Effective and efficient Security professional. Experienced in a large enterprise environment and a rapidly growing company. Capable of organizing, facilitating, and performing Security services, managing customers’ and stakeholders’ expectations. Proven ability to work autonomously and deliver results in line with organization and department goals.
– Qualys SSL labs.
– Scripting languages: PowerShell, Python.
– Experience with serverless solutions.
– API testing.
OWASP member. Certified in AWS.
Akademia Pedagogiczna im. Komisji Edukacji Narodowej w Krakowie
Bachelor’s degree in Mathematics
Work and Experience
Information Security Analyst
October | 2020 - July | 2021
– Work with on-prem and cloud-native security tools (Splunk, CIS scanner, etc.).
– Help build a culture of security through continual advocacy and knowledge-sharing sessions with my technical and non-technical colleagues.
– Run regular security awareness sessions. Designed training plan for onboarding.
– Work with the development teams to set up automation tooling as part of DevSecOps process.
– Manage vendors through engagements such as third-party vulnerability assessments.
– Designed business-process of remediation of security findings and communicated it to stakeholders.
– Validate remediations of vulnerability findings (toolset: nmap, sqlman, burp, burp collaborator)
– Involved in internal and external audits.
October | 2016 - July | 2021
Contributed to Poland wide volunteer program related to visiting ill kids in hospitals in clown costume.
InfoSec Analyst System Integration
December | 2018 - September | 2020
Philip Morris International
Providing IT security expertise throughout the implementation of new cloud-based SaaS/PaaS systems by:
– Performing security due diligence of potential vendors.
– Designing and documenting authorization concept (users and roles definition) in line with security requirements and best practices.
– Integrating with company’s identity and access management (IAM) system.
– Identity and access management implementation.
– Performing criticality and risk assessments of services and systems together with business customers and embedding mitigating controls.
– Performing vulnerability scans / penetration tests for web-based applications inline with OWASP methodology.
– Facilitating security scans performed by third party contractors: set-up scope, review the results, follow up remediation steps.
– Assuring system compliance with corporate policies & procedures, FDA GxP regulations or/and EU General Data Protection Regulation (GDPR).
Experience with security design for below systems:
– AWS based solutions (including serverless solutions).
– SAP Power Designer.
– Power BI.
– Telegram Bots.
Trainer for programming and informatics.
Trainer for programming and informatics
December | 2017 - December | 2018
– Provide beginners programming training courses in Python, Java, Pascal and C++ to Polish pupils.
– Use Scratch and code.org resources for smallest kids (from 4 to 13 y.o.).
March | 2009 - December | 2018
Personal tutoring in areas of higher Math, Informatics, Statistics and Programming for Students
January | 2008 - May | 2012
Advita Fund USA
Took part in fundraising activities for cancer patients in Russia