Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

personal data

advertisement 
Demetris Papapetrou
PERSONAL DATA
Date of Birth:
24/11/1977
Gender:
Male
CAREER HISTORY
Date
Organisation
Job Title
Dec 06 – Present
Internal Audit Service of the Republic of Cyprus
Internal Audit Officer
Mar 02 – Dec 06
KPMG, Cyprus
Assistant Manager/IRM Consultant
Jan 02 – Mar 02
Interlife Insurance Co. Ltd, Cyprus
Programmer/Analyst
WORK EXPERIENCE
I have more than eleven (11) years of experience as an Information Security consultant/auditor and have acted as a
project leader or key specialist for a number of projects at major corporations both in Cyprus and abroad.
As an Internal Audit Officer of the Republic of Cyprus I mainly perform external penetration tests, internal security
assessments, web application security assessments, wireless security assessments, client-side attacks, reverse code
engineering, forensic and malware investigations, technical security configuration reviews (e.g. firewall rule base
reviews, operating system and application reviews against security baselines) and infrastructure design reviews of
highly critical IT environments. Furthermore, I provide valuable guidance in the development of information security
policies, the design and development of new business critical systems and perform IT General Control reviews based
on the COBIT framework.
At KPMG my main domains of activity included Information Security Services, Information Technology Audit and
Business Systems Controls. I have been involved in numerous projects for clients in Europe mainly focusing on
Financial Institutions, Media and Telecommunication Organizations. Work performed involved authorized penetration
testing of perimeter networks, security assessments of internal IT environments, security assessments of mission
critical application systems, reviews of firewall security configurations, audits of IT environments based on best
practices. Additionally, I have been involved in Sarbanes Oxley Assistance 404 work for multinational organizations
both for the documentation and testing of business process and application controls and for documentation and testing
of the Information Technology General Control environment including Security Monitoring based on the COBIT
domains. I have also been involved in the development of Information Security Policies for financial institutions and
with the development of an Information Security Management System (ISMS) in line with the ISO/IEC 17799-1:2005
(‘Information Technology – Code of practice for information security management). Deliverables produced include,
reports focusing on identification of vulnerabilities and development of recommendations regarding architecture,
configuration, resource and process weaknesses, risk and control matrices, process maps, IT audit findings and client
specific security policies and procedures.
EDUCATION
Academic Institution
Dates (From – To)
University of Bath, UK
2000 - 2001
MSc in Computer Science
(conversion course)
University of East Anglia, UK
1997 - 2000
BSc in Computerised Accountancy
Qualifications
COMMUNICATION SKILLS
Mother Tongue: Greek
Understanding
Language
Certificate
Speaking
Listening
English
IELTS
8.5
(C2)
Proficient
User
Writing
Reading
8.5
(C2)
(*) Common European Framework of Reference (CEF) level
Proficient
User
8.0
(C1)
Proficient
User
8.0
(C1)
Proficient
User
PROFESSIONAL CERTIFICATIONS
Date
Course Title
Organisation
May 2013
Certified Forensic Investigation Practitioner (CFIP)
7Safe
Feb 2013
Juniper Networks Certified Associate (JNCIA)
Juniper Networks
Nov 2012
Certified Wireless Security Analyst (CWSA)
7Safe
Apr 2012
Certified Security Testing Associate (CSTA)
7Safe
Apr 2012
Certified Security Testing Professional (CSTP)
7Safe
Apr 2012
Offensive Security Certified Expert (OSCE)
Offensive Security
Jan 2010
EC-Council Certified Security Analyst (ECSA)
EC-Council
Dec 2009
Ethical Hacking and Countermeasures (CEH)
EC-Council
Mar 2009
Offensive Security Certified Professional (OSCP)
Offensive Security
Jul 2005
Certified Information Systems Auditor (CISA)
ISACA
TECHNICAL EXPERTISE
I am experienced in Java, C, Python, Assembly, Oberon-2, VRML, HTML, PHP, Unix shell scripting, SQL and
COBOL. I have also worked on several operating systems such as Linux (Redhat, Debian and Slackware based
distributions), Unix (Solaris), Microsoft Windows 95/98/NT/2000/XP/2003/Vista/7/2008/8/2012, IBM AS/400 and
have in-depth understanding of the TCP/IP protocol suite over Ethernet and 802.11. I extensively use Backtrack/Kali
Linux to perform my work and utilize specialized security tools to accomplish specific tasks, such as Nmap, hping,
Wireshark, Solawinds Suite, Cain & Abel, ettercap, Kismet, aircrack-ng suite, Nessus, Nexpose, GFI Languard,
Metasploit, Core Impact, OllyDbg, Immunity Debugger, Acunetix, Netsparker, HP Webinspect, IBM AppScan,
sqlmap and many more off-the-shelf and self-written tools.
ADDITIONAL INFORMATION
I am a certified training instructor for EC-Council’s ethical hacking courses and 7Safe’s university-accredited courses
in information security and digital forensics.
I have been invited to speak on current security topics and demonstrate offensive hacking techniques in conferences
and events around Cyprus, such as the Open Hack Day Event, the Cybercrime Security Forum, the IT Pro Cyprus
Community Event and the ISACA Cyprus Chapter’s Quarterly Event.
In addition to the above, I have been asked by Gordon “Fyodor” Lyon to contribute a real life scenario that I
encountered during a penetration test, for his book ‘Nmap Network Scanning: The Official Nmap Project Guide to
Network Discovery and Security Scanning’ (2009). My contributed work can be found in Chapter 10 of the book and
carries the title “A practical real-life example of firewall subversion”.
I also have an active role in the information security research field as I continuously search for new hacking techniques
and previously undiscovered/zero-day vulnerabilities in popular off-the-shelf software products. So far I have
discovered and published vulnerability advisories -following the principles of responsible disclosure- for Alt-N’s
MDaemon Mail Server, Panda Internet Security, 1024cms, Elxis CMS and Viola DVR. Furthermore, I have
contributed/published whitepapers, screencasts, tools and scripts for the identification and exploitation of various
vulnerabilities and hacking techniques.
I am a board member of the Cyprus IT Pro User Group, an active member of the Cyprus Computer Society’s Special
Interest Group on Information Security, a member of ISACA, a non-voting member of (ISC)2 and a member of The
Institute of Internal Auditors.
Related documents
HELLO FROM CYPRUS!
HELLO FROM CYPRUS!
Participants
Participants
SHAPING THE NEW EASTERN MEDITERRANEAN ENERGY MAP
SHAPING THE NEW EASTERN MEDITERRANEAN ENERGY MAP
Nikitas Hatzimihail
Nikitas Hatzimihail
Title: Compensation from Cyprus for Human Rights Violations
Title: Compensation from Cyprus for Human Rights Violations
Louiza Hadjivasiliou of the NGO Support Centre on the
Louiza Hadjivasiliou of the NGO Support Centre on the
BL 201 – BUSINESS LAW COURSE DESCRIPTION/PURPOSE
BL 201 – BUSINESS LAW COURSE DESCRIPTION/PURPOSE
ERASMUS-PLACEMENT
ERASMUS-PLACEMENT
IT
IT
Download
advertisement