Личные данные скрыты

Cyber security specialist
Roman Osint
mobile phone: [открыть контакты](см. выше в блоке «контактная информация») (Telegram, WhatsApp, Viber - please, call after 13:00)
e-mail: [открыть контакты](см. выше в блоке «контактная информация»)
linkedin: [открыть контакты](см. выше в блоке «контактная информация»)

Experience

Cybersecurity Consultant
Germany, Discontia GmbH – PRINTEGI
10/23 – 11/23 - Freelance (one-off project)

Responsibilities:

● Cybersecurity risk assessment
● Developed a cybersecurity incident mitigation plan
● Developed a disaster recovery plan
● Developed Likelihood and Impact Risk Matrix
● Created an RBAC Matrix
● Created documentation about backup and passwords
● Conducted cloud environment security review
● Cybersecurity awareness trainings: phishing, smishing, social engineering etc.
● Provided advice on various cybersecurity issues:
- opening potentially malicious files and links in the virtual machine and
sandbox(desktop and web versions),
- secure sending of email, email protection, DDoS prevention, etc.

GRC Consultant
Denmark - NDA
7/23 – 10/23 - Freelance (one-off project)

Responsibilities:

● Developed ISO 27001 policies and procedures
● AWS - working with it, writing procedures
● Work with RACI responsibility matrix
● Consultation:
- procedures and policies;
- work with backup;
- assess and manage information security risks associated with suppliers
(vendors) and third-party service providers
Sales - Team Lead
Ukraine - Discover LV
4/16 – 02/22 full-time

Responsibilities:

● Led the team: recruitment, selection and training of employees and mentoring
● search for clients
● communication with clients in ukrainian, english, polish, russian. In general, I was
the one who could solve issues with the client at the highest level, especially when
other managers could not do it
● sale of company services
My KPI was the highest among all other employees - outgrew the mentor very quickly -
overall this is one of my strong achievements - later I led the team.

Familiarity with

● OSI, TCP\IP network model
● DNS, TLS, SSL, IPv4, IPv6, FTP, WS, HTTPS, SNMP, SMTP, POP3, IMAP,
ARP, NDP, ICMP, DHCP, RIP, OSPF, BGP, EIGRP, TCP, UDP, SSH etc - main
network protocols understanding
● Main cyber threats understanding (Phishing (different types), DoS/DDoS,
Pharming, Malware, MITM, Ransomware, Trojan etc )
● Sandbox, Sandboxie, Windows Sandbox, MS Defender Application Guard
● VMware, VirtualBox
● MITRE ATT&CK
● OWASP top 10
● SIEM, IDS/IPS, AV, EDR, XDR , Firewall, WAF, NGFW
● DMZ, Email Gateway (Email Security)
● VPN, Proxy, IPSec, OpenVPN
● IAM ( GCP - Google Cloud), AAA - Authentication, Authorization, Accounting
● RBAC, ABAC, DAC, MAC
● DLP ( GCP - Google Cloud)
● SDLC / SSDLC
● SaaS, PaaS, IaaS
● AWS - basic understanding of services
 ● GRC:
● Strong knowledge ISO 27001:2022 + ISO 27002:2022; ISO 27005
● ISO 19011: Guidelines for auditing management systems
● ISO 38500 IT. Governance of IT for the organization
● ISO 20000-1 IT. Service management
● GDPR, NIST CSF, COBIT 5, PCI DSS, NBU №95
● Writing Policies and Procedures
● Risk management, assessment, handling techniques
● Vendor \ third-party risk management lifecycle
● Testing employees for phishing attacks and other cybersecurity awareness
activities. (www.knowbe4.com platform).
● Training for employees and consulting on information security
● Disaster recovery, RPO, RTO
● ACS - Access Control System \ СКУД
● FDAS - Fire Detection And Alarm System \ ОПС
● CCTV - Closed-circuit television\ Video monitoring \ СВН
● Jira, Trello, Agile, Scrum, Waterfall, Kanban
● Linux administration - in progress

Completed courses

● Comptia Security+
● Course SSCP ( Access Controls* )
● Comptia CSA+ ( Cybersecurity Analyst )
● Comptia CASP+ ( Governanace Risk and Compliance* )
● Course CCNA ( Cisco Certified Network Associate (Netacad))

Languages

● Ukrainian - native
● English - B2 (Upper-Intermediate)
● Polish - B1

About Me:

I like jazz, radioelectronics, chess, sports and creative photography.