Enrique Cervantes CV [ENG]

About

I am a passionate senior cybersecurity professional with a proven track record of working with multinational corporations such as Telefónica, IBM, Accenture, Orange, and Repsol. Over the course of my career, I have assisted companies from various industries, including banking, retail, telecommunications, pharmaceuticals, and oil & gas, in improving their cybersecurity posture. I have achieved this by defining secure architectures for prevention and utilizing my experience to detect and solve security issues. Currently, I am focused on managing cybersecurity in fintech at Fintonic, one of the largest startups in Spain. This role presents a significant challenge, but I am excited to tackle it head-on.

On the technical side, I specialize in bringing security to Software Development Lifecycle (SDLC), designing authentication and authorization software architectures, and managing cybersecurity in complex multi-cloud environments, including container-based systems, with a focus on cloud-native security technology.

In addition to my technical expertise, I possess strong communication and leadership skills, allowing me to effectively communicate cybersecurity issues to C-level executives and developers alike. I am experienced in compliance and management, ensuring that all stakeholders are informed and up-to-date.

I am honored to have been recognized as one of the TOP50 CISOs to watch in 2023 worldwide by the cybersecurity company, Lacework.

In conclusion, I am passionate about my work in cybersecurity and am always eager to learn and grow in this ever-changing field.

Career

10/2021 - today: Fintonic - Chief Information Security Officer

• Head of cybersecurity including Governance, SecOps and Secure software architectures design for complex cloud environments
• Cyberrisk and Cyber-intellingence management
• Certification of PCI-DSS

05/2019 - 10/2021: Repsol - IT Security Architect & Head of Cybersecurity Hub

• Head of Cybersecurity Hub: ITSecurity Architecture Innovation team
• IT Architecture design and validation
• Cloud Security (CSPM, CWPP, PAM, Monitoring)
• DevSecOps Architecture design (SAST, DAST, SCA, IaC Analysis, Container security)

08/2018 - 05/2019: Orange Bank - Responsible of IT Security

• Public Cloud banking security architecture design (Access, PAM, Third party integrations…) from scratch
• Application Security at SDLC (Microservices environment) - SAST, DAST, Dependency Analysis
• RASP
• Container security
• AuthX (OIDC / Oauth2 ) Flow definition & architecture design (PSD2 XS2AFramework)
• IT Support for Fraud Prevention

03/2017 - 08/2018: Accenture - Security Consultant

• Security Architect focused on technological Innovation of legacy platforms using Microservices
• Security Consultant focused on Application Security:
• SAST - Fortify - Custom rules edition
• Integration of security controls on SDLC pipelines
• Runtime Application Self Protection: Waratek, Contrast Security, Hdiv

01/2015 - 03/2017: IBM - IT Architect (Security)

• IT Security Architecture in a wide variety of projects including banking, pharma, retail…
• Federated Identity Architecture Design: oAuth / OpenID Connect
• Project Managment

07/2014 - 01/2015: Telefónica - IT Specialist - Movilforum

• Working with the software lab of movilforum as Security Specialist, identifiying potential partners among start-ups

01/2014 - 07/2014: Freelance - Developer & Security

• Main projects as freelance: Android application integrated with Django Web Application and VOIP infrastructures. Infosec Consulting

06/2013 - 12/2013: Maeco Beijing - IT Manager

• Installation and hardening of a web server.
• Design and development of a database in SAP format for personal and tools management.
• Coordination of employees dedicated to networking and hardware support.

09/2012 - 05/2013: Stonework Solutions - Security & I+D

• Monitoring scripts devolopment and integration (Python and Bash)
• Installation and maintenance of Ossim SIEM tool. Including creation and modification of correlation rules and Snort policies.
• Real-time tools development for Asterisk VoIP switches traffic monitoring (Python)
• Security pentesting tasks both for internal and external customers.

07/2011 - 09/2012: T.E. Pablo Cervantes, S.L. - Industrial Software Developer

• Freelance work in several proyects of the company, including:
• Design, development, deployment and hardening of web applications for industrial environments.
• Installation of SCADA tools: Siemens and Schneider Electric.

Lecturer & Speaker

Professor / Mentorship:

• Collaboration in creation of new Master Programme about cybersecurity - Universidad Politécnica Nebrija (2023)
• Lecturer at IT Supply Chain Risk Management course covering “Innovation” topic - ISMS Forum (2022 Two editions)
• Mentor at Cybersecurity bootcamp covering “Cloud Security” - Upgrade Hub (2019)
• Collaboration in Cybersecurity awarness training - Sagardoy Business School (2021)

Talks:

• CiberTodos2022 - ISACA (2022)
• DevSecOps Leadership Forum (2019, 2020, 2022)
• Café con Expertos [DevSecOps] - ISMS Forum (2021)
• “Embracing New Security Paradigms for the Cloud Era” - BrightTalk (2022)
• Madrid Cyber Security Hub (2021)
• Secure Payments & ID Congress - IFAES (2021, 2022)
• Ciberseguridad Expo - IFAES (2022)
• #ForoITDS - SASE - IT Digital Media Group (2022)
• Cybersecurity & Identification 2022 - IKN Spain (2022)
• “General Trends in Cybersecurity” - TIS Tourism Innovation Summit (2022)
• E-Crime & Cybersecurity - AKJ Associates (2022)
• “DevSecOps and Application Security” - XXIV Jornada Internacional de Seguridad de la Información ISMS Forum (2022)
• “Privacy Day” - ENATIC (2023)
• Cybersecurity Forum 2023 - IDC /Foundry (2023)

See Linkedin.