Savyon Shimon
CISO,CRO, DPO
Gedera
Summary
CISO & Information security Consultant with over 20 Years of field experience. Has rich and unique experience in professional and managerial aspects. My experience includes examining cyber risks, information security in solutions and implementing cloud applications, implementing security systems, architecture of information security systems, planning and implementing segmentation, writing procedures and business policies and managing compliance with ISO information security standards. Support users in different work environments. Over 10 years of experience in managing information security teams both professionally and personally. I hold CISO certification from the Technion - CISSP, CISM, CSX, senior examiner for information security standards: ISO 27001, ISO 27799 from the Israeli Standards Institute. I have extensive experience in the installation, management and ongoing maintenance of operating systems, as well as software products and various computers and working on various hardware and storage systems. Deep understanding of cyber threats and cyber-attack techniques, for example: Cyber Kill Chain. Experienced in formulating and implementing SDLC development processes and implementing horizontal security systems in global companies with hundreds and thousands of users. Rich experience in reviewing and accompanying companies in the protection of OT/IT systems and various regulations, including cyber in environmental quality, municipal, health, capital market, transportation, HIPPA and GDPR. and in the review and implementation of the Privacy Protection Law, databases and cameras. My motto: Continuous improvement reduces gaps, important methodology on the side of thinking outside the box.
Overview
23
23
years of professional experience
7
7
years of post-secondary education
2
2
Languages
Work History
head of Cyber security
Infoguard
01.2023 - Current
- Conduct infrastructural, process and technological risk audits internally and among the company's customers
- Accompanying and preparing organizations for the requirements of the Privacy Protection Law and the database regulations
- Architecture consulting in the field of cyber in the IT / OT worlds
- Directing, writing and ongoing management regarding technological aspects and processes (policies and procedures)
- Carrying out information security awareness training for organizations
- Providing solutions for regulatory requirements, the various laws and regulations both internally and for the company's customers
- Information security examinations and controls for the cloud environment and the local organizational environment
- Mapping protection circuits, existing controls and preparing a map of cyber risks and technological risks
Cyber Security Defense Team Leader
BugSec
01.2021 - 01.2023
- Technical Security Assessment professional with extensive experience in the banking, insurance, high-tech, government, industry and defense sectors
- Deep technical security skills in systems integration and solution deployment, network protocol analysis, web content filtering, DLP finetuning, end point protection, security architecture design, vulnerability and patch management, SIEM, Swift and Euroclear environment security expertise including architecture, security controls, compliance and flow processes
- Wide experience in medical infrastructure, industrial SCADA plants, public cloud (AWS, GCP, Azure) cyber security audit
- Expert knowledge of network, application and endpoint security products provided by leading vendors
- Expert ability to identify and address significant technical security vulnerabilities related to network and application security architecture, system hardening, virtual server security management, vulnerability and patch management, anti-malware, authentication and encryption
- Mapping an organization's critical assets, channels, services and critical components
- Expert in writing Policy, Standards, Procedures and Security Guidelines
- Evaluation of current situation and creation of road map for future development
- Mitigation for the risks of cyber-attacks
- In-depth analysis of the overall organization's readiness state and development of information security guidelines and policies
- Hardening processes of operating systems (Win, Linux, etc.), Web, Terminal, as well as Security Devices
- Validation of organization's hardening documentation
Head of Cyber Security, Risk Division
Bank Leumi
01.2020 - 01.2021
- Assessment of all cyber risks in the Bank and its subsidiaries and their presentation to the National Board of Directors, while representing Line II in the cyber aspects
- Challenge the map of cyber risks and supporting methodologies
- Examining trends and risks from around the world with a focus on intelligence and researching threats to the banking systems
- Work in conjunction with the Bank of Israel and the various regulatory requirements between Nabat 310, 357, 361, 363 and so
- Examination and evaluation of the supply chain, cloud services, systems risks, and business continuity
- Cyber risk analysis of leading fintech projects
- Assessing the risks in existing controls while focusing on a range of leaked threats and functional impairment
- Preparation of work plans for assessing cyber risks, focusing on indicators that affect the risk assessment
- Defining cyber risk appetite (tolerance) and adhering to cyber policy
CISO
IPV Security
01.2019 - 01.2020
- Building annual Information Security workplan to management's satisfaction and approval
- Setting cybersecurity guidelines and requirements
- Support On-Prem as well As Cloud base Environments (AWS, GCP, Azure)
- Ongoing guidance and management regarding technological and processive aspects (policies and procedures)
- Providing solutions to regulations' requirements
- Managing information security risks and events
- Building employee awareness work plans and leading training
Information Security & IT Consultant
"Matzov" Unit, Israeli Cyber Defense forces
01.2017 - 01.2019
- Responsibility and management of all Microsoft Products on site
- Leading information systems security projects
- Build and implement DR methodology
- Perform DR exercises as well as conclusions Implementation
- Maintenance, establishment and operate backup systems (Commvault)
- Support and maintain over 1000 servers and about 800 users including development personnel
- Infrastructure team Support (TIER 3,4)
CIO, CISO
Israel Cancer Association
01.2012 - 01.2017
- In charge of entire computer systems - professional and managerial
- Project Management in Computing - Commercial Priority Implementation, Human Resources, Salesforce Interfaces, And dedicated software in the medical world
- Providing computing solutions according to organization needs (organization of about 500 users)
- Subject to internal and external audits including compliance with health regulations
- Performing Audit tests for compliance with ISO 27799, 27001
- Install Veeam DR array, part of BCP plan
- Managing Symantec SEP
- IPVPN and FW Fortinet network management
- Writing procedures and Helpdesk management
- Installing EXCHANGE 2010 server
Education
CISO course - International Training Study: CISSP, CISM, CSX certified
Technion
MCSE - NT4, 2000, 2003
High Tech College
01.1998 - 04.2005
Skills
Problem-Solving
Security Clearance
Hold Security clearance from the Director of Security of the Defense Establishment
Courses Training Certification
- 01/2024, ISACA - Training on vulnerability assessment and weakness management
- 01/2022, Energy Team Privera - DPO course - requirements of the Privacy Protection Law
- 01/2021, Ministry of the Environment - Course in Compliance with Cyber conditions for obtaining a toxin permit
- 01/2020, ISACA - Cyber Protection Course for ICS-OT-IIoT Operating Systems
- 01/2019, Technion - CISO course, International Training Study: CISSP, CISM, CSX certified
- 01/2017, NETAPP - Establishing and managing DataOnTAP Cluster Administration, Data Protection
- 01/2016, Standards Institution of Israel (SII) - Senior Audit and Information Security Editor's course for ISO 27001, 27799
- 01/2011, CheckPoint- course: Safe@Office version
- 01/2007, AntiSpam Commtouch course
- 01/1998, High Tech College - MCSE, NT4 2000,2003
Personal Information
ID Number: 038613048
Timeline
head of Cyber security
Infoguard
01.2023 - Current
Cyber Security Defense Team Leader
BugSec
01.2021 - 01.2023
Head of Cyber Security, Risk Division
Bank Leumi
01.2020 - 01.2021
CISO
IPV Security
01.2019 - 01.2020
Information Security & IT Consultant
"Matzov" Unit, Israeli Cyber Defense forces
01.2017 - 01.2019
CIO, CISO
Israel Cancer Association
01.2012 - 01.2017
MCSE - NT4, 2000, 2003
High Tech College
01.1998 - 04.2005
CISO course - International Training Study: CISSP, CISM, CSX certified
Technion
Similar Profiles
Michael ElyesMichael Elyes
Cyber Security Consultant at Infoguard AGCyber Security Consultant at Infoguard AG
Leonelle YanovskyLeonelle Yanovsky
Third-Party Risk Analyst at PayoneerThird-Party Risk Analyst at Payoneer
Pablo TalmiPablo Talmi
Security Specialist at RadwareSecurity Specialist at Radware
Ben EyalBen Eyal
General Counsel at Challenge Airlines (IL) LTDGeneral Counsel at Challenge Airlines (IL) LTD
MANOLYA ROWEMANOLYA ROWE
Head of Cyber Security ERSS Security Department at CognizantHead of Cyber Security ERSS Security Department at Cognizant