E-mail: pece at predragtasevski.com
Web page: https://predragtasevski.com
Nationality: Macedonian and Bulgarian (EU Citizen)
OBJECTIVE RESEARCH INTERESTS
Predrag is a subject-matter expert (SME) in cybersecurity, cloud security, controls and compliance, risk assessment/management, awareness and blockchain. Worked as an ISO, and previously held positions as a Senior Cloud Security Engineer, Senior Security Consultant, Security Control Manager and Business Functional Analyst. He has more than 13 years working experience in IT security, threat modeling, privacy and policies, risk operations, training, IT audit, cyber insurance, and incident responder. He is an ISO IEC 27001, Project Management Professional (PMP), Scrum Master, MCT and Cloud certified. He holds a M.Sc. in Cyber Security and Post-Master in Security in Computer Systems and Communications.
December 2019 - February 2021
Information Security Officer, eyeo GmbH, Berlin, Germany
- Lead and coordinate all information security initiatives
- Brief and advise senior management on information security topics
- Coordinate risk assessment, and maintaining ISMS and security policies
- Develop and deliver security and awareness training
- Coordinate incident handling processes, vulnerability disclosure handling, internal security audits, and penetration testing
- Monitor threat landscape and adapt defence strategy
November 2018 - May 2019
Senior Cloud Security Engineer (Acting as a Head of IT-Security), Verimi GmbH, Berlin, Germany
- Defined and initiated security checklist/requirements/recommendations for software development (DEV) and cloud operations (DEV-OPS) teams
- Acted as point person discussing security gaps details for C-level, stakeholders, partners and vendor security questionnaires
- Enhanced and reinforced the security posture of cloud infrastructure, tools and services
- Designed security incident handling processes, monitoring and procedures
- Mitigated risk exposure and document the residual risk
- Wrote documentation for the technical implementation of eIDAS substantial level of assurance
- Determined implementation and compliance for QES requirements
- Defined penetration testing scope, code analysis and review
- Designed IT security concept and security culture
February 2018 - November 2018
Senior Security Consulting Consultant, Accenture GmbH, Berlin, Germany
Project 1: Role - Project: Cloud Security Advisor, Global Bank - Frankfurt
- Supported in digital transformation from on-premises into hybrid cloud solution readiness
- Established IaaS Security support inside the Cloud Foundation Cluster - by defining Cloud Computing Security Controls and establishing teamwork with multi-stakeholders (CIO and CISO)
Project 2: Global E-Commerce Traveling Agency
- Mitigated the GDPR HR assessment focused on organisational, application and access management (IAM) gap findings and provide remediation actions to improve IT security compliance
- Focused on the applications: Workday, SAP HR, and Greenhouse
March 2016 - February 2018
Business Functional Analyst/Security Controls Manager (Freier Berater), ENFINA- Security s.r.o, Eschborn, Frankfurt am Main, Germany
Project 1, Role: Business Functional Analyst (Freier Berater)
- Global Bank - Non Financial Risk Operation Team
- Deployed, maintained and managed two non-financial Risk Operation applications
- Acted role as an Information Technology Application Owner (ITAO)
- Migrated Oracle database servers from IBM to HP
- Worked with business stakeholders in ITIL and Agile process to meet the regulatory, compliance and technical requirements
- Enhanced the change assurance lifecycle - Systems Development Life Cycle (SDLC)
Project 2: Security Controls Manager (Freier Berater)
- Acted as SME for new prioritisation framework according to NIST Common Configuration Scoring System (CCSS) and documented Business Requirement Document (BRD)
- Strengthened the Security Configuration Control Management (SCCM) tool for IT security controls and compliance
- Enhanced implementation of security policies, technical implementation from: CyberArk, IDS/IPS solutions, server access control and vulnerability assessments and scanners
June 2012 - Present
Founder, CyberSecurity.mk, Kumanovo, N.Macedonia
- Consulting, Auditing, Forensics, Data Recovery, Training, and Security Intelligence Analysis
- Developed dynamic web content sites (Drupal, WordPress)
- Implemented: PKI solution, fuzz testing (web testing, network protocol testing, etc.) and real-time web filtering solutions, web filter and security, web proxy solutions
July 2014 - December 2014
Intern: Cyber Security Researcher, iWE, Sophia Antipolis, France
- Developed cyber security services: Incident Response, Digital Forensics, Cyber Audit, Cyber Risk Assessment and Pentesting
- Researched of a novel approach and tool for cyber risk assessment and audit projects within critical information infrastructure (CII)
- Designed and developed a Cloud Security Architecture – zero knowledge data at REST
Feb 2014 - Sep 2015
Visiting/Remote Lecture, University of Donja Gorica, Podgorica, Montenegro
- Developed, designed the scope and delivered a course study - remote lectures to a Master of Cyber Security studies on two subjects: cyber crime and digital forensics
- Two semesters spring 2014 and 2015
May 2009 - Aug 2010
Teacher/Admin, Narodna Technika, Kumanovo, N. Macedonia
- Designed and delivered programming and computer courses for different age groups.
- Performed System Administration tasks and involved in building security solution for ISP and Radius technology.
- Developed dynamic (WordPress, Drupal, CodeIgniter) and static web sites.
Dec 2008 - April 2009
Technical Author, INACON GmbH, Kriegsstrasse 154, 76133 Karlsruhe, Germany
- Designed and wrote technical product documentation for GPRS/UMTS & LTE telecommunication protocol and implementation in Wireshark application for troubleshooting
May 2007 - Oct 2008
Team Manager Class, Stream International Bulgaria, Business Park Sofia Building 3, Bulgaria
- Designed, developed and delivered trainings for more than 100 personnel for: customer (tier 1), technical (tier 2 & 3), tools and process training for Microsoft products.
- Coached and delivered first help support for advanced troubleshoot issues
2013 - 2015
Post-Master (Diplôme d’Ingénieur de specialisation) in Security in Computer Systems and Communications
EURECOM – Campus Sophia Tech, Biot France
Awarded with scholarship Labex UCN@SOPHIA
2010 - 2012
Master of Science in Engineering, Concentration: Cyber Security
Tallinn University of Technology (TTU) and Tartu University, Estonia
Awarded with scholarship DoRa 9
Title of Thesis
Interactive Cyber Security Awareness Program - ICSAP
2003 - 2009
Bachelor degree in Informatics
New Bulgarian University, Sofia, Bulgaria
Title of Thesis
2002 - 2003
High School in Informatics
Champlin Park High School, Minnesota, USA
Is an application developed in Java platform programming language as on purpose of no additional requirements of library or platform independence. Messenger-Pigeon is an application with client-server software architecture. The interface it is very simple and easy to use for all different ages. It is simple and easy of configuration and setup the server with the two different database sources (ODBC and MySQL). Messenger-Pigeon as an LAN Chatting Messenger can be used in business and home environment.
Course Management System
ICSAP is prototype web based application for the management of the syllabus. CMS or in other words Learning Management System (LMS) is a software application for administration, documentation, tracking records, scoreboard and reporting of training program and training content. The prototype system is developed in CodeIgniter, PHP framework and additionally MySQL relation database management system.
Is an awareness wizard application to deliver to any end-users, companies, mobile providers, etc. security solution for their mobile and portable devices that run Android.
NATO Advanced Research Workshop: Encouraging Cyber Security Awareness in the Balkans
- Co-director of Advanced Research Workshop (ISEG.EAP.ARW.984799) held on 17-19 of March 2015, Skopje, Macedonia
- Write the project and gather a scientists and experts from academy, social societies and well-known experts in the field of cyber security, cyber warfare, information security from the region and NATO partner countries
Cybersecurity in the Western Balkans: Policy gaps and cooperation opportunities (Researcher)
- Author on the report on cybersecurity cooperation in the Western Balkans implemented with the support of the Federal Department of Foreign Affairs of Switzerland, in partnership with the Geneva Centre for the Democratic Control of Armed Forces (DCAF). Full report available at DiploFoundation
NATO Advanced Research Workshop: Benchmarking Telemedicine: Improving Health Security in the Balkans
- Co-director of Advanced Research Workshop (ISEG.EAP.ARW.985183), held on 15-17 of November 2016, Skopje, Macedonia
- Write and design the project, and collect and gather a Scientists and experts among well-known healthcare leaders from: government, military, NGOs and public and private sector from NATO members and partner countries
Implementation and improvement of e-Health system in Macedonia
- Designed and improved implementation of current e-health system in Macedonia, within PKI support and smartcard
- Analysis of current – As-Is analysis,
- Benchmarking with international solutions,
- To Be with cost-benefit analysis and
- Technical specification
NATO Advanced Research Workshop: Fundamental readiness in Cyber Defence in the Balkans (FRCDB)
- Co-director of Advanced Research Workshop (ISEG.EAP.ARW.G5515), held on 17-19 of October 2018, Belgrade, Serbia
- Write and design the project, and collect and gather a Scientists and experts among well-known Subject-matter experts from: government, military, NGOs, research and development, education and public and private sector from NATO members and partner countries
Messenger-Pigeon; ISBN-10: 3838391314; ISBN-13: 978-3838391311
Interactive Cyber Security Awareness Program; ISBN 978-3-659-20798-3
Password Attacks and Generation Strategies, Tartu University, Estonia.
Security Risk Assessment article, PenTest Magazine Audit and Stand: IS Risk Assessment Measurement; Issue 07/2012 August; ISSN 2084-1116; page 70.
Web Servers Analysis under DoS Attacks, Secure Your Mobile, Protect Your Network and Hack More with Hakin9 11/2012!; ISSN 1733-178; page 66.
Frequently-Occurring Security Incidents, The 10th Conference for Informatics and Information Technology (CIIT 2013) , Faculty of Computer Science and Engineering, Macedonia.
Methodological Approach to Security Awareness, CyberSecurity for the Next Generation. Politechnico di Milano, Italy.
Macedonian Path Towards Cybersecurity, Information & Security: An International Journal, vol. 32, issue 1, 2015, In Press.
IT and Cyber Security Awareness – Raising Campaigns, Information & Security: An International Journal, vol. 34 (2015).
Cybersecurity in the Western Balkans: Policy gaps and cooperation opportunities, DiploFoundation, Geneva, Research report under the project "Cybersecurity Capacity Building and Research Programme for South - Eastern Europe" implemented with the support of the Federal Department of Foreign Affairs of Switzerland.
English, Bulgarian, Serbian and Croatian
French, Russian, Estonian, German
Languages & Libraries
- Text :: Org-mode, LaTeX, Markdown, Emacs, Lyx, Libre/MS Office
- Graphics :: Gimp, Inkscape, FreeMind, Dia
Good experience with system administration on Debian & RPM based systems and Bash scripting.
Project Management, Scrum and Agile
Certified Project Manager. Nov. 05, 2019. Certificated ID: 19213.
Certified Senior Scrum Master. September 24, 2019. Certificate ID: 19209.
Lead/External Auditor for Information Security Management Systems /ISO/IEC 27001:2005/, June 2013, Certificate No. 026/ISMS/2013
MCT (Microsoft Certified Trainer) Mar 10, 2009 Microsoft Certified Professional ID 6083756:
Microsoft Certified IT Professional Apr 08, 2008
Enterprise Support Technician Apr 08, 2008
Microsoft Certified Technology Specialist Apr 08, 2008
Microsoft Windows Vista: Configuration Apr 08, 2008
Microsoft Certified Desktop Support Technician Feb 29, 2008
Microsoft Windows XP Feb 29, 2008
- Contact Coaching Coach Jun 06, 2008, School of Leadership Training in Stream University Stream Super Stars from Colleague
- Starting a Business v2.1, Yes Incubator, November 2012
- The Cybersecurity Imperative: An Agency’s Toolbox for Secure Data July 26 2013
- Coursera, University Leiden. Terrorism and Counterterrorism: Comparing Theory and Practice. Feb. 26, 2014
- Coursera, University Leiden. Terrorism and Counter-terrorism: Comparing Theory and Practice. Feb. 26, 2014
- Coursera: Google Cloud. Google Cloud Platform Fundamentals: Core Infrastructure. Sep. 2018
- Coursera: Google Cloud. Essential Cloud Infrastructure: Core Services. Sep. 2018
- Coursera: Google Cloud. Essential Cloud Infrastructure Foundation. Sep. 2018
- Coursera: Google Cloud. Elastic Cloud Infrastructure: Scaling and Automation. Sep. 2018
- Coursera: Google Cloud. Elastic Cloud Infrastructure: Containers and Services. Sep. 2018
- Coursera: Google Cloud. Managing Security in Google Cloud Platform. Jun. 2019
- Amazon training: Introduction to AWS Lambda. Aug. 2018
- Amazon training: Introduction to Amazon Elastic Load Balancer - Classic. Aug. 2018
- Amazon training: Introduction to Amazon Elastic Load Balancer - Application. Aug 2018
- Amazon training: Introduction to Amazon Elastic Container Service. Aug 2018
- Amazon training: Introduction to Amazon Elastic Compute Cloud (EC2). Aug. 2018
- Amazon training: AWS Compute Services Overview. Aug. 2018
- Amazon training: AWS Security Fundamentals. Sep. 2018
- CyberArk Training: Introduction to CyberArk Privileged Access Security Course. Aug. 2018
- CyberArk Training: CyberArk Certified Trustee. Aug. 2018
Talks/Speaker & Community Service
ACTA - ACTIVE CITIZENS TAKE ACTION, Maribor, Slovenia. Presenting topic: Bullying of digital divide or not?.
Belgrade Security Forum 2013, Belgrade, Serbia. Topic: Assuring Cyber-Security in the Western Balkans and the Rest of Europe: Roles and Responsibilities of Institutions, Industry and Users? (in cooperation with DCAF)
Smart Defense and Open – Door Policy – New Synergies for Euro – Atlantic Security, Sofia, Bulgaria. Topic: Collective Cyber Defence – The Role of Newer Members and Opportunities for Specialization of Bulgaria in the Alliance Questions and answers. Organized by representation of the European Commission in Bulgaria.
Topic: Methodological Approach to Security Awareness, Kaspersky - CyberSecurity for the Next Generation 2014, EU Round. Politecnico di Milano, Italy
NATO ARW, Strengthening Cyber Defense for Critical Infrastructure, Kiev, Ukraine. Presented topic: Standards for Information Security are inappropriate fashion to assess the risk in private companies and elsewhere.
DCAF Young Faces Network 2014. Young Faces Network Cybersecurity Winter School for the Western Balkans. Petnica, Serbia, 1 to 5 December 2014. Delivering lectures on two topics: How the Internet works and Introduction to cybersecurity threats and risks.
NATO ARW (ISEG.EAP.ARW.984799), Encouraging Cyber Security Awareness in the Balkans, presenting: /Cyber security awareness among the Balkan Countries and the rest of the world/, 17-19 March 2015, Skopje, Macedonia.
Geneva Internet Platform (GIP): Fighting Cybercrime through closer International Cooperation, presenting at Cybersecurity Lab
- Internet governance in Bangkok, presenting DoS/DDoS attacks at Cybersecurity Lab.
- TEDxBASSalon topic Open Data & the Hacking Movement, 24 September at Business Academy Smilevski, Skopje.
- CyberLab and video scenario, OSCE Chairmanship Event on Effective Strategies to Cyber/ICT Security Threats. 29-30 October 2015, Belgrade Serbia.
- Cyber.Lab, DiploFoundation at 22nd OSCE Ministerial Council. 3-4 December 2015. Belgrade, Serbia. Link: 22nd OSCE Ministerial Council.
- NATO (ISEG.EAP.ARW.985183), Benchmarking Telemedicine: Improving Health Security in the Balkans . Panel discussion: Cyber security for the implementation of telemedicine: threats, best practices, information sharing, presenting: Telemedicine: Cyber Security Threats and Best Practice, 15 - 17 November 2016 Skopje, Macedonia.
- SEEDIG - South Eastern European Dialogue on Internet Governance. 24 - 25 May 2017 Ohrid, Maceodnia. Presenting: Mobile security and pentesting.
- SECOND REGIONAL INTERNET FREEDOM SUMMIT, AMERICAN BAR ASSOCIATION RULE OF LAW INITIATIVE’S (ABA ROLI’S). Development and Enhancement of Legal Frameworks in Eastern Europe and Eurasia to Protect Internet Freedom Program. 21 - 25 March, Struga, Macedonia. Presenting: Cybersecurity Challenges for 2018.
- 4TH SEEDIG MEETING, 23–24 MAY 2018, Ljubljana, Slovenia. Session 5: Securing all data. Cybersecurity: National frameworks and regional cooperation.
- 28th Economic Forum. Krynica-Zdroj, Poland, 4-6 September. Discussion panel: Developing an Innovative Nationwide Education for Cyber Security.
- Economic Forum of Young Leaders 2018, Nowy Sacz, Poland. September 3-7, 2018. Panel discussion: Enterprises in the world of smart products ‒ Industry 4.0 technologies at your fingertips.
- NATO ARW, Fundamental readiness in Cyber Defence in the Balkans (FRCDB), 17-19 October 2018, Belgrade, Serbia. Cyber Security in the Western Balkans: Policy Gaps and Cooperation Opportunities.
- IGF MKD, SECOND ANNUAL INTERNET GOVERNANCE FORUM MACEDONIA, 31.10.2018, Skopje, Macedonia. Cyber Security retrospective in Macedonia (Technical community).
For more talks past and future please see the following page talks.
Organized and participate at Eurocrypt 2011, Tallinn, Estonia
3rd International Conference on Cyber Conflict, organized by NATO Cooperative Cyber Defence Centre of Excellence, Tallinn, Estonia.
Stockholm Internet Forum 2013, Stockholm, Sweden.
Regional Euro Atlantic Camp – REACT 2013, Plav, Montenegro. /Moderator/.
Stockholm Internet Forum 2014, Stockholm, Sweden.
EvoCS: Evolving Concepts of Security – Values, Perceptions, Threats across Four European Regions, Final conference 10 November 2015, Brussels, Belgium.
October 26-30, 2016
ABA ROLI Regional E&E Internet Freedom Summit. Ohrid. Macedonia.
Programme Committee for SEEDIG 6.
Co-Founder of Internet Governance Forum Macedonia (IGF-MKD).
ICAN Southeast Europe.
Cyber Security Expert at Research Centre for Security Defence and Peace, Macedonia.
Mentor at Startup - Academy for Young Entrepreneurs.
Macedonian representative of DiploFoundation.
Blogger at ResPublica Macedonia - academical blogging platform.
Bulgarian Euro - Atlantic Youth Club, Bulgaria.
Cyber Security Advisor at Kyberturvallisuus RY - Finland Cyber Security Association.
Internet Society (ISOC) Member ID: 130447.
IEEE, Member Number: 93817940:
- Cybersecurity Community, IEEE.
- Security and Privacy, IEEE Computer Society Technical Committee on
- e-Government, IEEE Computer Society Technical Community on
- Cloud Computing Community, IEEE
- Internet Technology Policy Community, IEEE