CISOaaS.it

My path

I have gained my professional experience of over thirty years in business transformation and IT (Information Technology) Operations in complex organizations, applying innovative and enabling IT solutions.

I have successfully led continuous process improvements through sustainable technological paths, with positive impacts on organization and costs, gaining skills in IT Infrastructures, Outsourcing, Data and Service Integration, Cloud, IT Service Management, Contract and Supplier Management.

IT security has always been a point of reference for all my activities: as a system engineer, software developer, infrastructure architect, CTO (Chief Technology Officer) and finally CISO (Chief Information Security Officer).
From 2018 to 2021 I held the role of CISO for the Tecnocasa Group, creating the General Security Program.

While I have tried to maintain the maximum balance, I have personally seen the importance of a CISO i
independent in an organization, a resource that must be focused on Information Security without "conflicts" with other priorities and objectives:

it's the'I commit that I have taken and maintained with all the companies I have operated with as a vCISO or Fractional CISO from 2021 until today.

Roberto Perelli

IMG_6A0A1527A5DE-1 2
Certified Information Systems Security Professional (CISSP)

Issued by (ISC) ²

Required by the world? S most security-conscious organizations, CISSP is the gold-standard information security certification

My strengths

In addition to that of CISO, the various organizational roles I have held have allowed me to develop transversal communication and relationship skills, particularly important when conducting transformation programs such as bringing Information security at all levels of an organization.


From direct experience I know the priorities, difficulties and points of view of the IT sector of an organization, so I know how to establish a truly constructive and effective collaboration.


I understand that every organization, no matter the size, should know and constantly check, to the best of its ability, the risks that can threaten its operations, development and survival.

Cybersecurity risks are among them.


I understand the importance of?to translate? the security risks in? impacts? on? operation and?quantify? economically the possible consequences for the organization because the Management must have the information necessary for decide up actions And priority.


The method I follow

  • To evaluate systematically the risks, known and new, share them with the Management to decide if and what actions to take and define their priorities

  • Involve actively all the functions of the organization, and in particular IT, in the objectives and activities of the Security Program

  • Awareness the Management that the? Business Continuity? of the organization is its responsibility and therefore it is required to make the necessary decisions

  • Transfer the awareness of the risks to all the people of the organization so that in their daily operations they are able to evaluate situations and take the appropriate decisions

  • Identify tools, services, suppliers suitable for the information security needs of the organization and to establish adequate and sustainable agreements

  • To communicate systematically with the Management to systematically share information that may have an impact on Security

How it started

Who needs the CISO?

Advantages

pexels-pixabay-533923

Information Security is not bought on the market

Security is the result of processes that include people, skills, behaviors, tools and services and that require effort and time to function properly.

Contact

Thanks

VERA method for risk analysis

CesareGallotti
Cesare Gallotti Consultant and Auditor
cesaregallotti.it
Founder of Fractional CISO
RobBlack
Rob Black https://www.linkedin.com/in/blackrob

Authors of:
Measuring and managing
information risk
A FAIR approach

MeasureAndManagingInformationRisk
Jack Jones and
Jack Freund
https:/https://www.linkedin.com/in/jonesj26?
https://www.linkedin.com/in/jackfreund

Author of:
The Black Swan
The impact of the highly improbable

TheBlackSwan
Nassim Nicholas Taleb https:/https://www.linkedin.com/in/nassim-nicholas-taleb

Authors of:
Effective Vulnerability Management: Managing Risk in the Vulnerable Digital Ecosystem

Effective Vulnerability Management: Managing Risk in the Vulnerable Digital Ecosystem
Chris Hughes and
Nikki Robinson
https://www.linkedin.com/in/resilientcyber
https://www.linkedin.com/in/dr-nikki-robinson

Product Manager
Web communication

EnricoBenzoni
Geneva Alessandra https://www.linkedin.com/in/gperelli

Authors of:
How to measure anything
in cybersecurity risk

HowToMeasureAnything
Doug Hubbard and
Richard Seiersen
https://www.linkedin.com/in/dwhubbard
https://www.linkedin.com/in/richardseiersen

Executive Director at ProbabilityManagement.org,
author of:
The Flaw of Averages
and Chancification

TheFlawOfAverages-Chancification
Sam Savage https:/https://www.linkedin.com/in/dr-samsavage

Authors of:
Adaptive Business Continuity
A New Approach

AdaptiveBusinessContinuity
David Lindstedt and
Mark Armour
https://www.linkedin.com/in/lindsd1111
https://www.linkedin.com/in/markarmour

Cybersecurity Community Manager
co-founder of: Digital Club / Cyber
A community to create a system

EnricoBenzoni
Henry Benzoni https://www.linkedin.com/in/enricobenzoni

CISO and author of:
RACE
The Risk-Awareness Culture Empowerment

RACE-Risk-Aware Culture & Epowerment - Ardje Kein - Book Cover
Ardie Klein https://www.linkedin.com/in/ardie-kleijn-a4b3872

Founder of Risk Academy
and creator of Risk management 2.0

AlexanderSidorenko
Alexander Sidorenko https:/hhttps://www.linkedin.com/in/alexsidorenko

Harvard Professor,
CNN Senior Analyst
and author of:
The Devil Never Sleeps

TheDevilNeverSleeps
Juliette Kayyem https://www.linkedin.com/in/juliettekayyem