I'm educated, experienced and effective information security consultant in Finland. I have hands-on skills and experience in current IT environments, additionally I'm able to communicate effectively with the management on information security risks and solutions.
I have full working proficiency in English and experience in working in international environments.
Owner, principal consultant, LAV Security Ltd, September 2006 -
- Security champion in the financial sector, enabling software teams to shift security left: risk and threat modeling, security and privacy by design, security on the DevOps pipeline.
- Tens of technical web application security audits, also including working with agile software teams.
- Several technical infrastructure security audits: networks, servers, WLAN, phone applications (Android and USSD).
- ISO/IEC 27001 security management consultancy. Key tasks: developing and running the risk management process, and auditing.
Lead consultant with Nixu Ltd on Finnish government minimum information security levels http://www.vm.fi/vm/en/04_publications_and_documents/01_publications/05_government_information_management/20101028Instru/name.jsp
Developed security specifications based on risk analysis for the Supermatrix project, which develops desktop virtualization services. Also developed and managed technical security configuration and firewall.
Project manager for a project developing a company internal WAN and its security policy. Key tasks included writing a Request for Tender, evaluating offers and recommending solutions.
I evaluated proposals and recommended a course of action for a client buying a managed security service.
Application development with Ruby on Rails / MySQL / Amazon EC2.
Chief Information Security Officer, Information Centre of the Ministry of Agriculture and Forestry (Tike) 2005 - 8/2006
Managing and developing all aspects of security in the organization (policies, incidents, audits etc) during position holder's maternity leave.
My main task was to deploy and develop further an BS7799 (currently ISO/IEC 27001) compliant security management system. That led to a successful certification audit in June 2006, where I was the responsible project manager.
Examples of other accomplishments:
Leader in several security risk assessments and analysis workshops, which directed either security spending or work focus for the whole organization.
I was tasked to raise the id card usage from minimal to acceptable level. I managed to raise the usage level from circa 20% to >80% with positive feedback and other soft methods.
I wrote or refined several security policies (e-mail usage policy, instant messaging policy, VPN policy) to meet new demands of the organization or government guidelines.
I created and negotiated a security supplement to a service level agreement in an outsourcing contract.
Senior Security Consultant, Nixu Oy, 1995 - 2005
- Lead consultant on many client projects, both on technical and administrative security issue
- degree in Computer Science, University of Helsinki
- GIAC Certified System and Network Auditor (GSNA), 2002-
- Certified Information Systems Security Professional (CISSP), 2006-
- ITIL Foundations, 2012-