|
+39 3357942593 - paolo.ottolino@gmail.com Skype: paolo.ottolino - LinkedIn: http://www.linkedin.com/in/paoloottolino Rome Italy |
|
Professional Profile
Cyber-Security Professional, with 20 years of experience. Business Developer, Security Architect, Technical Pre-Sales. Strong multinational experience. Electronic Engineer, thoroughly Security Certified Professional (CISSP-ISSAP CISM CISA OPST, ISO/IEC27001 ITIL PRINCE2 PMP).
Trusted Advisor, aimed at addressing Business needs (e.g. Risk, Intelligence, Resiliency), Compliance issues (e.g. Privacy, Payment, Audit Report) and Governance. Security Strategist focused in getting to the 'next step', by proper deployment of processes (e.g. Security Operation, Data Protection , Identity), infrastructures (e.g. IAM, SDLP) and security of Cloud and Web 2.0. Business Manager: P&L; Teamwork, SLA and Project Management.
Working Experiences
|
2017-- |
Rome |
InterSistemi |
Cyber Security Head |
||
|
· Responsibilities |
Delivery Management |
Managing delivery across team, consolidating methodology, enhanced technical capabilities |
|||
|
· Activities |
Business Development |
Re-designing the provided service framework. Reinforcing brand. Selling Services |
|||
|
2016 |
Rome |
Onyx Technology |
Cyber Risk Manager for NTT Data |
||
|
· Activities |
Cyber Risk |
Cyber Risk Analysis & Security Management for an Italian International Communication Company |
|||
|
2013-15 |
Rome |
Reply |
Cyber Security Manager |
||
|
· Responsibilities |
Delivery Management |
Managing delivery across team (20+ people), consolidating methodology, helping in technical issues |
|||
|
|
Business Development |
Service Pre-Sales in Rome and Centre of Italy of IT Security (GRC, implementation, etc) |
|||
|
· Activities |
PM & Tech Leadership |
Leading IT Security projects. Looking after team’s skill acquisition |
|||
|
· Results |
Offering |
Re-design of the framework of service offering. Reinforced brand. Enhanced technical capabilities |
|||
|
|
Tech Direction |
Improved Technology (and related services) Sales: +200%. New Vendor partnership (+50%) |
|||
|
2010-12 |
Rome |
Novell |
Sr. Architect |
||
|
· Responsibilities |
Engage Management |
Managing program/project and partners on big deals about IAM, Identity Governance and Security Management. Virtual Teaming with Partners. Consulting Pre-Sales (annual budget $ 800K.) |
|||
|
· Results |
Solution Architecture |
Designing Central Environment Control for Identities. Single Sign On, Privilege User Management. Identity Governance. Web Security (integrating Web Application Firewall). Security Information and Event Management. SIEM Reporting (SANS Top 5, OWASP TopTen, easily report deploying |
|||
|
2006-10 |
Rome |
Symantec |
Sr. Lead Principal (formerly Principal Consultant) |
||
|
· Responsibilities |
EMEA Engagement |
Member of EMEA-wide workgroup about solution definition and offering (e.g. “Information Feng-Shui”, “Sun Tzu Hardening”, “Compliance Control Taxonomy”, etc) based on client side experience. Consulting services presale (annual budget $ 2M; formerly $ 800K.). Prj Management Italy and EMEA |
|||
|
· Activities |
Compliance Management |
Managing compliance against International Standards (mainly ISO 17799 and CobiT) and Regulations (as Basel II, SOX). Development of the ISMS for Financial and Government customer. Application to financial and governmental companies EMEA-wide. Design of a complete management solution |
|||
|
|
Security Operation |
Defining a complete model about SOC activities. Application to financial and governmental companies EMEA-wide. Design of interface processes between company and managed services |
|||
|
|
PM & Tech Leadership |
Leading security project about: Compliance Management, Security Assessment, Risk Management, Incident Handling, Software Development, Information Security Management, ISO 27001 Certification, BIA, DRP, Security Intelligence, Residency Support, Anti-Fraud |
|||
|
· Results |
CoE |
Leader of the Community of Excellence “Security Management” EMEA from 2008 to 2010 |
|||
|
|
“Pioneer Award” |
Revenue and Efficiency in consulting; optimization for conceiving and managing deals in 2007 |
|||
|
2002-05 |
Rome |
Business-e (ITway) |
ICT Security Advisor |
||
|
· Activities |
System & Network Security |
Developing guide-lines about hardening across an Italian International Mobile Phone Company. Designing Architecture, installing and configuring firewalls (CheckPoint FW-1), IDS (ISS Real Secure) |
|||
|
|
Military Environment |
Performing Risk Analysis in Military environment. Developing security Policies and Procedures |
|||
|
2001 |
Rome |
Assioma |
ICT System Consultant: Implementation, monitoring and maintenance of the IT infrastructures “Urmet SMS Relay Platform”, "CISCO Provisioning Centre", ”Marathon” nearby TelecomItalia |
||
|
2000-01 |
Rome |
Finnat Euramerica Bank |
ICT Network and Application: Prj Mgmt (Trading on-Line, Financial Market Interconnection, GAM) |
||
|
1998-99 |
FI-RM |
National AirForce |
Officer: IT Operations nearby Central Direction |
||
|
1997-98 |
Rome |
Sapienza University |
System Administrator: Network Management |
||
Teaching and Volunteering
2012-16 IsacaRoma – CISA Certification: Teacher of the official course for CISA exam preparation, about Domain 1 “IT Audit Process”
2012-18 (ISC)² Italy Chapter Directive Board Member: Responsible of Workgroup “Localizzazione”, providing (ISC)² Italian security certification
2003-05 Master in Unix Administration/Prometeo Linux: Teacher of the post-graduate master about Unix mgmt. and course on RedHat administration
2015-16 Oracle Community for Security: Collaborator in “European Compliance” Workgroup
Speech List
|
Organizer |
Conference |
City |
Argument |
Title |
Date |
|
ISACA |
CSX Europe 2017 |
London |
Web 2.0 Sec |
Web 2.0 Security (321) |
2017.11.01 |
|
ISACA |
CSX Europe 2017 |
London |
EU Cyber Sec |
2017.11.01 |
|
|
ISACA |
CSX Europe 2017 |
London |
BIA |
BIA for Dummies (241) |
2017.10.31 |
|
Clusit |
Security Summit 2017 |
Rome |
Web 2.0 Sec |
2017.06.09 |
|
|
(ISC)² |
SecureCEE 2016 |
Prague |
Web 2.0 Sec |
2016.09.27 |
|
|
Sapienza |
ICT Cert Day 2015 |
Rome |
(ISC)2 Credentials |
2015.09.15 |
|
|
Reply |
eXchange |
Milan |
Web 2.0 Sec |
2015.06.16 |
|
|
AIEA |
Sessioni di Studio |
Rome |
Info Feng Shui |
2014.10.02 |
|
|
(ISC)² |
SecureRome |
Rome |
Chapter Italy |
2013.07.19 |
|
|
OWASP |
Italy Day 2012 |
Rome |
OWASP-ISC2 |
2012.11.20 |
|
|
Symantec |
EMEA Symposium |
Wien |
IT Compiance |
2008.08.27 |
|
|
AIEA |
Sessioni di Studio |
Torino |
DLP |
2008.03.13 |
|
|
IsacaRoma |
Giornate di Studio |
Roma |
Basel 2 & IT |
2007.01.25 |
Education
|
State Exam |
Engineering Professional Qualification |
105/120 |
University “Sapienza” of Rome |
2010 |
|
Master Degree |
Electronic Engineering and Computer Science |
104/110 |
University “Sapienza” of Rome |
2002 |
|
Leaving Exam |
Classical High School |
45/60 |
Liceo Ginnasio Statale “Anco Marzio”, Rome |
1991 |
Certifications
|
FSE |
FireEye System Engineer |
FireEye |
373868 |
2017 |
|
27001 |
L.A. ISO/IEC 27001:2013 |
CSQA |
|
2017 |
|
PRINCE2 |
Project IN Controlled Environment version 2 Foundation |
EXIN |
955497.20610412 |
2016 |
|
PMP |
Project Management Professional |
PMI |
PMP® Number: 1518629 |
2012 |
|
ITIL |
Information Technology Infrastructure Library version 3 Foundation |
EXIN |
c.745682 |
2008 |
|
CISM |
Certified Information Security Manager |
ISACA |
Certificate No.: 0706569 |
2006 |
|
CISA |
Certified Information System Auditor |
ISACA |
Certificate No.: 0647331 |
2006 |
|
ISSAP |
Information System Security Architecture Professional |
(ISC)². |
Constituent No.: 62737 |
2005 |
|
CISSP |
Certified Information System Security Professional |
(ISC)². |
Constituent No.: 62737 |
2004 |
|
OPST |
OSSTMM Professional Security Tester |
ISECOM |
Cert. No.: A16310 |
2004 |
Skills
Management: Resource Management, P&L; Teaching, Team Building, People Management; WBS, Gantt, Solution Maps, Mind Maps
Governance, Risk & Control: CobiT ISO/IEC 38500, ISO/IEC 2700x, Balanced Scorecard, OSSTMM, OWASP, ITSEC, Common Criteria
Law & Regulation Compliance: Data Protection: “95/46/EC”, “196/03”; Financial: PCI-DSS, SOX, Basel II; Industrial: NERC-CIP, Smart Grid Security
Architecture Security: Secure Web 2.0 and CMS, Web Application Firewall, Secure Network infrastructure Design, Cryptology, Cloud Security
Security Management: SOC, Incident Management, SIEM, Log Management, Anti-Fraud, Cyber Security, Brand-Protection, Information FengShui
Identity & Access Security: Identity & Access Governance, IAM, IAG, AAA, SSO, PUM, Data Loss Prevention
Computer Security: Hardening, Application Security, CMS Security. OSSTMM. Reporting, Access & System Compliance Management
General Platform: Content Management (Drupal, SharePoint), Linux (Red Hat, SuSe, Slackware), Directory Service (LDAP, AD), MS-Win (2008R2, 2012R2)
Languages
English: proficient
Italian: mother tongue
Personal Details
Born in Rome on May 3rd, 1972. Married. One child. Marathon Runner. I Dang of Viet Vo Dao.
I authorize the processing of my personal data, per the Italian law 196/03