CISOaaS.it

My path

I have gained my professional experience of over thirty years in business transformation and IT (Information Technology) Operations in complex organizations, applying innovative and enabling IT solutions.

I have successfully led continuous process improvements through sustainable technological paths, with positive impacts on organization and costs, gaining skills in IT Infrastructures, Outsourcing, Data and Service Integration, Cloud, IT Service Management, Contract and Supplier Management.

IT security has always been a point of reference for all my activities: as a system engineer, software developer, infrastructure architect, CTO (Chief Technology Officer) and finally CISO (Chief Information Security Officer).

From 2018 to 2021 I held the role of CISO for the Tecnocasa Group, creating the General Security Program.

Although I have worked to maintain maximum balance, I have personally ascertained the importance of a CISO in an organization, a resource that must be focused on Information Security without? Conflicts? with other priorities and objectives:

this is my commitment.

Roberto Perelli

Certified Information Systems Security Professional (CISSP)

Issued by (ISC) ²

Required by the world? S most security-conscious organizations, CISSP is the gold-standard information security certification

My strengths

In addition to that of CISO, the various organizational roles I have held have allowed me to develop transversal communication and relationship skills, particularly important when conducting transformation programs such as bringing Information security at all levels of an organization.

From direct experience I know the priorities, difficulties and points of view of the IT sector of an organization, so I know how to establish a truly constructive and effective collaboration.

I understand that every organization, no matter the size, should know and constantly check, to the best of its ability, the risks that can threaten its operations, development and survival.

Cybersecurity risks are among them.

I understand the importance of?to translate? the security risks in? impacts? on? operation and?quantify? economically the possible consequences for the organization because the Management must have the information necessary for decide up actions And priority.

The method I follow

To evaluate systematically the risks, known and new, share them with the Management to decide if and what actions to take and define their priorities
Involve actively all the functions of the organization, and in particular IT, in the objectives and activities of the Security Program
Awareness the Management that the? Business Continuity? of the organization is its responsibility and therefore it is required to make the necessary decisions
Transfer the awareness of the risks to all the people of the organization so that in their daily operations they are able to evaluate situations and take the appropriate decisions
Identify tools, services, suppliers suitable for the information security needs of the organization and to establish adequate and sustainable agreements
To communicate systematically with the Management to systematically share information that may have an impact on Security

How it started

Who needs the CISO?

Advantages

Information Security is not bought on the market

Security is the result of processes that include people, skills, behaviors, tools and services and that require effort and time to function properly.

Contact

Thanks

VERA method for risk analysis

Cesare Gallotti Consultant and Auditor
cesaregallotti.it

RACE
The Risk-Awareness Culture Empowerment

RACE-Risk-Aware Culture & Epowerment - Ardje Kein - Book Cover

Ardie Klein CISO

Web communication

Geneva Alessandra Product manager