João Rodolfo Vieira da Silva

Designed security architecture and solutions (encryption, connectivity, DB, CLOUD, data transfer, APIs, AAA, Key Manager, HSM, PAM, privacy, logs, SAML, OAuth) Provided risk and threat modeling as a focus on information security (processes, vulnerability, and IT risk) Developed information security strategies and cyber incident response planning Defined security standards (baseline) for operating systems, endpoint protection, container orchestration, public and private APIs, data privacy controls

Designed information security architecture in projects and solutions (encryption, connectivity, DB, CLOUD, data transfer, APIs, A.A.A., PAM, MDM, privacy, logs, RPA, SAML, OAuth). Provided risk analysis and threat modelling as a focus on information security (processes, vulnerability management, and IT risk). Supported IT and SOC teams in Information security Incident Response. Defined security standards (baseline), data privacy controls to attend GDPR.

Attended, as required, Board or Audit and Risk Committee Cyber Incident Response teams. Designed info sec architecture or solutions (encryption, connectivity, DB, CLOUD, data transfer, APIs, authentication, privacy, logs, SMSCUG, PGW, CDRs, CISCO JASPER). Led in major IoT and Connect Car projects of Latin América. Designed, tested, and reported security controls in IT and LTE networks. Project with international cooperation between Claro operations in Latin America and client from the US.

Managed security services of MSS SOC Symantec, Sonda IT; DCX/HPE Data Center; AWS; Azure. Provided gap analysis and remediation strategy development for IT security (TOP20 SANS/CIS), PCI-DSS and BCP Standards. Managment tools: Endpoint (SEP Symantec), Antispam (Brightmail/SMG Symantec) and SSL Certificates, PKI, HSM, SIEM (Symantec SSIM), VMware MDM, Oracle IDM Solution, Trend Deep security, Approved, Audited, and reviewed firewall rules. Vulnerability Management (CCSVM,; Rapid7; Qualys, Truskeeper).

PCI-DSS, design, and deploy security solution that met credit card industry standard. Coordinated Disaster Recovery Plan and Tests Plans of Intel/X86, Sun Solaris, and mainframe platforms used in credit cards processor for Visa Vale/Alelo e Bradesco Bank process. Provided fraud investigation and support Incident Response teams. Developed and maintained KPI with focus on IT security. Provided gap analysis, developed and implemented strategic of security to improvement BCP process: risk analysis, BIA, DRP

Provided vulnerability assessments at applications web (application security test) and infrastructure (penetration test). Developed information security baselines to use in DB, application server, web server, Linux, and windows. Developed and deployed firewall and VPN solutions. PCI-DSS: Deploy of SIEM (AlienVault OSSIM) and policies, controls, and cyber incident response planning.

Deployed overall Business Continuity program. Deployed and Developed BIA (business impact analysis), Crisis Management Plan, Communication Plan, Test and exercises Plan, Business Continuity Policy, and Audit program of Plans. Gap analysis and remediation strategy development for Business Continuity and Disaster Recovery using ISO22301, ISO27001. COBIT framework and best practices: ITIL, DRII, BCI. Process mapping and modelling.

Administered system, linux, windows server, networking and Telecom systems. Deployed and Managed Control panel solutions (Plesk Solution - Parallels group). Developed information security baselines to use in DB, application server, web server, linux, and windows.

Administered system, linux, windows server, networking and telecom systems Deployed and Managed Open Source LDAP, PROXY, Web Server, MySQL, Postgres, Backup, DNS, LTSP (Linux Terminal Service) Technical leadership in Open Source project, migrated from Windows platform to Linux Debian 3.2 (sarge) Stage in the communication solution in contingency C2 "combat" Basic stage of survival in the jungle Developed the Physical Risk Analysis Update process Managed security and guard the battalion and facilities

General English course.

Post graduation in CYBER SECURITY (Offensive and Defensive security)

Bachelor degree in Network Systems Administration Final project: Automated Malware Analysis using Cuckoo Sandbox