing their organization to real
risk. The rationale of V-ALERT project is to first aid towards the development of information security
awareness culture (focusing mainly to children in schools and teachers) and then bridge the gap between
awareness and coping (focusing on students in the field of ICT, ICT practitioners). Moreover, V-ALERT
aims in providing enterprises employees and ICT users with an immersive, cost-effective and innovative
virtual learning environment that will fully support life-long learning in Information Security principles.
Employees Roles & Responsibilities in the project
Role: Senior Researcher / Subject Matter Expert
Responsibilities:
Research on Information Security Awareness and Learning models;
Coordination of BESECUREs team;
Information Security Awareness scenarios design.
Technologies and methodologies used by the employee in the project:
ISO/IEC 27001 Information Security Standard;
ISO/IEC 27002 Information Security Standard;
Information Security Awareness Principles;
Learning Models.
CV professional experi ence page
CV experience page number for this CV: 4
PROJECT EXPERIENCE
Project name:
Segregation of Duties Review Methodology
Company (employer): MTN Cyprus
Dates (start-end):
Effective number of
months achieved:
08/2012 01/2013
2
Client (customer): MTN Cyprus
Project size: 10
Project description:
Review of Segregation of Duties roles (business and technical) in MTN Cyprus ERP against established best
practices.
Employees Roles & Responsibilities in the project:
Role: Information Security Risk Manager
Responsibilities:
Designed the Segregation of Duties Review project methodology/process;
Conducted information collection interviews with respective Business Owners;
Mapped the Roles information on system requirements;
Conducted gap analysis on Business Roles and systemroles set up;
Presented the results to management along with proposed remediation actions.
Technologies and methodologies used by the employee in the project:
Segregation of Duties best practices.
CV professional experi ence page
CV experience page number for this CV: 5
PROJECT EXPERIENCE
Project name: RAS Information Security Strengthening
Company (employer): MTN Cyprus
Dates (start-end):
Effective number of
months achieved:
06/2012 10/2012
1
Client (customer): MTN Cyprus
Project size: 15
Project description:
Analysis/Assessment of MTN Cyprus Remote Access business needs and the implementation of a secure
RAS architecture.
Employees Roles & Responsibilities in the project
Role: Information Security Risk Manager
Responsibilities:
Designed the Remote Access hardening project methodology/project plan;
Collected the required information with respective Business Owners;
Designed a secure remote access architecture;
Managed the project execution.
Technologies and methodologies used by the employee in the project:
CISCO, RSA
CV professional experi ence page
CV experience page number for this CV: 6
PROJECT EXPERIENCE
Project name: Log Management Solution Design
Company (employer): MTN Cyprus
Dates (start-end):
Effective number of
months achieved:
03/2012 12/2012
2
Client (customer): MTN Cyprus
Project size: 15
Project description:
Analysis/assessment of MTN Cyprus Log Management needs and coordination of implementation of a
centralized Log Management platform.
Employees Roles & Responsibilities in the project
Role: Information Security Risk Manager
Responsibilities:
Designed the Log Management project methodology/project plan;
Coordinated the required information collection on log requirements;
Managed the project execution.
Technologies and methodologies used by the employee in the project:
Syslog, Splunk.
CV professional experi ence page
CV experience page number for this CV: 7
PROJECT EXPERIENCE
Project name: Information Anonymization
Company (employer): MTN Cyprus
Dates (start-end):
Effective number of
months achieved:
01/2012 09/2012
2
Client (customer): MTN Cyprus
Project size: 15
Project description:
Analysis/assessment of MTN Cyprus information anonymization needs for Data Protection Regulation
compliance and the implementation of an anonymization solution.
Employees Roles & Responsibilities in the project
Role: Information Security Risk Manager
Responsibilities:
Designed the Anonymization project methodology/project plan;
Coordinated the required information collection on European & Cypriot Data Protection and
Telecommunications Regulatory Framework requirements;
Selected Anonymization options and encryption algorithms used;
Managed the project execution.
Technologies and methodologies used by the employee in the project:
European & Cypriot Data Protection and Telecommunications Regulatory Framework;
Oracle Enterprise Manager.
CV professional experi ence page
CV experience page number for this CV: 8
PROJECT EXPERIENCE
Project name: Business Continuity Framework
Company (employer): MTN Cyprus
Dates (start-end):
Effective number of
months achieved:
01/2011 07/2013
9
Client (customer): MTN Cyprus
Project size: 550
Project description:
Design and establishment of the corporate Business Continuity Management System (BCMS) based on
ISO/IEC 22301Business Continuity Standard.
Employees Roles & Responsibilities in the project:
Role: Information Security Risk Manager
Responsibilities:
Performed initial Risk Analysis and Business Impact Assessment;
Proposed and formed the corporate Business Continuity Strategy of MTN Cyprus;
Designed of the Operational Business Continuity Plans, Disaster Recovery Plans and Emergency
Response Plans that formthe MTN Cyprus BCMS;
Supervised and coordinated BCMS implementation;
Conducted Business Continuity trainings;
Supervised Business Continuity testing.
Technologies and methodologies used by the employee in the project:
ISO/IEC 22301 Business Continuity Standard and respective toolboxes.
CV professional experi ence page
CV experience page number for this CV: 9
PROJECT EXPERIENCE
Project name: Information Classification
Company (employer): MTN Cyprus
Dates (start-end):
Effective number of
months achieved:
01/2011 10/2012
3
Client (customer): MTN Cyprus
Project size: 60
Project description:
Design and coordination of the Information Classification activities of MTN Cyprus.
Employees Roles & Responsibilities in the project
Role: Information Security Risk Manager
Responsibilities:
Designed the Information Classification project methodology/process;
Conducted planned interviews with respective Business Owners;
Classified Information according to the corporate Information Classification Scheme;
Maintained the Information Classification Environment register.
Technologies and methodologies used by the employee in the project:
ISO/IEC 27001 Information Security Standard;
ISO/IEC 27002 Information Security Standard;
ISO/IEC 27005 Information Security Standard;
OCTAVE Risk Assessment Methodology;
Fair Risk Assessment Methodology ;
CV professional experi ence page
CV experience page number for this CV: 10
PROJECT EXPERIENCE
Project name: ISMS Framework
Company (employer): MTN Cyprus
Dates (start-end):
Effective number of
months achieved:
03/2010 07/2013
19
Client (customer): MTN Cyprus
Project size: 550
Project description:
Design and propose the corporate Information Security Management System (ISMS) based on ISO 27000
standards.
Employees Roles & Responsibilities in the project
Role: Information Security Risk Manager
Responsibilities:
Performed initial Risk Analysis and Business Impact Assessment;
Proposed and formed the Information Security Strategy and Organization of MTN Cyprus;
Designed the corporate Policies, Procedures, Guidelines, Baselines and Standards that form the MTN
Cyprus ISMS;
Supervised and coordinated ISMS implementation;
Designed the Information Security Awareness Program, conducted Information Security Awareness
trainings.
Technologies and methodologies used by the employee in the project:
ISO/IEC 27001 Information Security Standard;
ISO/IEC 27002 Information Security Standard;
ISO/IEC 27005 Information Security Standard;
OCTAVE Risk Assessment Methodology;
Fair Risk Assessment Methodology.
CV professional experi ence page
CV experience page number for this CV: 11
PROJECT EXPERIENCE
Project name: Regular (and ad hoc) Risk Assessments, Vulnerability Assessments &
Penetration Tests
Company (employer): MTN Cyprus
Dates (start-end):
Effective number of
months achieved:
01/2010 07/2013
5
Client (customer): MTN Cyprus
Project size: 30 - 550
Project description:
Design and execution of planned and ad-hoc Risk Assessments, Risk Vulnerability Assessments and
Penetration Tests in MTN Cyprus business environment.
Employees Roles & Responsibilities in the project
Role: Information Security Risk Manager
Responsibilities:
Designed the Risk Assessment yearly plan;
Conducted the Risk Assessments;
Evaluated the assessment findings;
Proposed remediation actions;
Follow up on remediation actions progress.
Designed the Risk Assessment, Penetration Test and Vulnerability Assessment yearly plan;
Conducted the Risk Assessments, Penetration Tests and Vulnerability Assessments;
Presented the Risk Assessment, Penetration Test and Vulnerability Assessment results to management and
asset owners.
Technologies and methodologies used by the employee in the project:
ISO/IEC 27001 Information Security Standard;
ISO/IEC 27002 Information Security Standard;
ISO/IEC 27005 Information Security Standard;
OCTAVE Risk Assessment Methodology;
Fair Risk Assessment Methodology ;
COBIT framework;
NMAP, Nessus, OpenVAS, Backtrack 5;
MTN Cyprus internal RA Methodology.
CV professional experi ence page
CV experience page number for this CV: 12
PROJECT EXPERIENCE
Project name: PCI-DSS Compliance
Company (employer): KPMG Advisors S.A.
Dates (start-end):
Effective number of
months achieved:
10/2008 03/2009
1
Client (customer): Greek Major Private Sector Bank
Project size: 20
Project description:
Collaborate with the client (having the role of an external consultant) in order to prepare for the PCI DSS
Compliance Audit.
Employees Roles & Responsibilities in the project
Role: Assistant Manager / Team Leader / Subject Matter Expert
Responsibilities:
Participated as the Team Leader and Subject Matter Expert in the necessary preparatory actions;
Conducted the initial assessment of the Bank's systems with regards to PCI DSS requirements;
Evaluated the assessment findings;
Presented the assessment results to Banks management;
Proposed remediation actions;
Follow up on remediation actions progress.
Technologies and methodologies used by the employee in the project:
PCI DSS Standard;
KPMG Internal PCI DSS Compliance Assessment Methodology;
NMAP;
NESSUS;
Retina.
CV professional experi ence page
CV experience page number for this CV: 13
PROJECT EXPERIENCE
Project name: Sarbanes Oxley Compliance
Company (employer): KPMG Advisors S.A.
Dates (start-end):
Effective number of
months achieved:
10/2008 11/2009
6
Client (customer): Greek Telecoms Organization (OTE SA)
Project size: 150
Project description:
Collaborate with the client (having the role of the Internal Auditor) in order to prepare for the 2008 and 2009
external SOX Compliance Audit.
Employees Roles & Responsibilities in the project
Role: Assistant Manager / Team Leader / Subject Matter Expert
Responsibilities:
Supervise the IT Audit team(7 people) with regards to preparing the client to comply with SOX 404
requirements;
Coordinated evidence collection interviews with respective Business Owners;
Evaluated the assessment findings;
Presented the assessment results to management and asset owners;
Proposed remediation actions;
Follow up on remediation actions progress.
Technologies and methodologies used by the employee in the project:
SOX 404 Chapter;
KPMG SOX Compliance internal methodology.
CV professional experi ence page
CV experience page number for this CV: 14
PROJECT EXPERIENCE
Project name: IT Audit / Information Risk Assessments
Company (employer): KPMG Advisors S.A.
Dates (start-end):
Effective number of
months achieved:
09/2008 11/2009
8
Client (customer): Various KPMG clients in the Banking, Telecommunication and Commercial
sectors
Project size: 20
Project description:
IT Audit engagements in various client's IT Audits as part of the KPMG Financial Audit Team, in the
context of the overall financial audit with regards to clients' annual financial statements accuracy and
integrity.
Employees Roles & Responsibilities in the project
Role: Assistant Manager / Team Leader / Subject Matter Expert
Responsibilities:
Supervised and managed the IT Audit team (7 people) in various client's IT Audits as part of the KPMG
Financial Audit Team;
Coordinated evidence collection interviews with respective Business Owners as senior IT Auditor;
Evaluated the IT Audit findings;
Presented the IT Audit findings results to management and asset owners;
Proposed remediation actions;
Follow up on remediation actions progress.
Technologies and methodologies used by the employee in the project:
ISO/IEC 27001 Information Security Standard;
ISO/IEC 27002 Information Security Standard;
ISO/IEC 27005 Information Security Standard;
OCTAVE Risk Assessment Methodology;
Fair Risk Assessment Methodology;
COBIT framework;
Internal IT Audit KMPG Methodology (KAM)
Segregation of Duties best practices.
CV professional experi ence page
CV experience page number for this CV: 15
PROJECT EXPERIENCE
Project name: EIB Business Continuity publication platform
Company (employer): Trasys S.A
Dates (start-end):
Effective number of
months achieved:
04/2008 08/2008
2
Client (customer): European Investment Bank (EIB)
Project size: 6
Project description:
Design of a mechanism to disseminate critical information on the Banks Business Continuity Plans in case of
emergency.
Employees Roles & Responsibilities in the project
Role: Information Security Senior Consultant / Subject Matter Expert
Responsibilities:
Analysed the business requirements of the information dissemination mechanism;
Evaluated the available options with regards to the set requirements;
Assured the efficiency of the proposed mechanism against defined crisis/emergency scenarios;
Design a technical solution.
Technologies and methodologies used by the employee in the project:
ISO/IEC 22301 Business Continuity Standard (formerly BS25999) and respective toolboxes;
SDLC methodology.
CV professional experi ence page
CV experience page number for this CV: 16
PROJECT EXPERIENCE
Project name: OHIM PKI
Company (employer): Trasys S.A
Dates (start-end):
Effective number of
months achieved:
01/2008 06/2008
3
Client (customer):
Office of Harmonization for the Internal Market (OHIM)
Project size: 10
Project description:
Requirements analysis and design of a PKI platform to provide authentication services to OHIM customers.
Employees Roles & Responsibilities in the project
Role: Information Security Senior Consultant / Subject Matter Expert
Responsibilities:
Analysed the business requirements of the Public Key Infrastructure mechanism;
Evaluated the available options with regards to the set requirements;
Design a technical solution.
Technologies and methodologies used by the employee in the project:
PKI;
Smartcard standards;
Technical infrastructure;
Cryptography.
CV professional experi ence page
CV experience page number for this CV: 17
PROJECT EXPERIENCE
Project name: sTESTA (Secure Trans European Services for Telematics between
Administrations)
Company (employer): Trasys S.A
Dates (start-end):
Effective number of
months achieved:
01/2008 08/2008
4
Client (customer): DG Information Technology
Project size: 25
Project description:
sTESTA offers a telecommunications interconnection platformthat responds to the growing need for secure
information exchange between European public administrations. It is a European IP network, dedicated to
inter-administrative requirements and providing guaranteed performance levels.
Employees Roles & Responsibilities in the project
Role: Information Security Senior Consultant / Subject Matter Expert
Responsibilities:
Analysed the technical requirements of the network infrastructure;
Managed the inter-relations of the various stakeholders during the project;
Assured the quality levels of the deliverables so that they met certain quality requirements solutions.
Technologies and methodologies used by the employee in the project:
CISCO;
Juniper;
Smartcard standards;
Technical infrastructure;
Cryptography.
CV professional experi ence page
CV experience page number for this CV: 18
PROJECT EXPERIENCE
Project name: PORTIDS
Company (employer):
Trasys S.A
Dates (start-end):
Effective number of
months achieved:
03/2007 12/2007
9
Client (customer): EC - DG TREN (Energy & Transport)
Project size: 40
Project description:
This project covered the analysis of the current situation in EU ports for existing procedures and formalities
to obtain access credential / badges for port workers and those required to have access to port.
The European Port Access Identification Card (EPAIC) project included the analysis of the existing policies
to issue an ID card and the review of existing ID card systems.
Harmonisation issues: (Security and regulatory policy issues, ID cards and access control infrastructure).
Employees Roles & Responsibilities in the project
Role: Information Security Senior Consultant / Subject Matter Expert
Responsibilities:
Analysed the various state regulations with regards to port & marine transport security;
Evaluated current and state of the art available technical solutions;
Conducted the initial assessment of the ports access control systems with regards to physical access and
operational requirements;
Evaluated the assessment findings;
Presented the assessment results to the agency stakeholders;
Proposed future project plan for consequent phases of the project;
Follow up on remediation actions progress.
Technologies and methodologies used by the employee in the project:
ISO/IEC 27001 Information Security Standard;
ISO/IEC 27002 Information Security Standard;
Smartcard standards;
ID cards and access control systems;
Technical infrastructure;
Data storage security.
CV professional experi ence page
CV experience page number for this CV: 19
PROJECT EXPERIENCE
Project name: InfoCERT
Company (employer): InfOTE S.A.
Dates (start-end):
Effective number of
months achieved:
01/2007 03/2007
1
Client (customer): InfOTE S.A.
Project size: 15
Project description:
Development and management of internal Public Key Infrastructure based on Open source technologies.
Employees Roles & Responsibilities in the project
Role: Senior Developer / Subject Matter Expert
Responsibilities:
Analysed company business requirements with regards to Public Key Infrastructure as well as technical
requirements;
Evaluated the available options with regards to the set requirements;
Designed a technical solution;
Coordinated the installation, configuration and customisation of OpenCA;
Managed all PKI key daily operation aspects.
Technologies and methodologies used by the employee in the project:
PKI, OpenCA.
CV professional experi ence page
CV experience page number for this CV: 20
PROJECT EXPERIENCE
Project name: New Infote & Greek Yellow Pages Web Site
Company (employer): InfOTE S.A.
Dates (start-end):
Effective number of
months achieved:
01/2007 03/2007
2
Client (customer): InfOTE S.A.
Project size: 15
Project description:
Information Security Architecture and Secure Programming guidelines for the development of the new
version of Greek Yellow Pages web site, as well as for the new company's web site.
Employees Roles & Responsibilities in the project
Role: Senior Developer / Subject Matter Expert
Responsibilities:
Introduced the principles of Secure Development Life Cycle (SDLC) methodologies and embodiment into
everyday activities;
Delivered a secure architecture design for the hosting and the development of the company's web sites;
Advised the company developers regarding secure programming patterns and guidelines.
Technologies and methodologies used by the employee in the project:
SDLC methodology, J 2EE.
CV professional experi ence page
CV experience page number for this CV: 21
PROJECT EXPERIENCE
Project name: STIBO Migration & Operation
Company (employer): InfOTE S.A
Dates (start-end):
Effective number of
months achieved:
01/2005 03/2007
17
Client (customer): InfOTE S.A
Project size: 50
Project description:
Participation in Information SystemMigration TeamfromVolt v2 to StiboGraphic and subsequent
administration of data transformation functionalities.
Employees Roles & Responsibilities in the project
Role: Senior Developer / Subject Matter Expert
Responsibilities:
Worked in this project as Web Application Developer;
Advised on information migration and transformation strategies;
Built necessary XML Schemas, XML Masks and XML Transformations;
Involved in daily troubleshooting and administration of information transformation functionalities.
Technologies and methodologies used by the employee in the project:
STIBO Native Environment;
XMLSPY;
XML Stylus Studio.
CV professional experi ence page
CV experience page number for this CV: 22
PROJECT EXPERIENCE
Project name: Billing Support
Company (employer): InfOTE S.A
Dates (start-end):
Effective number of
months achieved:
01/2005 07/2005
6
Client (customer): InfOTE S.A
Project size: 25
Project description:
Design, development and maintenance of various applications that support the internal functions (economic
and billing) of InfOTE.
Employees Roles & Responsibilities in the project
Role: Senior Developer
Responsibilities:
Designed, developed and maintained Intranet Applications;
Developed and maintained production RDBMS;
Created charges report.
Technologies and methodologies used by the employee in the project:
Dreamweaver Studio;
Internet Information Server (IIS);
Access;
Microsoft SQL Server 2000;
SQL/Plus.
CV professional experi ence page
CV experience page number for this CV: 23
PROJECT EXPERIENCE
Project name: Athens 2004 Olympic Games
Company (employer): Atos Origin
Dates (start-end):
Effective number of
months achieved:
06/2004 10/2004
5
Client (customer): Athens 2004
Project size: 7000
Project description:
Installation, operation, monitoring and support of the Data Network Equipment.
Employees Roles & Responsibilities in the project
Role: Senior Data Network Engineer
Responsibilities:
As an experienced member (Data Network Specialist) of the Data Network Team the candidate was
responsible for the Set-up and everyday operation of the networking infrastructure of specific event venues.
More specifically, during this engagement the candidate played a key role in the:
Management of network equipment and verification that they are in alignment with the predefined
security and performance specifications;
Security and performance auditing of established network connections;
Support of network equipment installation;
Usage and network health report generation and archiving.
Technologies and methodologies used by the employee in the project:
CiscoWorks 2000, Cisco IOS.
CV professional experience page
CV experience page number for this CV: 24
PROJECT EXPERIENCE
Project name: PASO - PKI Applications and Security from OTE
Company (employer): Greek Telecoms Organization (OTE SA)
Dates (start-end):
Effective number of
months achieved:
09/2003 06/2004
9
Client (customer): Greek Telecoms Organization (OTE SA)
Project size: 30
Project description:
Design and development of applications and services on Public Key Infrastructure platform.
Employees Roles & Responsibilities in the project
Role: Information Systems Security Researcher
Responsibilities:
Participated as a senior researcher in the "PASO - PKI Applications and Security for OTE" project. During
this engagement the candidate played a key role in the:
Business requirement analysis and design of the PKI technical specifications;
Installation and configuration of Baltimore UniCERT for Solaris PKI Platform;
Configuration and parameterization of Solaris and Windows infrastructure components;
Management of PKI platform components for the providence of VPN, WLAN and Smartcards services;
Drafting and monitoring the quality of deliverables concerning normative and technical issues of PKI;
Development / programming using Java tools for the customization of PKI platform.
Technologies and methodologies used by the employee in the project:
PKI;
UniCERT PKI;
iPlanet Directory Server;
Tomcat Web Server;
Apache Web Server;
Oracle9.x;
FreeBSD;
Debian Linux.
CV professional experi ence page
CV experience page number for this CV: 25
PROJECT EXPERIENCE
Project name: ASOSHealth
Company (employer): Symper S. A.
Dates (start-end):
Effective number of
months achieved:
01/2003 08/2003
8
Client (customer): Symper S. A.
Project size: 10
Project description:
Integrating the primary functions of ASOS ERP with a medical information systemworkflow.
Employees Roles & Responsibilities in the project
Role: Senior Researcher / Developer
Responsibilities:
Analysed the Health record requirements;
Analysed the functional requirements so as the developed modules to meet business requirements
and health records specifications;
Developed software components complementary to ASOS ERP software;
Parameterized ASOS ERP software.
Technologies and methodologies used by the employee in the project:
IBM DB2;
Sybase PowerBuilder;
ASOS ERP.
-End of the document-