CV

E-mail: pece at predragtasevski.com

Web page: https://predragtasevski.com

Nationality: Macedonian and Bulgarian (EU Citizen)

OBJECTIVE RESEARCH INTERESTS

Predrag has over 13 years of experience in cyber & IT security, cloud security, controls and compliance, risk assessment/management, cyber risk, awareness, and blockchain projects. Worked as a Director, Head of IT Security, ISO, Senior Cloud Security Engineer, and Consultant. He is an ISO/IEC 27001 & ISO/EC 20000-1:2018 Auditor, Data Protection Officer (DPO), CyberSec First Responder, Project Management Professional (PMP), Scrum Master, MCT, and Cloud Security Engineer. He has a master's degree in cyber security and a post-degree master's in security in computer systems and communications. Predrag is the creator of a side project Unicis 🚀.

EXPERIENCE

June 2022 - present

Head of Cybersecurity Mondu GmbH, Berlin, DE

• Provide specialist advise regarding IT/cyber security, privacy topics to information management practices.
• Coordinate the development and implementation of compliance, practices including policies, standards, guidelines and processes to achieve ISO/IEC 27001 certification.
• Assist organization teams to identify their information needs, requirements, and responsibilities.
• Protecting proprietary information and assets of the company, including the data of clients and customers by ensuring that Information and Communication Technology (ICT) and information management are aligned it the company strategic goals.
• Contact person for other executives and leads to make sure the company is growing in a responsible and ethical manner about security and identify opportunity for information sharing and cross collaboration on projects and initiatives.
• Develop policies, procedures and standards to ensure the security, confidentiality, and privacy of information.
• Monitor and report on any information intrusion incidents and activate strategies to prevent further incidents.
• Lead vulnerability, security research and penetration testing audits. And ensuring their compliance and report situations of non-compliance.
• Defining and implementing appropriate safeguards to ensure the confidentiality, integrity, and availability of the information asset.

February 2022 - May 2022

Director Cyber Security Spark Networks GmbH, Berlin, DE

• Attracting, developing, retaining, and demonstrating technical capability to the cyber security team and wider business
• Conducting an evaluation of company security posture, gaps, and executed a security program
• Collaborating with the business on developing security goals, metrics and ensured Information Security roadmap supports business goals
• Ensuring systems, processes, policies, and tools are aligned with the overall security strategy
• Set the vision and strategic direction of the security program and aligned to the best practice standards (NIST, ISO27K, etc.)
• Providing direction to the business on pragmatically managing cyber risks
• Challenging and educated business leaders and other business functions on cyber risks
• Lead regular security assessments to include internal & 3rd party audits, certification, penetration testing, vulnerability management, and incident response capability testing
• Implementing corrective actions resulting from vulnerability/penetration testing and audits
• Creating and managing an information security awareness training program for all employees, and contractors
• Ensuring that security program is continuously up-to-date facing both an ever-changing threat and evolving regulatory landscape
• Evaluating and leading certifications such as (SOC2, HIPAA, ISO 27K, GDPR, etc.)
• Successfully monitor security metrics and reporting KPIs to business leaders

September 2021 - February 2022

Head of IT Security FinTech, Berlin, DE

• Leader for IT security compliance and in charge of IT security program
• Oversee annual and ongoing risk assessment process, development, implementation and maintenance of policies and procedures
• Ensure that information security policies, standards, and procedures are up-to-date and apply risk minimisation: confidentiality, integrity, and availability (CIA)
• Initiate and promote information security awareness
• Evaluate security trends, evolving threats, risk and vulnerabilities and apply tools to reduce risk
• Address disaster recovery, business continuity, risk management and access controls
• Ensure the organisation complies with the administrative, technical and physical safeguards
• Collaborate with senior management and the compliance to govern the security program

December 2019 - February 2021

Information Security Officer (ISO), eyeo GmbH, Berlin, Germany

• Leaded and coordinated all information security initiatives
• Brief and advised senior management on information security topics
• Coordinated risk assessment and maintained ISMS (Information Security Management System)
• Developed and delivered security and awareness training
• Coordinated incident handling processes, vulnerability disclosure, and penetration testing
• Monitored threat landscape and adapt defence strategy

November 2018 - May 2019

Senior Cloud Security Engineer (Acting as a Head of IT-Security), Verimi GmbH, Berlin, Germany

• Defined and initiated security checklist/requirements/recommendations for software development (DEV) and cloud operations (DEV-OPS) teams
• Defined security compliance, privacy policy procedures and establish control framework
• Acted as point person discussing security gaps details for C-level, stakeholders, partners and vendor security questionnaires
• Enhanced and reinforced the security posture of cloud infrastructure, tools and services
• Designed security incident handling processes, monitoring and procedures
• Mitigated risk exposure and document the residual risk
• Wrote documentation for the technical implementation of eIDAS substantial level of assurance
• Determined implementation and compliance for QES requirements
• Defined penetration testing scope, code analysis and review
• Designed IT security concept and security culture

February 2018 - November 2018

Senior Security Consulting Consultant, Accenture GmbH, Berlin, Germany

Project 1: Role - Project: Cloud Security Advisor, Global Bank - Frankfurt

• Supported in digital transformation from on-premises into hybrid cloud solution readiness
• Established IaaS Security support inside the Cloud Foundation Cluster - by defining Cloud Computing Security Controls and establishing teamwork with multi-stakeholders (CIO and CISO)

Project 2: Global E-Commerce Traveling Agency

• Mitigated the GDPR HR assessment focused on organisational, application and access management (IAM) gap findings and provide remediation actions to improve IT security compliance
• Focused on the applications: Workday, SAP HR, and Greenhouse

March 2016 - February 2018

Business Functional Analyst/Security Controls Manager (Freier Berater), ENFINA- Security s.r.o, Eschborn, Frankfurt am Main, Germany

Project 1, Role: Business Functional Analyst (Freier Berater)

• Global Bank - Non Financial Risk Operation Team
• Deployed, maintained and managed two non-financial Risk Operation applications
• Acted role as an Information Technology Application Owner (ITAO)
• Migrated Oracle database servers from IBM to HP
• Worked with business stakeholders in ITIL and Agile process to meet the regulatory, compliance and technical requirements
• Enhanced the change assurance lifecycle - Systems Development Life Cycle (SDLC)

Project 2: Security Controls Manager (Freier Berater)

• Acted as SME for new prioritisation framework according to NIST Common Configuration Scoring System (CCSS) and documented Business Requirement Document (BRD)
• Strengthened the Security Configuration Control Management (SCCM) tool for IT security controls and compliance
• Enhanced implementation of security policies, technical implementation from: CyberArk, IDS/IPS solutions, server access control and vulnerability assessments and scanners

June 2012 - Present

Founder, CyberSecurity.mk, Kumanovo, N.Macedonia

• Consulting, Auditing, Forensics, Data Recovery, Training, and Security Intelligence Analysis
• Developed dynamic web content sites (Drupal, WordPress)
• Implemented: PKI solution, fuzz testing (web testing, network protocol testing, etc.) and real-time web filtering solutions, web filter and security, web proxy solutions

July 2014 - December 2014

Intern: Cyber Security Researcher, iWE, Sophia Antipolis, France

• Developed cyber security services: Incident Response, Digital Forensics, Cyber Audit, Cyber Risk Assessment and Pentesting
• Researched of a novel approach and tool for cyber risk assessment and audit projects within critical information infrastructure (CII)
• Designed and developed a Cloud Security Architecture – zero knowledge data at REST

Feb 2014 - Sep 2015

Visiting/Remote Lecture, University of Donja Gorica, Podgorica, Montenegro

• Developed, designed the scope and delivered a course study - remote lectures to a Master of Cyber Security studies on two subjects: cyber crime and digital forensics
• Two semesters spring 2014 and 2015

May 2009 - Aug 2010

Teacher/Admin, Narodna Technika, Kumanovo, N. Macedonia

• Designed and delivered programming and computer courses for different age groups.
• Performed System Administration tasks and involved in building security solution for ISP and Radius technology.
• Developed dynamic (WordPress, Drupal, CodeIgniter) and static web sites.

Dec 2008 - April 2009

Technical Author, INACON GmbH, Kriegsstrasse 154, 76133 Karlsruhe, Germany

• Designed and wrote technical product documentation for GPRS/UMTS & LTE telecommunication protocol and implementation in Wireshark application for troubleshooting

May 2007 - Oct 2008

Team Manager Class, Stream International Bulgaria, Business Park Sofia Building 3, Bulgaria

• Designed, developed and delivered trainings for more than 100 personnel for: customer (tier 1), technical (tier 2 & 3), tools and process training for Microsoft products.
• Coached and delivered first help support for advanced troubleshoot issues

EDUCATION

2013 - 2015

Post-Master (Diplôme d’Ingénieur de specialisation) in Security in Computer Systems and Communications

Institution

EURECOM – Campus Sophia Tech, Biot France

Scholarship

Awarded with scholarship Labex UCN@SOPHIA

2010 - 2012

Master of Science in Engineering, Concentration: Cyber Security

Institution

Tallinn University of Technology (TTU) and Tartu University, Estonia

Scholarship

Awarded with scholarship DoRa 9

Title of Thesis

Interactive Cyber Security Awareness Program - ICSAP

2003 - 2009

Bachelor degree in Informatics

Institution

New Bulgarian University, Sofia, Bulgaria

Title of Thesis

Messenger-Pigeon

2002 - 2003

High School in Informatics

Institution

Champlin Park High School, Minnesota, USA

PROJECTS

Unicis.Tech

Unicis.Tech is a micro-SaaS start-up that was established during the pandemic. We are dedicated to offering comprehensive solutions for legal, privacy, security, and compliance teams. Our commitment to this purpose is demonstrated through our provision of complimentary access to our apps for the Atlassian Cloud Platform and Software-as-a-Service tools.

Link: Unicis.Tech OÜ.

Messenger-Pigeon

Is an application developed in Java platform programming language as on purpose of no additional requirements of library or platform independence. Messenger-Pigeon is an application with client-server software architecture. The interface it is very simple and easy to use for all different ages. It is simple and easy of configuration and setup the server with the two different database sources (ODBC and MySQL). Messenger-Pigeon as an LAN Chatting Messenger can be used in business and home environment.

Course Management System

ICSAP is prototype web based application for the management of the syllabus. CMS or in other words Learning Management System (LMS) is a software application for administration, documentation, tracking records, scoreboard and reporting of training program and training content. The prototype system is developed in CodeIgniter, PHP framework and additionally MySQL relation database management system.

Security Guru

Is an awareness wizard application to deliver to any end-users, companies, mobile providers, etc. security solution for their mobile and portable devices that run Android.

NATO Advanced Research Workshop: Encouraging Cyber Security Awareness in the Balkans

• Co-director of Advanced Research Workshop (ISEG.EAP.ARW.984799) held on 17-19 of March 2015, Skopje, Macedonia
• Write the project and gather a scientists and experts from academy, social societies and well-known experts in the field of cyber security, cyber warfare, information security from the region and NATO partner countries

Cybersecurity in the Western Balkans: Policy gaps and cooperation opportunities (Researcher)

• Author on the report on cybersecurity cooperation in the Western Balkans implemented with the support of the Federal Department of Foreign Affairs of Switzerland, in partnership with the Geneva Centre for the Democratic Control of Armed Forces (DCAF). Full report available at DiploFoundation

NATO Advanced Research Workshop: Benchmarking Telemedicine: Improving Health Security in the Balkans

• Co-director of Advanced Research Workshop (ISEG.EAP.ARW.985183), held on 15-17 of November 2016, Skopje, Macedonia
• Write and design the project, and collect and gather a Scientists and experts among well-known healthcare leaders from: government, military, NGOs and public and private sector from NATO members and partner countries

Implementation and improvement of e-Health system in Macedonia

• Designed and improved implementation of current e-health system in Macedonia, within PKI support and smartcard
• Deliverables:
• Analysis of current – As-Is analysis,
• Benchmarking with international solutions,
• To Be with cost-benefit analysis and
• Technical specification

NATO Advanced Research Workshop: Fundamental readiness in Cyber Defence in the Balkans (FRCDB)

• Co-director of Advanced Research Workshop (ISEG.EAP.ARW.G5515), held on 17-19 of October 2018, Belgrade, Serbia
• Write and design the project, and collect and gather a Scientists and experts among well-known Subject-matter experts from: government, military, NGOs, research and development, education and public and private sector from NATO members and partner countries

PUBLICATIONS

Books

Aug 2010

Messenger-Pigeon; ISBN-10: 3838391314; ISBN-13: 978-3838391311

Aug 2013

Interactive Cyber Security Awareness Program; ISBN 978-3-659-20798-3

Research/Journal

May 2011

Password Attacks and Generation Strategies, Tartu University, Estonia.

Aug 2012

Security Risk Assessment article, PenTest Magazine Audit and Stand: IS Risk Assessment Measurement; Issue 07/2012 August; ISSN 2084-1116; page 70.

Nov 2012

Web Servers Analysis under DoS Attacks, Secure Your Mobile, Protect Your Network and Hack More with Hakin9 11/2012!; ISSN 1733-178; page 66.

Apr 2013

Frequently-Occurring Security Incidents, The 10th Conference for Informatics and Information Technology (CIIT 2013) , Faculty of Computer Science and Engineering, Macedonia.

Dec 2013

Methodological Approach to Security Awareness, CyberSecurity for the Next Generation. Politechnico di Milano, Italy.

Sep 2015

Macedonian Path Towards Cybersecurity, Information & Security: An International Journal, vol. 32, issue 1, 2015, In Press.

December 2015

IT and Cyber Security Awareness – Raising Campaigns, Information & Security: An International Journal, vol. 34 (2015).

Sep 2016

Cybersecurity in the Western Balkans: Policy gaps and cooperation opportunities, DiploFoundation, Geneva, Research report under the project "Cybersecurity Capacity Building and Research Programme for South - Eastern Europe" implemented with the support of the Federal Department of Foreign Affairs of Switzerland.

LANGUAGE SKILLS

Mother tongue

Macedonian

Advance

English, Bulgarian, Serbian and Croatian

Basic

French, Russian, Estonian, German

Technical Skills

Languages & Libraries

• Proficient: Python (Numpy, Scipy, Matplotlib, Beautiful Soup), Emacs Lisp, C++, Bash, HTML, Java, Javascript, CSS, PHP, MySQL/ Oracle PL/SQL, R, JIRA

Authoring

• Text :: Org-mode, LaTeX, Markdown, Emacs, Lyx, Libre/MS Office
• Graphics :: Gimp, Inkscape, FreeMind, Dia

Version Control

• Git

System Administration

Good experience with system administration on Debian & RPM based systems and Bash scripting.

Certificates

Privacy and Data Protection - GDPR

Certified Data Protection Officer (DPO). General Data Protection Regulation. Certificate No: 001/DP0/2023. Feb. 2023.

Audit IT and Security

Lead/External Auditor for Information Technology Service Management ISO/EC 20000-1:2018. Certificate No: 003/ITS/2023. Feb. 2023 Lead/External Auditor for ISMS ISO/IEC 27001:2022. Certificate No. 002/ISMS/2023. Feb. 2023

CertNexus Certifications

Industry Contributor CyberSec First Responder (CFR), February 28, 2022.

Project Management, Scrum and Agile

Certified Project Manager. Nov. 05, 2019. Certificated ID: 19213.

Certified Senior Scrum Master. September 24, 2019. Certificate ID: 19209.

Microsoft

MCT (Microsoft Certified Trainer) Mar 10, 2009 Microsoft Certified Professional ID 6083756:

• Microsoft Certified IT Professional Apr 08, 2008

• Enterprise Support Technician Apr 08, 2008

• Microsoft Certified Technology Specialist Apr 08, 2008

• Microsoft Windows Vista: Configuration Apr 08, 2008

• Microsoft Certified Desktop Support Technician Feb 29, 2008

• Microsoft Windows XP Feb 29, 2008

Others

• Contact Coaching Coach Jun 06, 2008, School of Leadership Training in Stream University Stream Super Stars from Colleague
• Starting a Business v2.1, Yes Incubator, November 2012

Webinar

• The Cybersecurity Imperative: An Agency’s Toolbox for Secure Data July 26 2013

Online Courses

• Coursera, University Leiden. Terrorism and Counterterrorism: Comparing Theory and Practice. Feb. 26, 2014
• Coursera, University Leiden. Terrorism and Counter-terrorism: Comparing Theory and Practice. Feb. 26, 2014
• Coursera: Google Cloud. Google Cloud Platform Fundamentals: Core Infrastructure. Sep. 2018
• Coursera: Google Cloud. Essential Cloud Infrastructure: Core Services. Sep. 2018
• Coursera: Google Cloud. Essential Cloud Infrastructure Foundation. Sep. 2018
• Coursera: Google Cloud. Elastic Cloud Infrastructure: Scaling and Automation. Sep. 2018
• Coursera: Google Cloud. Elastic Cloud Infrastructure: Containers and Services. Sep. 2018
• Coursera: Google Cloud. Managing Security in Google Cloud Platform. Jun. 2019
• Amazon training: Introduction to AWS Lambda. Aug. 2018
• Amazon training: Introduction to Amazon Elastic Load Balancer - Classic. Aug. 2018
• Amazon training: Introduction to Amazon Elastic Load Balancer - Application. Aug 2018
• Amazon training: Introduction to Amazon Elastic Container Service. Aug 2018
• Amazon training: Introduction to Amazon Elastic Compute Cloud (EC2). Aug. 2018
• Amazon training: AWS Compute Services Overview. Aug. 2018
• Amazon training: AWS Security Fundamentals. Sep. 2018
• CyberArk Training: Introduction to CyberArk Privileged Access Security Course. Aug. 2018
• CyberArk Training: CyberArk Certified Trustee. Aug. 2018

Talks/Speaker & Community Service

Speaker

March 2013

ACTA - ACTIVE CITIZENS TAKE ACTION, Maribor, Slovenia. Presenting topic: Bullying of digital divide or not?.

Sep 2013

Belgrade Security Forum 2013, Belgrade, Serbia. Topic: Assuring Cyber-Security in the Western Balkans and the Rest of Europe: Roles and Responsibilities of Institutions, Industry and Users? (in cooperation with DCAF)

Nov 2013

Smart Defense and Open – Door Policy – New Synergies for Euro – Atlantic Security, Sofia, Bulgaria. Topic: Collective Cyber Defence – The Role of Newer Members and Opportunities for Specialization of Bulgaria in the Alliance Questions and answers. Organized by representation of the European Commission in Bulgaria.

Dec 2013

Topic: Methodological Approach to Security Awareness, Kaspersky - CyberSecurity for the Next Generation 2014, EU Round. Politecnico di Milano, Italy

Oct 2014

NATO ARW, Strengthening Cyber Defense for Critical Infrastructure, Kiev, Ukraine. Presented topic: Standards for Information Security are inappropriate fashion to assess the risk in private companies and elsewhere.

Dec 2014

DCAF Young Faces Network 2014. Young Faces Network Cybersecurity Winter School for the Western Balkans. Petnica, Serbia, 1 to 5 December 2014. Delivering lectures on two topics: How the Internet works and Introduction to cybersecurity threats and risks.

March 2015

• NATO ARW (ISEG.EAP.ARW.984799), Encouraging Cyber Security Awareness in the Balkans, presenting: /Cyber security awareness among the Balkan Countries and the rest of the world/, 17-19 March 2015, Skopje, Macedonia.

• Geneva Internet Platform (GIP): Fighting Cybercrime through closer International Cooperation, presenting at Cybersecurity Lab

August 2015

• Internet governance in Bangkok, presenting DoS/DDoS attacks at Cybersecurity Lab.

September 2015

• TEDxBASSalon topic Open Data & the Hacking Movement, 24 September at Business Academy Smilevski, Skopje.

October 2015

• CyberLab and video scenario, OSCE Chairmanship Event on Effective Strategies to Cyber/ICT Security Threats. 29-30 October 2015, Belgrade Serbia.

December 2015

• Cyber.Lab, DiploFoundation at 22nd OSCE Ministerial Council. 3-4 December 2015. Belgrade, Serbia. Link: 22nd OSCE Ministerial Council.

November 2016

• NATO (ISEG.EAP.ARW.985183), Benchmarking Telemedicine: Improving Health Security in the Balkans . Panel discussion: Cyber security for the implementation of telemedicine: threats, best practices, information sharing, presenting: Telemedicine: Cyber Security Threats and Best Practice, 15 - 17 November 2016 Skopje, Macedonia.

May 2017

• SEEDIG - South Eastern European Dialogue on Internet Governance. 24 - 25 May 2017 Ohrid, Maceodnia. Presenting: Mobile security and pentesting.

March 2018

• SECOND REGIONAL INTERNET FREEDOM SUMMIT, AMERICAN BAR ASSOCIATION RULE OF LAW INITIATIVE’S (ABA ROLI’S). Development and Enhancement of Legal Frameworks in Eastern Europe and Eurasia to Protect Internet Freedom Program. 21 - 25 March, Struga, Macedonia. Presenting: Cybersecurity Challenges for 2018.

May 2018

• 4TH SEEDIG MEETING, 23–24 MAY 2018, Ljubljana, Slovenia. Session 5: Securing all data. Cybersecurity: National frameworks and regional cooperation.

September 2018

• 28th Economic Forum. Krynica-Zdroj, Poland, 4-6 September. Discussion panel: Developing an Innovative Nationwide Education for Cyber Security.
• Economic Forum of Young Leaders 2018, Nowy Sacz, Poland. September 3-7, 2018. Panel discussion: Enterprises in the world of smart products ‒ Industry 4.0 technologies at your fingertips.

October 2018

• NATO ARW, Fundamental readiness in Cyber Defence in the Balkans (FRCDB), 17-19 October 2018, Belgrade, Serbia. Cyber Security in the Western Balkans: Policy Gaps and Cooperation Opportunities.
• IGF MKD, SECOND ANNUAL INTERNET GOVERNANCE FORUM MACEDONIA, 31.10.2018, Skopje, Macedonia. Cyber Security retrospective in Macedonia (Technical community).

For more talks past and future please see the following page talks.

Participant

May 2011

Organized and participate at Eurocrypt 2011, Tallinn, Estonia

June 2011

3rd International Conference on Cyber Conflict, organized by NATO Cooperative Cyber Defence Centre of Excellence, Tallinn, Estonia.

May 2013

Stockholm Internet Forum 2013, Stockholm, Sweden.

Aug 2013

Regional Euro Atlantic Camp – REACT 2013, Plav, Montenegro. /Moderator/.

May 2014

Stockholm Internet Forum 2014, Stockholm, Sweden.

November 2015

EvoCS: Evolving Concepts of Security – Values, Perceptions, Threats across Four European Regions, Final conference 10 November 2015, Brussels, Belgium.

October 26-30, 2016

ABA ROLI Regional E&E Internet Freedom Summit. Ohrid. Macedonia.

Membership

• Programme Committee for SEEDIG 6.

• Co-Founder of Internet Governance Forum Macedonia (IGF-MKD).

• ICANN Southeast Europe.

• Cyber Security Expert at Research Centre for Security Defence and Peace, Macedonia.

• Drupal Community Macedonia. Profile link.

• Mentor at Startup - Academy for Young Entrepreneurs.

• Macedonian representative of DiploFoundation.

• Blogger at ResPublica Macedonia - academical blogging platform.

• Bulgarian Euro - Atlantic Youth Club, Bulgaria.

• Cyber Security Advisor at Kyberturvallisuus RY - Finland Cyber Security Association.

• Internet Society (ISOC) Member ID: 130447.

• IEEE, Member Number: 93817940:

• Cybersecurity Community, IEEE.
• Security and Privacy, IEEE Computer Society Technical Committee on
• e-Government, IEEE Computer Society Technical Community on
• Cloud Computing Community, IEEE
• Internet Technology Policy Community, IEEE