Personal information

Occupational field

IT Manager & Information Security Knowledge Office Manager

Work experience

Dates

From August 2008 onwards

Occupation or position held

IT Manager & Information Security Knowledge Office Manager

Main activities and responsibilities

Founder, Developer and Manager of the Security Business Line

IT & Security Manager

Senior Security Consultant

Leads and has created all the security services offered by Grupo Intermark

Name and address of employer

Grupo Intermark

(www.grupointermark.com) Periodista Paco I. Taibo, 17 33204 Gijon (Spain)

Type of business or sector

ITC Solutions and Services

Dates

From August 1998 to August 2008

Occupation or position held

Information Security Manager

Main activities and responsibilities

Founder, Developer and Manager of the Security Business Line

IT Security Manager

Senior Security Consultant

Senior Internetworking & Internet Services Consultant

Project Manager for important security projects in clients like Telefonica Moviles, Alcampo (Auchan), Deutsche Bank, ENAGAS, Nortel, Metro of Madrid, Caprabo, ALD Automotive, ONO, Telecable, Telia Iberia, Unisource, University of Leon, Junta Castilla y Leon, UTi Iberia, Cajastur, among others.

Outsourced Customer Engineering Manager for Jazztel during 2000.

Leads and has created all the security services offered by Tecnocom, one of the top 5 IT companies in Spain, implementing a lot of security solutions in customers mentioned, including compliance audits, penetration tests, ethical hacking, firewalls and IPSs deployments or security network designs.

Name and address of employer

Tecnocom, Telecomunicaciones y Energia, S.A. (former Eurocomercial I&C, S.A.)

(www.tecnocom.es) Josefa Valcarcel, 26 – 28027 Madrid (Spain)

Type of business or sector

ITC Solutions and Services

Dates

From November 1995 to July 1998

Occupation or position held

Technical Director

Main activities and responsibilities

Technical Director, IT Manager and R&D Manager

European Projects Manager: Development of ArchiPELAGO Project with Sasemar (Spain), France Telecom Expertel (France), Enyca (Spain) and Marac Electronics (Greece) (speaker from Spain in Brussels KickOff Meeting)

InfoWeb Electronic Bulleting Editor and Coordinator (more than 9000 subscribers)

Led the company to the first places of national ranking of ISPs (sources: PCWorld, Revista Web)

Author of one of the first electronic commerce projects in Spain between AirAstur and Banesto

Checkpoint Firewall-1 Administrator since 1995

Name and address of employer

AirAstur Internet Services, S.L.

(www.airastur.es) Ezcurdia, 194, 1A – 33203 Gijon (Asturias) - Spain

Type of business or sector

Internet Service Provider

Education and training

Dates

2008

Title of qualification awarded

BS 25999 Lead Auditor

Principal subjects/Occupational skills covered

Lead an audit of a business continuity management system
Develop an internal audit programme
Carry out an audit of a business continuity management system
Clarify the different purposes of BS 25999 Part 1 and Part 2
Explain the requirements of BS 25999-2:2007
Understand the Business Continuity Management Code of Practice BS 25999-1:2006
Articulate and present audit findings
Manage successful audit communication and interviews
Write a succinct audit report
Conduct opening, closing, and follow-up audit meetings

Name and type of organisation providing organisation and training

British Standards Institution (BSI) (www.bsi-global.com) 

Standards Body Training Services

Dates

2007

Title of qualification awarded

Certified Information Systems Security Professional (CISSP)

Principal subjects/Occupational skills covered

Being the first Information Security Certification credited with the ANSI ISO recognition, the CISSP certification provides the professionals of the information security of an objective measurement of validity and recognized professionalism worldwide. The certification demonstrates a advanced knowledge inside 10 authorities of the (ISC) ² CISSP CBK.

Name and type of organisation providing organisation and training

(ISC)2 (www.isc2.org) 

Information Security Training and Certification

Dates

2006

Title of qualification awarded

Stay Sharp Program Google Hacking and Defence (SSP-GHD)

Principal subjects/Occupational skills covered

Google Hacking and Defense Techniques

Google Hacking and Defense graduates leverage a toolkit of techniques and skills required to evaluate their sites from malicious Google Hackers. In doing so, they gain a fundamental understanding of technical defense measures to uncover unintended information disclosures, close common holes in web servers and Internet connected devices as well as clean up the exposures discovered.

Name and type of organisation providing organisation and training

The SANS (SysAdmin, Audit, Network, Security) Institute (www.sans.org)

Information Security Training and Certification

Dates

2006

Title of qualification awarded

GIAC Assessing Wireless Networks (GAWN)

Principal subjects/Occupational skills covered

The GAWN certification is designed for technologists who need to assess the security of wireless networks. The certification focuses on the different security mechanisms for wireless networks, the tools and techniques used to evaluate and exploit weaknesses, and techniques used to analyze wireless networks. Students will not only gain experience using tools to assess wireless networks, they will understand how the tools operate and the weaknesses in protocols that they evaluate.

Name and type of organisation providing organisation and training

The SANS (SysAdmin, Audit, Network, Security) Institute (www.sans.org)

Information Security Training and Certification

Dates

2005

Title of qualification awarded

GIAC Systems and Network Auditor (GSNA)

Principal subjects/Occupational skills covered

GIAC Systems and Network Auditors (GSNAs) have the knowledge, skills and abilities to apply risk analysis techniques and to conduct a technical audit of essential information systems.

Name and type of organisation providing organisation and training

The SANS (SysAdmin, Audit, Network, Security) Institute (www.sans.org)

Information Security Training and Certification

Dates

2005

Title of qualification awarded

Juniper Networks Certified Internet Associate Firewalls (JNCIA-FW)

Principal subjects/Occupational skills covered

This course provides a broad overview of the firewall and VPN functions provided by ScreenOS-based products. Key topics include administrative configuration, Layer 2 and Layer 3 operations, basic and advanced policy features, network address translation, and VPN configuration and operations. Through demonstrations and hands-on labs, students gain experience in configuring, testing, and troubleshooting features of ScreenOS.

Name and type of organisation providing organisation and training

Juniper Educational Services (www.juniper.net)

Manufacturer Training Services

Dates

2003

Title of qualification awarded

ISO 17799 Information Security Management, System Implementation Course

Principal subjects/Occupational skills covered

Background to Information Security

Determination of scope and Information Security policy

Identification of information assets

Determination of the value of information assets

Determination of risk and impacts

Identification of control objective and controls

Definition and implementation of polices.

Production and implementation of policies, standards and procedures

Completion of ISMS documentation requirements

Awareness training.

Certification process.

Production of a ISMS Project Implementation Plan.

Name and type of organisation providing organisation and training

British Standards Institution (BSI) (www.bsi-global.com)  

Standards Body Training Services

Dates

2003

Title of qualification awarded

University Specialist in Data Protection

Principal subjects/Occupational skills covered

General Theory about Data Protection

Data Protection Principles

Data protection rights

Data Protection Laws

Security Measures, Security Document, Policies

The Data Protection Spanish Agency

International data transferences. International laws. European Union

Name and type of organisation providing organisation and training

El Escorial – Maria Cristina Royal University Centre (www.rcumariacristina.com)

University

Dates

2002

Title of qualification awarded

BS 7799 Lead Auditor

Principal subjects/Occupational skills covered

BS 7799:2002

Information security

The importance of information security

Assessing security threats and vulnerabilities

Management of security risks

Selecting security controls

How to build an Information Security Management System (ISMS)

Auditing to BS 7799

BS 7799 auditing techniques

Managing and leading a BS 7799 audit team

Interview techniques

Audit reporting

Comprehensive course manual including a copy of BS 7799:2002 Part 2

Formal Examination leading to BSI BS 7799 Lead Auditor Qualification.

Name and type of organisation providing organisation and training

British Standards Institution (BSI) (www.bsi-global.com)  

Standards Body Training Services

Dates

2001

Title of qualification awarded

Checkpoint Certified System Expert (CCSE) and Checkpoint Certified System Administrator (CCSA)

Principal subjects/Occupational skills covered

Installation, configuration and Support of Checkpoint Firewall-1/VPN-1

Name and type of organisation providing organisation and training

Allasso (www.allasso.es)   

Manufacturer Training Services

Dates

2000

Title of qualification awarded

Sun Certified Network Administrator (SCNA) and Sun Certified System Administrator (SCSA)

Principal subjects/Occupational skills covered

Installation, configuration, administration and Support of Sun Solaris

Name and type of organisation providing organisation and training

Sun Microsystems (www.sun.com)

Manufacturer Training Services

Dates

1994

Title of qualification awarded

B.S. in Computer Science

Principal subjects/Occupational skills covered

Bachelor of Science in Computer Science

Name and type of organisation providing organisation and training

University of Oviedo (www.uniovi.es)

University

Personal skills and competences

Mother tongue(s)

Spanish

Other language(s)

Self-assessment

Understanding

Speaking

Writing

 European level ^(*)

Listening

Reading

Spoken interaction

Spoken production

English

C1 Proficient User

C2 Proficient User

C1 Proficient User

C1 Proficient User

C2 Proficient User

^(*) Common European Framework of Reference (CEF) level

Social skills and competences

Communication skills: Excellent communications and social skills gained through my work experience and personal life. I usually am a valued member in every team or social group I join.  I am a frequent speaker in infosecurity and other IT events and part of my job responsibilities are  security presentations to top management in different organizations.

Team work: I have team worked all my life. Usually I work as team leader, coordinating and motivating the whole team, although I can work as and active team member aligned to the team objectives and following the instructions of the eventual team leader.

Organisational skills and competences

Good experience in project and team management through my work experience as Technical Director and Information Security Manager

Leadership skills, currently responsible for the security team of Tecnocom (one of the Top 5 IT Companies in Spain)

Lot of experience in professional and personal time management and planning.

Proactive, collaborative and solutions oriented personality

Technical skills and competences

Due to importance of security training, some additional courses and trainings received are included below:

-          Certified NetAsq Expert (NetAsq, Madrid, 2008)

-          Certified NetAsq Admin (NetAsq, Madrid, 2008)

-          Radware Certified Security Specialist (Magirus, Madrid, 2007)

-          Assessing and Securing Wireless Networks (The SANS Institute, London, 2006)

-          Auditing Networks, Perimeters and Systems (The SANS Institute, London, 2005)

-          Implementing Netscreen Security Networks (Juniper Educational Services, Madrid, 2005)

-          Implementing CiscoWorks LMS & VMS (Comstor, Madrid, 2005)

-          Implementing Cisco Wireless Networks (Comstor, Madrid, 2005)

-          Building Cisco Multilayer Networks (Comstor, Madrid, 2005)

-          Nokia Security Administration II (Afina Sistemas, Madrid, 2004)

-          Cisco Secure Intrusion Detection Systems, CSIDS (Cisco Systems, Madrid, 2002)

-          Sun Solaris Security Administration (Sun Microsystems, Madrid, 2002)

-          Sun Enterprise Products Course (Sun Microsystems, Madrid, 2001)

-          Checkpoint Firewall-1 Management I & II (Allasso, Madrid, 2001)

-          Managing Cisco Network Security, MCNS (Cisco Systems, Madrid, 2001)

-          Shasta 5000 BSN Operations & Maintenance (Nortel Networks, Maidenhead, 2001)

-          Introduction to Nortel Passport (Eurocomercial I&C, Madrid, 1999)

-          CS Spectrum Advanced Administration (Cabletron Systems, Newbury, 1999)

-          Cisco Switches and VLANs (Cisco Systems, Madrid, 1999)

-          Sun Enterprise Cluster HA Administration (Sun Microsystems, Madrid, 1999)

-          Accelerated Router Configuration (Nortel Networks, Madrid, 1999)

-          Communications Technologies (Foro Tecnologico Aslan, Marbella, 1998)

-          Enterprise Networks Integration (Foro Tecnologico Aslan, Marbella, 1998)

-          Electronic Commerce, Security and Remote Access in Internet (Foro Tecnoclogico Aslan, Marbella, 1998)

-          Electronic Money (Expo Internet 97, Barcelona, 1997)

-          Advanced Web Programming (Expo Internet 97, Barcelona, 1997)

-          Security in Information Systems (Expo Internet 97, Barcelona, 1997)