CV

Paolo Ottolino

+39 3357942593 - paolo.ottolino@gmail.com

Skype: paolo.ottolino - LinkedIn: http://www.linkedin.com/in/paoloottolino

Rome Italy

 

 

pdf version

Professional Profile

Cyber-Security Professional, with 20 years of experience. Business Developer, Security Architect, Technical Pre-Sales. Strong multinational experience. Electronic Engineer, thoroughly Security Certified Professional (CISSP-ISSAP CISM CISA OPST, ISO/IEC27001 ITIL PRINCE2 PMP).

Trusted Advisor, aimed at addressing Business needs (e.g. Risk, Intelligence, Resiliency), Compliance issues (e.g. Privacy, Payment, Audit Report) and Governance. Security Strategist focused in getting to the 'next step', by proper deployment of processes (e.g. Security Operation, Data Protection , Identity), infrastructures (e.g. IAM, SDLP) and security of Cloud and Web 2.0. Business Manager: P&L; Teamwork, SLA and Project Management.

Working Experiences

 

 

2017

Rome

InterSistemi

Cyber Security Head

Responsibilities Delivery Management Managing delivery across team, consolidating methodology, helping in technical issues

·        Activities

Business Development

Re-design of the framework of service offering. Reinforced brand. Enhanced technical capabilities

 

 

2016

Rome

Onyx Technology

Cyber Risk Manager

·        Activities

Cyber Risk

Cyber Risk Analysis & Security Management for an Italian International Communication Company, through NTT Data

 

2013-15

Rome

Reply

Cyber Security Manager

·        Responsibilities

Delivery Management

Managing delivery across team (20+ people), consolidating methodology, helping in technical issues

 

Business Development

Service Pre-Sales in Rome and Centre of Italy of IT Security (GRC, implementation, etc)

·        Activities

PM & Tech Leadership

Leading IT Security projects. Looking after team’s skill acquisition

·        Results

Offering

Re-design of the framework of service offering. Reinforced brand. Enhanced technical capabilities

 

Tech Direction

Improved Technology (and related services) Sales: +200%. New Vendor partnership (+50%)

 

2010-12

Rome

Novell

Sr. Manager Consulting

·        Responsibilities

Engage Management

Managing program/project and partners on big deals about Identity and Access Management, Identity Governance and Security Management

·        Activities

Consulting Service

Consulting Pre-Sales. Virtual Teaming with Partners  about Identity & Security Management

 

Solution Architecture

Designing Central Environment Control for Identities. Single Sign On, Privilege User Management. Identity Governance. Web Security (integrating Web Application Firewall). Security Information and Event Management

·        Results

Reporting Manual

Comprehensive Best-Practice Manual intended for Consulting Internal Services and Partners about SIEM Reporting: fulfilling SANS 5 Top Report, adhering to 3/10 OWASP Top Ten and easily report deploying

 

Service Offering

Organization of Security Consulting  by the mapping of Standards (ISO27001, CobiT, ITIL, ISO38500) to Effective Implementation Services (IAM, Id-Governance, App-Sec, NOC, Cloud and Infrastructure)

 

2006-10

Rome

Symantec

Sr. Lead Principal (formerly Principal Consultant)

·        Responsibilities

EMEA Engagement

Managing EMEA-wide workgroup about solution definition and offering (e.g. “Information Feng-Shui”, “Sun Tzu Hardening”, “Compliance Control Taxonomy”, etc) based on client side experience

 

Pre-Sales

Consulting services presale (annual budget $ 2M; formerly $ 800K.)

 

Prj Team Management

Acting as responsible for customer-specific engagements in Italy and EMEA-Emerging countries

·        Activities

Intelligence Operation

Performing advisory activities across finance and government sectors in Italy and EMEA-Emerging countries, about Security Intelligence, Residency Support, Anti-Fraud

 

Compliance Analysis

Managing compliance against International Standards (mainly ISO 17799 and CobiT) and Regulations (as Basel II, SOX). Development of the ISMS for Financial and Government customer. Application to financial and governmental companies EMEA-wide

 

Security Operation

Defining a complete model about SOC activities. Application to financial and governmental companies EMEA-wide. Design of interface processes between company and managed services

 

PM & Tech Leadership

Leading security project about: Compliance Management, Security Assessment, Risk Management, Incident Handling, Software Development, Information Security Management, ISO 27001 Certification, BIA, DRP

·        Results

 

 

 

“Pioneer Award”

Revenue and Efficiency in consulting; optimization for conceiving and managing deals

 

CoE

Leader of the Community of Excellence “Security Management” EMEA from 2008 to 2010

 

“Control Compliance Mapping”

Design and definition of a complete management solution. IT Risk Management for Financial Sector: round integration with Operational Risk treatment of Basel II AMA. Public Speech

 

2002-05

Rome

Business-e (ITway)

ICT Security Advisor

·        Activities

Network Security

Designing Architecture, installing and configuring firewalls (CheckPoint FW-1), IDS (ISS Real Secure)

 

System Security

Developing guide-lines and designing implementation processes for ensuring secure configuration of systems across an Italian International Mobile Phone Company

 

Military Environment

Performing Risk Analysis in Military environment. Developing  security Policies and Procedures

·        Results

Hardening

Conceiving and definition of comprehensive process about system hardening

 

2001

Rome

Assioma

ICT System Consultant: Implementation, monitoring and maintenance of the IT infrastructures “Urmet SMS Relay Platform”, "CISCO Provisioning Centre", ”Marathon” nearby TelecomItalia

2000-01

Rome

Finnat Euramerica Bank

ICT Network and Application: Project Management (Trading on-Line, Financial Market Interconnection, GAM network, etc.) nearby Finnat Euramerica Bank

1998-99

FI-RM

National AirForce

Officer: IT Operations nearby Central Direction

1997-98

Rome

Sapienza University

System Administrator: Network Management

 

Teaching and Volunteering

2012-16   IsacaRoma – CISA Certification: Teacher of the official course for CISA exam preparation, about Domain 1 “IT Audit Process”

2012-18   (ISC)² Italy Chapter Directive Board Member: Responsible of Workgroup “Localizzazione”, providing  (ISC)² Italian security certification

2003-05   Master in Unix Administration/Promoteo Linux: Teacher of the post-graduate master about Unix mgmt. and course on RedHat administration

2015-16   Oracle Community for Security: Collaborator in “European Compliance” Workgroup

Education

State Exam

Engineering Professional Qualification

105/120

University “Sapienza” of Rome

2010

Master Degree

Electronic Engineering and Computer Science

104/110

University “Sapienza” of Rome

2002

Leaving Exam

Classical High School

45/60

Liceo Ginnasio Statale “Anco Marzio”, Rome

1991

 

Certifications

OPST

OSSTMM Professional Security Tester ISECOM

Cert. No.: A16310

2004

CISSP

Certified Information System Security Professional

(ISC)².

Constituent No.: 62737

2004

ISSAP

Information System Security Architecture Professional

(ISC)².

Constituent No.: 62737

2005

CISM

Certified Information Security Manager

ISACA

Certificate No.: 0706569

2006

CISA

Certified Information System Auditor

ISACA

Certificate No.: 0647331

2006

ITIL

Information Technology Infrastructure Library version 3 Foundation

EXIN

c.745682

2008

PMP Project Management Professional PMI PMP® Number: 1518629 2012
PRINCE2 Project IN Controlled Environment version 2 Foundation Exin 955497.20610412 2016
27001 L.A. ISO/IEC 27001:2013 CSQA   2017
FSE FireEye System Engineer FireEye 373868 2017

 

 

Skills

Management: Resource Management, P&L; Teaching, Team Building, People Management; WBS, Gantt, Solution Maps, Mind Maps

Governance, Risk & Control: CobiT ISO/IEC 38500, ISO/IEC 2700x, Balanced Scorecard, OSSTMM, OWASP, ITSEC, Common Criteria

Law & Regulation Compliance: Data Protection: “95/46/EC”, “196/03”; Financial: PCI-DSS, SOX, Basel II; Industrial: NERC-CIP, Smart Grid Security

Architecture Security: Secure Web 2.0 and CMS, Web Application Firewall, Secure Network infrastructure Design, Cryptology, Cloud Security

Security Management: SOC, Incident Management, SIEM, Log Management, Anti-Fraud, Cyber Security, Brand-Protection, Information FengShui

Identity & Access Security: Identity & Access Governance, IAM, IAG, AAA, SSO, PUM, Data Loss Prevention

Computer Security: Hardening, Application Security, CMS Security. OSSTMM. Reporting, Access & System Compliance Management

General Platform: Content Management (Drupal, SharePoint), Linux (Red Hat, SuSe, Slackware), Directory Service (LDAP, AD), MS-Win (2008R2, 2012R2)

Languages

English: proficient

Italian: mother tongue

Personal Details

Born in Rome on May 3rd, 1972. Married. One child. Marathon Runner. I Dang Viet Vo Dao.

 

I authorize the processing of my personal data, per the Italian law 196/03

2016

Rome

Onyx Technology

Cyber Risk Manager

·        Activities

Cyber Risk

Cyber Risk Analysis & Security Management for an Italian International Communication Company, through NTT Data

 

 

2016

Rome

Onyx Technology

Cyber Risk Manager

·        Activities

Cyber Risk

Cyber Risk Analysis & Security Management for an Italian International Communication Company, through NTT Data