Jun 2019 – Jan 2022 · 2 yrs 7 mos · Israel

• Leading a team of highly skilled consultants as well as delivering application security consulting projects for large and small clients both locally and abroad and in a variety of industries.
• As well as being involved in many mobile and web application penetration testing and application architecture/design security projects per year, I am also involved in code review, general information security reviews and risk reviews as well as long term projects for a few organisations to help them run and improve their internal applications security practices.
• Examples of projects include:
• Assisting a global technology company evaluate the use of Dynamic Application Security Testing tools in their CI/CD processes.
• Assessing and comparing potential Web Application Firewall options for a large medical product organization.
• Acting as an internal application security expert for a product within a large technology organization.
• Coordinating application security testing across multiple applications for a large human resources consultancy.

Aug 2015 – Jun 2019 · 3 yrs 10 mos · Petakh Tikva, Israel

• Worked within the Application Security department and was responsible for supervising, helping and developing a team of up to four people within the larger department.
• I led and delivered thirty to forty mobile and web application penetration testing and application architecture/design security projects per year as well as code review, general information security reviews and risk reviews for large and small clients both locally and abroad and in a variety of industries.
• Examples of projects included:
• Leading the team delivering a large application test (~20 applications) in just a few weeks for the UK operations of a large international bank.
• Performing a combined application, infrastructure and smart device security testing for a local medical device start-up.
• Part-time secondment over several months in the internal application security team for a very large, international gaming company.
• Providing Cloud Security advice and preparing guidance documents for a number of large local financial institutions.
• I was also heavily involved in internal quality improvement activities, coordinating and delivering internal training and driving internal CTF activity for skills improvement.

Apr 2013 – Jul 2015 · 2 yrs 3 mos · Tel Aviv, Israel

• Worked in the Information Security Services department of KPMG Somekh Chaikin as a Senior Consultant. I provided advice and recommendations to help clients from a variety of industries to improve their Information Security posture by performing risk reviews, vulnerability assessments and penetration tests.
• Projects involved both technical testing and also enquiry and evidence based controls assessment.
• I was also involved in the training of new security consultants including delivering a three day web application security course.
• Example projects:
• Delivered the technical work-stream of an IT Security Review for a global pharmaceutical company’s local subsidiary including configuration review of security appliances, access reviews, vulnerability analysis and penetration testing.
• Delivered the Information Security work-stream for a large IT Internal Audit project for an international trading technology company.
• Helped to deliver an Information Security Internal Audit for a global manufacturing company based in Israel.
• Performed multiple application security assessments in companies in various sectors using various technologies as well as for internally developed applications.
• Performed a security risk review around a cloud solution for a large Israeli bank
• Performed an IT risk review for an Israeli finance client

Feb 2012 – Mar 2013 · 1 yr 1 mo · Kfar Saba, Israel

• Worked as a Migration Expert/Project Manager, using my knowledge of VB6 and the .NET framework to manage teams using Gizmox's internally developed Transposition Tool to migrate applications written in VB6 to .NET.
• This tool is capable of migrating to a variety of platforms including WinForms and also Visual WebGui, Gizmox's framework for allowing developers used to developing for the desktop to easily develop for the web and mobile web.
• A key requirement was the ability to read and understand the client’s software code to ensure that the migrated code matched the original intended functionality and develop improvements to the migration tool where possible.

Sep 2011 – Feb 2012 · 5 mos

• Having settled into a new country, I spent several months working part time as a contracting software developer working in VB.NET, C# and ASP.NET whilst I was at Hebrew language courses.

Jan 2011 – Jul 2011 · 6 mos

• I started as a Consultant and was promoted to Manager in January 2011, managing multiple projects and people whilst working on other projects that required my technical expertise and working alongside existing and potential clients.
• I worked on projects involving Data Analytics, Attack and Penetration Testing, Software Development, IT Controls Audit and IT Forensics each time using my programming/technical skills to increase efficiency and reduce effort.
• Example projects:
• Helped develop a repeatable analytics model for one of the largest UK energy companies to use 4bn lines of billing data to find the imbalance between revenue billed and energy they were charged for on an account level and the root causes of this.
• Developed an internal toolset using C#, VBA and VB.net to support data analysis reporting. Development required efficient and flexible prototyping approach to allow management to make suggestions and refine requirements during development.
• Worked on a large project performing penetration testing over web applications and network infrastructure for a large government department which required Security Clearance in the UK.
• Up-scaled complex process from MS Access to Oracle Database for one of the UK’s largest banks. Required significant technical skill to convert incompatible expressions and also careful parallel running and testing to ensure the process exactly duplicated.

Jan 2009 – Dec 2010 · 1 yr 11 mos

• Information & Technology Risk department

Jul 2006 – Dec 2008 · 2 yrs 5 mos

• Information & Technology Risk department

Jul 2004 – Jun 2005 · 11 mos

• As a member of the programming team I worked on systems for a multitude of clients. I came into contact with many different technologies including the .NET Framework for desktop applications, web application and Pocket PCs as well GPRS WAP and GPS applications.
• Responsibility came from day one and indeed by midway through the placement I was expected to be on top of five different projects at once, two of which I was project managing.