Vladimir Buldyzhov, CISSP, CEH, PCIP
Cyber security expert. Project manager
Objective. Performance of information security assessment projects.
Capabilities. Technical security assessment. IT security business development. Analytical, creative, organizational and managerial capabilities with rich technical background of a system administrator and security officer. Automation and software development skills. Experience in IT services sales. Systematic and creative approach. Capability to work in uncertain circumstances, with constant changes, under tight deadlines, and in multitasking mode. Capability to motivate people and to find trade-offs. Multicultural environment experience, tolerance, flexibility. Responsibility, competence and efficiency.
Skills. Implementation, sales and performance of IT and Information Security projects and processes:
- performed penetration testing of networks, web applications, desktop applications, embedded systems;
- created and developed IT business directions; performed marketing, sales and presale activities;
- managed projects on IT infrastructure analysis, development and hardening;
- prepared enterprises to audits on ISO 17799, 27001, PCI DSS, ISF, PAS 99, ISAE 3402, ITIL;
- *nix and Windows administration; networking, hardware, security tools, incl. penetration testing;
- IT services implementation and support (SLA, OLA, incident/problem management, etc.);
- developed effective technical, methodical and managerial documentation;
- development, acquisition, implementation and support of software and hardware solutions;
- experience in marketing, sales and execution of pentest, audit, and risk analysis projects;
- rich teaching experience, presentations, multimedia technologies, web development, etc.
- September 2012–now. Security Expert as private entrepreneur. Customers are Bosch, UPC, Ministry of Education of Ukraine, Infopulse, HealthJoy, Cantemo, Ameria, etc. Performed penetration tests and audits. Developed IT services. Implemented security audits, event monitoring, vulnerability management, access management, third party management, etc. Developed and managed customized security awareness programs (users, developers, PCI DSS, etc.).
- 2009–2012. Ukrainian Processing Center, Raiffeisen Group (Austria). Security Expert. Implemented PCI DSS controls and security countermeasures. User awareness, vulnerability management, incident management, risk assessment, etc. Maintained crypto- and device control systems, DLP, PKI. The company passes multiple audits annually, including PCI DSS.
- 2004–2009. Foxtrot Group (9000 workers), Kiev, Ukraine. Head of Information Security group. Created the group ‘from scratch’. Developed and implemented policies, standards, processes and procedures according to ISO 27002 and using ITIL. User awareness. Developed and implemented special monitoring software. The company successfully passed two external IT audits.
- 2000–2004. Gas turbine plant ‘Zorya – Mashproekt’ (15000 workers), Nikolaev, Ukraine. System engineer in IT department: supported ERP system, developed security instructions. In 2003 moved to Security department: security policy, audit, vulnerability management, user awareness.
Valid international certificates:
EC Council: Certified Ethical Hacker
PCI SSC: Payment Card Industry Professional
- BSI ISO 27001 (2007).
- NTUU ‘KPI’ information security qualification course (2008).
- Pedagogy (2002).
- System Administration (2002).
- Maritime University, Nikolaev, Ukraine (2000).
- Post-graduate of Pukhov’s Institute of National Academy of Sciences of Ukraine (2012). PhD thesis on attack graphs.
- Developed and implemented online website vulnerability scanner and monitor (2018).
- Special recognition of Ukrainian IT Awards (2017).
- The third ISACA CISM (Certified Information Security Manager) in Ukraine (2008).
- Nominee of the project ‘Best IT-directors – 2008’ (by the Community of the IT-directors of Ukraine).
How I work:
- It is like health diagnostics and treatment – you express your concerns or worries, and I help you to find and mitigate reasons of the diseases of your system or organization.
- If your policies or regulative requirements stipulate signing a Non-Disclosure Agreement, I readily sign it. Thus, you become surer about confidentiality.
- We define your requirements and expectations for information security together. These requirements and expectations, along with assumptions, restrictions, limitations and other parameters constitute the Statement of Work (Rules of Engagement) and the project plan.
- Then we define the workload and project duration, coordinate the project workflow and I start the works.
- During the work, I report regularly about the current state and findings. Once an emergency occurs, I contact your support team immediately.
- The security assessment report usually is the main project deliverable. It describes the vulnerabilities, weaknesses, bad practices, threats, penetration paths, other findings, and what should be done to improve your security.
- I not only diagnose your system's illness, but also help you to cure it, and prevent problems in future. Mitigation of technical vulnerabilities is not effective without habits and culture of secure software development lifecycle. Processes approach is my strength, and I help you to build change management, release management, configuration management, patch management and other important IT processes.
- Like a family doctor, I track security of your system or organization and security competence of your personnel over time, year by year.