Aliaksandr Khatkevich
Poznan
Summary
Team Leader experienced and dedicated to enhancing employee satisfaction and business success. Diplomatic and friendly with proven commitment to employee training. Hardworking team player bringing necessary experience and knowledge to tackle any operational demand.
Overview
15
15
years of professional experience
Work History
Cybersecurity Team Lead
ScienceSoft
11.2021 - Current
- Process and architectural issues in the field of information security services of the company. Security architecture and design.
- Increased customer satisfaction by ensuring timely completion of projects and adherence to high-quality standards.
- Managed risks and mitigated potential issues through proactive planning, monitoring, and timely decisionmaking.
- Reduced cybersecurity risks by conducting regular vulnerability assessments and penetration tests.
- Enhanced network security by implementing multi-factor authentication and intrusion detection systems.
- Collaborated with IT teams to ensure secure implementation of new software applications and systems.
- Managed patch management procedures effectively, ensuring timely updates to mitigate vulnerabilities in the organization''s systems.
- Developed customized security policies and protocols, ensuring compliance with industry standards and best practices.
- Educated employees on cybersecurity awareness through training sessions, significantly reducing instances of human error-related breaches.
- Implemented cybersecurity measures to protect sensitive company data from external threats and unauthorized access.
- Conducted regular security audits and assessments to identify potential security risks and vulnerabilities.
Middle Cyber Security Specialist
ScienceSoft
08.2021 - 11.2021
- Enhanced network security by implementing advanced threat detection and prevention tools.
- Reduced cyber risks by conducting regular vulnerability assessments.
- Increased employee awareness on cybersecurity best practices through comprehensive training programs.
- Developed robust incident response plans to minimize damage from potential cyber attacks.
- Enhanced threat detection by implementing advanced SIEM tools and techniques.
- Reduced incident response times through effective monitoring and analysis of security events.
- Administered and monitored intrusion detection systems and anti-virus software to detect risks.
- Improved overall network protection with comprehensive vulnerability assessments and remediation plans.
- Streamlined incident response workflows by automating key processes using SIEM solutions.
- Increased system security by developing custom correlation rules for SIEM platform.
- Conducted security audits to identify vulnerabilities.
Head of Information Security Managment
OJSC "Belgazprombank"
04.2021 - 08.2021
- Management of IS processes in the company.
- Information security risk management.
- Information security event monitoring process management..
- Information security incident management.
- Preparing infrastructure, business processes and passing audits PCI DSS, PCI PIN Security, SWIFT…)
- Access control.
- Auditing IT, IS systems, developing requirements for safe system configuration.
- Vulnerability management.
- Assessment of possible confidential information leakage channels in electronic form and development of protection proposals for them.
- Raising employee awareness of information security issues.
- Cryptographic data protection and digital certificate management.
- Evaluation of the Bank's information security.
- Monitoring the users, administrators and developers' actions of the automated systems for compliance with information security requirements.
- Oversaw budget allocation for security department expenditures, maximizing efficiency while maintaining high-quality service provisions.
- Control and monitoring of antivirus protection of information.
- Development of technical assignments for system software creation and implementation in terms of information security.
- Coordinated with other departments within the organization to develop integrated approaches towards mitigating risks across multiple areas.
- Conducting investigations of information security incidents.
- Researched, reviewed and recommended equipment, materials and supplies to prepare and maintain security expenses within approved budget.
- Establishing a business continuity management system (BCSM) on the basis of international standards and practices.
Security Team Leader
OJSC "Belgazprombank"
04.2018 - 04.2021
- Work organisation and performance of the key tasks and functions assigned to the information security state monitoring group.
- Monitoring and supervision of IS tools functioning - WAF, DLP, HIDS, Antivirus, corporate security tools.
- Analyzing and investigation security incident and alert.
- Conducting regular security assessments and vulnerability scanning.
- Managing and triaging security incidents and escalations.
- Analysing events (SIEM), creating rules in the SIEM system.
- Search and analysis of detected vulnerabilities in system and application software, development and proposals for their elimination, elaboration of compensating measures.
- Control and monitoring of antivirus protection of information.
- Conducting investigations of information security incidents.
- Preparing CDE for the successful completion of PCI DSS and Pin Security certification.
- Enhanced security measures by conducting regular risk assessments and implementing appropriate security protocols.
- Led the security team effectively, ensuring optimal performance and adherence to company policies.
- Monitoring of compliance with the requirements of local regulatory legal acts (LRLA), and other documents establishing requirements for the Bank's Information Security System.
- Auditing IT, IS systems, developing requirements for safe system configuration.
- Evaluation of the Bank's information security.
- Development of technical assignments for system software creation and implementation in terms of information security.
Lead Information Security Specialist
OJSC "Belgazprombank"
07.2013 - 04.2018
- Conducted regular risk assessments for proactive threat mitigation within the organization''s IT infrastructure.
- Detection and analysis of detected vulnerabilities in system and application software, development of proposals for their elimination.
- Preparing CDE for the successful completion of PCI DSS certification.
- Generation of encryption keys for VPN payment devices and Bank servers.
- Assessment of possible confidential information leakage channels in electronic form and development of protection proposals for them.
- Identification and analysis of discovered vulnerabilities in system and application software, development of a proposal for their elimination. Configuring scanners and new searches rules implementation for SIEM. Implementation and maintenance risk management and assessment process (Rvision risk manager).
- Penetration testing for company.
- Monitoring and control of the functioning of information security means - WAF, DLP, HIDS, etc.)
- Monitoring the users, administrators and developers' actions of the automated systems for compliance with information security requirements.
- Control and monitoring of antivirus protection status of user workstations and the Bank's servers.
- Controlling the infrastructure of data encryption tools.
- Conducting an information security risk analysis when modifying the Bank's IT infrastructure. Development of minimisation information security risk proposals.
- Conducting investigations into the realisation of information security threats (incidents). Accumulation of data on identified and localised threats to the Bank's information security.
- Monitoring of compliance with the requirements of local regulatory legal acts (LRLA), and other documents establishing requirements for the Bank's Information Security System.
- Information security system operation; - Cataloging and analysis of external resources that the Bank works with.
- Performing the IS auditor’s functions when auditing the Bank’s information and analysis system (IAS).
- Training of the Bank's employees on the issues of safe use and work with the Bank's information resources.
Software Engineer (system Administrator)
SUE Instrument-making Plant "OPTRON"
08.2010 - 07.2013
- Maintenance and configuration of network and server equipment.
- Service maintenance and repair of PCs and computer equipment.
- Active directory, DHCP, Terminal Services, Proxy, Mail.
- Installation, configuration and administration of OS on servers and desktops.
- Keeping computer hardware and software in working order.
- Computer and server upgrading, replacement of faulty units and parts.
- Administration of local network with and without server, networking, installing/reinstalling the OS, software installation/setup, network connection to the Internet, computer network repair.
- Scheduled backup of important information, corporate antivirus protection.
- Network equipment configuration (routers, WI-FI, controlled switches, and more).
System Administrator
LLC "Prestig – Com"
07.2009 - 07.2010
- Work on an outsourcing scheme, providing a full set of system administration services.
- Enhanced system performance by optimizing server configurations and implementing regular updates.
- Reduced downtime by proactively identifying and resolving potential issues through thorough system monitoring.
Education
Management Faculty, Economist-manager
Academy of Public Administration
Belarus06.2014
Mathematics And Computer Science
Francisk Skorina Gomel State University
Belarus06.2009
Internal Auditor ISO 27001:2013
11.2021
Internal Auditor ISO 13485:2016
11.2021
Internal Auditor ISO 9001:2015
11.2021
Certified Ethical Hacker (CEH) V10
Softprom Solutions GmbH2018
Сourse "Audit of Corporate Information System Sec
CJSC "NPP BELSOFT"2016
Сourse "TCP/IP Based Computer Network Security"
Training Center "Informsecurity"2014
Skills
- Incident Response Management
- Security Compliance Auditing
- Arcsight
- IBM Qradar
- Penetration Testing Skills
- Identity and Access Management
- Ossec
- FirePower Security Appliance
- Malware Analysis and Reverse Engineering
- Threat Intelligence Analysis
- RVision
- CloudFlare
- Cisco Email Security Appliance (ESA)
- Microsoft Defender for Cloud Apps
- WAF
- FortiWeb
- Qualys Cloud Platform
- Azure Security Center
- Fortimail
- FortiGate
- IPS
- Intrusion Detection
- Incident Response
- Social Engineering Prevention
- Endpoint Protection
- CIS Benchmarks
- PCI DSS Compliance
- ISO 27K Series Information Security Management Framework
- NIST 800-115 Information Security Testing and Assessment Technical Guide
- NIST 800-160 Systems Security Engineering Framework
- NIST 800-53 Security and Privacy Controls
- OWASP Top-10 Web
- Identity Management
- Patch management
- Incursion Tracking
- Teamwork and Collaboration
- Security assurance
- Access Control
- Qualys Cloud Platform
- Nexpose
- Bash
- Nessus
- Python
- OWASP ZAP
- Nikto
- Maltego
- OpenVAS
- Cain & Abel
- Burp Suite
- Hydra
- Acunetix
- MaxPatrol
- Azure Security
- VMware Security
Timeline
Cybersecurity Team Lead
ScienceSoft
11.2021 - Current
Middle Cyber Security Specialist
ScienceSoft
08.2021 - 11.2021
Head of Information Security Managment
OJSC "Belgazprombank"
04.2021 - 08.2021
Security Team Leader
OJSC "Belgazprombank"
04.2018 - 04.2021
Lead Information Security Specialist
OJSC "Belgazprombank"
07.2013 - 04.2018
Software Engineer (system Administrator)
SUE Instrument-making Plant "OPTRON"
08.2010 - 07.2013
System Administrator
LLC "Prestig – Com"
07.2009 - 07.2010
Management Faculty, Economist-manager
Academy of Public Administration
Mathematics And Computer Science
Francisk Skorina Gomel State University
Internal Auditor ISO 27001:2013
Internal Auditor ISO 13485:2016
Internal Auditor ISO 9001:2015
Certified Ethical Hacker (CEH) V10
Сourse "Audit of Corporate Information System Sec
Сourse "TCP/IP Based Computer Network Security"
Similar Profiles
Grigorii MartsynkevichGrigorii Martsynkevich
Senior iOS Developer at ScienceSoftSenior iOS Developer at ScienceSoft
Olga ZdanovichOlga Zdanovich
Internal PR Manager, HR Team at IT Company ScienceSoftInternal PR Manager, HR Team at IT Company ScienceSoft
Aqib RehmanAqib Rehman
Electrician at Elektro CierbikowskiElectrician at Elektro Cierbikowski
Ewa FingerEwa Finger
Product Manager at PayUProduct Manager at PayU
Aleksandra RzepnyAleksandra Rzepny
ASSOCIATE at KNOWABLEASSOCIATE at KNOWABLE