Sergey Lapin

• Managing of security team (I have conducted security meetings and established security awareness program across Tipico Group) • Ethnic hacking, conducted manual external and internal penetration testing • Detected big amount of critical vulnerabilities in several products. Proposed remediation strategies, changes to SDLC and particular fixes for applications • Enterprise cybersecurity threats I have mitigated and documented with written procedures (according to ISO 27001)

• Regular vulnerability assessments, produced advisory reports regarding 0-day exploits, CVE vulnerabilities, current network issues • Conducted security event monitoring for corporate wide in-scope applications • Performed risk assessments to ensure corporate compliance, maintenance external audits (ISO, PCI DSS)

• Identify potential risk, consult on correcting or reducing risk, report if uncorrected • Perform Vulnerability assessments on projects • Ethnic hacking and Penetration Testing on projects or existing infrastructure • Consult Security Operations Team on security events • Establishes and maintains a framework to ensure that information security policies, technologies and processes are aligned with the business regulations of the organization

Remote position in start-up. • Information gathering and perform scans • Penetration Testing and Vulnerability assessments on projects • Risk assessment • Ruby and bash scripting

• Provided direct technical and business leadership to a growing team of Security Analysts, IT security engineers and network engineers. • Coordinated vulnerability identification and assessment activities from end to end, including collection of requirements, writing of specifications, driving schedules, managing execution. • Well-versed in regulations and standards related to risk management and security, security policy development and compliance (according to ISO 27001).

• System Administration high-advantage Linux RedHat, Debian, SUSE, Linux HA servers. • IT-Security audit of servers and Penetration testing of services during SDLC. • Clustering - Postfix/CourierIMAP/MySQL • Load Balancing VOIP (Asterisk+OpenSer [Kamailio]) • Configuring authentication (FreeRadius+OpenLDAP) • Unix programming C/C++ • H.323, SIP video conferencing web-based software

Network design Organization of cabining User support organization Involved in development a Business Plan and Tariffs Billing system and related software (for user side) development (C/C++, HTML, PHP, Visual C) Servers administration (DNS, Proxy (Squid), Webservers (Apache), RDBMS (PostgreSQL, MySQL) )

Remote position in software development company.

IT-Security consulting on projects and clients Organization of work teams around the required tasks Ethnic hacking, Penetration testing during SDLC Hands-on development some parts of projects (PHP, Perl, Python, C/C++, Visual C, Delphi/Kylix, ASM, MySQL, PostgreSQL, MSSQL)

Remote position in University.

Ethnic hacking and Penetration Testing on projects

Multiply positions in different departments within university. (Also Deplhi/C/C++ Programmer)