Mon espace
Je m'inscris

En tant que

Consultant Client
 

CV du
consultant

Réf PROF00007447

Accueil > Consultants > PROF00007447
 
 

OT Cybersecurity Architect

Disponible

 

Profil publié le : 18/06/2024 Profil vu : 317 fois Référence : PROF00007447

 
 

Compétences

Expert Moyen Débutant

BDD

ACCESS Azure Data DFS FileSystem LDAP

Connaissances fonctionnelles

Cybersecurity Administration Analyse Business Change Cloud communication COMPLIANCE Coordination design DISTRIBUTION Dynamics Exploitation forensic HP Incidents international IoT Maintenance Microsoft MOBILE office OUTLOOK Performance PROCEDURES Production Risk Skype SOFTWARE Strategies Switching TESTS Trust WEB

Langages

EXCHANGE POWERSHELL sccm SHAREPOINT SHELL

Méthodes

Architecture Backup Implementations Management MIGRATION Pentesting Planning Support

Outils

OneDrive Teams WSUS

Réseaux et Middleware

Checkpoint CISCO CITRIX DHCP DNS ESXi FIREWALL INTUNE IP Kerberos Monitoring NTP Nutanix Routing Security SMTP SSH switches Trusts veeam VMWARE VPN vSphere Zabbix

Systèmes

AD APACHE GPO hardware IBM INFRASTRUCTURE LINUX VMS WDS WINDOWS

Diplômes et formations

Pays / régions

Expérience professionnelle

Education
• Higher Level IT Systems Administration
• Master Degree in Industrial Cibersecurity (Vigo University)


Languages
• Galician (Native)
• English (B2 Level)
• French (B2 Level)


Training
• CCNA (640-802) (2011)
• CCNA SECURITY (640-553) (2011)
• Cisco IoT (2022)
• Cisco Network Security (2022)
• Cisco CyberOps (2023)
• MCSA Windows Server 2012 (2017)
• AZ-900: Microsoft Azure Fundamentals (2021)
• Red Hat Certified System Administrator (RHCSA) (2014)
• LPIC-1 (2023)
• VMware Certified Associate 5 - Data Center Virtualization (VCA-DCV) (2014)
• VMware Certified Associate 6 - Data Center Virtualization (VCA6-DCV) (2015)
• VMware Certified Professional - Data Center Virtualization (VCP-DCV) (2017)
• VCP 2022 (2V0-21.20: Professional VMware vSphere 7.x)
• CHFIv9 (Certified Hacking Forensic Investigator) (2019)
• CHFIv10 (Certified Hacking Forensic Investigator) (2022)
• Red Team Certified Professional (RTCP) course by Securizame (2023)
• Incident Response Certified Professional (ICRP) course by Securizame (2024)
• Pentesting Active Directory course by Spartan Cybersecurity (2023)
• ISO 27001: Lead Implementer ISO 27001 (2023)
• TISAX (2023)




Work Experience Detailed
• 01/2021 - Actually
Stellantis (OT Cybersecurity Architect)
- Responsible for the design and development of comprehensive cybersecurity architectures for operational technology environments, ensuring the protection of critical infrastructure assets and collaborate with cross-functional teams to integrate security measures into the design and deployment of industrial control systems.
- Define and establishing security policies and procedures tailored for OT environments, aligning with industry best practices and compliance requirements to enforce the security policies and procedures.
- Work closely with IT security teams, engineers, and other stakeholders to ensure a unified and comprehensive security posture to integrate security measures into the critical asset development lifecycle.
- Conduct training sessions for OT teams to raise awareness about security risks and best practices.
- Foster a security-conscious culture within the organization.
- Conduct risk assessments on existing and new OT systems to identify vulnerabilities and potential security risks.
- Execute vulnerability assessments and continuous monitoring the infrastructure.
- Manage the vulnerabilities lifecycle from discovery, advising, remediation, and validation.
- Work with business to perform vulnerability assessments on systems and applications in pre-production and production environments.
- Perform vulnerability scanning to discover and analyse vulnerabilities and find risks to networks, operating systems, applications, database, and other corporate components.
- Prevent and manage the OT cyber security incidents through risk assessments, identifying the potential vulnerabilities and proposing mitigation strategies.
- Audits: Active Directory
- Security baselines: CIS Benchmarks, NIST, CCN-CERT and ANSSI
- Security standards: ISO27001, IEC/ISA 62443, TISAX, NIST SP 800-53 and NIST SP 800-82
- Network segmentation: Purdue Model
- Lyfecycle: Patch, isolate or upgrade the industrial assets.
- Risk Assessment: IT Infrastructure design, assets inventory, vulnerabilities, threats, risks, countermeasures, action plan and report
- Defensible Architecture: Visibility, log collection, asset identification, segmentation, iDMZ and process communication
- ICS Incident Response: System integrity and recovery capabilities during an attack
- ICS Network Visibility and Monitoring: Monitoring of the ICS environment with protocol aware toolsets and systems interaction analysis capabilities
- IRP: Creation of the Incident Response Plan
- Secure Remote Access (Claroty): Identification and inventory of all remote access point and allowed destination environments, on demand access and MFA where possible.
- Risk Based Vulnerability Management: Vulnerability management decisions to patch for the vulnerability, mitigate the impact, or monitor for possible exploitation.
- Tools: Microsoft Defender for IoT, Microsoft Sentinel, Tenable, Nozomi, Claroty



• 01/2020 – 12/2020
Pieralisi (Infrastructure Manager)
 Systems Architecture
- Responsible of the server’s farm where are the critical applications of logistics and warehouse.
-Work closely with an international team to continually provide feedback and suggestions for our software and servers.
- Research and development of new solutions.
- Preparation of documentation and procedures for:
* Implementation of new solutions to improve standards.
* Documentation and information on the network topology and infrastructure, as well as hardware and software.
- Working in production and in pre-production environments.
- Incorporation into the production environments of the new functionalities
- Performing optimization tasks associated with the infrastructure of the organization
- Server evaluation for different projects
- Participation in the projects and preparation of technical monitoring reports.
- Preparation of technical documentation to be used in new implementations or changes in existing ones
- Maintenance of project implementation deadlines, guaranteeing their execution and deployment within the established deadlines
 Windows environments
- Azure: AD-Connect, Storage, Azure Active Directory, Azure CLI, Azure Cloud Shell, Azure PowerShell, Azure Storage Explorer, containers, storage accounts, dynamics groups, MFA, role-based access control, etc)
- Exchange: Add share mailbox, set size limits per mailbox, Exchange Online, Exchange PowerShell, Exchange server 2019 or Hybrid Exchange installation, Distribution Lists, etc)
- GPO deployment
- Hyper-V: USB disks access, enlarge and shrink hard drives, networking (External, Private e Internal), convert Hyper-V to VMware and vice versa VMs, Enhanced Session Mode, Guest Cluster with shared VHDX, Hyper-V server 2016, Nested virtualization)
- Office 365: Installation and configuration, MFA, etc
- Exclaimer
- PowerAutomate
- PowerShell
- Microsoft Endpoint Configuration Manager: Deployment
- Microsoft System Center Configuration Manager: Deployment
- Microsoft Intune: Deployment
- Active Directory: AD Replication Tool, users’ bulk creation, AD database compact. Installation (Creation DC and RODC, Promove DC, Create Sites, subnets and link infrastructure, Fault tolerance check, centralized administration, AD FS and AD RMS installation, adprep / rodcprep, Applocker (restrict applications use), BGInfo, Bitlocker (Deployment by GPO), Forest (Creation the first DC, child domain, etc), CA (Installation and configuration (Root, Subordinate and Standalone Certification Authority), Web Enrollment CA, secure site creation, distribute and sign a certificate, File Server Cluster, DFS Cluster, DC (Change, clone, backup, promote, delete or reinstallation, domain and forest functional level upgrade, FSMO roles), DNS, DHCP Failover, DirectAccess, Dynamic Access Control, Remote Desktop, Failover Cluster, SFTP Server, Restrict Groups, Windows Server Migration (2003 to 2012, 2008 to 2012, 2012 to 2016, 2016 to 2019), NLB (Network Load Balancing), NTP server, Trust relationships (Parent-child and Forest-Tree trust), Shadow Copies, Print Server (Deployment), WSUS (Deployment), Storage Pools, WDS
 VMware environments
- Installation and configuration of VMware vSphere ESXi ...
- Administration, configuration, modification and migration of VMs ...
- Administration and configuration of vCenter, use of vSphere Web Client ...
- Migration VMware ESXi and VCSA servers from 5.5, 6.0, 6.5 and 6.7 to 7.0U3
- Configuration of HA, DRS and FT
- HA and DRS cluster
- iSCSI and shared storage
- Templates creation
- VMware ESXi joining to the domain
- VMs migration with vMotion
- PowerCLI
- Virtual networks (Portgroups, VSS and DVS switches)
 Nutanix environments
- Provide HA and fault tolerance with a cluster
- Add or delete cluster nodes
- Change VPN Gateway ip
- Nutanix CE Nested installation in VMware ESXi 6.7
- Sync Replication in AHV
 Veeam environments
- Programming and configuration of backups and replications
- Restores from virtual tape (VTL), physic tape (LTO), from database, from AD object, etc
- Restore OneDrive, Sharepoint and Outlook objects from Veeam Backup for Office 365
- Repositories addition
- Veeam Backup Server migration to another server
 Cisco environments
- Cisco ACS: Enable / Disable the VPN configuration
- Cisco Anyconnect: Connect to the VPN
- Cisco ASA: Authentication via LDAP and Domain User Groups
- Cisco ISE: To authenticate the users
- Cisco Meraki: Provide network connection between branches
- Cisco Network Assistant: Discovery the new network devices
- Cisco Prime: Monitoring the network infrastructure
- Routing, switching and troubleshooting

• 01/2019 – 12/2019
New Pescanova Group (IT Architect)
 Systems Architecture
- Design, implementation and exploitation of the VMs to be deployed or the existing ones (VMware and Hyper-V) both in production and in pre-production.
- Incorporation in the production environments of the new functionalities, associated technologies and applications to the new projects, including their planning, execution and the realization of the deployment documentation.
- Definition of the architecture and improvements in corporate platforms.
- Carrying out optimization tasks associated with the organization's infrastructure.
- Evaluation of the servers for the different projects.
- Participation in projects and preparation of technical monitoring reports on them.
- Preparation of technical documentation to be used by the Systems Architecture group in new implementations or changes in existing ones.
- Maintenance of the project implementation deadlines, guaranteeing their execution and deployment within the established deadlines.
- Case management with manufacturers (IBM, HP, DELL ...)
- Planning of both national and international projects (planning follow-up)
- Design and proposal of technological solutions (IT infrastructure and communications)
- IT vendor management (product and version establishment, service monitoring)
- Coordination and management of the IT team of the different corporate regions.
- Carrying out tests on new network functionalities.
- Implementation of the infrastructure to be deployed
- Specialized support in the indicated technology
 Windows environments
- Management of the Windows server and client computer park
- Configure and manage DCs (Implementation of domains, trusts ...)
- Create and configure user accounts in AD, management of equipment objects in AD
- Configuration and administration of DHCP and DNS
- Configuration and administration of local storage (Install and configure a new disk, resized volumes)
- Storage optimization
- Configuration and administration of the print server and files (snapshots)
- Configuration and administration of a VPN server (Configure VPN clients)
- Configuration and administration of company security (shadow copies ...)
- WSUS (Configuration and approval of updates)
- Office 365 and Exchange 2013 and 2016 administration
- Configuration and administration of SCCM 2012
- Communication and meetings using Skype for Business and Microsoft Teams
- Use of OneNote and Sharepoint to share the information of the projects.
 Fortification and bastion (Hardening)
- Physical security (BIOS)
- Security of S.O. (User Account Control (UAC), Firewall, Credential & Device Guard, Windows Hello, Services packs & updates, Patches, GPOs ...)
- Software security (Applocker) and data security (Bitlocker)
 VMware environments
- Installation and configuration of VMware vSphere ESXi ...
- Administration, configuration, modification and migration of VMs ...
- Administration and configuration of vCenter, use of vSphere Web Client ...
 Citrix environments
- Installation and configuration of XenDesktop, VDIs ...
- Installation and configuration of Citrix Workspace, Citrix Cloud ...
 Veeam environments
- Programming and configuration of backups, replicas, restores ...
- External backup jobs (virtual tapes (VTL) and physical tapes (LTO)
 Storage
- Storage cabins (HP Storage Works, HP Proliant, IBM, etc)
 Networking and Security
- CheckPoint, HP, Zyxel, ZyWall, Cisco, etc.
 Monitoring
- Zabbix





• 06/2017 – 12/2018
Itosh Solutions (IT Responsible)
 Windows Environments
- Windows server and client computer park management
- Configure and manage DCs (Implementation of domains, trusts ...)
- Create and configure user accounts in AD, management of computer objects in AD
- DHCP configuration and administration
- DNS configuration and administration
- Configuration and management of local storage (Install and configure a new disk, resizing volumes, mobile profiles ...)
- Configuration and administration of the print server and files (Configure a shared file, snapshots)
- Configuration and administration of GPOs (Folder redirection, password policy, account lock ...)
- Configuration and administration of a VPN server (Configure VPN clients)
- Configuration and administration of company security (shadow copies…)
- WSUS (Configuration and approval of updates)
- Exchange Administration 2013 and 2016
- Office 365 configuration and administration
- Communication and meetings via Skype for Business and Microsoft Teams
- Use of OneNote to share project information.
 Hardening
- Physical security (BIOS)
- S.O. (User account control (UAC), Firewall, Credential & Device Guard, Windows Hello, Services packs & updates, Patches, GPOs ...)
- Software security (Applocker)
- Data security (Bitlocker)
 VMware Environments
- Installing and configuring VMware vSphere ESXi ...
- Administration, configuration, modification and migration of VMs ...
- Administration and configuration of vCenter, use of vSphere Web Client ...
 Veeam Environments
- Programming and configuration of backups, copy backups, restores, replicas
- External backup jobs
 Monitoring
- PandoraFMS


• 09/2016 – 03/2017
ASIR Intrasite (Microsoft Engineer)
 Windows Environments
- Windows server and client computer park management
- Configure and manage DCs (Implementation of domains, trusts ...)
- Create and configure user accounts in AD, management of computer objects in AD
- DHCP configuration and administration
- DNS configuration and administration
- Configuration and management of local storage (Install and configure a new disk, resizing volumes, mobile profiles ...)
- Storage optimization
- Configuration and administration of the print server and files (Configure a shared file, snapshots)
- Configuration and administration of GPOs (Folder redirection, password policy...)
- Configuration and administration of a VPN server (Configure VPN clients)
- Configuration and administration of company security (shadow copies…)
- WSUS (Configuration and approval of updates)
- Exchange Administration 2013 and 2016
- Office 365 configuration and administration
 Hyper-V Environments
- Hyper-V based infrastructure management and configuration of customers
- VM Migration and Virtual Machine Performance
- Remote Disk Management
- Increase and decrease hot hard drives
- Configuration of external, private and internal
 Cisco Environments
- Routing, switching and troubleshooting
- Secure the local area network and secure network management, creating VLANs
- Configuration, administration and implementation of VPNs


• 06/2015 – 08/09/2016
GROUPE PSA (System Administrator)
I have worked in Groupe PSA France for the entire Groupe PSA worldwide.
All my work performance in French or English.
 Project Manager
- Design, implementation and exploitation of VMs to be deployed or existing ones (VMware and Hyper-V) both in production and in pre-production
- Incorporation into the production environments of the new functionalities
- Architecture definition and improvements in corporate platforms
- Performing optimization tasks associated with the infrastructure of the organization
- Server evaluation for different projects
- Participation in the projects and preparation of technical monitoring reports.
- Preparation of technical documentation to be used by the Systems Architecture group in new implementations or changes in existing ones
- Maintenance of project implementation deadlines, guaranteeing their execution and deployment within the established deadlines
- Case management with manufacturers (IBM, HP, DELL ...)
 Windows Environments
- Windows server and client computer park management
- Configure and manage DCs (Implementation of domains, trusts ...)
- Create and configure user accounts in AD, management of computer objects in AD
- DHCP configuration and administration
- DNS configuration and administration
- Configuration and management of local storage (Install and configure a new disk, resizing volumes)
- Storage optimization
- Configuration and administration of the print server and files (Configure a shared file, snapshots)
- Configuration and administration of GPOs (Folder redirection, password policy,...)
- Configuration and administration of a VPN server (Configure VPN clients)
- Configuration and administration of company security (shadow copies…)
- WSUS (Configuration and approval of updates)
 VMware e Hyper-V Environments
- Administration, configuration, modification and migration of VMs

• 05/2015 – 06/2015  SATEC (Network Administrator)
 Cisco Environments
- Routing, switching and troubleshooting


• 09/2011 – 12/2011  OBP SERVICIOS INFORMATICOS (Linux Administrator)
 Linux Environments
- Software administration (Repositories, yum…)
- Network Administration (Troubleshooting)
- Storage management (Partitions and file systems, SWAP space ...)
- LVM Administration (Extend and reduce an LVM, ext4 filesystem ...)
- Account management (Manage passwords, ACLs ...)
- Authentication (LDAP server, Kerberos)
- SELinux Administration, GRUB Boot Manager
- Firewall (Iptables), NTP Server, SSH service, System Logging Service (df, du…)
- Web server administration (Apache), SMTP configuration, DNS
 
 

Partager

 

Retenir

  • Pour quelle mission ?

 

Vous avez oublié
votre mot de passe ?