Summary
Overview
Work History
Education
Skills
Websites
Certification
Languages
Affiliations
References
Timeline
Generic

Rodrigo Favarini

Lucan

Summary

Dynamic Senior Security Testing Analyst with extensive experience at Bank of Ireland in ethical hacking and vulnerability assessments. Proven expertise in compliance testing, team collaboration, and driving cybersecurity strategies that enhance risk management. Demonstrated proficiency in identifying and exploiting system vulnerabilities using various methodologies, including black box, white box, and gray box testing. Significant contributions in improving security frameworks have led to a marked reduction in potential threats to critical systems.

Overview

21
21
years of professional experience
15
15

Certifications

Work History

Senior Security Testing Analyst

Bank of Ireland
Dublin
09.2022 - Current
  • As a Senior Security Testing manager, I have played a key role in leading the company's Penetration Testing activities of infrastructure, network, web applications, APIs and Android apps
  • As a lead team member, I am also responsible for internal knowledge sharing junior professionals in developing their skills
  • The technical penetration test skills include but are not limited to: Conduct comprehensive penetration tests on web applications, mobile apps, APIs, networks, infrastructure, cloud environments, and wireless systems to identify and remediate security vulnerabilities
  • Perform in-depth firewall and system configuration reviews to ensure compliance with security best practices and industry standards
  • Execute vulnerability scans using industry-standard tools to detect potential security threats and weaknesses
  • Develop detailed reports outlining findings, risk assessments, and actionable recommendations to enhance the security posture
  • Responsible for planning and execute security vulnerability assessments and penetration testing on the bank systems, delivering the following achievements to the group: Minimize and mitigate risks introduced by existing and new information technologies and services
  • Advice on mitigation and resolution to vulnerabilities
  • Provide input to defining compliance and monitoring metrics for application security, vulnerability management and security governance
  • Provide feedback regarding progress made on system audits to business owners
  • Direct involved to the internal risk assessment process, as the application security lead I am responsible for translate the vulnerabilities CVSSs to the internal risk matrix and supporting the internal remediation process or acceptance with the service delivery manager

Chief Operating Officer

MITM Cyber Security Consulting
01.2016 - Current
  • Red Team leader, using the Cyber Kill Chain methodology, I'm responsible for creating and planning the cyberattacks for adversary emulation, create and presents reports for C-level, administering the vulnerability assessment team and planning and execute several penetration tests

Information Security Manager

Bank of Ireland
County Dublin
09.2019 - 09.2022
  • Responsible for overseeing and enhancing cybersecurity strategies, risk management and daily operations of cloud computing environments
  • The role includes leading and prioritizing the overall cybersecurity program and incident response services projects, implementing and supporting information cybersecurity policies and procedures across the business unit
  • As a Security Manager in GWS (Group Web Services), I’m responsible for continuous Cybersecurity improvement of the Group Web Sites area and the systems within, leading the DevSECOps team, planning, implementing and conducting the cybersecurity program according to the BOI Group Security directions
  • Actively controlling the vulnerability management process, identifying risks, proposing alternatives, solutions and bug fixes
  • Leading the implementation of security platforms having the focus on cloud platforms (AWS and Azure), including SIEMs (Graylog and Splunk), NACLs and Security Groups (firewall) rules, AWS and Azure WAF ACLs and rules, anti-malware, and DDOS protection services
  • Support the application development process, mainly in the design phase, applying the information security architecture principles and implementing controls according to the InfoSec policy and standards
  • Supporting the internal auditing process, detecting and raising risks and finding solutions to mitigate them
  • Implement Information Security Policies, Standards, Procedures & Minimum Baseline Standards (aka Checklist/Guideline)
  • In addition to these responsibilities, I have contributed to the internal security team and working with them to share results and find solutions to security challenges, participating in the information security department's growing efforts, including hiring new team members and internal company meetups

Security Analyst

Bank of Ireland
Dublin
07.2018 - 09.2019
  • Perform ethical hacking tests against the internal systems, Internet, and/or Intranet connected operations, identifying and exploiting the system, server, network and application-level vulnerabilities in order to illustrate risks and provide prioritized recommendations
  • Responsible for creating detailed reports containing prioritized findings, demonstrations of exploits, explanation of compromise impacts, and recommendations for mitigation and remediation
  • Validate remediation activities upon request
  • Implement, manage and monitor Alienvault, correlating logs, threats and patches
  • Responsible for overseeing and enhancing cybersecurity strategies, risk management and daily operations of cloud computing environments
  • My role includes leading and prioritizing cybersecurity and incident response services projects, implementing and supporting information cybersecurity policies and procedures across the business unit
  • Define, implement and manage cybersecurity strategies and road map
  • Research information security threat landscape (attack vectors and tools, best practices for securing systems and networks, etc.)
  • Management of after-action reviews/problem management / continuous improvement activities
  • Incident response business continuity planning, auditing, and risk management
  • Managing security infrastructure including IDS/IPS, Web Application Firewalls (WAFs), Security Patching and Vulnerability Assessment
  • Managed SIEM
  • Vulnerability assessment
  • Reporting

Senior Security Engineer

Ammeon
Dublin
09.2017 - 06.2018
  • Working on a project for Ericsson to design and implement a secure network solution, integrating the Cloud Ericsson ENM system (NMaaS) with customers (small US data network operators)
  • My role in this project ensures the protection of the communication channel, designing the network security level and suggesting improvements and best practices to the Network Engineers
  • Analyse, configure and troubleshoot network deployments, oriented to networking security, involving Juniper SRX and Extreme Switches
  • Work with Junos OS, specific features and standard protocols like IPSEC, SSL, DHCP, STP, NAT, SNMP, NTP, VRRP, 802.1q and Security features like Unified Threat Management, AppSecure, IPS, Routing-instances and Logical Systems
  • Deploying high-availability scenarios as well as utilizing IP tunneling technologies like GRE and IP-to-IP
  • Building technical documentation, firewall configurations and handing over the solution to operation team
  • Reviewing security configurations to ensure standards are being utilized such as ITIL, NIST controls, ISO 27001/2, and industry best standards
  • Integrating public clouds (AWS and Azure) with the private cloud through Equinix Cloud Exchange

Security Specialist

7COMm
São Paulo
06.2015 - 03.2017
  • Testing and implementing solutions to defects, having focus on security bugs
  • Performing networking and software vulnerability analysis, creating a plan for correction, documentation and reporting
  • Performing LAN, DMZ, and internet facing security scanning on corporate and guest network looking for potential vulnerabilities, malicious programs, weak access controls and recommending appropriate actions
  • Coordinating internal information security seminars
  • Developing improvements to the network infrastructure in accordance with company’s information security policies
  • Developing information security related documentation (policies, standards, technical procedures) based on ISO 27001
  • Implementation of Change Management to help developers, network administrators, managers and executives gain a clearer insight into deployments and traceability of changes in the production environment
  • Performing internal and external (suppliers) security auditings through visits and questionnaires
  • Configuring and monitoring WAF (Fortinet and AWS WAF)
  • Developing automation scripts in Python using Jenkins and Zabbix for vulnerability test
  • Implementation and configuration of AlienVault NIDS
  • Involved with senior executive level management, system administration and developer team to get a higher level of security
  • Conducted risk assessment and recommend actions to reduce the risk of loss to confidential data
  • Performed Enterprise Antivirus scanning and updates for corporate devices
  • Part of the Red Team to run penetration tests, using the OWASP top 10 and NIST framework as a guide
  • Working with: Kali Linux, Webinspect, Burp, SoapUI, NMap, SQLmap, etc
  • Presenting a seminar on OWASP Brazil about Data Leak on NoSQL open databases

Software Specialist - Ecommerce

Cnova - GPA
São Paulo Area
07.2014 - 06.2015
  • Analysing and debugging code
  • Responsible for the development of ecommerce front-end utilizing C#
  • Working on the integration of the external services using REST and SOAP
  • Analysing business, functional, and technical requirements to make sure project meet expectations

Scrum Master

Magazine Luiza
São Paulo Area
06.2013 - 07.2014
  • Helping the team defining and following the correct KPIs and Agile process, focusing on the continuous decrease in the number of calls and equalization of processes in the company
  • Team with approximately 15 developers, sustaining: Main E-Commerce; B2B E-Commerce; Front-end (site) integration with back-end; Administrative systems and configuration of the main site

Senior Developer

Magazine Luiza
São Paulo Area
07.2012 - 06.2013
  • Development of the corporate sales platform (B2B)
  • Development of internal systems integration and e-commerce projects
  • Development of the Front-End and Back-End layers of e-commerce using: Java, Python and SQL Server 2012 Database
  • Design and analysis of technological solutions for cloud computing infrastructure

Computer Programmer

Bematech S/A
São Paulo Area
06.2004 - 05.2011
  • C#
  • ASP.NET
  • ASP Classic
  • VB 6
  • C++
  • SQL Server 2005 database scripts

Education

Master of Science - Cybersecurity

EC-Council University
USA
06.2022

MBA - Project Management

Anhanguera
Brazil
01.2010

Bachelor of Science - Bachelor of Technology (btech) - IT for business development

Fatec
Brazil
01.2005

Skills

  • Ethical hacking
  • Network security
  • Compliance testing
  • Penetration testing
  • Secure coding practices
  • Mobile security
  • Application security
  • Web application testing
  • Vulnerability assessment

Certification

  • CISSP – Certified Information Systems Security Professional
  • SANS-GCPN – Cloud Penetration Tester
  • CEH – Certified Ethical Hacker
  • EJPT – eLearn Junior Penetration Tester
  • Hack The Box Pro Labs: Zephir, Xen, POO, RastaLabs, Alchemy
  • SSCP – Systems Security Certified Practitioner

Languages

  • English, Native or Bilingual
  • Italian, Elementary
  • Portuguese, Native or Bilingual

Affiliations

  • YouTube content producer for the BHack project: https://www.youtube.com/playlist?list=PLeMmSKKOnfJUNBlQP9rPE-p9zseUcyex
  • ISC2 Cybersecurity Exam Development Volunteer (SSCP-CISSP)
  • EC-Council - Cybersecurity Career Mentor - 2023

References

References available upon request.

Timeline

Senior Security Testing Analyst

Bank of Ireland
09.2022 - Current

Information Security Manager

Bank of Ireland
09.2019 - 09.2022

Security Analyst

Bank of Ireland
07.2018 - 09.2019

Senior Security Engineer

Ammeon
09.2017 - 06.2018

Chief Operating Officer

MITM Cyber Security Consulting
01.2016 - Current

Security Specialist

7COMm
06.2015 - 03.2017

Software Specialist - Ecommerce

Cnova - GPA
07.2014 - 06.2015

Scrum Master

Magazine Luiza
06.2013 - 07.2014

Senior Developer

Magazine Luiza
07.2012 - 06.2013

Computer Programmer

Bematech S/A
06.2004 - 05.2011

Master of Science - Cybersecurity

EC-Council University

MBA - Project Management

Anhanguera

Bachelor of Science - Bachelor of Technology (btech) - IT for business development

Fatec

Similar Profiles

  • Esther Cong

    Esther CongEsther Cong

    Senior Administrator, Structured Products & Derivatives at Bank of IrelandSenior Administrator, Structured Products & Derivatives at Bank of Ireland

    View Profile
  • SHANNON NAZARETH

    SHANNON NAZARETHSHANNON NAZARETH

    FINREP Reporting Analyst at Bank of IrelandFINREP Reporting Analyst at Bank of Ireland

    View Profile
  • John Murray

    John MurrayJohn Murray

    Bereavement Support Unit Manager (Secondment) at Bank of IrelandBereavement Support Unit Manager (Secondment) at Bank of Ireland

    View Profile
Rodrigo Favarini