A global, multi-cultural passionate information technology senior professional with strong background leading Information Security Risk and Vulnerability Management, Public Key Infrastructure (PKI) and IT Network global and regional projects.
He tried and did a good job but couldn't complete due to my choice of passwords. Its a difficult task for sure. He did help me and I suggest sending him 10 dollars for his troubles. He as a freelancer can not be marked down for this.
Vendor Risk Management: Developed a Vendor Risk Assessment tool increasing the capability of the team and increased efficiency with automation for requests by 35%. The tool includes an on-line assessment, initial risk definition for each vendor and initial remediation required.
Risk Assessment: Improved time to answer the Risk Assessment from 30 days to 1-2 weeks making questions more clear. Added +150 questions to the assessment but made it smarter and dynamic asking specific questions on the beginning of the assessment to capture business scope and profile. (For example questions for e-commerce site, or hosting provider, or digital marketing, etc.)
Compliance with Kimberly-Clark Standards: Added an area on the on-line risk assessment for vendors to upload required documents for review and analysis against SSAE 16 requirements, PCI compliance, etc. Increased the number of Risk Assessments performed per year by 60% through Global training and creating a synergy and work process with Procurement and Legal teams. The relationship with these two areas positioned security to engage and participate in vendor selection processes and also review of Master Agreements, Contracts and Statement of Work.
Security Framework: Changed the process and increased the scope of Risk Assessments to adjust with security best practices following NIST and ISO. Covered not only “confidentiality” but also integrity and availability. Diminished 75% of escalated Risk Assessments to management (Sr. Manager and CISO) resolving vendor and business risk issues and remediation requirements at the lowest level possible.
Translate Technical Requirements to Business Language: Implemented a Risk Management process to a spinoff Health Care company (Halyard Health) on time and on budget. Participated in meetings with the Chief Information Security Officer (CISO) and Business Director to translate technical security concerns to business language providing pragmatic understanding of the real threat to empower the business to make smart decisions.
Public Key Infrastructure (PKI): Led implementation of a cloud PKI solution (Symantec mPKI) for mobility to a spin-off new company (Halyard Health) on time and on budget. Led and managed the global PKI solution for Kimberly-Clark including Root Certified Authority, Issuing/Subordinated Certified Authorities, NDES server, OCSP, Safenet Luna SA 5 Hardware Secure Module (HSM) and integration with MDM solution
Vulnerability Management: Proved to management the need for a Vulnerability Management Solution. Designed and implemented from definition of scope, vendor selection, installation and operation of the devices. Built processes, procedures and policy for executing the discovery and vulnerability scans and integrating with support areas (desktop, network, server, etc.). Increased visibility of threats and engaged other teams to patch and update their devices increasing the overall security. Performed discovery and vulnerability scans every 30 days and specific scans when new threats appeared (i.e. Poodle, Shellshock, Heartbleed, etc.) using Beyond Trust Retina and Nessus
Policies and Standards: Developed Information Security Standards (Cryptography, PKI, Hardware Disposal, Password Management, Remote Access, Two Factor Authentication, Risk Management and Vulnerability Management).
Data Privacy: Led an information security Data Privacy project with Global Security and Legal.
Security Awareness: Promoted multiple information security awareness campaigns including social engineering calls raising the security knowledge of employees.
Security Strategy: Provided definition of Information Security Strategy for Risk, Vulnerability, PKI and Third Party Access Management.
Data Loss Prevention (DLP): Led development and implementation of a DLP Solution for a single location in Latin America as a pilot. Configured the device to monitor for two weeks before implementing the policy settings.
IT Network: Managed $3M Capital Budget for Latin America Network Operations. Led Latin American MPLS Data Network deployment. Successfully reduced 50% of Latin American network costs and doubled capacity. Led standardization of IT infrastructure in Latin American reducing the Total Cost of Ownership. Reduced 20% of Data Center Infrastructure with VMware virtualization.
教育
MBA
Fundação Getúlio Vargas,
Brazil 2006 - 2007
(1 年)
Masters Computer Network
Fundação Armando Alvares Penteado,
Brazil 2000 - 2001
(1 年)
Technology in Microelectronics
Faculdade de Tecnologia de São Paulo,
Brazil 1993 - 1997
(4 年)
资质
CRISC
ISACA
2016
Certified in Risk and Information Security Controls
PCIP
PCI SSC
2014
Payment Card Industry Professional
CISSP
(ISC)2
2013
出版物
Replacing Tokens with Digital Certificates for User Authentication on Remote VPN. Is this a Bad Idea?
Kakin9 e-book - Public Key Cryptostructure
Imagine that you were sent a request by senior management, you have a new mission: reduce the costs of the tokens license, improve the user experience via something simpler and keep the same level of security for your remote VPN users. Would you say no? Would you say that this impossible to achieve? Or would you investigate and try to deliver a solution for the business? If you believe this is impossible, I can tell you that you can have something that comes very close.
Brasil chefia projeto da Kimberly-Clark
Brasil Economico
Luciano Ferrari é o brasileiro que está à frente das iniciativas mais sustentáveis no departamento de tecnologia da Kimberly-Clark no mundo.
O profissional foi escolhido pelo engajamento com o assunto e pela implementação de soluções simples e eficazes no país.