I have gained my professional experience of over thirty years in business transformation and IT (Information Technology) Operations in complex organizations, applying innovative and enabling IT solutions.
I have successfully led continuous process improvements through sustainable technological paths, with positive impacts on organization and costs, gaining skills in IT Infrastructures, Outsourcing, Data and Service Integration, Cloud, IT Service Management, Contract and Supplier Management.
IT security has always been a point of reference for all my activities: as a system engineer, software developer, infrastructure architect, CTO (Chief Technology Officer) and finally CISO (Chief Information Security Officer).
From 2018 to 2021 I held the role of CISO for the Tecnocasa Group, creating the General Security Program.
Although I have worked to maintain maximum balance, I have personally ascertained the importance of a CISO in an organization, a resource that must be focused on Information Security without? Conflicts? with other priorities and objectives:
this is my commitment.
Required by the world? S most security-conscious organizations, CISSP is the gold-standard information security certification
From direct experience I know the priorities, difficulties and points of view of the IT sector of an organization, so I know how to establish a truly constructive and effective collaboration.
I understand that every organization, no matter the size, should know and constantly check, to the best of its ability, the risks that can threaten its operations, development and survival.
Cybersecurity risks are among them.
I understand the importance of?to translate? the security risks in? impacts? on? operation and?quantify? economically the possible consequences for the organization because the Management must have the information necessary for decide up actions And priority.
The method I follow
- To evaluate systematically the risks, known and new, share them with the Management to decide if and what actions to take and define their priorities
- Involve actively all the functions of the organization, and in particular IT, in the objectives and activities of the Security Program
- Awareness the Management that the? Business Continuity? of the organization is its responsibility and therefore it is required to make the necessary decisions
- Transfer the awareness of the risks to all the people of the organization so that in their daily operations they are able to evaluate situations and take the appropriate decisions
- Identify tools, services, suppliers suitable for the information security needs of the organization and to establish adequate and sustainable agreements
- To communicate systematically with the Management to systematically share information that may have an impact on Security
Information Security is not bought on the market
Security is the result of processes that include people, skills, behaviors, tools and services and that require effort and time to function properly.
VERA method for risk analysis
The Risk-Awareness Culture Empowerment