Juan Jose Santos Prieto

*Compliance Advisory (ISA62443, 27001, NIS2...) *Cyberintelligence Investigation & Research *Business Development *Product development (with AI implementation)

*ISMS strategy development assistance *Cybersecurity control implementation, management and monitoring *Incident response management

* Threat & vulnerability monitoring, evaluation and reporting (both executive and technical level) * Fraud monitoring and reporting (both executive and technical level) * Incident management and reporting (both executive and technical level)

* Service management with high billing volume * Management of intelligence and counterintelligence service for multiple clients * Executive reports crafting * Execution planning of objectives set and effort assignment to the team * Threat & vulnerability monitoring, evaluation and reporting (both executive and technical level) * Fraud monitoring and reporting (both executive and technical level) * Incident management and reporting * Process, procedure and documentation development (ISO 27001)

SOC analyst (protection - detection - response) * Network flow & endpoint analysis * Incident response and reporting * Elaboration of threat cyber intelligence reports * Management of SIEM tools and other information and threat intelligence aggregators * Management of ticketing tools

*Requirement Management, Design & Provisioning in cyber security consulting (large budgets) *Relationship establishment with, at least 50 international enterprises *CSOC (Cyber Security Operations Centre) Process Engineering *ITIL Development (to comply with ISO 27001 y NIST800-53)

Level 1 & 2 intelligence analysis *Economic: OSINT & Accounting reporting review *Intellectual property: OSINT *Digital footprint investigations: OSINT *Intelligence consumption, structured analysis, critical thinking & intelligence reporting.

Level 1 & 2 intelligence analysis *Social network, news & law enforcement monitoring (OSINT, IMGINT & GEOINT) *Intelligence tooling for data collection (exif, lookup, rss & atom channels, social networks, images) *VDI (Virtual Desktop Interface) GNU/Linux administration & cyber security (Baseline configuration & hardening) *Intelligence consumption, structured analysis, critical thinking & intelligence reporting

*Daily corporate accounting (purchases, sales & debt operations) & review *Document classification & archive *Tax reporting *End-point baseline configuration and cyber security (GNU/Linux & Windows) *Economic Forensic Evaluation (financial intelligence (FININT)): one case *Cloud infrastructure management (NAS website hosting) *Web project management: business requirements, website conceptual design & provisioning *VDI (Virtual desktop interface) usage *IT strategic planing, reporting & documentation

*Daily corporate accounting (purchases, sales & debt operations) & review *Document classification & archive *Tax reporting *Web project management: business requirements, website conceptual design & provisioning *VDI (Virtual desktop interface) usage *IT strategic planing, reporting & documentation

*Tax incoming review. Analyzed by type & trend. Up to 300 regional "city" councils, declaring up to 10 different types of taxes. *Statistical modeling build-up from scratch for fraud detection using Excel. *Semi automatic reporting build-up from scratch using Excel. *Business processes documentation review and update. *Internal organization & reporting documentation review and update.

*Daily corporate accounting (purchases, sales & debt operations) & review *Document classification & archive *Tax reporting *Web project management: business requirements, website conceptual design & provisioning *VDI (Virtual desktop interface) usage *IT strategic planing, reporting & documentation

* ISMS Implementation (Information Security Management System), and in accordance with the standards ISO 27001, ISO 27701, ISO 22301, GDPR and NIST 800-53 * Preparation of risk assessment based on the principles defined by ISO 31000, and threat modeling Miter ATT & CK, Cyber-killchain ... * Compliance and RCM (ISO 27001, GDPR...) * Auditing principles (ISO19011): ISO 27001, PCI-DSS y COBIT5 * Implementation of network security controls, endpoint, cloud, IoT, OT ... * Communication & leadership

*User interaction (purchases, sells, equity and debt operations and reporting) *Interface usage & customization (tweaking according to business needs) *Configuration & parameterization (wizard & SQL) (basic data import and export) *Software installation & configuration (wizard-guided)

*Threat Modeling, risk Management & recovery (according to ISO 31000 and ISO 22301) *Business impact *Security & safety law & regulation *Anti-social security *Environmental security *Labor safety *IT management overview (cyber security)

*Intelligence process structure *Physical & electronic surveillance *Labor law, Civil Law, Mercantile Law, Administrative Regulations. *Scientific crime investigation: collection & analysis *Economic & on-line investigation overview *Digital forensics overview (cyber security) *Reporting consumption & creation

*Crime theory *Criminal psychology & psychiatry *Criminal sociology *Medical forensics *Criminal investigation using statistics *Organized crime: economic, digital (cyber security), prostitution, drug dealing and weapon dealing

*Mathematical & economic thinking *Internal and external accounting *External accounting audits *IT management overview (including cyber security) *Strategic, commercial and financial analysis & management (corporate & competence intelligence) *Operational, tactical & strategic planing (corporate & competence intelligence) *Organizational management (Structural design) (corporate and competence intelligence) *Civil & mercantile laws *Tax compliance *Quality: ISO 9001