Select your language

I'm educated, experienced and effective information security consultant in Finland. I have hands-on skills and experience in current IT environments, additionally I'm able to communicate effectively with the management on information security risks and solutions.

I have full working proficiency in English and experience in working in international environments.

 

Owner, principal consultant, LAV Security Ltd, September 2006 -

  • Security champion in the financial sector, enabling software teams to shift security left: risk and threat modeling, security and privacy by design, security on the DevOps pipeline.
  • Tens of technical web application security audits, also including working with agile software teams.
  • Several technical infrastructure security audits: networks, servers, WLAN, phone applications (Android and USSD).
  • ISO/IEC 27001 security management consultancy. Key tasks: developing and running the risk management process, and auditing.
  • Lead consultant with Nixu Ltd on Finnish government minimum information security levels http://www.vm.fi/vm/en/04_publications_and_documents/01_publications/05_government_information_management/20101028Instru/name.jsp

  • Developed security specifications based on risk analysis for the Supermatrix project, which develops desktop virtualization services. Also developed and managed technical security configuration and firewall.

  • Project manager for a project developing a company internal WAN and its security policy. Key tasks included writing a Request for Tender, evaluating offers and recommending solutions.

  • I evaluated proposals and recommended a course of action for a client buying a managed security service.

  • Application development with Ruby on Rails / MySQL / Amazon EC2.

 

Chief Information Security Officer, Information Centre of the Ministry of Agriculture and Forestry (Tike) 2005 - 8/2006

  • Managing and developing all aspects of security in the organization (policies, incidents, audits etc) during position holder's maternity leave.

  • My main task was to deploy and develop further an BS7799 (currently ISO/IEC 27001) compliant security management system. That led to a successful certification audit in June 2006, where I was the responsible project manager.

  • Examples of other accomplishments:

    • Leader in several security risk assessments and analysis workshops, which directed either security spending or work focus for the whole organization.

    • I was tasked to raise the id card usage from minimal to acceptable level. I managed to raise the usage level from circa 20% to >80% with positive feedback and other soft methods.

    • I wrote or refined several security policies (e-mail usage policy, instant messaging policy, VPN policy) to meet new demands of the organization or government guidelines.

    • I created and negotiated a security supplement to a service level agreement in an outsourcing contract.    

 

Senior Security Consultant, Nixu Oy, 1995 - 2005

  • Lead consultant on many client projects, both on technical and administrative security issue

 

Education

  • degree in Computer Science, University of Helsinki


Certification:

  • GIAC Certified System and Network Auditor (GSNA), 2002-
  • Certified Information Systems Security Professional (CISSP), 2006-
  • ITIL Foundations, 2012-