E-mail: pece at predragtasevski.com
Web page: https://predragtasevski.com
Nationality: Macedonian and Bulgarian (EU Citizen)
OBJECTIVE RESEARCH INTERESTS
Predrag is a subject-matter expert (SME) with more than 12 years of cyber & IT security, cloud security, controls and compliance, risk assessment/management, cyber risk, awareness and blockchain projects. Worked as a Director, Head of IT Security, an ISO, and as a Senior Cloud Security Engineer and Consultant. He is certified as: ISO/IEC 27001 Audit, CyberSec First Responder, Project Management Professional (PMP), Scrum Master, MCT and Cloud Security Engineer. Holds an M.Sc. in Cyber Security and Post-Master in Security in Computer Systems and Communications. Founder Unicis 🚀.
June 2022 - present
Head of Cybersecurity mondu GmbH, Berlin, DE
February 2022 - May 2022
Director Cyber Security Spark Networks GmbH, Berlin, DE
- Attracting, developing, retaining, and demonstrating technical capability to the cyber security team and wider business
- Conducting an evaluation of company security posture, gaps, and executed a security program
- Collaborating with the business on developing security goals, metrics and ensured Information Security roadmap supports business goals
- Ensuring systems, processes, policies, and tools are aligned with the overall security strategy
- Set the vision and strategic direction of the security program and aligned to the best practice standards (NIST, ISO27K, etc.)
- Providing direction to the business on pragmatically managing cyber risks
- Challenging and educated business leaders and other business functions on cyber risks
- Lead regular security assessments to include internal & 3rd party audits, certification, penetration testing, vulnerability management, and incident response capability testing
- Implementing corrective actions resulting from vulnerability/penetration testing and audits
- Creating and managing an information security awareness training program for all employees, and contractors
- Ensuring that security program is continuously up-to-date facing both an ever-changing threat and evolving regulatory landscape
- Evaluating and leading certifications such as (SOC2, HIPAA, ISO 27K, GDPR, etc.)
- Successfully monitor security metrics and reporting KPIs to business leaders
September 2021 - February 2022
Head of IT Security FinTech, Berlin, DE
- Leader for IT security compliance and in charge of IT security program
- Oversee annual and ongoing risk assessment process, development, implementation and maintenance of policies and procedures
- Ensure that information security policies, standards, and procedures are up-to-date and apply risk minimisation: confidentiality, integrity, and availability (CIA)
- Initiate and promote information security awareness
- Evaluate security trends, evolving threats, risk and vulnerabilities and apply tools to reduce risk
- Address disaster recovery, business continuity, risk management and access controls
- Ensure the organisation complies with the administrative, technical and physical safeguards
- Collaborate with senior management and the compliance to govern the security program
December 2019 - February 2021
Information Security Officer (ISO), eyeo GmbH, Berlin, Germany
- Leaded and coordinated all information security initiatives
- Brief and advised senior management on information security topics
- Coordinated risk assessment and maintained ISMS (Information Security Management System)
- Developed and delivered security and awareness training
- Coordinated incident handling processes, vulnerability disclosure, and penetration testing
- Monitored threat landscape and adapt defence strategy
November 2018 - May 2019
Senior Cloud Security Engineer (Acting as a Head of IT-Security), Verimi GmbH, Berlin, Germany
- Defined and initiated security checklist/requirements/recommendations for software development (DEV) and cloud operations (DEV-OPS) teams
- Acted as point person discussing security gaps details for C-level, stakeholders, partners and vendor security questionnaires
- Enhanced and reinforced the security posture of cloud infrastructure, tools and services
- Designed security incident handling processes, monitoring and procedures
- Mitigated risk exposure and document the residual risk
- Wrote documentation for the technical implementation of eIDAS substantial level of assurance
- Determined implementation and compliance for QES requirements
- Defined penetration testing scope, code analysis and review
- Designed IT security concept and security culture
February 2018 - November 2018
Senior Security Consulting Consultant, Accenture GmbH, Berlin, Germany
Project 1: Role - Project: Cloud Security Advisor, Global Bank - Frankfurt
- Supported in digital transformation from on-premises into hybrid cloud solution readiness
- Established IaaS Security support inside the Cloud Foundation Cluster - by defining Cloud Computing Security Controls and establishing teamwork with multi-stakeholders (CIO and CISO)
Project 2: Global E-Commerce Traveling Agency
- Mitigated the GDPR HR assessment focused on organisational, application and access management (IAM) gap findings and provide remediation actions to improve IT security compliance
- Focused on the applications: Workday, SAP HR, and Greenhouse
March 2016 - February 2018
Business Functional Analyst/Security Controls Manager (Freier Berater), ENFINA- Security s.r.o, Eschborn, Frankfurt am Main, Germany
Project 1, Role: Business Functional Analyst (Freier Berater)
- Global Bank - Non Financial Risk Operation Team
- Deployed, maintained and managed two non-financial Risk Operation applications
- Acted role as an Information Technology Application Owner (ITAO)
- Migrated Oracle database servers from IBM to HP
- Worked with business stakeholders in ITIL and Agile process to meet the regulatory, compliance and technical requirements
- Enhanced the change assurance lifecycle - Systems Development Life Cycle (SDLC)
Project 2: Security Controls Manager (Freier Berater)
- Acted as SME for new prioritisation framework according to NIST Common Configuration Scoring System (CCSS) and documented Business Requirement Document (BRD)
- Strengthened the Security Configuration Control Management (SCCM) tool for IT security controls and compliance
- Enhanced implementation of security policies, technical implementation from: CyberArk, IDS/IPS solutions, server access control and vulnerability assessments and scanners
June 2012 - Present
Founder, CyberSecurity.mk, Kumanovo, N.Macedonia
- Consulting, Auditing, Forensics, Data Recovery, Training, and Security Intelligence Analysis
- Developed dynamic web content sites (Drupal, WordPress)
- Implemented: PKI solution, fuzz testing (web testing, network protocol testing, etc.) and real-time web filtering solutions, web filter and security, web proxy solutions
July 2014 - December 2014
Intern: Cyber Security Researcher, iWE, Sophia Antipolis, France
- Developed cyber security services: Incident Response, Digital Forensics, Cyber Audit, Cyber Risk Assessment and Pentesting
- Researched of a novel approach and tool for cyber risk assessment and audit projects within critical information infrastructure (CII)
- Designed and developed a Cloud Security Architecture – zero knowledge data at REST
Feb 2014 - Sep 2015
Visiting/Remote Lecture, University of Donja Gorica, Podgorica, Montenegro
- Developed, designed the scope and delivered a course study - remote lectures to a Master of Cyber Security studies on two subjects: cyber crime and digital forensics
- Two semesters spring 2014 and 2015
May 2009 - Aug 2010
Teacher/Admin, Narodna Technika, Kumanovo, N. Macedonia
- Designed and delivered programming and computer courses for different age groups.
- Performed System Administration tasks and involved in building security solution for ISP and Radius technology.
- Developed dynamic (WordPress, Drupal, CodeIgniter) and static web sites.
Dec 2008 - April 2009
Technical Author, INACON GmbH, Kriegsstrasse 154, 76133 Karlsruhe, Germany
- Designed and wrote technical product documentation for GPRS/UMTS & LTE telecommunication protocol and implementation in Wireshark application for troubleshooting
May 2007 - Oct 2008
Team Manager Class, Stream International Bulgaria, Business Park Sofia Building 3, Bulgaria
- Designed, developed and delivered trainings for more than 100 personnel for: customer (tier 1), technical (tier 2 & 3), tools and process training for Microsoft products.
- Coached and delivered first help support for advanced troubleshoot issues
2013 - 2015
Post-Master (Diplôme d’Ingénieur de specialisation) in Security in Computer Systems and Communications
EURECOM – Campus Sophia Tech, Biot France
Awarded with scholarship Labex UCN@SOPHIA
2010 - 2012
Master of Science in Engineering, Concentration: Cyber Security
Tallinn University of Technology (TTU) and Tartu University, Estonia
Awarded with scholarship DoRa 9
Title of Thesis
Interactive Cyber Security Awareness Program - ICSAP
2003 - 2009
Bachelor degree in Informatics
New Bulgarian University, Sofia, Bulgaria
Title of Thesis
2002 - 2003
High School in Informatics
Champlin Park High School, Minnesota, USA
Is an application developed in Java platform programming language as on purpose of no additional requirements of library or platform independence. Messenger-Pigeon is an application with client-server software architecture. The interface it is very simple and easy to use for all different ages. It is simple and easy of configuration and setup the server with the two different database sources (ODBC and MySQL). Messenger-Pigeon as an LAN Chatting Messenger can be used in business and home environment.
Course Management System
ICSAP is prototype web based application for the management of the syllabus. CMS or in other words Learning Management System (LMS) is a software application for administration, documentation, tracking records, scoreboard and reporting of training program and training content. The prototype system is developed in CodeIgniter, PHP framework and additionally MySQL relation database management system.
Is an awareness wizard application to deliver to any end-users, companies, mobile providers, etc. security solution for their mobile and portable devices that run Android.
NATO Advanced Research Workshop: Encouraging Cyber Security Awareness in the Balkans
- Co-director of Advanced Research Workshop (ISEG.EAP.ARW.984799) held on 17-19 of March 2015, Skopje, Macedonia
- Write the project and gather a scientists and experts from academy, social societies and well-known experts in the field of cyber security, cyber warfare, information security from the region and NATO partner countries
Cybersecurity in the Western Balkans: Policy gaps and cooperation opportunities (Researcher)
- Author on the report on cybersecurity cooperation in the Western Balkans implemented with the support of the Federal Department of Foreign Affairs of Switzerland, in partnership with the Geneva Centre for the Democratic Control of Armed Forces (DCAF). Full report available at DiploFoundation
NATO Advanced Research Workshop: Benchmarking Telemedicine: Improving Health Security in the Balkans
- Co-director of Advanced Research Workshop (ISEG.EAP.ARW.985183), held on 15-17 of November 2016, Skopje, Macedonia
- Write and design the project, and collect and gather a Scientists and experts among well-known healthcare leaders from: government, military, NGOs and public and private sector from NATO members and partner countries
Implementation and improvement of e-Health system in Macedonia
- Designed and improved implementation of current e-health system in Macedonia, within PKI support and smartcard
- Analysis of current – As-Is analysis,
- Benchmarking with international solutions,
- To Be with cost-benefit analysis and
- Technical specification
NATO Advanced Research Workshop: Fundamental readiness in Cyber Defence in the Balkans (FRCDB)
- Co-director of Advanced Research Workshop (ISEG.EAP.ARW.G5515), held on 17-19 of October 2018, Belgrade, Serbia
- Write and design the project, and collect and gather a Scientists and experts among well-known Subject-matter experts from: government, military, NGOs, research and development, education and public and private sector from NATO members and partner countries
Messenger-Pigeon; ISBN-10: 3838391314; ISBN-13: 978-3838391311
Interactive Cyber Security Awareness Program; ISBN 978-3-659-20798-3
Password Attacks and Generation Strategies, Tartu University, Estonia.
Security Risk Assessment article, PenTest Magazine Audit and Stand: IS Risk Assessment Measurement; Issue 07/2012 August; ISSN 2084-1116; page 70.
Web Servers Analysis under DoS Attacks, Secure Your Mobile, Protect Your Network and Hack More with Hakin9 11/2012!; ISSN 1733-178; page 66.
Frequently-Occurring Security Incidents, The 10th Conference for Informatics and Information Technology (CIIT 2013) , Faculty of Computer Science and Engineering, Macedonia.
Methodological Approach to Security Awareness, CyberSecurity for the Next Generation. Politechnico di Milano, Italy.
Macedonian Path Towards Cybersecurity, Information & Security: An International Journal, vol. 32, issue 1, 2015, In Press.
IT and Cyber Security Awareness – Raising Campaigns, Information & Security: An International Journal, vol. 34 (2015).
Cybersecurity in the Western Balkans: Policy gaps and cooperation opportunities, DiploFoundation, Geneva, Research report under the project "Cybersecurity Capacity Building and Research Programme for South - Eastern Europe" implemented with the support of the Federal Department of Foreign Affairs of Switzerland.
English, Bulgarian, Serbian and Croatian
French, Russian, Estonian, German
Languages & Libraries
- Text :: Org-mode, LaTeX, Markdown, Emacs, Lyx, Libre/MS Office
- Graphics :: Gimp, Inkscape, FreeMind, Dia
Good experience with system administration on Debian & RPM based systems and Bash scripting.
Industry Contributor CyberSec First Responder (CFR), February 28, 2022.
Project Management, Scrum and Agile
Certified Project Manager. Nov. 05, 2019. Certificated ID: 19213.
Certified Senior Scrum Master. September 24, 2019. Certificate ID: 19209.
Lead/External Auditor for Information Security Management Systems /ISO/IEC 27001:2005/, June 2013, Certificate No. 026/ISMS/2013
MCT (Microsoft Certified Trainer) Mar 10, 2009 Microsoft Certified Professional ID 6083756:
Microsoft Certified IT Professional Apr 08, 2008
Enterprise Support Technician Apr 08, 2008
Microsoft Certified Technology Specialist Apr 08, 2008
Microsoft Windows Vista: Configuration Apr 08, 2008
Microsoft Certified Desktop Support Technician Feb 29, 2008
Microsoft Windows XP Feb 29, 2008
- Contact Coaching Coach Jun 06, 2008, School of Leadership Training in Stream University Stream Super Stars from Colleague
- Starting a Business v2.1, Yes Incubator, November 2012
- The Cybersecurity Imperative: An Agency’s Toolbox for Secure Data July 26 2013
- Coursera, University Leiden. Terrorism and Counterterrorism: Comparing Theory and Practice. Feb. 26, 2014
- Coursera, University Leiden. Terrorism and Counter-terrorism: Comparing Theory and Practice. Feb. 26, 2014
- Coursera: Google Cloud. Google Cloud Platform Fundamentals: Core Infrastructure. Sep. 2018
- Coursera: Google Cloud. Essential Cloud Infrastructure: Core Services. Sep. 2018
- Coursera: Google Cloud. Essential Cloud Infrastructure Foundation. Sep. 2018
- Coursera: Google Cloud. Elastic Cloud Infrastructure: Scaling and Automation. Sep. 2018
- Coursera: Google Cloud. Elastic Cloud Infrastructure: Containers and Services. Sep. 2018
- Coursera: Google Cloud. Managing Security in Google Cloud Platform. Jun. 2019
- Amazon training: Introduction to AWS Lambda. Aug. 2018
- Amazon training: Introduction to Amazon Elastic Load Balancer - Classic. Aug. 2018
- Amazon training: Introduction to Amazon Elastic Load Balancer - Application. Aug 2018
- Amazon training: Introduction to Amazon Elastic Container Service. Aug 2018
- Amazon training: Introduction to Amazon Elastic Compute Cloud (EC2). Aug. 2018
- Amazon training: AWS Compute Services Overview. Aug. 2018
- Amazon training: AWS Security Fundamentals. Sep. 2018
- CyberArk Training: Introduction to CyberArk Privileged Access Security Course. Aug. 2018
- CyberArk Training: CyberArk Certified Trustee. Aug. 2018
Talks/Speaker & Community Service
ACTA - ACTIVE CITIZENS TAKE ACTION, Maribor, Slovenia. Presenting topic: Bullying of digital divide or not?.
Belgrade Security Forum 2013, Belgrade, Serbia. Topic: Assuring Cyber-Security in the Western Balkans and the Rest of Europe: Roles and Responsibilities of Institutions, Industry and Users? (in cooperation with DCAF)
Smart Defense and Open – Door Policy – New Synergies for Euro – Atlantic Security, Sofia, Bulgaria. Topic: Collective Cyber Defence – The Role of Newer Members and Opportunities for Specialization of Bulgaria in the Alliance Questions and answers. Organized by representation of the European Commission in Bulgaria.
Topic: Methodological Approach to Security Awareness, Kaspersky - CyberSecurity for the Next Generation 2014, EU Round. Politecnico di Milano, Italy
NATO ARW, Strengthening Cyber Defense for Critical Infrastructure, Kiev, Ukraine. Presented topic: Standards for Information Security are inappropriate fashion to assess the risk in private companies and elsewhere.
DCAF Young Faces Network 2014. Young Faces Network Cybersecurity Winter School for the Western Balkans. Petnica, Serbia, 1 to 5 December 2014. Delivering lectures on two topics: How the Internet works and Introduction to cybersecurity threats and risks.
NATO ARW (ISEG.EAP.ARW.984799), Encouraging Cyber Security Awareness in the Balkans, presenting: /Cyber security awareness among the Balkan Countries and the rest of the world/, 17-19 March 2015, Skopje, Macedonia.
Geneva Internet Platform (GIP): Fighting Cybercrime through closer International Cooperation, presenting at Cybersecurity Lab
- Internet governance in Bangkok, presenting DoS/DDoS attacks at Cybersecurity Lab.
- TEDxBASSalon topic Open Data & the Hacking Movement, 24 September at Business Academy Smilevski, Skopje.
- CyberLab and video scenario, OSCE Chairmanship Event on Effective Strategies to Cyber/ICT Security Threats. 29-30 October 2015, Belgrade Serbia.
- Cyber.Lab, DiploFoundation at 22nd OSCE Ministerial Council. 3-4 December 2015. Belgrade, Serbia. Link: 22nd OSCE Ministerial Council.
- NATO (ISEG.EAP.ARW.985183), Benchmarking Telemedicine: Improving Health Security in the Balkans . Panel discussion: Cyber security for the implementation of telemedicine: threats, best practices, information sharing, presenting: Telemedicine: Cyber Security Threats and Best Practice, 15 - 17 November 2016 Skopje, Macedonia.
- SEEDIG - South Eastern European Dialogue on Internet Governance. 24 - 25 May 2017 Ohrid, Maceodnia. Presenting: Mobile security and pentesting.
- SECOND REGIONAL INTERNET FREEDOM SUMMIT, AMERICAN BAR ASSOCIATION RULE OF LAW INITIATIVE’S (ABA ROLI’S). Development and Enhancement of Legal Frameworks in Eastern Europe and Eurasia to Protect Internet Freedom Program. 21 - 25 March, Struga, Macedonia. Presenting: Cybersecurity Challenges for 2018.
- 4TH SEEDIG MEETING, 23–24 MAY 2018, Ljubljana, Slovenia. Session 5: Securing all data. Cybersecurity: National frameworks and regional cooperation.
- 28th Economic Forum. Krynica-Zdroj, Poland, 4-6 September. Discussion panel: Developing an Innovative Nationwide Education for Cyber Security.
- Economic Forum of Young Leaders 2018, Nowy Sacz, Poland. September 3-7, 2018. Panel discussion: Enterprises in the world of smart products ‒ Industry 4.0 technologies at your fingertips.
- NATO ARW, Fundamental readiness in Cyber Defence in the Balkans (FRCDB), 17-19 October 2018, Belgrade, Serbia. Cyber Security in the Western Balkans: Policy Gaps and Cooperation Opportunities.
- IGF MKD, SECOND ANNUAL INTERNET GOVERNANCE FORUM MACEDONIA, 31.10.2018, Skopje, Macedonia. Cyber Security retrospective in Macedonia (Technical community).
For more talks past and future please see the following page talks.
Organized and participate at Eurocrypt 2011, Tallinn, Estonia
3rd International Conference on Cyber Conflict, organized by NATO Cooperative Cyber Defence Centre of Excellence, Tallinn, Estonia.
Stockholm Internet Forum 2013, Stockholm, Sweden.
Regional Euro Atlantic Camp – REACT 2013, Plav, Montenegro. /Moderator/.
Stockholm Internet Forum 2014, Stockholm, Sweden.
EvoCS: Evolving Concepts of Security – Values, Perceptions, Threats across Four European Regions, Final conference 10 November 2015, Brussels, Belgium.
October 26-30, 2016
ABA ROLI Regional E&E Internet Freedom Summit. Ohrid. Macedonia.
Programme Committee for SEEDIG 6.
Co-Founder of Internet Governance Forum Macedonia (IGF-MKD).
ICANN Southeast Europe.
Cyber Security Expert at Research Centre for Security Defence and Peace, Macedonia.
Mentor at Startup - Academy for Young Entrepreneurs.
Macedonian representative of DiploFoundation.
Blogger at ResPublica Macedonia - academical blogging platform.
Bulgarian Euro - Atlantic Youth Club, Bulgaria.
Cyber Security Advisor at Kyberturvallisuus RY - Finland Cyber Security Association.
Internet Society (ISOC) Member ID: 130447.
IEEE, Member Number: 93817940:
- Cybersecurity Community, IEEE.
- Security and Privacy, IEEE Computer Society Technical Committee on
- e-Government, IEEE Computer Society Technical Community on
- Cloud Computing Community, IEEE
- Internet Technology Policy Community, IEEE