Ludovico do Canto Lopes

Information Security Engineer

1

Leadership Business Consulting 4

Millennium bcp 3

Experience Overview 1

Professional Journey (7+ Years)

IT Engineer Highlights and Professional Skill Set

Main Security Experience - SIEM Architect and Engineer

Industry Experience - Banking and Insurance

ING Group - NN 2

Document updated in 2014-XII-06

pt.linkedin.com/in/ludovicolopes/

Professional Journey (7+ Years)

Information Security Engineer

– Responsible for projects demanding comprehensive analysis

2

SIEM - Security Information and Event Management

Current Position

‒ SOC - Senior Security Engineer

‒ ArcSight SIEM Migration Manager

DLP – Data Loss Prevention

Past Experience

‒ Lead SIEM Architect and Engineer (HP ArcSight)

‒ Ethical Hacker

‒ Forensic Analyst

‒ Business Process Reengineering

‒ Project and Change Management

‒ Data Protection and DLP Engineer

‒ ITIL - Operation and Management Implementer

Since May 2014

3 years

1.5 years

2.5 years

pt.linkedin.com/in/ludovicolopes/

IT Engineer Highlights and Professional Skill Set (1 of 2)

Delivering Information Security as partner for Business Strategic needs

Transversal knowledge and experience

Most valued outcomes

3

Business Needs

Security

IT Infrastructure

Strategic goals

Efficient processes

Best practices

Technology

Servers

Services

Reliable information

Client expectations

Threats

Risk assessment

Policies

Network

‒ Reliable approaches for plausible threads

‒ Knowledge agnostic from vendor and technology

‒ Practical experience implementing and testing security control mechanisms

‒ Documentation oriented

pt.linkedin.com/in/ludovicolopes/

IT Engineer Highlights and Professional Skill Set (2 of 2)

Wide “Skill Set” focusing what is important for the Business:

– Efficiently align the IT with the business needs, and keep both secure and resilient

4 SIEM –– Security Information and Event Management

Technical IT Security

Data Protection

Data Loss Prevention

SIEM Architect

Ethical Hacking

Business Process Reengineering

Business Change Management

Project Management

Forensic Analysis Penetration Testing

ITIL Operation and Management C

om

ple

xity

an

d O

rgan

izat

ion

al Im

pac

t

IT T

ech

nic

al S

kills

Business Management

SIEM Implementation

SIEM Auditing

pt.linkedin.com/in/ludovicolopes/

Main Security Experience - SIEM Architect and Engineer (1 of 2)

Lead Engineer for Security Information and Event Management (SIEM)

– Main individual responsibilities through SIEM value chain

5

Project Management

‒ Heath Check

‒ Problem Diagnostics

‒ Technical Support Mgmt.

‒ Service Providers Mgmt.

‒ User Training

‒ Advance Incident Analyst

‒ Audit

‒ Use Case Design

‒ Implementation

‒ Development

‒ Documentation

‒ Network Modelling

‒ Customization

‒ Parameterization

‒ Tuning/ Hardening

‒ Integration with third party solutions

Platform Administration SIEM Engineering Security Operations

Center

‒ Scope and Use Case Design

‒ Risk and Change Management

‒ Issues Management

‒ Quality Control

‒ Project Documentation and Reporting

‒ Interconnection with external entities

Mainly for:

pt.linkedin.com/in/ludovicolopes/

Main Security Experience - SIEM Architect and Engineer (2 of 2)

Examples of project outcomes

6 These images were sanitized

pt.linkedin.com/in/ludovicolopes/

Insurance companies

Industry Experience - Banking and Insurance

Fulltime projects developed for the largest financial institutions

7 Employee values as December 2012

‒ Biggest PT public owned bank

‒ 23.000 employees

18 months Caixa Geral de Depósitos www.cgd.pt

‒ Largest private Portuguese bank

‒ 20.200 employees (9.000 in Portugal)

‒ Joint venture with Ageas

3 years Millennium bcp www.millenniumbcp.pt

‒ Private co-operative financial group

‒ 4.300 employees

6 months Crédito Agrícola www.creditoagricola.pt

‒ Dutch multinational banking and financial services

‒ 84.700 employees

Since May 2014 ING Group www.ing.com

Ludovico do Canto Lopes

Information Security Engineer

8

Leadership Business Consulting 4

Millennium bcp 3

Experience Overview 1

Senior SOC Engineer

Responsibilities as Senior SOC Engineer

ING Group - NN 2

pt.linkedin.com/in/ludovicolopes/

‒ Insurance and investment management company

‒ Active in 18 countries

Senior SOC Engineer for ING Group - NN

9

ING Group - Nationale-Nederlanden www.nn-group.com

Netherlands

Slovakia

Romania

Hungary

Poland

Bulgaria Greece

Czech Republic

Since 2nd July 2014

‒ NN company turns independent from ING

‒ Traded in Euronext Amsterdam stock (NN)

‒ 12,000 Employees

Security Operation Centre Coverage

pt.linkedin.com/in/ludovicolopes/

Responsibilities as Senior SOC Engineer for ING Group - NN

10

Top Management

Infrastructure Team

Customers

Security Operation Centre

Main Responsibilities

Use Case Design

Deep Incident Analysis

Service Quality Improvement

Requests Response

Content Development and Assessment

Training and Coaching

Baseline Definition

SOC Management Advisory

Active Member in Critical Incident Response Team

Manage Impact on SOC Service

Assess Infrastructure Design and Implementation

Identify, Report and Track Issues

Reporting

Service Assessment

Project Manager (SOC activities) in Mission Critical Projects

Bond and Fulfil needs from multiple parties

Activities carried fiscally in Prague (CZ) and Amsterdam (NL)

Ludovico do Canto Lopes

Information Security Engineer

11

Leadership Business Consulting 4

Millennium bcp 3

Experience Overview 1

Information Security Engineer for Millennium bcp

SIEM Architect and Engineer – Responsibilities

Ethical Hacking and Forensic Analysis – Responsibilities

ING Group - NN 2

pt.linkedin.com/in/ludovicolopes/

Main Responsibilities

‒ Largest private Portuguese bank

‒ Insurance Group (joint venture with Ageas)

‒ Traded in Euronext stock Exchange (ELI:BCP)

‒ Active in:

Information Security Engineer for Millennium bcp

12

Millennium bcp - Banco Comercial Português www.millenniumbcp.pt

SIEM Architect and Engineer

Ethical Hacking Forensic Analysis

Portugal Mozambique Angola Poland Romania Switzerland

Retail Banking

Corporate Banking

Investment Banking

Private Banking

Asset Mgmt.

Insurance

SIEM –– Security Information and Event Management

pt.linkedin.com/in/ludovicolopes/

SIEM Architect and Engineer – Responsibilities

(As described before)

13

pt.linkedin.com/in/ludovicolopes/

Ethical Hacking and Forensic Analysis – Responsibilities

Other skills develop as Information Security Engineer for Millennium bcp

14

‒ Comprehensive Investigation (Servers and Workstations)

‒ Malware (Windows and Android binaries)

‒ Fraud Analysis

‒ Reverse Engineering

‒ Phishing Scams

Forensic Analysis

‒ Public Websites

‒ Internet Infrastructure

‒ Mobile Application

‒ Software Behavior Analysis

Ethical Hacking

Ludovico do Canto Lopes

Information Security Engineer

15

Leadership Business Consulting 4

Millennium bcp 3

Experience Overview 1

Business Consultant for Leadership Business Consulting

Santo SGPS Project – Scope and Responsibilities

Santo SGPS Project – Results and Deliverables

ING Group - NN 2

pt.linkedin.com/in/ludovicolopes/

Business Consultant for “Leadership Business Consulting”

16

Responsibilities

Complete organizational restructuring of the Holding and its 10 companies

ERP – Enterprise Resource Planning – Microsoft Dynamics NAV

Lead Project and Change Management for the ERP implementation

www.leadership-bg.com

Project done as “Leadership Business Consulting“ employee

‒ Main Client: Santo SGPS

‒ Holding composed by companies on several areas:

‒ 121M€ equity in 2011

‒ 40 years since its first company was founded

Construction Property

Promotion Industry Energy

International Joint

Ventures

www.santo.pt

Project Example: Information Technology & Process Reengineering

pt.linkedin.com/in/ludovicolopes/

Santo SGPS Project – Scope and Responsibilities (1 of 2)

Project Manager and Pivot for all project activities and stakeholders interests

– Main interactions and deliveries

17 Simplified list of activities and outcomes

‒ Technical requirements ‒ Quality control and

assessment ‒ Issue identification and

mitigation

Project Manager

‒ Optimize business activities ‒ Ease the migration ‒ Documentation ‒ Risk mitigation ‒ User formation (new processes)

‒ Technical implementation ‒ Expertise ‒ User formation (IT solution)

External Service Provider

pt.linkedin.com/in/ludovicolopes/

Santo SGPS Project – Scope and Responsibilities (2 of 2)

18

External Service Provider

ERP Solution 7 Consultants Project Managers

Marketing

Legal

Human Resources

Board

Finance

Accounting

Architecture

Production

Mediation

Costumer Support

Administrative

Procurement

IT

Santo SGPS All SGPS Departments

25 Key Users

85 Processes

Assure a perfect match from ERP implementation and Santo SGPS needs.

Goal

‒ Project and Change Management

‒ Risk Management

‒ Organizational Restructuring

‒ Business Process Reengineering

‒ Direct Board Reporting

‒ Rollout Support

‒ Incident and Issues Management

‒ Quality Control

‒ Project Documentation

Responsibilities

pt.linkedin.com/in/ludovicolopes/

Santo SGPS Project – Results and Deliverables

Examples of project outcomes

19 These images were sanitized

Ludovico do Canto Lopes

Information Security Engineer

20

More Information

pt.linkedin.com/in/ludovicolopes/

Thank you

Document updated in 2014-XII-06