Horváth Attila
$80/hr
Senior information security and compliance professional (ISO 27001, PCI-DSS, HIPAA, SOC2)
- Reply rate:
- -
- Availability:
- Hourly ($/hour)
- Location:
- Budapest, Budapes, Hungary
- Experience:
- 18 years
Horváth Attila - CISA, CISSP, Prince2 and Qualys Certified Specialist
https://www.upwork.com/fl/securitypolicyconsultant
Budapest, Hungary
CYBER AND INFORMATION SECURITY SPECIALIST
Insightful, results-driven Cyber and Information Security professional with notable success directing a broad range
of corporate IT security initiatives while participating in the planning, analyzing, and implementing solutions in
support of business objectives. Excel at providing comprehensive, secure network design, systems analysis, and full
lifecycle project management. Outstanding project and program leader; able to coordinate and direct all phases of
project-based efforts while managing, motivating, and guiding teams. I have an excellent overview of different
aspects of information security from auditing, to GRC and hands-on experience of the information security
operation.
Areas of Expertise:
•
•
•
•
•
Network and Systems Security
Secure design and architecture
Regulatory Compliance (GRC)
Policy Planning / Implementation
Project Management
•
•
•
•
•
Data Integrity / Disaster Recovery
Risk Assessment / Impact Analysis
Technical Specifications Development
Cyber Security Operations Procedures
Policy writing and enabling
Technical proficiencies:
Platforms:
Windows 7/8.1/10, Windows Server- R2, Active Directory Domain Services,
AD tools, IIS, Powershell scripting, security consulting on AWS, Azure
Security Tools:
HP ArcSight, IBM Qradar, Qualys (VM, TP, AV, Web scanning, PCI), Check Point Firewalls,
Splunk, Mimecast, Varonis, Sophos Enterprise Console - Client Endpoint, Palo Alto
Firewall,
Networking:
LAN/WAN, IDPS, TCP/IP, VPN, VLAN
Standards, Best practices: ISO 27001, 27002, 27008, Common Criteria - ISO 15408, COBIT, ISACA guidelines,
OWASP, PCI DSS, SDLC, ITIL v3, SANS TOP 20, DPA, GDPR, Cyber Essentials, ISF SoGP,
AICPA TSC, NIST SP 800-53 rev5, NIST CSF, NIST 800-37 rev2, NIST 800-30
PROFESSIONAL EXPERIENCE:
INFORMATION AND CYBERSECURITY POLICY AND COMPLIANCE TECHNICAL WRITER AND CONSULTANT
Role: Remote Senior Information Security and Privacy consultant - self-employed status, Freelancer
Providing consulting services via Upwork, to help clients to improve security policy frameworks, I have successfully
delivered 60 projects over this period for clients from New-Zeland, US, Canada, Australia, and Europe.
Some of the recent projects:
-
-
-
ISO 27001 ISMS implementation for certification for an Australian company providing job finding services
to the Australian Government
Auditing a French SaaS service company for PCI and GDPR compliance. Creating a gap assessment and
recommendation to achieve compliance.
A full WISP (Written Information Security Policy) set for HITRUST compliance based on HITRUST CSF
including policies and the implemented procedures and processes for a Californa-based startup
ISO 27001 implementation for a SaaS LMS provider from Canada is an end-to-end ISO 27001 project the
certification audit start in May, including policy and procedure creation.
ISO 27001 implementation of the market-leading UX testing SaaS solution, this implementation of the ISMS
framework from scratch (risk assessment, risk treatment, control creation, policies, and procedures)
A set of Written Information Security Policies for a Manages Service Provider in the USA, 22 different policy
provided within eight days timeframe,
Creating policies and procedures and answering questioners related to IRAP certification for the company
running the “Job Centers” for the Australian Government. IRAP is the Australian version of FedRAMP, and
the framework based on the Australia Signal Directorate’s control set
Reviewing, updating, and creating 20+ policies and procedures for a US-based online payment provider in
the education business and answering 212 long DD questioners from Universities.
I created BCP/DRP and other security policies for a SaaS-based Agile project management app, which was
vetted by one of the Big4 consulting firms to become a vendor to them.
Information security consulting and policy creation for a SaaS-based online learning platform (LMS) provider
from California
Full IT Security policy update (20+ policy and procedures) and refresh filling the gaps for an online payment
provider in the USA to be able to submit it’s documentation to a new client, also I have answered the due
diligence questioner by filling out the answers.
For more projects, feedback and rating of my delivery please visit my profile:
https://www.upwork.com/fl/securitypolicyconsultant
GRÁNIT BANK 03/2019 – 08/2019
ROLE: INFORMATION SECURITY ANALYST - CONTRACT ROLE, SELF-EMPLOYED STATUS, FREELANCER
●
●
●
Reviewing the security monitoring process and procedures
Participating in incident management
Helping to improve the security operation framework
TR CONSULT 01/2019 – 03/2019
ROLE: SOC TECH LEAD - CONTRACT ROLE, SELF-EMPLOYED STATUS, FREELANCER
TR CONSULT IS AN INFORMATION SECURITY CONSULTING FIRM, BUDAPEST, HUNGARY
●
●
●
●
Working as the tech lead for a newly created SOC service for one of the firms’ client
Creating services for the security solutions inside of the SOC (Qualys, IBM QRadar)
Defining SLA and KPI’s for the services
Mentoring and leading the SOC analyst team
●
Defining and creating reports
ROYAL BANK OF SCOTLAND 06/2018 –01/2019
ROLE: SECURITY ENGINEER– CONTRACT ROLE, SELF-EMPLOYED STATUS
RBS IS ONE OF THE MOST SIGNIFICANT BANK GROUP IN THE UK
●
●
●
●
●
●
Working as a member of the Cyber Security and Threat monitoring team
Managing, maintaining and updating Cisco Firepower FMC’s and sensors for all RBS NIDS environment
Adding threat intelligence data to the NIDS estate
Establishing a health monitoring baseline for the Cisco Firepower devices to be able to create a real-time
health monitoring dashboard in Splunk
Supporting FireEye malware gateway refreshment project
Supporting the day to day operation of RBS’s SOC
TNT EXPRESS GLOBAL ICS 12/2017 – 05/2018
ROLE: GLOBAL SECURITY OPERATION CONSULTANT – CONTRACT ROLE, SELF-EMPLOYED STATUS
TNT EXPRESS IS ONE OF THE MAJOR SHIPPING AND DELIVERY COMPANIES, PART OF THE FEDEX GROUP.
●
●
●
●
●
●
Working on TNT Express SOX compliance controls delivery related to database and application patch
management and vulnerability management,
Defining and coordinating remediation actions with internal team and global 3rd party vendors, engaging IT
application and business owners to create actions/projects for remediation.
Creating a high-level project/program of the remediation tasks
Reporting progress of the remediation actions
Reviewing and updating security policies
Working closely with the Global GRC team
BANK OF TOKYO MITSUBISHI UFJ 07/2017 – 11/2017
ROLE: SENIOR ASSOCIATE SECURITY ANALYST EMEA REGION – CONTRACT ROLE, SELF-EMPLOYED STATUS
BANK OF TOKYO MITSUBISHI IS THE BIGGEST RETAIL AND COMMERCIAL BANK IN JAPAN, IN THE EMEA REGION THEY ARE PROVIDING
INVESTMENT AND CORPORATE BANKING.
●
●
●
●
●
●
●
BAU management of the Banks IT security infrastructure (Bluecoat web gateway, Clearswift email filter,
CyberArk access management, McAfee anti-virus, Qualys vulnerability management, FireEye mail, and web
gateway)
Working together with external SOC teams (NTT, IBM)
Participating in projects providing guidelines and validation for internal standards as well as best practice
controls,
Improving security services and procedures, creating documentation (vulnerability management process,
firewall change request process, CyberArk integration with Qualys)
Fine-tuning SIEM system (Splunk) creating alerts and use cases
Managing tickets and incidents
Participating in the FFIEC Maturity level assessment project, helping the project team in different domains
to ensure to meet with the requirements if the intermediate level
BDO UK LLP 02/2017 – 06/2017
Role: Information Security operation consultant and engineer – contract role, self-employed status
BDO is one of the biggest accounting firms in the UK. My role is to create the Security Operation BAU framework.
●
●
●
Participating in WannaCry ransomware awareness and mitigation (patching, evaluating, monitoring alerts)
Managing security platforms for 5500 endpoint clients including Sophos Anti-Virus and Device control,
SIEM, Triton (Websense) proxy,
Qualys VM weekly mapping, scanning, reporting the state of patch management,
●
●
●
●
●
●
●
●
●
Reviewing SIEM alerts and respond to incidents (TrustWave)
Implementing use cases for 3rd party MSSP with the onsite SIEM system
Managing Qualys scans, reviewing the result, helping to improve the patch process including SCCM planning
Review proposed MDM solution configuration and support hardening
Consulting on Security operation BAU procedures and workflow
Creating documentation for BAU procedures
Managing, executing changes related to the security platforms
Security housekeeping of AD using ADCU, ADSIEdit, and custom Power shell scripts
Implemented Qualys cloud agent on 5000 endpoints to utilize Qualys AssetView.
Projects: Upgrade and migrate Sophos Enterprise Console and management backend to the latest supported version
as well to migrate to a new Data Centre
TES GLOBAL LTD. - 04/2016 – 01/2017
Role: Lead Information Security operation consultant and architect – contract role, self-employed status
TES Global is the most prominent education publisher (on and offline) in the UK and recently finished a new data
center, as a senior security operation engineer I implemented all necessary safeguard to ensure the security of
customer and corporate data. The role is 20% BAU and 80% project work, which is mostly about solution architect
type of work (vendor-independent).
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
I have created a Security Operation framework, e.g., segregation of duty, procedures, working together
with IT infrastructure and service desk team to define roles and duties.
Updated and refreshed User Acceptance Policy also reorganized the data classification framework to
reflect recent changes in the environment and the organization
Created and implemented vulnerability and patch management process, based on continuous scanning
concept using Qualys appliances, including Web Application Scanner.
I consulted with the AWS platform team on security improvements.
Implemented VLAN segregation in the data center network
Analyzed Windows 10 desktop roll out security requirements
Created a centralized password management policy and procedure for system administrators, implemented
the solution to provide compliance with the policy.
Defining, managing and implementing DLP solution based on Sophos Enterprise Solution
Monitoring Palo Alto firewall events and threats
Participating in the Risk Management forum of the company
Rolling out security awareness program using SANS’s “Secure the human” platform
Created and defined the BYOD policy
Managing and implementing BYOD program using Sophos MDM
End to end PCI-DSS compliance assessment as a level 3 merchant, identifying requirements for successful
self-assessment, filling out SAQ-A questioners, for online and offline payment channels.
I implemented and documented Mimecast TTP (targeted threat protection) solution for 600+ mailbox,
creating procedures, policies, admin, and service desk level guides.
Implementing and using advanced Qualys solutions, including threat protect (threat intelligence), Qualys
cloud agent, providing reports, and analysis on the state of vulnerability management.
Technologies used: Qualys appliance scanners, Qualys Ticket Notification engine, Windows 2012 R2 server, Microsoft
Security Compliance Manager, Pleasant Password Server, Palo Alto firewall, Sophos Enterprise Console, Varonis
Console, Mimecast admin console,
FARNCOMBE PART OF CARTESIAN GROUP 11/2015 - 02/2016
Role: Senior SOC Analyst – contract role, self-employed status
As an SoC analyst, I had provided a security monitoring service for a client (TV broadcasting) of Farncombe. The
service offered 5x8 hours, and BAU includes the following tasks:
●
●
●
●
●
●
Reviewing logs and alerts in IBM Qradar
Configure rules and filtering for IBM Qradar
Investigate and analyze any suspicious traffic within the protected environment
Behavioral and threat analysis
Create weekly, monthly reports, presenting them to the client
Mentor and support junior analysts within the team
Project work:
Analyze a proposed new client environment based in the cloud, for optimal monitoring service solution.
Understanding the new environment, identifying technical and service gaps, research, and recommend the best
solution.
FNZ UK LTD. 02/2015- 09/2015
Role: Information Security Engineer
FNZ is a software/solution delivery company working in the financial sector for asset management and pension fund
companies. The client base is already covering the biggest names in the UK financial sector. The information security
team is actively working on maintaining existing safeguards and developing more advanced solutions to improve the
overall security and fulfill client requirements. The role is supporting the UK information security manager to fulfill
due diligence and audit duties and working closely with the information security analysts on the daily information
security tasks.
Daily tasks:
● Investigation of incidents reported by the analyst
● Fine-tuning security solutions, reviewing F5 ASM policies and alerts
● Collecting information and review documentation to validate existing IS controls and the effectiveness of
the controls
● Reviewing the business process to identify security risks and recommend corrective actions
● Assessing risks related to 3rd parties,
● Participating in infrastructure projects
● Raising information security awareness
● Participating in audits, coordinating external penetration tests, reviewing and approving results
● Plan, schedule and execute Qualys VM scans for different production environments, improving the
process by adding proper mapping steps, scans run daily
● Validation of possible vulnerabilities, reporting them and tracking resolution
● Working with the IT operation team to create a patch management process
● Reviewing hardening settings and made recommendations to the “gold image.”
Achievements:
● Development of use cases for the alerting and monitoring systems
● Development of requirements for SNOC operation model – the company has created a SNOC team in
Czech republic; my duty was to create the operational model, setup SLA and OLA for the team
● Developed operation workflow for SNOC analysts, define use cases, run books, serve as an escalation
point to the analysts.
● Firewall rule base audit, validation of firewall rules
Technologies used: ArcSight, F5 ASM, Splunk, Qualys Vulnerability Manager, Websense, Mimecast, Check Point
BWIN. PARTY DIGITAL ENTERTAINMENT 07/2014 – 10/2014
Role: Technical Compliance Analyst
bwin.party represented in several countries as a betting and online gaming provider; this role includes checking
technical compliance against different countries’ regulatory requirements. It contains IS environmental, applicationlevel (random number generator and gaming application), and policy-related compliance checks and audits.
Achievements:
● Took part in an internal audit project to support the team on an IS-related audit, managed questioner
creation, interview, and analysis of the result.
● Contributed to the company-level patch management policy and aligned with different technical teams in
the document creation process
● Reviewed DR capabilities of different business departments
● Owned the ISO 27001 risk assessment process and execution
VODAFONE GROUP ENTERPRISE TECHNOLOGY SECURITY HUNGARY 03/2012 – 07/2014
Role: Technology Security Project manager
Managing information security projects to delivery end - to - end security services to Vodafone Group and different
local markets as part of the Vodafone Global Security Programme.
During the projects one of my main tasks was to integrate different local Vodafone entities to the Global
Security Operation Centre, for this I had to define the process of integration working closely with the GSOC team
as well with the Security Operation team (who managed different security platforms – IDPS, VM, AV, etc.)
Full project lifecycle (engage, plan, design, delivery, implement, hand over to BAU, project closure, stakeholder and
management reporting, and RAID tracking) for the following services in multiple locations:
● vulnerability management,
● deployment and integration of local markets SIEM solutions to the Global Security Operation Center,
● IDPS deployment,
● web application firewalls deployment,
● I’ve supported the PMO team as an SME in different audit-related tasks such as preparation for audits,
coordination of audits, and analysis for compliance (ISO 27001 and PCI DSS).
To do successful project delivery, I managed the coordination of local and virtual teams (architects, technology
security operation, customers IT operation, 3rd party vendors) as resources in different locations and time zones.
Also, coordinating efforts with customers and customer-related third parties. I have managed to deliver successfully
15 projects, and budget volumes were between €100.000 and €-.
Achievements
Managed a project to deploy four PCI compliant security solutions for the Vodafone Group central PCI zone:
● Vulnerability management,
● ArcSight deployment and integration to SOC,
● Custom log parser development for ArcSight flex connectors,
● IDP deployment, the custom encryption solution
It was my responsibility as an SME to coordinate the qualification audit for these services when QSA visited the
team onsite 2012. The solutions and the team passed the PCI DSS qualification process, and the central zone
achieved the PCI DSS certificate.
Successful security integration of Vodafone Qatar, three core security solution was deployed parallel (Vulnerability
Management, SIEM, and IDPS) on two sites, working with only 3rd party outsourced companies locally and managing
the project team in 4 different location and 3-time zone. The project volume was about 1M USD.
The architect and operation team involved me in the development of the Imperva WAF Enterprise Service model for
Vodafone (deployment, operation and service standard, and guidelines for all Vodafone operation companies), in
2013 I led implementation several implementation projects for the new service.
Technologies used: ArcSight, Juniper, SourceFire, Imperva WAF, and DAM, nCircle.
AXA GROUP HUNGARY 02/2009 - 02/2012
Role: IT Security Architect / IT Audit Manager
The company is a subsidiary of one of the most prominent global financial institutions (the group contained: local
bank, insurance, pension, and health funds, asset management companies).
The role had the responsibility to manage the following areas for the group’s Security environment:
● Physical security,
● Information security,
● Risk Assessment / Management,
● Business contingency planning and disaster recovery.
● Tracking compliance and regulatory requirements
I supported and managed various aspects of Information Risk & Security in alignment with the company’s IT
Governance and Worldwide Group Security Policy.
Business, as usual, included such as:
● Over watching and managing the IT persons/teams who operated the company’s security solutions (FW,
Endpoint Security, IDPS, Backup, AV, and VPN). Average 3-5 person was reporting directly to me on a dayto-day basis related to the operation of the security solutions; however, Line Management duty was not
my responsibility.
● Information risk assessments, risk management (development and operational manners), creating and
supporting the risk management framework, maintained the risk register
● Audit Manager for the companies, acting as SPOC and managing all internal, external audit activities (1012 audit overall/year).
o Preparing, drafting, delivering internal IT / Security audits (process reviews, access rights, FW rules,
infrastructure, application audits, gap, and compliance analysis).
o I reported the findings to the executive board, with remediation action plans and trackers.
o Managing external audits (regulatory and other independent audits), reviewing the audit plan and
scope, gathering and delivering evidence, participating in interviews, reading and approving the
draft and final versions of the audit reports. Creating remediation action plans based on the
findings and reporting it to the executive board.
o I carried out continuous communication with local and international regulatory offices.
o Application-level audits with external parties based on the yearly Risk Assessment results.
● Consult and advise the senior management on information security subjects,
● Report to the Executive Board and the CEO of the companies on audit and compliance
● Coordination and evaluation of penetration tests and code reviews for new web services
● Security awareness training and campaigns for employees.
Achievements:
Based on the findings of my internal audits, gap, and compliance assessment, the Executive Board accepted my
proposal
to
start
a
Security
Baseline
Programme,
which
fir
for
2
years,
to uplift the overall information security level and introduce an Information Security Management System based
on ISO 27001. The program contained several workstreams and projects, and I was involved in each project in
different roles, such as project manager, architect, or a business owner.
For the solutions/projects below, I was responsible for developing and implementing the BAU framework,
operational procedures including patch management and change management processes, and also ensure that
the proper safeguards presented in the daily work routine of the IT staff.
Patch and change management: Assessing business and security needs, aligning with IT and business owners on the
requirements, and creating and documented patch and change management policies, implementing into BAU.
Information Security Policies and Regulations (project manager and professional lead): updating and creating
information security policies and regulations for each company in the group based on ISO27001. Including data
classification,
storage,
and
encryption
requirements.
Business Continuity and Disaster Recovery plans (professional lead): Covering the whole AXA Hungary group, this
project took 12 months to develop BCP for all companies, covering all critical business processes (overall 1000+
process, 230 critical processes) and application. I become appointed as a deputy Business Continuity Manager for
AXA Hungary
Firewall replacement (architect): Evaluating the in place FW system, creating requirements list, selecting the new
solution, supporting the network team during the implementation, and creating FW rule approval and tracking
process.
Data Center Migration/Service Transition (architect and QA): Server and service migration to a central Data Center
(based in Switzerland), moving 100 business-critical servers and security solutions to a new environment without a
significant outage. The project was delivered on time, on scope, on budget. During the virtualization, server
hardening also took place to ensure that newly migrated servers are meeting security requirements. For this,
hardening guides were created by myself.
Backup system renewal (professional lead supporting IT Operation and QA): 13 months of project planning and
implementing a d2d2tape solution, fulfilling business needs and regulatory requirements.
Disk encryption and endpoint media protection (architect): Managing the planning and implementation of full disk
encryption for laptops, together with media and port security solutions for desktop computers.
SIEM Project (project manager and professional lead): Introducing a central log collecting analyzing solution, after
the implementation, it was my responsibility to operate and manage the solution.
User Rights Management initiative (project manager and professional lead): I managed the initiative driven by the
security department to improve general rights management and documentations in Service Desk.
Online bank solution development: I participated as an SME in the 18 months long online bank solution
development (.NET environment) for AXA Bank Hungary, collecting regulatory requirements, designing security
solutions and safeguards, managing code reviews, and penetration tests.
Technologies used: MS Windows Servers 2000 - 2003 and AD, MS Exchange, Netapp storage, VMware ESX,
Checkpoint FDA and ME, Linux Red Hat, RSA EnVision, RSA SecurID, IBM ISS IDPS, Zorp Firewall, Balabit Shell Control
Box, Nordic Edge, NOD32.
NOREG INFORMATION SECURITY CONSULTING LTD. 07/2007 – 02/2009
Role: IT Auditor / IS consultant
I’ve supported the clients of the firm in information security and audit projects.
● Three ISO 27001:2005 certificate preparation audit for the Hungarian Postal Service, each audit was
successful because the client achieved the certification based on our audit report findings and
recommendations.
● BCP, DRP development (risk assessment, process analysis, and BCP and DRP procedures development on a
technical level) for the Hungarian Border Army, the scope of the project was the Hungarian environment of
the European Schengen border patrol system.
● I executed Penetration and loyalty testing in two projects.
● I delivered training on information security policies and standards at the Ministry of Justice and Law
Enforcement.
Technologies used: MS Windows Servers, ISS Proventia.
MIMOX LTD. 05/2006 – 06/2007
Role: Recruitment consultant
Mimox is a recruiting agency specialized in the IT industry; I’ve managed several successful placements for clients.
SAVEAS INFORMATION SECURITY CONSULTING INC. 10/2003 – 05/2006
Role: Senior IT Security consultant / IT Auditor
I’ve supported the clients of the firm in IT, information security, and audit projects.
●
●
●
●
●
IT audit and gap analysis based on BS 17999 for a Financial Services company, presenting audit results to
the management and create a remediation plan.
Security evaluation of a deployed Siebel CRM application documenting all in place security safeguards FW,
DB hardening, Windows hardening based on Common Criteria protection profiles, and creating security
system design based on the protection profiles for Hungarian Telecom (a subsidiary of Deutsche
Telecom).
I created the security design and deployment guidelines for a gambling portal for state-owned Gambling
Inc. (Szerencsejáték Zrt).
I carried out a Microsoft AD 2003 and Exchange 2003 rollout planning and IT company developing pension
funds software.
I created BCP documentation, procedures for 10+ systems for a financial institution.
FERRERO MAGYARORSZÁG LTD. 12/2002 – 08/2003
Role: IT Manager
Led a project to introduce a PDA based sales system with an interface to their SAP.
TMP WORLDWIDE INC. 11/2001 – 12/2002
Role: IT Administrator
Support the daily operation of the Budapest office (40 consultants) for an executive recruitment firm.
TELNET INTERAKTÍV INC. 03/2001 – 11/2001
Role: Trafficker
Telnet was an online media agency; my role was to manage the agency advertisement server.
CHRONOS SYSTEMS LTD. 02/2000 – 02/2001
Role: System Administrator
As a system administrator, my role was to support a 45 workstation and 2 server environment.
Technologies used: Lotus Notes Server, MS Windows NT 4.0, and MS Windows 2000 desktop.
INTERNET DUNAÚJVÁROS LTD. 09/1996 – 11/1999
Role: User support manager
I was the technical support agent for the local ISP Company.
EDUCATION, CERTIFICATES:
Certificates:
ISC(2) - CISSP, certificate number: 427148, - expired in Nov 2018 – renewal in progress
Prince 2 practitioner: APMG Ltd., License--BRKH – expired in Feb 2017
ISACA - CISA, certificate number:-, - expired on Jan 2016, renewal in progress
Qualys Certified Specialist – Vulnerability Management, Advanced Vulnerability Management
ITIL v3 foundation course (2014)
Language skills: Fluent in English, working in a native English speaking environment.
Education:
Gábor Dénes College -) – IT Engineer, discontinued
Rosti Pál High School -) – second-level degree
