Attila Horvath available

Attila Horvath

Senior Cyber and Information Security policy writer, CISA, CISSP

available
Profileimage by Attila Horvath Senior Cyber and Information Security policy writer, CISA, CISSP from Budapest
  • Budapest Freelancer in
  • Graduation: CISA, CISSP
  • Hourly-/Daily rates: not provided
  • Languages: English (Native or Bilingual) | Hungarian (Native or Bilingual)
  • Last update: 30.10.2019
KEYWORDS
PROFILE PICTURE
Profileimage by Attila Horvath Senior Cyber and Information Security policy writer, CISA, CISSP from Budapest
ATTACHMENTS
CV - Attila Horvath

You need an account to view this information.

Qualys Certified Expert

You need an account to view this information.

SKILLS
Windows 7/8.1/10, Windows Server 2003- 2012 R2, Active Directory Domain Services, AD tools, IIS, Powershell scripting, security consulting on AWS, Azure, HP ArcSight, IBM Qradar, Qualys (VM, TP, AV, Web scanning, PCI, Check Point Firewalls, Splunk, MimeCast, Varonis, Sophos Enterprise, Client Endpoint, Palo Alto Firewall, Networking, LAN/WAN, IDPS, TCP/IP, VPN, VLAN Standards, ISO 15408, COBIT, ISACA guidelines, OWASP, PCI DSS, SDLC, ITIL v3, SANS TOP 20, DPA, GDPR, Cyber Essentials, ISF SoGP, AICPA TSC, NIST SP 800-53 rev5, NIST CSF, NIST 800-37 rev2, NIST 800-30, Information Security, security monitoring, Qualys, IBM, RBS, Cyber Security, Cisco, malware, SOX, database, IT security, McAfee, anti-virus, firewall, SIEM, patching, Triton, SCCM, shell scripts, cloud, backend, data center, AWS, VLAN, data center network, Windows 10 desktop, DLP, PCI-DSS, Qualys cloud agent, Windows 2012 R2 server, Microsoft, Varonis Console, Mimecast admin, broadcasting, penetration tests, monitoring systems, ArcSight, F5 ASM, Check Point, RAID, web application, firewalls, Vulnerability management, parser, encryption, WAF, Juniper, SourceFire, IT Audit, Backup, access rights, FW rules, web services, ISO27001, BCP, virtualization, laptops, desktop computers, Rights Management, MS Windows Servers, AD, MS Exchange, Netapp, VMware ESX, Linux, Red Hat, RSA EnVision, RSA, Siebel, CRM, DB, system design, Exchange 2003, SAP, TMP, TELNET, Lotus Notes Server, MS Windows NT 4.0, MS Windows 2000
PROJECT HISTORY
  • 10/2019 - 10/2019

    • Remote Information Security
  • INFORMATION AND CYBERSECURITY POLICY WRITER AND CONSULTANT
  • Role: Remote Information Security, Privacy consultant - self-employed status, Freelancer
    Providing consulting services via Upwork, to help clients to improve security policy frameworks
    managed 25 projects over this period for clients from New-Zeland, US, Canada, and Australia

  • 03/2019 - 08/2019

    • GRáNIT BANK
  • INFORMATION SECURITY ANALYST
  • * Reviewing the security monitoring process and procedures
    * Participating in incident management
    * Helping to improve the security operation framework

  • 01/2019 - 03/2019

    • TR CONSULT; TR CONSULT IS AN INFORMATION SECURITY CONSULTING FIRM
  • SOC TECH LEAD
  • TR CONSULT IS AN INFORMATION SECURITY CONSULTING FIRM, BUDAPEST, HUNGARY
    * Working as the tech lead for a newly created SOC service for one of the firms' client
    * Creating services for the security solutions inside of the SOC (Qualys, IBM QRadar)
    * Defining SLA and KPI's for the services
    * Mentoring and leading the SOC analyst team
    * Defining and creating reports

  • 06/2018 - 01/2019

    • ROYAL BANK OF SCOTLAND
  • SECURITY ENGINEER
  • RBS IS ONE OF THE MAJOR BANK GROUP IN THE UK
    * Working as a member of the Cyber Security and Threat monitoring team
    * Managing, maintaining and updating Cisco Firepower FMC's and sensors for all RBS NIDS
    environment
    * Adding threat intelligence data to the NIDS estate
    * Establishing a health monitoring baseline for the Cisco Firepower devices to be able to create
    a real-time health monitoring dashboard in Splunk
    * Supporting FireEye malware gateway refreshment project
    * Supporting the day to day operation of RBS's SOC

  • 12/2017 - 05/2018

    • TNT EXPRESS GLOBAL ICS
  • GLOBAL SECURITY OPERATION CONSULTANT
  • TNT EXPRESS IS ONE OF THE MAJOR SHIPPING AND DELIVERY COMPANIES, PART OF THE FEDEX GROUP.
    * Working on TNT Express SOX compliance controls delivery related to database and application
    patch management and vulnerability management,
    * Defining and coordinating remediation actions with internal team and global 3rd party vendors,
    engaging IT application and business owners to create actions/projects for remediation.
    * Creating a high level project/program of the remediation tasks
    * Reporting progress of the remediation actions
    * Reviewing and updating security policies
    * Working closely with the Global GRC team

  • 07/2017 - 11/2017

    • BANK OF TOKYO MITSUBISHI UFJ
  • SENIOR ASSOCIATE SECURITY ANALYST EMEA REGION
  • BANK OF TOKYO MITSUBISHI IS THE BIGGEST RETAIL AND COMMERCIAL BANK IN JAPAN, IN THE EMEA REGION THEY
    ARE PROVIDING INVESTMENT AND CORPORATE BANKING.
    * BAU management of the Banks IT security infrastructure (Bluecoat web gateway, Clearswift email
    filter, CyberArk access management, McAfee anti-virus, Qualys vulnerability management,
    FireEye mail, and web gateway)
    * Working together with external SOC teams (NTT, IBM)
    * Participating in projects providing guidelines and validation for internal standards as well
    as best practice controls,
    * Improving security services and procedures, creating documentation (vulnerability management
    process, firewall change request process, CyberArk integration with Qualys)
    * Fine-tuning SIEM system (Splunk) creating alerts and use cases
    * Managing tickets and incidents
    * Participating in the FFIEC Maturity level assessment project, helping the project team in
    different domains to ensure the requirements if the intermediate level is met.

  • 02/2017 - 06/2017

    • BDO UK LLP
  • Information Security operation consultant and engineer
  • BDO is one of the biggest accounting firms in the UK. My role is to create the Security Operation
    BAU framework.

    * Participating in WannaCry ransomware awareness and mitigation (patching, evaluating,
    monitoring alerts)
    * Managing security platforms for 5500 endpoint clients including Sophos Anti-Virus and Device
    control, SIEM, Triton (Websense) proxy,
    * Qualys VM weekly mapping, scanning, reporting the state of patch management,
    * Reviewing SIEM alerts and respond to incidents (TrustWave)
    * Implementing use cases for 3rd party MSSP with the onsite SIEM system
    * Managing Qualys scans, reviewing result, helping to improve the patch process including SCCM
    planning
    * Review proposed MDM solution configuration and support hardening
    * Consulting on Security operation BAU procedures and workflow
    * Creating documentation for BAU procedures
    * Managing, executing changes related to the security platforms
    * Security housekeeping of AD using ADCU, ADSIEdit, and custom Power shell scripts
    * Implemented Qualys cloud agent on 5000 endpoints to utilize Qualys AssetView.


    Projects: Upgrade and migrate Sophos Enterprise Console and management backend to the latest
    supported version as well to migrate to a new Data Centre

  • 04/2016 - 01/2017

    • TES GLOBAL LTD.
  • Lead Information Security operation consultant and architect
  • status
    TES Global is the biggest education publisher (on and offline) in the UK and recently finished a new
    data center, as a senior security operation engineer my role is placed all necessary safeguard to
    ensure the security of customer and corporate data. The role is 20% BAU and 80% project work which
    is mostly about solution architect type of work (vendor-independent).

    * Created Security Operation framework, eg segregation of duty, procedures, working together
    with IT infrastructure and service desk team to define roles and duties.
    * Updated and refreshed User Acceptance Policy also reorganized the data classification
    framework to reflect recent changes in the environment and the organization
    * Created and implemented vulnerability and patch management process, based on continuous
    scanning concept using Qualys appliances, including Web Application Scanner.
    * Consulting with the AWS platform team on security improvements.
    * Implemented VLAN segregation in the data center network
    * Analyzed Windows 10 desktop roll out security requirements
    * Created a centralized password management policy and procedure for system administrators,
    implemented the solution to provide compliance with the policy.
    * Defining, managing and implementing DLP solution based on Sophos Enterprise Solution
    * Monitoring Palo Alto firewall events and threats
    * Participating in the Risk Management forum of the company
    * Rolling out security awareness program using SANS's "Secure the human" platform
    * Created and defined the BYOD policy
    * Managing and implementing BYOD program using Sophos MDM
    * End to end PCI-DSS compliance assessment as a level 3 merchant, identifying requirements for
    successful self-assessment, filling out SAQ-A questioners, for online and offline payment
    channels.
    * Implementing and documenting Mimecast TTP (targeted threat protection) solution for 600+
    mailbox, creating procedures, policies, admin and service desk level guides.
    * Implementing and using advanced Qualys solutions including threat protect (threat
    intelligence), Qualys cloud agent, providing reports and analysis on the state of
    vulnerability management.


    Technologies used: Qualys appliance scanners, Qualys Ticket Notification engine, Windows 2012 R2
    server, Microsoft Security Compliance Manager, Pleasant Password Server, Palo Alto firewall, Sophos
    Enterprise Console, Varonis Console, Mimecast admin console,

  • 11/2015 - 02/2016

    • FARNCOMBE PART OF CARTESIAN GROUP
  • Senior SOC Analyst
  • As an SoC analyst, I had provided a security monitoring service for a client (TV broadcasting) of
    Farncombe. The service is offered 5x8 hours and BAU includes the following tasks:

    * Reviewing logs and alerts in IBM Qradar
    * Configure rules and filtering for IBM Qradar
    * Investigate and analyze any suspicious traffic within the protected environment
    * Behavioral and threat analysis
    * Create weekly, monthly reports, presenting them to the client
    * Mentor and support junior analysts within the team

    Project work:
    Analyze a proposed new client environment based in the cloud, for optimal monitoring service
    solution. This includes: understanding the new environment, identifying technical and service gaps,
    research and recommend the best solution.

  • 02/2015 - 09/2015

    • FNZ UK LTD.
  • Information Security Engineer
  • FNZ is a software/solution delivery company working in the financial sector for asset management and
    pension fund companies. The client base is already covering the biggest names in the UK financial
    sector. The information security team is actively working on maintaining existing safeguards and
    developing more advanced solutions to improve the overall security and fulfill client requirements.
    The role is supporting the UK information security manager to fulfill due diligence and audit duties
    and working closely with the information security analysts on the daily information security tasks.

    Daily tasks:
    * Investigation of incidents reported by the analyst
    * Fine-tuning security solutions, reviewing F5 ASM policies and alerts
    * Collecting information and review documentation to validate existing IS controls and the
    effectiveness of the controls
    * Reviewing the business process to identify security risks and recommend corrective actions
    * Assessing risks related to 3rd parties,
    * Participating in infrastructure projects
    * Raising information security awareness
    * Participating in audits, coordinating external penetration tests, reviewing and approving results
    * Plan, schedule and execute Qualys VM scans for different production environments, improving the
    process by adding proper mapping steps, scans were run on a daily basis
    * Validation of possible vulnerabilities, reporting them and tracking resolution
    * Working with the IT operation team to create a patch management process
    * Reviewing hardening settings and made recommendations to the "gold image"

    Achievements:
    * Development of use cases for the alerting and monitoring systems
    * Development of requirements for SNOC operation model - the company has created a SNOC team in
    Czech republic, my duty was to create the operational model, setup SLA and OLA for the team
    * Developed operation workflow for SNOC analysts, define use cases, run books, serve as an
    escalation point to the analysts.
    * Firewall rule base audit, validation of firewall rules

    Technologies used: ArcSight, F5 ASM, Splunk, Qualys Vulnerability Manager, Websense, MimeCast, Check
    Point

  • 07/2014 - 10/2014

    • BWIN. PARTY DIGITAL ENTERTAINMENT
  • Technical Compliance Analyst
  • bwin.party represented in several countries as a betting and online gaming provider, this role
    includes checking technical compliance against different countries regulatory requirements. This
    contains IS environmental, application-level (random number generator and gaming application) and
    policy-related compliance checks and audits.

    Achievements:
    * Took part in an internal audit project to support the team on an IS-related audit, managed
    questioner creation, interviews and analysis of the result.
    * Contributed to the company level patch management policy and aligned with different technical
    teams in the document creation process
    * Reviewed DR capabilities of different business departments
    * Owned the ISO 27001 risk assessment process and execution

  • 03/2012 - 07/2014

    • VODAFONE GROUP ENTERPRISE TECHNOLOGY SECURITY
  • Technology Security Project manager
  • Managing information security projects to delivery end - to - end security services to Vodafone
    Group and different local markets as part of the Vodafone Global Security Programme.

    During the projects one of my main tasks was to integrate different local Vodafone entities to the
    Global Security Operation Centre, for this I had to define the process of integration working
    closely with the GSOC team as well with the Security Operation team (who managed different security
    platforms - IDPS, VM, AV, etc)
    Full project lifecycle (engage, plan, design, delivery, implement, hand over to BAU, project
    closure, stakeholder and management reporting, and RAID tracking) for the following services in
    multiple locations:
    * vulnerability management,
    * deployment and integration of local markets SIEM solutions to the Global Security Operation
    Center,
    * IDPS deployment,
    * web application firewalls deployment,
    * I've supported the PMO team as an SME in different audit-related tasks such as preparation for
    audits, coordination of audits, and analysis for compliance (ISO 27001 and PCI DSS).

    For successful project delivery, my role required coordination of local and virtual teams
    (architects, technology security operation, customers IT operation, 3rd party vendors) as resources
    in different locations and time zones, while coordinating efforts with customers and
    customer-related third parties. Managed to deliver successfully 15 projects, budget volumes were
    between €100.000 and €1.000.000.

    Achievements
    Managed a project to deploy four PCI compliant security solutions for the Vodafone Group central PCI
    zone:
    * Vulnerability management,
    * ArcSight deployment and integration to SOC,
    * Custom log parser development for ArcSight flex connectors,
    * IDP deployment, the custom encryption solution
    It was my responsibility as an SME to coordinate the qualification audit for these services when QSA
    visited the team onsite 2012. The solutions and the team passed the PCI DSS qualification process
    and the central zone achieved the PCI DSS certificate.

    Successful security integration of Vodafone Qatar, three core security solution was deployed
    parallel (Vulnerability Management, SIEM, and IDPS) on two sites, working with only 3rd party
    outsourced companies locally and managing the project team in 4 different location and 3-time zone.
    The project volume was about 1M USD.

    The architect and operation team involved me in the development of the Imperva WAF Enterprise
    Service model for Vodafone (deployment, operation and service standard, and guidelines for all
    Vodafone operation companies), in 2013 I led implementation several implementation projects for the
    new service.

    Technologies used: ArcSight, Juniper, SourceFire, Imperva WAF and DAM, nCircle.

  • 02/2009 - 02/2012

    • AXA GROUP
  • IT Security Architect / IT Audit Manager
  • The company is a subsidiary of one of the biggest global financial institution (the group contained:
    local bank, insurance, pension, and health funds, asset management companies).

    The role had the responsibility to manage the following areas for the group's Security environment:
    * Physical security,
    * Information security,
    * Risk Assessment / Management,
    * Business contingency planning and disaster recovery.
    * Tracking compliance and regulatory requirements

    Supporting and managing the various aspects of Information Risk & Security in alignment with the
    company's IT Governance and Worldwide Group Security.

    Business, as usual, included such as:
    * Over watching and managing the IT persons/teams who operated the company's security solutions
    (FW, Endpoint Security, IDPS, Backup, AV, and VPN). Average 3-5 person was reporting directly to
    me on a day-to-day basis related to the operation of the security solutions, however, Line
    Management duty was not my responsibility.
    * Information risk assessments, risk management (development and operational manners), creating and
    supporting the risk management framework, maintained the risk register
    * Audit Manager for the companies, acting as SPOC and managing all internal, external audit
    activities (10-12 audit overall/year).
    * Preparing, drafting, delivering internal IT / Security audits (process reviews, access rights, FW
    rules, infrastructure, application audits, gap, and compliance analysis).
    * Reporting the findings to the executive board, with remediation action plans and trackers.
    * Managing external audits (regulatory and other independent audits), reviewing the audit plan and
    scope, gathering and delivering evidence, participating in interviews, reading and approving the
    draft and final versions of the audit reports. Creating remediation action plans based on the
    findings, and reporting it to the executive board.
    * Continuous communication with local and international regulatory offices.
    * Application-level audits with external parties based on the yearly Risk Assessment results.
    * Consult and advise the senior management on information security subjects,
    * Report to the Executive Board and the CEO of the companies on audit and compliance
    * Coordination and evaluation of penetration tests and code reviews for new web services
    * Security awareness training and campaigns for employees.

    Achievements:
    Based on the findings of my internal audits, gap and compliance analysis the Executive Board
    accepted the proposal to start a Security Baseline Programme, which took in place for 2 years,
    to uplift the overall information security level and introduce an Information Security Management
    System based on ISO 27001. The program contained several workstreams and projects, I was involved in
    each project in different roles such as project manager, architect or a business owner.

    For the solutions/projects below, it was my responsibility to develop and implement the BAU
    framework, operational procedures including patch management and change management processes, and
    also ensure that the proper safeguards presented in the daily work routine of the IT staff.

    Patch and change management: Assessing business and security needs, aligning with IT and business
    owners on the requirements, and creating and documented patch and change management policies,
    implementing into BAU.

    Information Security Policies and Regulations (project manager and professional lead): updating and
    creating information security policies and regulations for each company in the group based on
    ISO27001. Including data classification, storage, and encryption requirements.
    Business Continuity and Disaster Recovery plans (professional lead): AXA Hungary wide project 12
    months long BCP and development for all companies, covering all critical business processes (overall
    1000+ process, 230 critical processes) and application. I was appointed as a deputy Business
    Continuity Manager for AXA Hungary

    Firewall replacement (architect): Evaluating the in place FW system, creating requirements list,
    selecting the new solution, supporting the network team during the implementation. Creating FW rule
    approval and tracking process.

    Data Center Migration/Service Transition (architect and QA): Server and service migration to a
    central Data Center (based in Switzerland), moving 100 business-critical servers and security
    solutions to a new environment without a major outage. The project was delivered on time, on scope,
    on budget. During the virtualization server hardening also took in place ensuring that newly
    migrated servers are meeting security requirements. For this hardening guides were created by
    myself.

    Backup system renewal (professional lead supporting IT Operation and QA): 13 months of project
    planning and implementing a d2d2tape solution, fulfilling business needs and regulatory
    requirements.
    Disk encryption and endpoint media protection (architect): Planning and implementing full disk
    encryption for laptops, together with media and port security solutions for desktop computers.

    SIEM Project (project manager and professional lead): Introducing a central log collecting analyzing
    solution, after the implementation, it was my responsibility to operate and manage the solution.
    User Rights Management initiative (project manager and professional lead): an initiative driven by
    the security department to improve general rights management and documentations in Service Desk.
    Online bank solution development: Participated as an SME in the 18 months long online bank solution
    development (.NET environment) for AXA Bank Hungary, collecting regulatory requirements, designing
    security solutions and safeguards, managing code reviews, and penetration tests.

    Technologies used: MS Windows Servers 2000 - 2003 and AD, MS Exchange, Netapp storage, VMware ESX,
    Checkpoint FDA and ME, Linux Red Hat, RSA EnVision, RSA SecurID, IBM ISS IDPS, Zorp Firewall,
    Balabit Shell Control Box, Nordic Edge, NOD32.

  • 07/2007 - 02/2009

    • NOREG INFORMATION SECURITY CONSULTING LTD.
  • IT Auditor / IS consultant
  • I've supported the clients of the firm in information security and audit projects.
    * Three ISO 27001:2005 certificate preparation audit for the Hungarian Postal Service, each audit
    was successful because the client achieved the certification based on our audit report findings
    and recommendations.
    * BCP, DRP development (risk assessment, process analysis, and BCP and DRP procedures development
    on a technical level) for the Hungarian Border Army, the scope of the project was the Hungarian
    environment of the European Schengen border patrol system.
    * Penetration and locality testing in two projects.
    * Training on information security policies and standards at the Ministry of Justice and Law
    Enforcement.
    * Worked as a consultant for a Big4 company.

    Technologies used: MS Windows Servers, ISS Proventia.

  • 05/2006 - 06/2007

    • MIMOX LTD.
  • Recruitment consultant
  • Mimox is a recruiting agency specialized in IT industry, I've managed several successful placements
    for clients.

  • 10/2003 - 05/2006

    • SAVEAS INFORMATION SECURITY CONSULTING INC.
  • Senior IT Security consultant / IT Auditor
  • I've supported the clients of the firm in IT, information security and audit projects.

    * IT audit and gap analysis based on BS 17999 for a Financial Services company, presenting audit
    results to the management and create a remediation plan.
    * Security evaluation of a deployed Siebel CRM application documenting all in place security
    safeguards FW, DB hardening, Windows hardening based on Common Criteria protection profiles and
    creating security system design based on the protection profiles for Hungarian Telecom (a
    subsidiary of Deutsche Telecom).
    * Security design and deployment for a gambling portal for the state-owned Gambling Inc.
    (Szerencsejáték Zrt).
    * Microsoft AD 2003 and Exchange 2003 rollout planning and IT company developing pension funds
    software.
    * Creating BCP documentation, procedures for 10+ systems for a financial institution.

  • 12/2002 - 08/2003

    • FERRERO MAGYARORSZáG LTD.
  • IT Manager
  • Led a project to introduce a PDA based sales system with an interface to their SAP.

  • 11/2001 - 12/2002

    • TMP WORLDWIDE INC.
  • IT Administrator
  • Support the daily operation of the Budapest office (40 consultants) for an executive recruitment
    firm.

  • 03/2001 - 11/2001

    • TELNET INTERAKTíV INC.
  • Trafficker
  • Telnet was an online media agency; my role was to manage the agency advertisement server.

  • 02/2000 - 02/2001

    • CHRONOS SYSTEMS LTD.
  • System Administrator
  • As a system administrator, my role was to support a 45 workstation and 2 server environment.
    Technologies used: Lotus Notes Server, MS Windows NT 4.0, and MS Windows 2000 desktop.

  • 09/1996 - 11/1999

    • INTERNET DUNAúJVáROS LTD.
  • User support manager
  • Technical support for the local ISP Company.

TIME AND SPATIAL FLEXIBILITY
Remote work only
GET IN TOUCH

Message:

Sender: