Aug 2025 – Present · 8 mos · The Randstad, Netherlands · Remote

• Provide M&A cybersecurity due diligence, security program optimization, and fractional CISO services for executives, boards, and PE firms navigating high-stakes transitions.
• Deliver risk-based M&A security assessments and integration roadmaps that help acquirers understand true security posture and integration costs before closing
• Conduct data-driven security portfolio optimization, showing executives what to automate, delegate, consolidate, or remove across their security tool stack
• Advise incoming leadership on reorganizing inherited security programs, defining clear structures, roles, and strategic priorities aligned with current business needs
• Transform security from a technical "black box" into a transparent strategic asset that drives organizational valuation
• Help cybersecurity companies understand why they win or lose deals in enterprise security procurement: based on 13 years of making those buying decisions
• Provide cybersecurity market intelligence to investors for due diligence, acquisition targeting, and investment decisions. Leveraging data from 7,000+ security products tracked across 126 categories

Mar 2022 – Jun 2025 · 3 yrs 3 mos · Amsterdam Area

• Established and led global cybersecurity programs across Corporate Security, IAM, and Security Operations teams at a Forbes Cloud 100 fintech, aligning security strategy with business objectives across international markets.
• Evaluated and selected cybersecurity products across multiple categories, managing vendor assessments, RFPs, and security tool procurement
• Implemented zero-trust architecture (Netskope, Splunk SIEM, Okta IAM) enhancing automated threat detection capabilities and reducing mean time to respond by 36%
• Led security tool consolidation efforts, cutting redundant solutions and optimizing the security stack for operational efficiency
• Transformed supply chain security risk management program (TPRM), delivering 62% improvement in cyber risk quantification and streamlined vendor adoption processes
• Defended security tool purchases to executive leadership, translating technical requirements into business value
• Regularly secured ISO 27001 and SOC 2 Type II certifications under my areas of responsibility
• Led cross-functional teams to implement security best practices and standards

May 2021 – Feb 2022 · 9 mos · Amsterdam Area

• Led security process improvements for a Forbes Cloud 100 fintech unicorn, enabling faster growth without compromising security.
• Led corporate security team of security analysts and engineers, building capabilities and improving team workflows to scale with company growth
• Launched semi-automated Third Party Risk Management (TPRM) program, evaluating security vendors and reducing vendor onboarding time by 20%
• Conducted vendor assessments and security tool evaluations, building the foundation for enterprise security procurement processes
• Developed corporate security analysts and improved team workflows to scale with company growth
• Oversaw ISO 27001 and SOC 2 audit readiness for security functions, ensuring smooth and successful completions
• Acted as strategic link between security and business functions, increasing adoption of security practices across teams
• Collaborated with product, legal, and engineering directors to manage risk and secure company assets
• Defined and enforced security procedures to protect sensitive data and reduce breach risk

May 2020 – May 2021 · 1 yr · Amsterdam, North Holland, Netherlands

• Advised leadership on building an enterprise XDR cybersecurity platform, bridging the gap between product development and what enterprise security buyers actually need.
• Led design of Enterprise Cybersecurity, Threat Hunting, Security Operations, and Incident Response workflows for next-gen XDR platform
• Brought the CISO and enterprise security buyer's perspective to product decisions, ensuring features aligned with how security teams actually evaluate and purchase tools
• Built over 500 threat detection mechanisms for 140 MITRE ATT&CK techniques and sub-techniques across Linux, macOS, Windows, and cloud environments
• Built detection mechanisms for advanced threat actors including Ryuk and APT29
• Educated engineering and product teams on Enterprise Cybersecurity, Security Operations, and MSSP (SOC) processes and requirements
• Mentored product teams on what enterprise buyers and MSSPs look for during security tool evaluation and procurement

Feb 2019 – May 2020 · 1 yr 3 mos · Utrecht, Netherlands

• Built and led cybersecurity programs across global operations, overseeing three MSSP SOCs (KPN, British Telecom, and Accenture) to ensure security delivery met business needs.
• Designed and scaled end-to-end cybersecurity operations by managing MSSP contracts, SLAs, and daily performance.
• Built agile, metrics-driven SOC functions aligned to business priorities, improving visibility and accountability while reducing Mean Time to Response (MTTR) by 45%.
• Led security architecture reviews and Third Party Risk Management Program for group-wide platforms (Salesforce, SAP, Azure, Dell Boomi, EPiServer), embedding security early in key initiatives.
• Drove DevSecOps adoption, integrating security into SDLC and enabling early vulnerability detection in product development.
• Built and scaled a global security team of 18, mentoring analysts, engineers, and leads across regions.
• Embedded security into the business by strengthening executive relationships and driving risk-based decision-making across teams.

Nov 2017 – Jan 2019 · 1 yr 2 mos

• Led a group-wide risk management program covering vendors, third parties, projects, applications, and critical assets.
• Managed Local Information Security Officers across 24 EEA countries, ensuring consistent risk practices and reporting.
• Developed and executed a decentralized penetration testing strategy, improving efficiency by 56% across 24 countries.
• Advised C-level executives on risk posture by collaborating with senior management to define the organization’s Information Security risk appetite.
• Raised security awareness by designing and delivering training on IT security, risk management, penetration testing, and vendor oversight.
• Established a Secure Software Development Lifecycle (SSDLC) process tailored for DevOps and agile teams, embedding security early in development.
• Conducted internal ISO 27001 audits.

Jan 2017 – Nov 2017 · 10 mos

• Enforced information security policies, standards, and guidelines by collaborating closely with IT and business stakeholders.
• Managed penetration tests targeting the company’s most critical assets.
• Developed a centralized solution to handle security audits and questionnaires from major customers (Google, Uber, PayPal, Banks), positioning the security team as a trusted business partner.
• Supported executive teams during the successful merger with Lindorff, the largest merger in Scandinavia’s history.
• Conducted security and risk assessments for key acquisitions and high-profile projects.

Nov 2015 – Dec 2016 · 1 yr 1 mo · Georgia

• Contributed to the bank's business objectives by providing expert guidance on security solutions design.
• Acted as a subject matter expert in the security of the Core Banking Project, providing stakeholders with advice on defining a secure architecture and applying industry-standard security best practices.
• Deployed a bank-wide DLP solution, resulting in improved data protection and more effective incident identification.
• Oversaw implementing and managing critical security solutions, including Web Application Firewall, SIEM, Syslog, and DLP.
• Developed and enforced security policies, standards, and procedures aligned with industry best practices and regulatory requirements.

Nov 2014 – Nov 2015 · 1 yr · Tbilisi, Georgia

• Developed and implemented policies, procedures, and guidelines.
• Advised CISO in creating a solid foundation for information security at the company.
• Worked with senior stakeholders to raise information security and IT security awareness.
• Created a strategy for the first ISP Computer Emergency Response Team in Georgia.
• Managed various network and security solutions from CISCO, Checkpoint.

May 2014 – Nov 2014 · 6 mos · Georgia

• Created and implemented physical and information security policies.
• Conducted penetration tests and vulnerability assessments.
• Assisted top management in identifying and covering risks related to information and physical security.
• Created a security awareness program for employees and assisted the company's management in making risk-aware decisions.

Dec 2012 – May 2014 · 1 yr 5 mos · Tbilisi

• Developed and delivered training programs and workshops on cybersecurity, threat analysis, and incident response to diverse audiences, including law enforcement agencies, military personnel, corporations, diplomats, and students.

Jun 2012 – Dec 2012 · 6 mos · Tbilisi

• Conducted in-depth research and analysis in the field of cyber warfare and cybersecurity.
• Provided strategic insights and recommendations to international organizations and government agencies on the latest cyber threats and trends.
• Evaluated the cyber offensive capabilities of advanced persistent threats (APT) and provided threat intelligence reports to relevant stakeholders.