CV

Paolo Ottolino

+39 3357942593 - paolo.ottolino@gmail.com

Skype: paolo.ottolino - LinkedIn: http://www.linkedin.com/in/paoloottolino

Rome Italy

 

 

pdf version

Professional Profile

Cyber-Security Professional, with 20 years of experience. Business Developer, Security Architect, Technical Pre-Sales. Strong multinational experience. Electronic Engineer, thoroughly Security Certified Professional (CISSP-ISSAP CISM CISA OPST, ISO/IEC27001 ITIL PRINCE2 PMP).

Trusted Advisor, aimed at addressing Business needs (e.g. Risk, Intelligence, Resiliency), Compliance issues (e.g. Privacy, Payment, Audit Report) and Governance. Security Strategist focused in getting to the 'next step', by proper deployment of processes (e.g. Security Operation, Data Protection , Identity), infrastructures (e.g. IAM, SDLP) and security of Cloud and Web 2.0. Business Manager: P&L; Teamwork, SLA and Project Management.

Working Experiences

2017--

Rome

InterSistemi

Cyber Security Head

·          Responsibilities

Delivery Management

Managing delivery across team, consolidating methodology, enhanced technical capabilities

·          Activities

Business Development

Re-designing the provided service framework. Reinforcing brand. Selling Services

2016

Rome

Onyx Technology

Cyber Risk Manager for NTT Data

·          Activities

Cyber Risk

Cyber Risk Analysis & Security Management for an Italian International Communication Company

2013-15

Rome

Reply

Cyber Security Manager

·          Responsibilities

Delivery Management

Managing delivery across team (20+ people), consolidating methodology, helping in technical issues

 

Business Development

Service Pre-Sales in Rome and Centre of Italy of IT Security (GRC, implementation, etc)

·          Activities

PM & Tech Leadership

Leading IT Security projects. Looking after team’s skill acquisition

·          Results

Offering

Re-design of the framework of service offering. Reinforced brand. Enhanced technical capabilities

 

Tech Direction

Improved Technology (and related services) Sales: +200%. New Vendor partnership (+50%)

2010-12

Rome

Novell

Sr. Architect

·          Responsibilities

Engage Management

Managing program/project and partners on big deals about IAM, Identity Governance and Security Management. Virtual Teaming with Partners. Consulting Pre-Sales (annual budget $ 800K.)

·          Results

Solution Architecture

Designing Central Environment Control for Identities. Single Sign On, Privilege User Management. Identity Governance. Web Security (integrating Web Application Firewall). Security Information and Event Management. SIEM Reporting (SANS Top 5, OWASP TopTen, easily report deploying

2006-10

Rome

Symantec

Sr. Lead Principal (formerly Principal Consultant)

·          Responsibilities

EMEA Engagement

Member of EMEA-wide workgroup about solution definition and offering (e.g. “Information Feng-Shui”, “Sun Tzu Hardening”, “Compliance Control Taxonomy”, etc) based on client side experience. Consulting services presale (annual budget $ 2M; formerly $ 800K.). Prj Management Italy and EMEA

·          Activities

Compliance Management

Managing compliance against International Standards (mainly ISO 17799 and CobiT) and Regulations (as Basel II, SOX). Development of the ISMS for Financial and Government customer. Application to financial and governmental companies EMEA-wide. Design of a complete management solution

 

Security Operation

Defining a complete model about SOC activities. Application to financial and governmental companies EMEA-wide. Design of interface processes between company and managed services

 

PM & Tech Leadership

Leading security project about: Compliance Management, Security Assessment, Risk Management, Incident Handling, Software Development, Information Security Management, ISO 27001 Certification, BIA, DRP, Security Intelligence, Residency Support, Anti-Fraud

·          Results

CoE

Leader of the Community of Excellence “Security Management” EMEA from 2008 to 2010

 

“Pioneer Award”

Revenue and Efficiency in consulting; optimization for conceiving and managing deals in 2007

2002-05

Rome

Business-e (ITway)

ICT Security Advisor

·          Activities

System & Network Security

Developing guide-lines about hardening across an Italian International Mobile Phone Company. Designing Architecture, installing and configuring firewalls (CheckPoint FW-1), IDS (ISS Real Secure)

 

Military Environment

Performing Risk Analysis in Military environment. Developing  security Policies and Procedures

2001

Rome

Assioma

ICT System Consultant: Implementation, monitoring and maintenance of the IT infrastructures “Urmet SMS Relay Platform”, "CISCO Provisioning Centre", ”Marathon” nearby TelecomItalia

2000-01

Rome

Finnat Euramerica Bank

ICT Network and Application: Prj Mgmt (Trading on-Line, Financial Market Interconnection, GAM)

1998-99

FI-RM

National AirForce

Officer: IT Operations nearby Central Direction

1997-98

Rome

Sapienza University

System Administrator: Network Management

           

Teaching and Volunteering

2012-16   IsacaRoma – CISA Certification: Teacher of the official course for CISA exam preparation, about Domain 1 “IT Audit Process”

2012-18   (ISC)² Italy Chapter Directive Board Member: Responsible of Workgroup “Localizzazione”, providing  (ISC)² Italian security certification

2003-05   Master in Unix Administration/Prometeo Linux: Teacher of the post-graduate master about Unix mgmt. and course on RedHat administration

2015-16   Oracle Community for Security: Collaborator in “European Compliance” Workgroup

 

Speech List

Organizer

Conference

City

Argument

Title

Date

ISACA

CSX Europe 2017

London

Web 2.0 Sec

Web 2.0 Security (321)

2017.11.01

ISACA

CSX Europe 2017

London

EU Cyber Sec

EU Laws and Cyber Security (311)

2017.11.01

ISACA

CSX Europe 2017

London

BIA

BIA for Dummies (241)

2017.10.31

Clusit

Security Summit 2017

Rome

Web 2.0 Sec

Web 2.0 Security

2017.06.09

(ISC)²

SecureCEE 2016

Prague

Web 2.0 Sec

Web 2.0 Security

2016.09.27

Sapienza

ICT Cert Day 2015

Rome

(ISC)2 Credentials

(ISC)2 Credential: InfoSec Professional Certification

2015.09.15

Reply

eXchange

Milan

Web 2.0 Sec

Web 2.0 Security

2015.06.16

AIEA

Sessioni di Studio

Rome

Info Feng Shui

Information Feng Shui: olistica delle contromisure

2014.10.02

(ISC)²

SecureRome

Rome

Chapter Italy

Overview and Initiatives

2013.07.19

OWASP

Italy Day 2012

Rome

OWASP-ISC2

Convergenza tra approccio empirico e sistemistico

2012.11.20

Symantec

EMEA Symposium

Wien

IT Compiance

A Programmatic Approach to Assuring IT Compliance

2008.08.27

AIEA

Sessioni di Studio

Torino

DLP

Data Loss Prevention

2008.03.13

IsacaRoma

Giornate di Studio

Roma

Basel 2 & IT

Basel2 & IT Risk Management

2007.01.25

 

Education

State Exam

Engineering Professional Qualification

105/120

University “Sapienza” of Rome

2010

Master Degree

Electronic Engineering and Computer Science

104/110

University “Sapienza” of Rome

2002

Leaving Exam

Classical High School

45/60

Liceo Ginnasio Statale “Anco Marzio”, Rome

1991

Certifications

FSE

FireEye System Engineer

FireEye

373868

2017

27001

L.A. ISO/IEC 27001:2013

CSQA

 

2017

PRINCE2

Project IN Controlled Environment version 2 Foundation

EXIN

955497.20610412

2016

PMP

Project Management Professional

PMI

PMP® Number: 1518629

2012

ITIL

Information Technology Infrastructure Library version 3 Foundation

EXIN

c.745682

2008

CISM

Certified Information Security Manager

ISACA

Certificate No.: 0706569

2006

CISA

Certified Information System Auditor

ISACA

Certificate No.: 0647331

2006

ISSAP

Information System Security Architecture Professional

(ISC)².

Constituent No.: 62737

2005

CISSP

Certified Information System Security Professional

(ISC)².

Constituent No.: 62737

2004

OPST

OSSTMM Professional Security Tester

ISECOM

Cert. No.: A16310

2004

Skills

Management: Resource Management, P&L; Teaching, Team Building, People Management; WBS, Gantt, Solution Maps, Mind Maps

Governance, Risk & Control: CobiT ISO/IEC 38500, ISO/IEC 2700x, Balanced Scorecard, OSSTMM, OWASP, ITSEC, Common Criteria

Law & Regulation Compliance: Data Protection: “95/46/EC”, “196/03”; Financial: PCI-DSS, SOX, Basel II; Industrial: NERC-CIP, Smart Grid Security

Architecture Security: Secure Web 2.0 and CMS, Web Application Firewall, Secure Network infrastructure Design, Cryptology, Cloud Security

Security Management: SOC, Incident Management, SIEM, Log Management, Anti-Fraud, Cyber Security, Brand-Protection, Information FengShui

Identity & Access Security: Identity & Access Governance, IAM, IAG, AAA, SSO, PUM, Data Loss Prevention

Computer Security: Hardening, Application Security, CMS Security. OSSTMM. Reporting, Access & System Compliance Management

General Platform: Content Management (Drupal, SharePoint), Linux (Red Hat, SuSe, Slackware), Directory Service (LDAP, AD), MS-Win (2008R2, 2012R2)

Languages

English: proficient

Italian: mother tongue

Personal Details

Born in Rome on May 3rd, 1972. Married. One child. Marathon Runner. I Dang of Viet Vo Dao.

 

I authorize the processing of my personal data, per the Italian law 196/03