Post Job Free
Sign in

CSO. CISO

Location:
Sao Paulo, Brazil
Posted:
November 10, 2022

Contact this candidate

Resume:

PEDRO PAULO NAKAZATO MIYAHIRA

Cell.:+55-11-996**-****;

E-mail: **********@*****.***;

Linkedin: https://www.linkedin.com/in/pedro-paulo-miyahira-24569821;

** ***** ***, *** ********;

Address: São Paulo – SP.

GOAL

Act as an Executive at Cybersecurity Companies, Chief of Security Officer (CSO), Head of Cybersecurity. ACADEMIC BACKGROUND

MBA in Strategic and Economic Business Management, concluded Fev/2016;

Post-Graduation in Information Security – ITA, concluded 2010;

Graduation in Computer Engineering – Universidade Braz Cubas, concluded 2002. MAIN SKILLS

23 years in IT with experience in the fields of Information Security, Infrastructure, Telecom, Operations, Projects and Architecture;

Experience in corporate environments (ERP, CRM, Email, etc.) of critical mission (24x7) with immediate response;

Responsible for developing privacy services to LGPD (Brazilian Privacy Law) for own company e for the clients;

Develop, defend / present and manage budgets and investments;

Responsible for presenting to the CSOs / CIOs the annual budget dimensioning from Capex and Opex in the information security area;

“Roadmap” building and PDI (Plano Diretor de Informática) (Informatics Head Plan);

Main reviser of Datacenters, Server Farm, Virtualization, Networks and WIFI architecture;

Conduction, planning and delivery of the “Penetration Test” result to its respective areas;

Responsible for conducting auditings SOX and PCI;

Plan structuring for “disaster recovery” and business continuity plan;

Experience in leading infrastructure, information security, access control and new technology research teams;

Study creation and Capacity in IT infrastructure follow up based on the business premises.

Proficiency in IT infrastructure project management with focus on security, Cloud Computing environment security, restructuring and creation of internal norms and policies of security information;

Experience in negotiating and contracts with telecom operators, printing services, Service Desk, NOC, 24X7 Operations, “Bodyshop” with the purchasing department;

Solid experience in strategic market security solution designs such as: antivirus, antispam, content filter, IPS, IDS, network firewall, DLP (Data Loss Prevention), NAC (Network Access Control), WAF (Web Application Firewall) e APT (Advanced Persistent Threat). In makers such as: Cisco, Juniper Networks, Checkpoint, IBM

(ISS), Symantec, McAfee, RSA, Tripwire, Imperva, FireEye, Damballa and others;

Developing IT projects, products and services of technological innovation continues with creativity allied to the business, resulting in an improvement of processes and more efficiency. Projects with the intent of reducing costs, increase productivity and add value to the brand;

Excellent results focused on delivery, planning, quality, compromise, organization, professional posture, leadership and teamwork.

IDIOMS

Native Portuguese;

Advanced English.

PROFESSIONAL BACKGROUND

CYLK (Company in the field of cybersecurity technology solutions and services). Head of Engineering and Cybersecurity Business Unit OCT/2020 to ACTUAL

Responsible for cybersecurity services strategy for clients, operations, support, monitoring and project management teams.

PicPay (Company in the field of financial services). Head de Cybersecurity MAI/2020 to SEP/2020

Responsible for the strategy and restructuring of the company's cybersecurity area. This restructuring was based on 8 squads (defensive security, ofensive security, SecOps, GRC, privacy, advanced SOC, cyber intelligence and identity and access management) with a focus on agility and higher quality of deliveries. Team was compound of 5 coordinators and 36 people in total;

Responsible for reporting to BACEN circular 3.909, PCI and LGPD (Brazilian Privacy Law) audits. UOL DIVEO (Company in the field of Data Center and IT services). General Manager of Cybersecurity SEP/2018 to APR/2020

Responsible for the cybersecurity service strategy for the entire customer base;

Restructuring of the company's security portfolio based on the current market;

Report to the company's CTO;

Responsible for cybersecurity “chair” in the IT corporate architecture team;

Responsible for creating a cybersecurity framework based on COBIT in order to obtain a current scenario of the cybersecurity maturity level of customers. And the deliverables of these job is suggest a security roadmap in short, medium and long term;

Responsible for evaluating the entire P&L of the solutions offered to customers. CYLK (Company in the field of cybersecurity technology solutions and services). Head of Cybersecurity Business Unit NOV/2017 to SEP2018

Responsible for the pre-sales (design) and delivery (implementation) teams;

Responsible for creating a cybersecurity framework based on COBIT in order to obtain a current scenario of the cybersecurity maturity level of customers. And the deliverables of these job is suggest a security roadmap in short, medium and long term;

Responsible for the roadmap of the cybersecurity solutions from the most diverse technology with a focus on cybersecurity;

Responsible for managing and reporting the entire cybersecurity BU, containing partnerships, projects and cybersecurity products for the executive committee;

Responsible for evaluating the entire P&L of the solutions and services offered to customers. AMIL - United Health Group (Acting company in the field of Hospitals, medical centers, diagnose and clinical analysis imagery, the biggest in the U.S. and Latin America). Head of SI Operations and SI Engineering MAY/2014 to SEP/2017

Currently responsible for the information security engineering team (3 resources) and information security operations team (19 resources).

The information security engineering team is responsible for defining, analyzing and dimensioning information security solutions according to the business’ needs and UHG recommendations; Being involved since the start in every business or IT project in the company in order to ensure good work practices and avoiding double work; Ensure the right adaptation to acquired tech devices maximizing efficiency in managing threats and vulnerabilities and reducing operational costs; Review of information security in the architecture diagrams of IT, focused in all the aspects that guide the structuring of an adequate architecture network according to UHG practices.

Information security operations team’s goal is to support the demand of all security technologies acquired by the company. Currently we operate: password safes, proxy, antispam, endpoint protection, ATP, proactive and smart firewall management, IPS, Firewalls, WAF, NAC, anti DDOS, double authentication factor, identity and governance management, app vulnerability analysis tool, Pen Test in app source code tool, baseline analysis in servers, SO and BD vulnerability analysis.

Based on the roadmap of 2014, 2015 e 2016 I designed the architecture of the solutions below for a better performance and adherence in the company aside its partners and manufactures: Tripwire CCM (baseline analysis) and IP360 (vulnerability scan in servers, firewalls, routers, switches), HP Fortify (source code vulnerability analysis) and HP WebInspect (web apps scan), Cyveillance (social network brand protection), CyberArk (privileged access management/password safe), FireEye (malware behavioral prevention - E-mail and Web), Agiliance (GRC tool), DLP

- Data Loss Prevention ( Web, Email, Endpoint), SIEM - Security Information and Event Management (HP ArcSight), Firemon – Intelligent and proactive firewall management, Scorecard based on FMEA models for vulnerability classification, WAF – app firewall (Imperva), NAC solutions (network access control); Service of prevention and protection agains attacks on DDOS in the cloud (Imperva – Incapsula).

Implantation of policies, internal norms and information security procedures;

Creation of the Remedy team for security, infrastructure and systems GAP;

Lectures for IT executives about Information Security awareness. DASA (Company in the field of imagery and clinical analysis diagnosis, Latin America’s biggest and the world’s fourth.)

TI Infrastructure Coordinator JUN/2012 to MAR/2014

Leader of the team of New Technology Research applied to business, focused on reducing costs and increasing productivity;

Responsible for architecture and security definitions in Infrastructure/Telecom;

Security perimeter design utilizing network Firewall, Application Firewall (WAF), IPS and VPN (Site-to-Site AND ssl Portal for remote access);

Development and conduction of Call Center support position extensions in collaborators’’ residencies, through SSL VPN (Juniper Networks) e VDI (Citrix) technologies;

Security architecture creation;

Solution design for NAC Juniper Network for 16.000 desktops;

Definitions about BYOD in infrastructure;

Responsible for the design and auditing of “hardening” of network equipments (4000 devices);

Responsible for the design and implantation of visitor networks in the units for client and collaborator use in a corporate environment, in the “self check-in” mode, controlling and logging by time and access to sites for future investigations;

Responsible for the incident response process in NCC (Network Control Center);

Audit projects and IT service contracts focusing on increasing ROI;

Unified Communications Project design integrating 8 thousand phone extensions, video conference rooms, corporate messaging and cell phones. There were four big players evaluated in technical, usability, performance, management and security matters. Mid to long term duration project, which will benefit the company since aggressive economy in IP telephony budget in the start of the project until the total integration of the devices utilized by users.

Design projects focusing in continuous innovation in IT for client areas. (Medical systems, Clinical Engineering, Support, Marketing, Telecom, Networks, Information Security and Group Labs). SKY DO BRASIL (Company in the area of entertainment, Cable TV. Owns 70% of the market AAA+). Specialist in Information Security APR/2008 to MAR/2012

Responsible for dealing with incidents in the committee of information security;

Responsible for the creation and adequacy of the control techniques for physical access (biometry and recognition patterns) and logics (DAC, MAC e RBAC);

Responsible for the CAPEX in the Information Security area;

Responsible for developing projects and analyzing new market technologies. (Firewall app (WAF), data bank and DLP tools);

Information Security Head for fraud and illicit activity investigations, interacting with public security offices;

Main annual reviser of improvement in norms, procedures and internal guidelines for information security;

Leader in structuring, admission and definition of policies for Network Access Control (NAC) tools;

Responsible for the architecture of IBM-SS solutions in the network (IPS and IDS network);

Creation of the periodic vulnerability analysis flow and Penetration Test, in servers, working stations, network equipments and web apps;

Responsible for the governance tool management in IT, risk management and “compliance” in information security;

Focal Point for the auditing certifications SOX (Sarbanes Oxley) and PCI (Payment Card Industry). NCT INFORMÁTICA (Company in the field of IT focused in high complexity projects). Information Security and IT Infrastructure Consultant AUG/2007 to APR/2008 and OCT/05 to DEC/06 TRUE ACCESS CONSULTING (Company in the field of IT focused on information security projects). Information Security Consultant DEC/2006 to AUG/2007 EMBRAER (Brazilian company in the aviation sector) IT Analist OCT/2002 to NOV/2004

INPE – Instituto Nacional de Pesquisas Espaciais (National Institute of Space Research) Scientific Initiation AUG/1999 to DEC/2000

COURSES AND CERTIFICATION

• CISM (2021- 2025) – certificate number: 2158576

• CRISC (2021 - 2025) - certificate number: 2130685

• CISA (2021 – 2024) - certificate number: 21177812

• Certificate - Trend Micro Certified Security Expert (TCSE)

• Certificate - ISS Certified Architect (ISS-CA)

• Official Training and Events

Data Loss Prevention – Symantec Vontu (Gestão); Check Point Security Administration NGX I; Check Point Security Administration NGX II; Suse Linux Enterprise 10 Administration; Check Point Experience 2011 – 3D Security – Chicago IL(24 - 26Maio, 2011); IBM Pulse 2011 - Optimizing the Word’s Infrastructure – Las Vegas NV

(27Feb – 02Mar, 2011); IBM Pulse 2013 - Optimizing the Word’s Infrastructure – Las Vegas NV (03 – 06Mar, 2013); EBC Juniper – Executive Briefing Center – focus on SDN (Software Defined Network) technology in Sunnyvale, CA

(16 – 23Set, 2013); EBC Palo Alto – Executive Briefing Center – focus in know products roadmap 2017 e 2018 Santa Clara, CA (21 – 25Nov, 2016); EBC Cisco, focus in evaluating products roadmap.San Jose, CA

(Fev, 2019).



Contact this candidate