Michał Sobiegraj Cissp Cisa Ipma-D

offline

Michał Sobiegraj Cissp Cisa Ipma-D

Certified Information Security Professional, IT Risk Manager, Certified Project Manager

Miejscowość:
Wrocław, dolnośląskie
Strona www:
Michał Sobiegraj | Security Consultant and Evangelist
My LinkedIn Profile
My Blog
Branże:
Doradztwo/Konsulting
Informatyka/Programowanie
Kadra zarządzająca
Podsumowanie zawodowe:

Information security professional based in Wroclaw (Poland, EU), information risk manager, security architect and tester, speaker, and information security trainer.

I have a wide hands-on technical exposure gained over the years of my professional experience in a broad range of industries I worked in. Currently I hold an IT Risk Officer position in Credit Suisse.

I'm very passionate about my work enjoy challenge and constantly expand my horizons.

My skills:
- Solid people management skills with extensive experience of managing remote staff. Ability to approach challenges creatively with a solid grasp on time and budget constraints. Practical first hand acquaintance with project management.

- Expertise in IT security based on lots of hands-on experience with system/application hardening, security architectures development and application security testing. Extensive knowledge of IT security best practises, solid technical background resulting in good knowledge of security threats, vulnerabilities, methods of exploitation and feasible countermeasures.

- Expertise in information risk management and IT security auditing. Acquaintance with industry standards and audit/assessment methodologies. Ability to develop Business Continuity and Disaster Recovery Plans.

- Very good understanding of challenges associated with secure computing (cryptography, TCB, ACLs), networking (Intrusion Detection/Prevention Systems and firewalls deployment, secure LAN and WAN networks design) and secure design of distributed environments (cryptography, VPN, PKI).

- Practical knowledge of penetration testing methodologies. Experience with penetration testing, code reviews and reverse engineering of binaries (experience with win32 and J2ME binaries).

- Solid understanding of financial services businesses and acquaintance with banking industry.


Zobacz pełny profil

Stwórz profil

Musisz wpisać swoje imię
Musisz wpisać swoje nazwisko
Musisz wpisać poprawny e-mail
Musisz wpisać hasło (min. 8 znaków)
Musisz zaakceptować regulamin

Doświadczenie i referencje

Firma:
Credit Suisse (od 2008-10)
Stanowisko:
IT Risk Officer (Assistant Vice President)
Obowiązki:
IT Risk oversight over a number of countries in the EMEA region. Managing Local Information Security Officers (LISO-s) in these countries in their day-to-day responsibilities (which include performing application and infrastructure risk assessments, branch assessments of small offices in their respective countries, as well as interfacing with local regulators, audit and serving as a local point of contact to IT Risk). Responsible for delivery and quality of work of the LISO s in the overseen countries. Functionally managing the EMEA LISO network and training and development of all EMEA LISO-s.

Providing input to IT Risk Planning and Assessment service catalogue for the region based on internal client requirements, environment maturity and the risk appetite of the bank. Driving development of the internal organisational branch risk assessment methodology used in EMEA, Americas and Switzerland, and technical risk assessment methodology used in EMEA.

Managing regional IT Risk projects and IT Risk streams in strategic projects run across regions (managing the book of work and resources spread across EMEA, Switzerland and Americas).

Providing information security consultancy services to the branch offices in the region and performing high profile organisational and technical risk assessments.

Performing the Local Information Security Officer function for the Wroclaw branch. Performing regular in-person information security trainings for new joiners in the Wroclaw branch. Providing consultancy and assessment services to the local business and shared services functions.

Working in close collaboration with country- and region-level IT management across the EMEA region and with Wroclaw country-level business management. Regularly interfacing with the country-level business management across the region.

Significant experience with highly diversified working culture, virtual teams (including management of remote staff) and quickly changing organisational environment.
Firma:
ISSA Polska (od 2008-06 do 2011-07)
Stanowisko:
Member of the board
Obowiązki:
Built and lead the local branch of the Polish chapter of Information Systems Security Association (ISSA) in Wroclaw. Organising and chairing regular meetings of the Association and the local information security community in Wroclaw. On June 17, 2009 re-elected for the second term.
Firma:
ABN AMRO (od 2006-09 do 2007-06)
Stanowisko:
Information Risk Analyst
Obowiązki:
Performing Operational and Project Risk Assessments of critical bank systems throughout Europe. Hands on experience with assessing IT risks in various popular technologies including major operating systems (i5/OS, z/OS, Windows family), middleware (IBM DataStage, WAS, MQ), applications (PeopleSoft, Business Objects and others) and databases (ORACLE DB, DB2, MSSQL).

Performing SOX Test of Design and advising on addressing SOX audit points. Providing information security advisory to the business and addressing business requirements.

Working on development of the internal ABN AMRO Risk Assessment process based on the ISO-27001 set of standards.
Firma:
Self employed (od 2006-09 do 2008-09)
Stanowisko:
Information Security Consultant and Trainer
Obowiązki:
Providing Information Security advisory and consulting services. Performing Risk Assessments and Risk Analyses, audits and penetration tests. Clients included: ABN AMRO Bank (Polska) S.A., Favore Sp. z o.o., CNSgroup Sp.z o.o. and others.

Evangelising Information Security and providing information security trainings. Most notably the following: Information Systems and Networks Security (together with Presscom Sp. z o.o.) and Hands-on Web Application Security workshop (together with Akademia Linux Magazine).
Firma:
SecurityInfo – an IT Security portal (od 2005-09 do 2007-12)
Stanowisko:
Co-owner, Developer and Editor
Obowiązki:
Securityinfo is an IT Security portal aimed at the general IT audience in Poland. The mission of the service is to popularise information security knowledge and awareness among the Polish IT community.

Funded and developed the portal and worked as an editor for the publication for several years, publishing a number of information security-related articles and news commentaries.

http://securityinfo.pl
Firma:
Domena.pl Sp. z o.o. (od 2005-01 do 2006-03)
Stanowisko:
Chief Developer
Obowiązki:
Leading a series of projects supporting the core business of the company. The most important achievements include delivery of a domain management system interfacing with the registrar system using an EPP-like protocol (Extensible Provisioning Protocol, RFC 3730), and integration of this system with a vendor-provided billing system and automated hosting platform (Parallels HSPComplete and Plesk systems).

Responsible for architecture design, security design and security testing. Performing penetration tests of internally developed applications and company systems.
Firma:
InternetWorks Sp. z o.o. (od 2004-01 do 2005-04)
Stanowisko:
Developer
Obowiązki:
Developing in Perl CGI and PHP using PostreSQL and MySQL DB engines. The main achievements include delivery of a domain management system interfacing with NASK (Polish national domain registrar) and a number of customisations to Web store products in various technologies, including implementation of an on-line credit card payment systems.
Firma:
BRE Bank SA CERI Sp. z o.o. (od 2003-08 do 2003-09)
Stanowisko:
Apprentice Network Administrator
Obowiązki:
- Helping with administration and maintenance of a local area bank network;
- Installations, maintenance and minor repairs of computers in the network;
- Experience with MS Windows systems administration and maintenance (Windows 2000);
- Co-development of a network backup tool (Borland C++ Builder).
Firma:
SRT-Software (od 2001-10 do 2002-09)
Stanowisko:
Developer
Obowiązki:
Design and development of three systems: Partner Program Management System, Advertisement Program Management System and Client Management System (PHP, Interbase).
Firma:
Towarzystwo Finansowe "Bankier" (Financial Services "Bankier") (od 1999-04 do 1999-06)
Stanowisko:
Developer
Obowiązki:

Edukacja

Uczelnia:
Akademia Ekonomiczna im. Oskara Langego we Wrocławiu (2009-10 - 2011-11)

Zobacz stronę uczelni »

Kierunek:
Business Administration
Poziom studiów:
MBA
Uczelnia:
Fachhochschul-Studiengang Oberösterreich (2006-03 - 2006-06)

Zobacz stronę uczelni »

Kierunek:
Software Engineering (Socrates/Erasmus exchange)
Poziom studiów:
magisterskie
Uczelnia:
Politechnika Wrocławska (2001-10 - 2006-10)

Zobacz stronę uczelni »

Kierunek:
Computer Science, Computer Systems and Networks
Poziom studiów:
magisterskie

Informacje dodatkowe

Organizacje:
ISSA - Information Systems Security Assosiation
(ISC)2 - International Information Systems Security Certification Consortium
IPMA - International Project Management Association
Języki:
Polish - native
English - Full professional proficiency
German - elementary proficiency
Russian - elementary proficiency
Hobby:
Photography, Cinema
Inne:
Professional certificates: CISSP, CISA, IPMA-D (CPMA), CEH

Grupy


ABI ABI

Administratorzy Bezpieczeństwa Informacji

ABY POMÓC W 48 GODZIN ABY POMÓC W 48 GODZIN

Grupa ta ma na celu umożliwienie jej uczestnikom szybkie reagowanie na wzajemne potrzeby, nie tyl...

AutoROZWÓJ.pl AutoROZWÓJ.pl

To III edycja widowiska edukacyjnego Seans AutoROZWOJU. Nowoczesna sala kinowa, trenerzy razem z ...

Bazylea II Bazylea II

Bazylea II, Solvency II

Bezpieczeństwo IT -- IHACK.pl Bezpieczeństwo IT -- IHACK.pl

Bezpieczeństwo danych w Internecie spędza sen z powiek specjalistom i przeciętnym użytkownikom. K...

Business Consulting Business Consulting

Grupa firm branży KONSULTING / DORADZTWO. Liderzy i Eksperci. Wydarzenia branżowe rynku konsultin...

Business IT Business IT

Grupa firm branży IT / INTERNET. Liderzy i Eksperci. Wydarzenia branżowe rynku IT (B2B). Zarządza...

COBIT COBIT

COBIT 4.1 & 5.0. Control Objectives for Information and related Technology (COBIT)

Data Recovery Data Recovery

Odzyskiwanie i kasowanie danych, problematyka computer forensics

Domeny internetowe PR Biznes Sukces Domeny internetowe PR Biznes Sukces

Znaczenie domen internetowych, inwestycje w domeny. Szukasz domeny dla swojego projektu, a może ...

FORUM FORUM

Forum jako fenomen. Jak prawidlowo kierowac forum dyskusyjnym? Czy forum moze byc odpowiednim nar...

Foto - maniak Foto - maniak

Fotomaniak - nic dodać nic ująć :)

Giełda Giełda

Giełda Papierów Wartościowych staje się coraz ważniejszym elementem gospodarki. Nasza grupa powst...

Google AdSense Google AdSense

Czyli zarabianie na własnych stronach www.

(ISC)2 (ISC)2

Członkowie (ISC)2 (International Information Systems Security Certification Consortium)

ISSA Polska ISSA Polska

Information Security Systems Association Polish Chapter, czyli ISSA

ISSA Polska Wrocław ISSA Polska Wrocław

Grupa informacyjna Information Systems Security Association (ISSA) Polska dotycząca wydarzeń we W...

Kino czeskie Kino czeskie

Kameralne miejsce dla wszystkich zauroczonych czeskim kinem, np. dla fanów twórczości Petra Zelen...

LinkedIn LinkedIn

LinkedIn @ GoldenLine Gruopa skupia użytkowników międzynarodowego serwisu społecznościowego "Lin...

Miłośnicy twórczości Terrego Pratchetta Miłośnicy twórczości Terrego Pratchetta

Grupa dla ludzi, którzy otarli się o książki tak oderwane od rzeczywistości, jednak tak jej blisk...

Network Polska Network Polska

Networking, business networking, kontakty biznesowe, rozwój osobisty i firmowy, rekomendacja.

Networking by arvind Networking by arvind

Grupa dla osób z mojej listy kontaktowej.

PARTNERING PARTNERING

Nowe podejście do marketingu, a może koniec ery marketingu? Czy klienta należy traktować jako par...

Politechnika Wrocławska Politechnika Wrocławska

Grupa zrzeszająca osoby związane z Politechniką Wrocławską.

Praca dla studenta Praca dla studenta

Studenci poszukujący pracy, pogrupowani w branże.

Praca we Wrocławiu Praca we Wrocławiu

Grupa stworzona dla ludzi związanych z tematyką pracy, dla Pracodawców, Pracowników, Agencji Pośr...

Security Security

Grupa Wszystkich ludzi "zainteresowanych" IT security

Stress Management Stress Management

This is the best place to learn more about stress and its management.

Teoria Bezpieczeństwa Teoria Bezpieczeństwa

Bezpieczeństwo Informacji, bezpieczeństwo IT... bezpieczeństwo.. i inne abstrakcyjne twory.

TOASTMASTERS TOASTMASTERS

Grupa zrzeszająca członków i sympatyków klubów Toastmasters w Polsce i nie tylko ...

Toastmasters Bydgoszcz Toastmasters Bydgoszcz

Forum Toastmasters Bydgoszcz

Toastmasters Wrocław Toastmasters Wrocław

Toastmasters we Wrocławiu

TTCC - The Top Careers Club TTCC - The Top Careers Club

Grupa została założona w 2003 roku dla członków oraz ludzi zainteresowanych rozwojem kariery www....

Warszawa Warszawa

Grupa dla osob mieszkajacych / studiujacych / pracujacych w Warszawie

Wrocław Wrocław

Miejsce gdzie moga sie spotkac ludzie z Wroclawia oraz Ci ktorzy cenia to miasto. Ludzie tak niez...

Young Business Experts Young Business Experts

Young Business Experts to grupa, dzięki której nawiążesz kontakty biznesowe, znajdzie parterów, w...

Zarządzanie Zarządzanie

Grupa dla zarządzających, chcących zarządzać i lubiących dzielić się wiedzą z zakresu zarządzania.

Zarządzanie Talentami Zarządzanie Talentami

Wymiana wiedzy, poglądów i doświadczeń na temat Zarządzania Talentami.

Profil pochodzi z serwisu GoldenLine.pl

© 2005-2012 GoldenLine.pl Wszelkie prawa zastrzeżone.

Wyślij zaproszenie do

Anuluj