Andrew Kozloski
Personal information omitted
CISSP, CCSP, C|EH, Associate C|CISO, ISO
27001 Lead Auditor
Languages: English (native), French (professional), German (conversational) Russian and Spanish
(functional), Japanese (basic)
Relevant Technical Competence:
Coding/Scripting: C#, Javascript, Pure data, git and Tortoise SVNs, python and bash scripting
Networking: CCENT level understanding of networks (not formally certified). Zero trust.
Penetration Testing: Kali linux and assorted tools
Relevant Experience:
MAGNA Cybersecurity, Director of Strategy, July 15, 2024 – present
Internal audit and audit prepara on for ISO 27001:2022
Cybersecurity and GRC consul ng, penetra on tes ng
Implementa on and deployment of security controls such as SIEM, WAF and EDR
Service Design
Professional development of staff
Cybersecurity business development
Jack Daw, LLC, Owner and CEO, June 2022 – present:
Cryptocurrency and cybersecurity consulting
Administration of Proof-of-Stake (PoS) Nodes
Stingray, Cybersecurity Specialist: Dec 2019 – May 2022:
creation of company-wide policy and process for Stingray and global subsidiaries
leading efforts for SOC2 and ISO27001 compliance
driving maturity of our security program, both internal process and partner integration
responsible for our internal risk management program
responsible for the operations of the majority of our security controls
deliver live security awareness training to all employees; responsible for automated platform
Bell Canada, Senior Security Architect: June 2019 - Oct. 2019:
coordinate multiple teams in large company-wide security projects
adoption of security controls, such as web proxies, identity management and AI threat hunting
create company policy and process
Sales Engineer, Micro Focus: Jun 2018 - Jun 2019:
customer-facing technical sales engineer
creation of presentations, documentation, marketing materials, etc.
demo products, work with customer success team to resolve technical client issues
responsible for ALL Micro Focus security-related products, a very large technology portfolio
Security Evangelist and Sales Engineer, Hitachi Systems Security: March 2017 – present:
Final approval for all security services scoping and sales quoting globally
Define the knowledge base for all Sales Engineers in collaboration with SE Manager
Define the knowledge base for all RFP response processes
Present services, technologies and educational security topics to partners, customers and the
public at large through webinars, conferences, articles and marketing materials
Develop strategic alliances with both sales and service delivery partners within and outside of the
Hitachi global family of companies
Service design
Develop all marketing and documentation
Product Manager and Sales Engineer, Hitachi Systems Security: Nov 2015 – March 2017:
Responsible for all sales scoping and quotes globally
Perform competitive market and tech analysis in pursuit of favorably positioning the ArkAngel
security platform and related services in future product iterations
Service design and implementation of service-supporting features into the platform.
Development of road map and technical requirements
Interface between customers and R&D and Operations
Enterprise Information Security Engineer, T-Mobile, SecureOps: Nov 2014 – Nov 2015
Develop and maintain Information Security Policies, procedures, standards and guidelines based
on industry best practices and compliance requirements.
Security advisor for review and approval of all new system implementation or development
Formal risk analysis, proactive threat assessments
Vendor assessment on multiple vendors as part of supplier security assessment
Manage internal audit, third party auditors and appropriate regulatory bodies
Cyber Security Analyst, T-Mobile, SecureOps: May 2013 – November 2014
Risk assessment, vulnerability management, and creation of formal security policy which then
went through review by Risk Management to become formal T-Mobile Security Policy.
Compliance with regulatory standards: PCI, SOX and proper protection of PII, CPNI
Host and web app vulnerability scans, assessing proper remediation and maintaining a database
of relevant vulnerabilities and threats in Archer; validation of remediations
Demonstration of vulnerabilities through pen-testing tools (Core Impact, Metasploit, various
console utilities like nmap and tcpdump) or ad hoc scripts.
Creation of formal baseline server hardening standards that now form the basis of all new server
installations at T-Mobile.
On-call assistance with urgent security threats (examples: Heartbleed, PoodleBite, BEAST, etc)
including:
o Validation of emergency server patches
o Presentations to explain the threat to relevant internal staff
Education:
- Graduate Degree (D.É.S.S.) in video game design, U of Montreal
- Significant work towards an MA in Theoretical Linguistics (GPA: 3.93), U of Pittsburgh
- BA in Creative Writing, Magna cum Laude (GPA of 3.55), U of Pittsburgh
