Rudi Coetzee - Director of CyberSecurity, Violet sky security

Keep in touch with meI'm using Intch to connect with new people. Use this link to open chat with me via Intch app

Network Power<100 people

Roles

✨100%

Business Owner

👍100%

Sales & BizDev

Geos

🇧🇭100%

Bahrain

Work Background

Violet Sky Security BVTechnology Senior Security Expert (GRC)

Oct. 2022 - May. 2023Utrecht, Netherlands · RemoteWorking at VodafoneZiggo fully remote. Evaluation risk of third-party Suppliers To VodafoneZiggo fixed, mobile, IT portfolio perspective. (ISO27001, SOC2, NIST csf) Utilize OneTrust as a questionnaire capturing tool. Reviewing contract requirements and making suggestions from a security and RVIT law perspective. Engagement with business owners, buyers, contract mngt and third-party suppliers.

Violet Sky Security BVCyber Security Advisor

Jul. 2022 - Oct. 2022RemoteProvide help and assistance in RaboBank as a security advisor related to First Line Risk, COE Security Expert and Infra teams.

Violet Sky Security BVPrinciple Security Engineer - Security Advisor

Dec. 2021 - May. 2022Amsterdam, North Holland, NetherlandsAssist Fontem Ventures and their DevOps teams with evaluating risk from Cloud security implementation and providing security advise in all areas. Azure security and services, AKS, CI/CD pipelines, threat modeling, vulnerability management, monitoring with Datadog, Aqua-Security and API improvements etc Solution and security engineering advice on penetration test results. Future proofing security and reaching new maturity levels in the area of security.

Violet Sky Security BVCyberSecurity Director of Intelligence

Dec. 2019 - Oct. 2021Amsterdam Area, NetherlandsWorking at a Global Financial institution (Abn Amro Bank) in the CISO team, part of the Center of Excellence Security in Innovation and Technology, Technology and Engineering, fundamentals sub team. Purpose of the team is to enhance the security posture of the bank. Advising on advanced software security techniques in compliance with technical reference architecture. Provide engineering advice for new software solutions, processes and technology to help mitigate security vulnerabilities and risk. Review of Penetration test and third party security maturity (SOC2 reports) related to partners and service providers. Performing Security Engineering Advice (SEA). Maintain and produce Information System technical documentation including report writing, reviewing and consulting. Advising on end point protection and hardening of laptops (MacOS specific, JamF Pro and Protect solutions). Advising teams on product implementation related to standards and polices of the bank, to implement SAAS solutions (NICE VOIP Azure solution) Architect review, evaluate, guide security-focused on tools and services in the organization as advisor. Cloud security with special focus on leading cloud services such as AWS, Azure. Designing services and products in Azure (AKS and other services) for consumption in the bank. Performing risk assessments on privileged accounts from a process and security perspective. Advice on IS risk management (frameworks) such as NIST, CIS, ISO27001, SANS, CCM Stakeholder management, especially in a multi-cultural and international environment.

ENHALO Benelux RegionCyberSecurity Director of Intelligence

Jul. 2019 - Sep. 2021Benelux RegionRudolf leads the cyber risk management and consulting services, Information assurance management and cryptocurrency information assurance at ENHALO in the Innovation and Technology department. Rudolf advises from a holistic cyber security perspective covering risk, compliance, policy, application, incident planning response, infrastructure technology and procedures. As compliance levels mature with growing regulatory oversight, he drives a more mature secure and compliance level through a range to information assurance programs: ISO 27001, NIST cyber framework, Data Breach Notification, CCPA, GDPR, and PCI DSS. As Cryptocurrency information management matures, Rudolf expertise in securing the blockchain from A to Z is invaluable: from the infrastructure, wallets, procedures, key management, incident planning response and policies. ENHALO is a next-generation technology solutions company focusing on three business pillars: Reducing Risk through cybersecurity offerings, Reducing Cost through digital transformation and Increasing Revenue through automation. As a group of global companies under one brand we are locally engaged, while globally operated. Our vision goes beyond the current global crisis as we co-innovate to enable businesses to prosper during difficult times. Our unparalleled experience, creative approach and competitive rates, makes ENHALO the best choice. Our SOC in the Philippines, and offices in UK, USA, The Netherlands and South Africa means we can provide round the clock SOC expertise and services at the most competitive rates. South Africa has become a soft target for cybercriminals, and our expanded cybersecurity portfolio provides additional protection to face these attacks head-on. Our services • IT Security Monitoring & Updated Management • IT Data Management • IT & Infrastructure Monitoring • IT Support Services • Fixed Fee Remediation Services

Violet Sky Security BVSnr CyberSecurity and Compliance Consultant

Apr. 2019 - Oct. 2020Uithoorn, The NetherlandsConsulting and assisting the client remotely with cybersecurity topics and compliance gap analysis [mapping controls] (ISO 27001). Assisting with answering IT third party security related questionnaires from global customers regarding BackOffice environment and cloud applications (SAAS, AWS solution) security, privacy, technology, processes and products from SafetyIO. Establishing best practices, defense in depth and security mindset, identify solutions for controls, review cloud architecture designs, advising on their ISMS (information security management system) journey towards ISO27001 compliance. Gathering information related to Cyber Incident Planning and Response, Business Impact Analysis and helping define and build BCP/DR processes, documentation aligned with ISO27001. Provide strategy advice (best practices, security and risk) on policy creation and implementation thereof.

Violet Sky SecuritySnr Security designer / Security Architect

Nov. 2018 - Sep. 2019Uithoorn, North Holland Province, NetherlandsSecurity Architect, snr Solution designer security, Information Security Consulting Telecommunication and mobile industry in The Hague. Working on vulnerablity management project. Design tooling solution for vulnerability management (dashboard and reporting templates on infrastructure status). Gather requirements for reporting templates and dashboard deliverables (patch status). Performing vulnerability scans and CIS level 1 compliance or hardening scans with Nessus Security Center on many systems, draw conclusions of compliance and risk status. Working on Proof of Concepts with hardening implementation on all OS (First Windows 2012, then CentOS). From a Windows perspective we could show a decrease in risk 80% by implementing CIS level 1. Identify Key Performance Indicators for MSP/MSSP regarding vulnerability management requirements and reporting. Keep stakeholders informed and happy. Seek synergy regarding tooling (issue tracking tools) and further collaboration from development departments to influence the software development life cycle practices.

ING NederlandSenior Information Security Specialist (Freelancer zzper)

May. 2017 - Oct. 2018Amsterdam Area, NetherlandsING Direct Banking Zone Performing penetration tests on infra, web applications and API, change and compliance related activities. Justifying technical findings to business. Participate in-house awareness training sessions. Collaborating with different teams concerning security, brain storming, education and awareness. Provide data driven decisions to middle management to assist with their risk strategy. Pro-active security for DBZ.

Violet Sky Security BVCyberSecurity Director of Intelligence

Apr. 2017RemoteRudolf leads the cyber risk management and consulting services, Information assurance management and cryptocurrency information assurance at Violet sky security BV in the Innovation and Technology department. Rudolf advises clients from a holistic cyber security perspective covering risk, compliance, policy, secure architecture (Azure and cloud), application, incident planning response, infrastructure technology and procedures. As compliance levels mature with growing regulatory oversight, he drives a more mature secure and compliance level through a range to information assurance programs: Cobit, ISO 27001, NIST cyber framework, Data Breach Notification, deceptive technology, CCPA, GDPR, and PCI DSS. As Cryptocurrency information management matures, Rudolf expertise in securing the blockchain from A to Z is invaluable: from the infrastructure, wallets, procedures, key management, incident planning response and policies. Q4 2023 Contributed as part of a team on Decentralised Identity Foundation (DIF) hackathon, Zero Knowledge Decentralised DNS Identity protocol .zkdid to create a proof of concept: Use Case: Secure Supply Chain Management with Zero-Knowledge Proof NFTs and Decentralized DNS The Work Group as part of the DIF are being setup, with more volunteers interested in zkDNS protocol and will continue from 20.12.2023. Formal acceptance from DIF is imminent.

Violet Sky SecuritySnr Information Security Consultant

Apr. 2017 - Nov. 2018Uithoorn, The NetherlandsSnr Information Security Consulting in banking industry, Penetration tester, source code review, (API, Web applications) Security Strategy Challenger 01 May 2017 till 08 November 2018

ING NederlandSenior Information Security Specialist (Freelancer)

May. 2014 - May. 2017Amsterdam Area, NetherlandsING Group Services organisational unit. Performing Web Application Assessments (dynamic scans and penetration tests) on Internet (including SAAS vendor services) and internal web applications for Group Services and other departments in ING. The team started as seven people and grow till 15 over two years (Static code review and dynamic/pentest) in the group services silo. Started with mobile application testing (2016). Working in an scrum / kanban / agile environment. Performing educational presentations and awareness sessions (twice per month) for Group Services regarding application security awareness (information security awareness). Recorded a training video for 2016. Investigate tools to help correlation and consolidation of different raw findings and results (sast, dast, pen test) into one location / solution / unified results. We found the tools could help prioritise and manage vulnerabilities, integration with current SDLC processes and workflows, reduce complexity and spend less time on reporting. (solutions:CodeDX, Threadfix) CodeDX was our choice.

BNP Paribas FortisTechnical Security Advisor

Jan. 2014 - May. 2014Brussels, BelgiumFunctional description: Vulnerability Management Execute vulnerability management process; coordinate Infrastructure and application vulnerability detection by leveraging scanning (Qualys) to detect vulnerabilities on a defined set of IT assets; Ensure full network scope is accounted for. coordinate external Penetration Testing engagements;coordinate vulnerabilities remediation activities with IT departments. Consolidate results in Archer for eGRC management. Ensure that the VM process of detection, qualification, remediation and control is completed in all environments. Security Control Point Change Validation: (Firewall / Perimeter security change approval) Validate perimeter access rules within boundaries of predefined security policies; Liaise with network/architecture security team to regularly define, review and update process exceptions. Local Computer Security Incident Response Team / management - LCSIRT Communicate action plans and proactive strategies to different teams in Infrastructure related to zero day vulnerabilities, targeted campaigns and known vulnerabilities against the company/industry and IT risk universe. Identify new sources of intelligence, consolidate and disseminate actionable information to teams. Follow up action plans until risks are addressed. Ensure automation of feeds into one consolidate portal of Archer, conform to the VM process model: qualification, normalization, remediation and control.

ING BelgiumSecurity Specialist - Web Application Specialization (freelancer)

Oct. 2011 - Jan. 2014Brussels BelgiumRefined web application scanning process for the dynamic scan project, creating awareness with all departments and knowledge sharing with SOC team. Performing Web Application Assessments on Internet facing and internal applications in production and acceptance environments. Identifying risk and vulnerabilities utilizing automate tool (HP WebInspect) and manual verification of findings (Open source tools). Compile business impact analysis reports for highly sensitive business applications. Architectural review of applications and infrastructure. Review of business logic in applications. Coordinating scans (assisting to define scope, schedule, change control process), scan execution, analysis, elimination of false positives and report delivery.

NXme FZ-LLCSenior Security Specialist (PCI)

Dec. 2007 - Sep. 2011My projects and responsibilities encompass consulting many banking clients with advice and assistance regarding PCI DSS compliance in the Middle East region. Performing risk assessments on various areas (infrastructure, application internet) for clients. Ad hoc Projects: Perform Web application assessments utilizing OWASP application security testing procedures for e-commerce and banking institutions. Perform network and infrastructure assessments (internal and external) to determine vulnerabilities and risk to an organization. I assisted in forensic investigations to gather evidence of a compromised web application hosted by the ISP for legal proceedings. Provide evidence of the vector points, methods of exploitation and provide mitigating action for the application and host.

EDSInformation Protection Compliance Coordinator

Feb. 2006 - Nov. 2007Cape Town Area, South AfricaInformation Protection Compliance Coordinator for the EDS Infrastructure team in South Africa. My responsibilities encompass the governance of compliance for the infrastructure teams with regards to security policies, standards, technical controls and procedures which are enforced and adhere to in Chevron. The proactive management of risk related to Chevron’s information assets and in project initiations. I am the main contact for any queries on IP\SOX compliance for EDS Infrastructure team at Chevron South Africa. Reviewing of evidence for SOX, IP compliance in a timely manner. Planning and organising the yearly SOX and IP Plan, coordinating the monthly meetings. Assisted and liase between the teams during multiple audits in 2006/2007. Conducting assessments on the different teams and technical areas to identify gap in our security strategy and compliance roadmap. Planning, coordinating and communicating the bi-annual Disaster Recovery tests.

ChevronIP Compliance Coordinator

Jan. 2005 - Dec. 2007Cape Town Area, South AfricaCompliance management, audit preparation (Sox and ISO), audit liaison process, follow up on remediation.

$System Administrator \ Migrations Projects$

EDS - Sage Financial South AfricaSystem Administrator \ Migrations Projects

Oct. 2002 - Jan. 2005Third level support for end user, servers and the network. My main focus is on the System Support (AD, Exchange 2000),operations and security assessments, patch management and anti virus. Developing and implementation of IT Best Practices, information security guidance and compilation of technical documents and procedures. Security Experience: Performing vulnerability and risk assessments on the network by utilizing the following tools: Experience in using security tools and techniques to detection \eradication viruses. Providing suggestions to management how to mitigate the security risk and amend the client’s procedures. Other responsibilities: Migration from Exchange 5.5 (Multiple sites) to Exchange 2000, Implementation of MS SUS, Altiris Deployment Server 5.6, overseeing the creating of Altiris images, application rips. MQ Series 5.0, Mcafee EPO (ePolicy Orchestrator 3), Mail marshal for SMTP MS SQL 7/2000 SQL database admin, Backups software.