Roman Clavijo

ROMAN RODOLFO CLAVIJO OSORIO C.C--Bogotá Colombia - PROFESSIONAL PROFILE CEH (Certified Ethical Hacker) from EC-Council, specialist in risk management analysis and information security, I2, PGP & Decrypt, MSCA, web application pentester, secure code auditor and development of Exploit, active member of ECCouncil Delta Security System and SecurityOverride.org with Security Guru category. Experience Ethical Hacker & Security Consultant at SEC Consulting. Consultant at CAJAHONOR Ministry of National Defense (On mission) April 2016 - December 2016 Leading the team of specialists in information security creating schemes and perimeters of high shielding to ensure the organization against both internal and external computer attackers, deployment and operation of the event correlator OSSIM, security consultant (on mission) for Caja Honor (Ministry of Defense), carrying out vulnerability analysis of the Entity's technological infrastructure, carrying out penetration tests and social engineering. Administration and monitoring of the DLP system (prevention of information leakage), monitoring the Imperva system taking care of the external edges of the Entity's technological infrastructure. Accompaniment in the ISO27001 certification of the Information Security Management System and Business Continuity Plan process. Ethical Hacker & Security Consultant at Wexler S.A.S Consultant at CAJAHONOR Ministry of National Defense (On mission) March 2012 - April 2016 Security Consultant for the company Wexler SAS, responsible for providing Ethical Hacking services to third parties through its employer signature, vulnerability analysis, intrusion testing, social engineering operations, script design and exploit to validate defense levels of customers. Deployment and deployment of OSSIM (AlienVault) event mapper for different companies. Technological Security Administrator at Valoragro S.A. February 2008 - December 2011 Management in the operational area of the company, in charge of executing the IT procedures to the different clients. Development and complementation of operational risk management, administration and continuity, security management with emphasis on network auditing and internal customer. Support Engineer at Frio Transandina Ltda. January 2011 - November 2011 Implementation of security hardware & software creating high security perimeters for the company, advice and training in information security. Security & Network Manager at Oruss.com & Company Ltda. January 2009 - June 2011 Hacking in attack & defense of the technological technological infrastructure, development of exploit & scripts aligned to the vectors of attack according to client's requirement. Management in the security area of the company, in charge of the server tree, backup procedures, vulnerability testing, projection and network management to internal and external clients. Develop security schemes for external client servers providing secure zones for both communication and electronic transfers. Website Administrator & Internet Operations at Polux S.A Technology Wholesaler. March 2005 - December 2006 Accompaniment in the area of marketing, development and administration of the corporate website of the company, supervise the electronic transactions, perimeter security control of the internal customer, design and layout of advertising material. Operations Internet at Complot S.A. January 2003 - December 2005 Assistance to field support engineers, design and administration of corporate web, development of online training projects (e-learning), control of operations table and support to end user. Security & Support Staff in Advertising and Marketing Editions January 2004 - December 2004 Network administrator, implementation of security software, mitigation of process risks. Systems Administrator at Ana Lucia Pachón y Asociados January 2003 - December 2003 Implementation of corporate network, administration of the digitization and archiving of the project, management of databases, control of the security of the project and coordination of the work group. Support Engineer at Grupo Total S.A January 2002 - December 2003 Provide advice and training to company personnel, hardware and software implementation, accompaniment in the process of development in the area of operations of the company. Fulfilled projects Ethical Hacking -. CajaHonor & Command Cybernetic Armed Forces. October 2015 - December 2015 Exercise jointly between the Joint Cyber Command of the Armed Forces and the CAJAHONOR Military Housing Promoter box verifying the capacities of personnel, processes and technology in handling security incidents. Being part of the Black Team, made up of personnel from the CCOC and CAJAHONOR, responsible for carrying out Tests of vulnerability to the security devices. Intrusion tests in black box mode. Testing of network controls. Vulnerability scan. External intrusion tests in black box mode. Testing web services controls. Fundación de la Mujer Bucaramanga. Run ethical hacking, vulnerability analysis and intrusion testing on the platform of the Fundación de la Mujer, Bucaramanga headquarters - Colombia. Additionally, the installation, deployment and Development of the OSSIM (AlienVault) event mapping system for the Foundation. WFactura Colombia Analysis of vulnerabilities and intrusion tests to the platform. Accompaniment to the mitigation of vulnerabilities. Ike Asistencia Colombia Perform external management in nighttime for the Group's security implementation project Remote Protection, was deployed in the organization in order to perform ethical hacking vulnerability analysis, controlled intrusion tests and risk technological infrastructure of the company. Ministerio de Hacienda FONPET. Execute the validation and identification of the exposure levels in the SIF's technological infrastructure, against possible attacks and intrusions at the computer level, as well as the identification and recommendation of solutions to the vulnerabilities encountered. Securitex Colombia Analysis of vulnerabilities and intrusion tests to third parties belonging to the company. Accompaniment to the mitigation of vulnerabilities found. Banco Coopcentral Execute Ethical Hacking, vulnerability analysis and intrusion tests to the transactional portal of the financial institution, carry out the remediation and accompaniment plan in the solution to the vulnerabilities found, a project belonging to SEC-Consulting in which it acted as security analyst. Publications "Proof of concept - Hacking access control: SOYAL and ROSSLARE" PentestMagazine Vol.4 No.5 ISSN:-. Issue 5/2014 (33). May 5, 2014 Author: Roman Clavijo In this paper, tried to demonstrate a method to carry out an intrusion to a control system of electronic security gates. I am not responsible for any illegal use of the procedure set forth in the publication and the legal effects of those who use it to their benefit. The user should be informed directly involved. Idioms Spanish English (Native) (80%) Skills and expertise in: Pentesting Vulnerability scan Backbox Kali-rolling 2.0 Nethunter Whonix Metasploit OSSIM IDS Checkpoint Dsploit Acunetix Nessus Nexpose Openvas Firewall administration Seguridad Checkpoint VPN Checkpoint VPN Fortinet Remote Access Tools SQL Injection -testing Development of security policies Intrusion Detection Information Security Management Web Application Security DLP (Prevention of information leakage) Education EC-Council CEH, Computer and Information Systems Security / Information Assurance, 2012 - 2012 Ethical Hacker Javeriana University Systems Engineering 2002 - 2005 Cybrary (https://www.cybrary.it) Advanced Penetration Testing Cybrary (https://www.cybrary.it) Post Exploitation Hacking Cybrary (https://www.cybrary.it) Malware Analysis and Reverse Engineering Security Gurú http://www.securityoverride.org/ June 2013 PROFESIONAL REFERENCES Milena González Psychologist USTA- Aura Páez Lieutenant Colonel Army Colombia (R) Systems engineer- Pilar Otavo Systems engineer Housing Promoting Military and Police Housing- www.linkedin.com/in/romanclavijo ROMAN RODOLFO CLAVIJO OSORIO