I'm educated, experienced and effective information security consultant in Finland. I have hands-on skills and experience in current IT environments, additionally I'm able to communicate effectively with the management on information security risks and solutions.
I have full working proficiency in English and experience in working in international environments.
Owner, principal consultant, LAV Security Ltd, September 2006 -
- Security champion in the financial sector, enabling software teams to shift security left: risk and threat modeling, security and privacy by design, security on the DevOps pipeline.
- Tens of technical web application security audits, also including working with agile software teams.
- Several technical infrastructure security audits: networks, servers, WLAN, phone applications (Android and USSD).
- ISO/IEC 27001 security management consultancy. Key tasks: developing and running the risk management process, and auditing.
-
Lead consultant with Nixu Ltd on Finnish government minimum information security levels http://www.vm.fi/vm/en/04_publications_and_documents/01_publications/05_government_information_management/20101028Instru/name.jsp
-
Developed security specifications based on risk analysis for the Supermatrix project, which develops desktop virtualization services. Also developed and managed technical security configuration and firewall.
-
Project manager for a project developing a company internal WAN and its security policy. Key tasks included writing a Request for Tender, evaluating offers and recommending solutions.
-
I evaluated proposals and recommended a course of action for a client buying a managed security service.
-
Application development with Ruby on Rails / MySQL / Amazon EC2.
Chief Information Security Officer, Information Centre of the Ministry of Agriculture and Forestry (Tike) 2005 - 8/2006
-
Managing and developing all aspects of security in the organization (policies, incidents, audits etc) during position holder's maternity leave.
-
My main task was to deploy and develop further an BS7799 (currently ISO/IEC 27001) compliant security management system. That led to a successful certification audit in June 2006, where I was the responsible project manager.
-
Examples of other accomplishments:
-
Leader in several security risk assessments and analysis workshops, which directed either security spending or work focus for the whole organization.
-
I was tasked to raise the id card usage from minimal to acceptable level. I managed to raise the usage level from circa 20% to >80% with positive feedback and other soft methods.
-
I wrote or refined several security policies (e-mail usage policy, instant messaging policy, VPN policy) to meet new demands of the organization or government guidelines.
-
I created and negotiated a security supplement to a service level agreement in an outsourcing contract.
-
Senior Security Consultant, Nixu Oy, 1995 - 2005
- Lead consultant on many client projects, both on technical and administrative security issue
Education
- degree in Computer Science, University of Helsinki
Certification:
- GIAC Certified System and Network Auditor (GSNA), 2002-
- Certified Information Systems Security Professional (CISSP), 2006-
- ITIL Foundations, 2012-