Desired employment / Occupational field

IT & Security Services Director

Work experience

Dates

From August 2008 onwards

Occupation or position held

IT & Security Services Director

Main activities and responsibilities

Founder, Developer and Manager of the Security & IT Governance Business Line

IT & Security Manager

Senior Security Consultant

Leads and has created all the IT & Security services offered by Intermark Tecnologias

Name and address of employer

Intermark Tecnologias

(www.intermarktecnologias.com) Periodista Paco I. Taibo, 17 33204 Gijon (Spain)

Type of business or sector

ITC Solutions and Services

Dates

From August 1998 to August 2008

Occupation or position held

Information Security Manager

Main activities and responsibilities

Founder, Developer and Manager of the Security Business Line

IT Security Manager

Senior Security Consultant

Senior Internetworking & Internet Services Consultant

Project Manager for important security projects in clients like Telefonica Moviles, Alcampo (Auchan), Deutsche Bank, ENAGAS, Nortel, Metro of Madrid, Caprabo, ALD Automotive, ONO, Telecable, Telia Iberia, Unisource, University of Leon, Junta Castilla y Leon, UTi Iberia, Cajastur, among others.

Outsourced Customer Engineering Manager for Jazztel during 2000.

Leads and has created all the security services offered by Tecnocom, one of the top 5 IT companies in Spain, implementing a lot of security solutions in customers mentioned, including compliance audits, penetration tests, ethical hacking, firewalls and IPSs deployments or security network designs.

Name and address of employer

Tecnocom, Telecomunicaciones y Energia, S.A. (former Eurocomercial I&C, S.A.)

(www.tecnocom.es) Josefa Valcarcel, 26 – 28027 Madrid (Spain)

Type of business or sector

ITC Solutions and Services

Dates

From November 1995 to July 1998

Occupation or position held

Technical Director

Main activities and responsibilities

Technical Director, IT Manager and R&D Manager

European Projects Manager: Development of ArchiPELAGO Project with Sasemar (Spain), France Telecom Expertel (France), Enyca (Spain) and Marac Electronics (Greece) (speaker from Spain in Brussels KickOff Meeting)

InfoWeb Electronic Bulleting Editor and Coordinator (more than 9000 subscribers)

Led the company to the first places of national ranking of ISPs (sources: PCWorld, Revista Web)

Author of one of the first electronic commerce projects in Spain between AirAstur and Banesto

Checkpoint Firewall-1 Administrator since 1995

Name and address of employer

AirAstur Internet Services, S.L.

(www.airastur.es) Ezcurdia, 194, 1A – 33203 Gijon (Asturias) - Spain

Type of business or sector

Internet Service Provider

Education and training

Dates

2010

Title of qualification awarded

Managing IT Governance Strategy: IT Balanced Scorecard Based on CobiT and Val IT

Principal subjects/Occupational skills covered

Identify concepts of the BSC, its definition and benefits from each of their perspectives that constitute, at both the corporate and IT

List the steps to be followed for the development and implementation of an IT BSC, its goals and perspectives; aligned with the business

Describe the different goals and metrics contained within the referential framework CobiT, Val IT, outcomes indicators and performance measures

Discuss the relationship between different components of CobiT, Val IT, processes, metrics and goals

Define some of the core indicators defined by CobiT and Val IT

Name and type of organisation providing organisation and training

Information Systems Audit and Control Association (ISACA) (www.isaca.org)

Dates

2010

Title of qualification awarded

IT Risk Management

Principal subjects/Occupational skills covered

Describe the principles of IT risk management

List the components of Risk IT

Apply the concepts of the model to realize its full business benefits and outcomes

Explain how Risk IT relates to CobiT

Evaluate implementation and operational issues

Integrate IT risk management with ERM, establish and maintain a common risk

View and make risk-aware business decisions

Maintain an operational risk profile, assess risk and respond to risk

Collect event data, monitor risk and report exposures and opportunities

Recognize how Risk IT can help achieve best practices in IT risk management

Name and type of organisation providing organisation and training

Information Systems Audit and Control Association (ISACA) (www.isaca.org)

Dates

2009

Title of qualification awarded

Implementing IT Governance Using COBIT and ValIT

Principal subjects/Occupational skills covered

Understand tht ITGI's approach to IT governance implementation based on the IT Governance Implementation Guide 2nd Edition

Understand the implementation road map and how COBIT and Val IT supports each step

Scope and plan IT governance initiatives based on COBIT and Val IT

Assess process capability using the COBIT maturity models

Plan improvements using control objectives and control practices

Creat a performance measurement framework using COBIT's metrics and the balanced scorecard

Sustain IT governance implementation

Consider practical implementation factors

Be aware of COBIT implementation support form ISACA

Name and type of organisation providing organisation and training

Information Systems Audit and Control Association (ISACA) (www.isaca.org)

Dates

2009

Title of qualification awarded

CGEIT (Certified in Governance of Enterprise IT)

Principal subjects/Occupational skills covered

Introduced in 2007, the CGEIT designation is the designed for professionals who manage, provide advisory and/or assurance services, and/or who otherwise support the governance of an enterprise’s IT and wish to be recognized for their IT governance-related experience and knowledge, CGEIT is based on ISACA’s and the IT Governance Institute’s (ITGI’s) intellectual property and the input of subject matter experts around the world..

Name and type of organisation providing organisation and training

Information Systems Audit and Control Association (ISACA) (www.isaca.org)

Dates

2009

Title of qualification awarded

CISM (Certified Information Security Manager)

Principal subjects/Occupational skills covered

The management-focused CISM is a unique certification for individuals who design, build and manage enterprise information security programs. The CISM certification promotes international practices and individuals earning the CISM become part of an elite peer network, attaining a one-of-a-kind credential.

Name and type of organisation providing organisation and training

Information Systems Audit and Control Association (ISACA) (www.isaca.org)

Dates

2008

Title of qualification awarded

CISA (Certified Information Systems Auditor)

Principal subjects/Occupational skills covered

The CISA designation was created for professionals with work experience in information systems auditing, control or security that include:

Information Systems (IS) audit process

IT Governance

Systems and Infrastructure Lifecycle Management  

IT Service Delivery and Support

Protection of Information Assets

Business Continuity and Disaster Recovery

Name and type of organisation providing organisation and training

Information Systems Audit and Control Association (ISACA) (www.isaca.org)

Dates

2008

Title of qualification awarded

BS 25999 Lead Auditor

Principal subjects/Occupational skills covered

Lead an audit of a business continuity management system

Develop an internal audit programme

Carry out an audit of a business continuity management system

Clarify the different purposes of BS 25999 Part 1 and Part 2

Explain the requirements of BS 25999-2:2007

Understand the Business Continuity Management Code of Practice BS 25999-1:2006

Articulate and present audit findings

Manage successful audit communication and interviews

Write a succinct audit report

Conduct opening, closing, and follow-up audit meetings

Name and type of organisation providing organisation and training

British Standards Institution (BSI) (www.bsi-global.com)

Standards Body Training Services

Dates

2008

Title of qualification awarded

Certified NetAsq Expert (CNE)

Principal subjects/Occupational skills covered

This course provides an extended and detailed view of all the functions provided by NetAsq  UTM products. Key topics include administrative configuration, Layer 2 and Layer 3 operations, basic and advanced policy features, network address translation, and VPN configuration and operations. Through demonstrations and hands-on labs, students gain experience in configuring, testing, and troubleshooting features of ScreenOS.

Name and type of organisation providing organisation and training

NetAsq (www.netasq.com) 

Information Security Training and Certification

Dates

2008

Title of qualification awarded

Certified NetAsq Administrator (CNA)

Principal subjects/Occupational skills covered

This course provides a broad overview of the firewall and VPN functions provided by NetAsq UTM  products. Key topics include administrative configuration, Layer 2 and Layer 3 operations, basic and advanced policy features, network address translation, and VPN configuration and operations. Through demonstrations and hands-on labs, students gain experience in configuring, testing, and troubleshooting features of ScreenOS.

Name and type of organisation providing organisation and training

NetAsq (www.netasq.com) 

Information Security Training and Certification

Dates

2007

Title of qualification awarded

Certified Information Systems Security Professional (CISSP)

Principal subjects/Occupational skills covered

Being the first Information Security Certification credited with the ANSI ISO recognition, the CISSP certification provides the professionals of the information security of an objective measurement of validity and recognized professionalism worldwide. The certification demonstrates a advanced knowledge inside 10 authorities of the (ISC) ² CISSP CBK.

Name and type of organisation providing organisation and training

Internet Security Auditors (www.isecauditors.com) 

Information Security Training and Certification

Dates

2006

Title of qualification awarded

Stay Sharp Program Google Hacking and Defence (SSP-GHD)

Principal subjects/Occupational skills covered

Google Hacking and Defense Techniques

Google Hacking and Defense graduates leverage a toolkit of techniques and skills required to evaluate their sites from malicious Google Hackers. In doing so, they gain a fundamental understanding of technical defense measures to uncover unintended information disclosures, close common holes in web servers and Internet connected devices as well as clean up the exposures discovered.

Name and type of organisation providing organisation and training

The SANS (SysAdmin, Audit, Network, Security) Institute (www.sans.org)

Information Security Training and Certification

Dates

2006

Title of qualification awarded

GIAC Assessing Wireless Networks (GAWN)

Principal subjects/Occupational skills covered

The GAWN certification is designed for technologists who need to assess the security of wireless networks. The certification focuses on the different security mechanisms for wireless networks, the tools and techniques used to evaluate and exploit weaknesses, and techniques used to analyze wireless networks. Students will not only gain experience using tools to assess wireless networks, they will understand how the tools operate and the weaknesses in protocols that they evaluate.

Name and type of organisation providing organisation and training

The SANS (SysAdmin, Audit, Network, Security) Institute (www.sans.org)

Information Security Training and Certification

Dates

2005

Title of qualification awarded

GIAC Systems and Network Auditor (GSNA)

Principal subjects/Occupational skills covered

GIAC Systems and Network Auditors (GSNAs) have the knowledge, skills and abilities to apply risk analysis techniques and to conduct a technical audit of essential information systems.

Name and type of organisation providing organisation and training

The SANS (SysAdmin, Audit, Network, Security) Institute (www.sans.org)

Information Security Training and Certification

Dates

2005

Title of qualification awarded

Juniper Networks Certified Internet Associate Firewalls (JNCIA-FW)

Principal subjects/Occupational skills covered

This course provides a broad overview of the firewall and VPN functions provided by ScreenOS-based products. Key topics include administrative configuration, Layer 2 and Layer 3 operations, basic and advanced policy features, network address translation, and VPN configuration and operations. Through demonstrations and hands-on labs, students gain experience in configuring, testing, and troubleshooting features of ScreenOS.

Name and type of organisation providing organisation and training

Juniper Educational Services (www.juniper.net)

Manufacturer Training Services

Dates

2003

Title of qualification awarded

ISO 17799 Information Security Management, System Implementation Course

Principal subjects/Occupational skills covered

Background to Information Security

Determination of scope and Information Security policy

Identification of information assets

Determination of the value of information assets

Determination of risk and impacts

Identification of control objective and controls

Definition and implementation of polices.

Production and implementation of policies, standards and procedures

Completion of ISMS documentation requirements

Awareness training.

Certification process.

Production of a ISMS Project Implementation Plan.

Name and type of organisation providing organisation and training

British Standards Institution (BSI) (www.bsi-global.com)  

Standards Body Training Services

Dates

2003

Title of qualification awarded

University Specialist in Data Protection

Principal subjects/Occupational skills covered

General Theory about Data Protection

Data Protection Principles

Data protection rights

Data Protection Laws

Security Measures, Security Document, Policies

The Data Protection Spanish Agency

International data transferences. International laws. European Union

Name and type of organisation providing organisation and training

El Escorial – Maria Cristina Royal University Centre (www.rcumariacristina.com)

University

Dates

2002

Title of qualification awarded

BS 7799 Lead Auditor

Principal subjects/Occupational skills covered

BS 7799:2002

Information security

The importance of information security

Assessing security threats and vulnerabilities

Management of security risks

Selecting security controls

How to build an Information Security Management System (ISMS)

Auditing to BS 7799

BS 7799 auditing techniques

Managing and leading a BS 7799 audit team

Interview techniques

Audit reporting

Comprehensive course manual including a copy of BS 7799:2002 Part 2

Formal Examination leading to BSI BS 7799 Lead Auditor Qualification.

Name and type of organisation providing organisation and training

British Standards Institution (BSI) (www.bsi-global.com)  

Standards Body Training Services

Dates

2001

Title of qualification awarded

Checkpoint Certified System Expert (CCSE) and Checkpoint Certified System Administrator (CCSA)

Principal subjects/Occupational skills covered

Installation, configuration and Support of Checkpoint Firewall-1/VPN-1

Name and type of organisation providing organisation and training

Allasso (www.allasso.es)   

Manufacturer Training Services

Dates

2000

Title of qualification awarded

Sun Certified Network Administrator (SCNA) and Sun Certified System Administrator (SCSA)

Principal subjects/Occupational skills covered

Installation, configuration, administration and Support of Sun Solaris

Name and type of organisation providing organisation and training

Sun Microsystems (www.sun.com)

Manufacturer Training Services

Dates

1994

Title of qualification awarded

B.S. in Computer Science

Principal subjects/Occupational skills covered

Bachelor of Science in Computer Science

Name and type of organisation providing organisation and training

University of Oviedo (www.uniovi.es)

University

Personal skills and competences

Mother tongue(s)

Spanish

Other language(s)

Self-assessment

Understanding

Speaking

Writing

 European level ^(*)

Listening

Reading

Spoken interaction

Spoken production

English

C1

Proficient User

C2

Proficient User

C1

Proficient User

C1

Proficient User

C2

Proficient User

^(*) Common European Framework of Reference (CEF) level

Social skills and competences

Communication skills: Excellent communications and social skills gained through my work experience and personal life. I am usually a valued member in every team or social group I join.  I am a frequent speaker in infosecurity and other IT events and part of my job responsibilities are  security presentations to top management in different organizations.

Team work: I have team worked all my life. Usually I work as team leader, coordinating and motivating the whole team, although I can work as and active team member aligned to the team objectives and following the instructions of the eventual team leader.

Organisational skills and competences

Good experience in project and team management through my work experience as Technical Director, Information Security Manager and IT & Security Services Director

Leadership skills, former responsible for the security team of Tecnocom (one of the Top 5 IT Companies in Spain) and current responsible for the IT & Security Services of Intermark Tecnologias

Deep experience in professional and personal time management and planning.

Proactive, collaborative and solutions oriented personality

Technical skills and competences

Due to importance of security training, some additional courses and trainings received are included below:

-          Certified NetAsq Expert (NetAsq, Madrid, 2008)

-          Radware Certified Security Specialist (Magirus, Madrid, 2007)

-          Assessing and Securing Wireless Networks (The SANS Institute, London, 2006)

-          Auditing Networks, Perimeters and Systems (The SANS Institute, London, 2005)

-          Implementing Netscreen Security Networks (Juniper Educational Services, Madrid, 2005)

-          Implementing CiscoWorks LMS & VMS (Comstor, Madrid, 2005)

-          Implementing Cisco Wireless Networks (Comstor, Madrid, 2005)

-          Building Cisco Multilayer Networks (Comstor, Madrid, 2005)

-          Nokia Security Administration II (Afina Sistemas, Madrid, 2004)

-          Cisco Secure Intrusion Detection Systems, CSIDS (Cisco Systems, Madrid, 2002)

-          Sun Solaris Security Administration (Sun Microsystems, Madrid, 2002)

-          Sun Enterprise Products Course (Sun Microsystems, Madrid, 2001)

-          Checkpoint Firewall-1 Management I & II (Allasso, Madrid, 2001)

-          Managing Cisco Network Security, MCNS (Cisco Systems, Madrid, 2001)

-          Shasta 5000 BSN Operations & Maintenance (Nortel Networks, Maidenhead, 2001)

-          Introduction to Nortel Passport (Eurocomercial I&C, Madrid, 1999)

-          CS Spectrum Advanced Administration (Cabletron Systems, Newbury, 1999)

-          Cisco Switches and VLANs (Cisco Systems, Madrid, 1999)

-          Sun Enterprise Cluster HA Administration (Sun Microsystems, Madrid, 1999)

-          Accelerated Router Configuration (Nortel Networks, Madrid, 1999)

-          Communications Technologies (Foro Tecnologico Aslan, Marbella, 1998)

-          Enterprise Networks Integration (Foro Tecnologico Aslan, Marbella, 1998)

-          Electronic Commerce, Security and Remote Access in Internet (Foro Tecnoclogico Aslan, Marbella, 1998)

-          Electronic Money (Expo Internet 97, Barcelona, 1997)

-          Advanced Web Programming (Expo Internet 97, Barcelona, 1997)

-          Security in Information Systems (Expo Internet 97, Barcelona, 1997)

-          Intranets Advanced Development (Expo Internet 97, Barcelona, 1997)

-          Intranets Development (Mundo Internet 97, Madrid, 1997)

-          Java Programming (Mundo Internet 97, Madrid, 1997)

-          Security in Communication Networks (Mundo Internet 97, Madrid, 1997)

-          Internet and Infovia Servers Administration (Telefonica Sistemas, Gijon, 1996)

-          Corporate Web Servers Development (Telefonica Sistemas, Gijon, 1996)

-          ISO 9000 Implementation in Software Departments and Enterprises (European Software Process Improvement Training Initiative SIP, Madrid, 1995)

-          Information Systems Audit and Control (ALI, Oviedo 1995)

-          Electronic Space, Intermedia Space (Popular University of Gijon, Gijon, 1995)

-          Computers Hardware (University of Oviedo, Gijon, 1994)

-          Intelligent Robots (University of Basque Country, San Sebastian, 1994)

-          PC Technician (Ingenor, Gijon, 1993)

-          Printed Circuits Computer Aided Design (University of Oviedo, Gijon, 1993)

-          Computer Music: Midi and Sampling (Asturias Studios, Aviles, 1990)

All of these courses with the work experience mentioned, offer a complete, extensive and holistic vision of information security and information technology in general, having studied and worked on almost all of the security issues (security devices such as firewalls, IDSs, IPSs, Proxies, procedures, compliance, governance, networks, systems…)

Other skills and competences

Information Systems Audit and Control Association (ISACA) member

Information Systems Security Association (ISSA) member

Information Security Management Systems (ISMS) Forum Spain member

International Society of Automation (ISA) member

Multisectorial  Association of Spanish Enterprises of Electronic and Communications (ASIMELEC) Security Commission member

SANS (SysAdmin, Audit, Network, Security) Advisory Board Member

Participant and usual speaker in InfoSecurity Events like ISSA Conferences, IDC Security, ENISE, Tecnocom KickOffs and others

Author of IS2ME: Information Security to Medium Enterprises, A Method for Approaching and Implementing Information Security in Small and Medium Enterprises (http://www.is2me.org)

Author of InfoSecurity Blog: InfoSecMan Blog (http://blog.infosecman.com)

Driving licence(s)

Category B1