I provided specialized cyber security advisory for Board of Directors and senior leadership to enterprise clients. Reference activities: NIS2 and Security Governance maturity assessment for a pan-European producer of mining machines, waste management software and hardware inline with NIS2, upcoming CRA ( product security ) and ISA 62443. I have provided guidance in these matters for the CISO and senior leadership across countries of operations, EU ü NIS2 readiness assessment for a payments processor ü Security posture assessment against ISO27001 for a European processor of secure payments, EU and AUS ü ISO27001 implementation assistance for a fin-tech organization ü NIS2 Board of Directors training for an online multi-country European marketplace CER baseline requirements training delivery NIS2 and CER readiness assessment for a critical infrastructure operator in Norway ISO27001 implementation advisory for an online publishing house, Nordics “Second opinion” project for evaluating the effectiveness of a Cyber Security Awareness program for an international media organization DORA and General cyber security trainings for a software development organization supplying for the finance sector. 3 sessions were delivered for different target groups: senior leadership, software developers, consultants

I was appointed in this role to create the “Cyber Security Consulting” business unit where I designed and managed 3 teams: - Consulting Services (GRC) team - Cyber Security Trainings team - SOC team The GRC team delivered projects for space, defense and institutional ( EU funded ) sectors in the following segments: - EU regulations ( NIS2, AI Act, DORA ) assessment and their impact for our client base - Security Risk Assessments for space projects ( in cooperation with ESA ) and defense projects ( *not available for disclose) - Product security : o Leading the roadmap execution for the cyber range platform developed in-house. o I was responsible and accountable for developing on-time content for the cyber range and for the “customer success” program. I frequently have large scale or restrained audience speaking engagements in conferences, workshops for the clients or invited at closed-doors events ( e.g CySat 2023, CySat2024, MWC 2025 , CyberSecurity Conference Brussels 2022/2023/2024, ENISA ThreatHunt Conference 2023/2024 ) Projects I delivered for strategic clients (CISO advisory ) included: Cyber risk management NIS2 gap analysis DORA gap analysis Cybersecurity due diligence for M&A (Merger and Acquisitions) deals Capacity building trainings for the EU member states – projects with the EC Senior management trainings/briefings on diverse topics: EU regulations, AI governance Cybersecurity maturity assessments based on NIST CSF, ISO27001 and CIS Controls Cybersecurity programs design and implementations – identity-centered programs and roadmaps Governance of Information Security Programs using ISO 27001 and COBIT Cybersecurity technologies assessment Transformation projects in the digital domain I also setup the SOC team in a classified environment serving clients from industries that require the highest level of security. Part of this setup were the following tasks:  Design the team structure (analysts, security engineers, automation engineers, SOC Manager ) and hiring the team based on the custom developed job descriptions  Design the 12/24 shifts and aligning with the country labor rules  Design the technology stack and supervise the implementation  Design SLAs for the first clients The trainings team had 2 streams of activities and revenues: Cyber security skilling and Cyber security awareness trainings incorporated into organizational programs Hands-on scenarios development for the cyber range platform Projects portfolio: AI Governance program implementation for a EU Agency – inline with EU AI Act and following NIST AI RMF AI Risks evaluation for products/platforms with embedded AI components ( inline with EU AI Act and NIST AI RMF ) Cyber Security training for the senior management of a nuclear power plant (Ukraine) Zero Trust Design Project for a European Agency (EUMETSAT) – technical assessment and technical design of a proposed architecture for the ZTNA within the agency. I have presented the results of the assessment to the senior leadership ( CISO and deputy CEO ) together with the proposed investment plan. Cyber security training for the management board of an investment fund – NIS2 focus and general cyber security Cyber security trainings for groups preparing for certifications such as Security+/CISSP with a hands-on approach using a cyber range platform M&A cyber due diligence for an investment fund acquiring insurance companies, real estate and tech. I have worked with the senior leadership on both sides to manage the process. DORA and NIS2 board of directors’ trainings Trainings and Table-top exercises for energy and financial organizations using the in-house developed cyber range platform Security awareness programs – including design of in-class/remote learning using instructional design methodology and design of campaigns ( for Space clients and Defense clients ) Threat risk assessment for a railway construction project with autonomous trains ( Saudi Arabia ) based on ISO27001 and ISA 62443 ISO27001 implementation plan for a new space company European Commission driven projects for the cyber resilient Europe – capacity building trainings Threat Risk Assessment for LEO (Space Cyber Security – ESA project), in a consortium with international partners Cyber Security Assessment for a satellite constellation ( EUMETSAT ) Supply chain risk assessment for unmanned ground systems - European defense project (defense) Supply chain risk assessment projects related to Space (ESA funded) Cyber security training for: Space and Defence sectors in EU ( EU Agencies ) Design of a European mechanism for assistance to cyber-incidents affecting member states, supported, and financed by ENISA Cyber Risk assessment for a space ground segment system (space cyber security) inline with ISA62443 Design of a “light security assessment framework” for new space companies in a project with the DG DEFIS Security Assessment for a UN subordinated agency Evaluation and “second opinion” projects for existing Cyber Security Awareness programs Cyber-skilling Europe (an ECSO/ECCO project under the European Commission supervision and budget) Training content development and delivery for the cyber resilience of energy and nuclear sectors in Ukraine Critical Infrastructure Sectors (energy and space) protection trainings : content design and teaching

In this role I led the company’s strategic effort to design and bring in production the managed cyber security services portfolio. In this role I was responsible and accountable for:  The design of managed security services roadmaps for clients in the financial and telco sectors ( African continent and UK ) and translating the roadmap into action points. Ensuring that security strategy and roadmap are aligned with the business objectives  Branding and architecting the managed security services (building the MVP, value statement and services description), approving the technical architecture and building the value proposition for the market.  Design and delivery of a 360 degrees cyber training program in security awareness and cybersecurity defense operations for financial and pharma clients in UK and South Africa  Leading projects in managed security services for new clients – creating SoW, interfacing with internal teams (security and risk) for a complete customer journey proposition.  Engaging with clients’ decision makers ( CISOs / CFOs )– present technical solutions, business benefits, financial factors  Design of the training curriculum

In this role, aside of the activities listed below, I was responsible for planning and execution of projects to accommodate the budget, timeframe and objectives. I have built and managed a team of 10 consultants with competences in the cybersecurity domain  Risk management advisory for enterprise clients from various industries (finance, telco, e-commerce, gov): o development and implementation of risk and governance frameworks at enterprise level and acting as a relay between security teams – risk and governance teams and top management o Security Awareness programs for gov agencies o Senior management ( C-level ) training programs for increasing awareness on cyber security o Development of cybersecurity roadmaps o Security audits for existing controls and compliance with industry standards /directives – NIS, ISO27000 group, NIST, SWIFT o Preparation for ISO27001 audits for (re)certification: process auditing, documentation review, policy review o Develop and implement KPIs to measure the effectiveness of security programs o Develop and implement 3rd party risk programs o Develop Disaster Recovery and Business Continuity policies as part of alignment with ISO 22301 o Delivery of briefing documents and impact assessments for the general business – top to bottom levels o Assessment of cybersecurity programs and advisories on program improvement o Advisory process and controls improvements to align with business demands  Advisory in supply chain security in the context of digital transformation  Design and delivery of security awareness training programs for large enterprises. o Built and implemented KPIs to measure the effectiveness of security training. o Designed and Implemented the first cyber security awareness program for a major Telco operator in East Europe o Designed training courses to match different profiles groups: high-risk positions; new employees; contractors etc  C-level briefings for cyber risk awareness and security awareness as part of the security strategy

In this role I have put the grounds of the eastern-European team and led complex projects in the privileged account management area. I have been accountable for privileged identity security programs designed for global clients (part of Fortune500 )  Independently formed the entire Central & Eastern Europe and Turkey team from ground up  Executed successful go-to-market strategies and tactics, properly positioning the company and its solutions well in advance of approaching prospects.  Developed the business revenue from 0 to 6-figures revenue in 2 years.  Managed complex international projects in the identity security area, designing them to align with clients’ requirements: compliance (regulations); cyber security risks; innovation; addressing 3rd party risks  Senior management briefings in large-scale projects  Identity security trainings delivery for cyber security teams  Coached and trained team members in their new roles, covering all relevant technical specifications, sales techniques, presentations, benefit pitching, customer understanding, value equation, and follow up  Represented the company at local, regional, and international security-related conferences and roundtables; presented success stories at executive-level industry events.

Security Engineering and Consulting Manager EEUR, Jul 2010 – Oct 2011  Managed and strengthened the EEUR regional channel i.e. Adriatic, Serbia, Romania, and Bulgaria, consistently meeting and surpassing client base quotas.  Drove projects development and territory growth by custom-designing and delivering POCs  Built strong partnerships with key clients, closed new projects through consultative selling  Carried out pre- and post-sales activities (Proof of Concepts for data loss prevention solutions)  As the company’s only certified trainer in Data Security in the region, I led training, roundtables and executive briefings on data protection and data security topics  Project leader for data loss prevention large projects across Europe (design, implementation and trainings)  Delivered presentations on new developments, projects, and case studies at widely recognized industry events e.g. independently organized conferences such as IDC IT Security Summit, company’s own events as well as partner-organized events Security Consulting EE, Jan 2009 – Jun 2010  Covering the Eastern European market, delivered clients the company’s solution portfolio framework i.e. a unified content security platform that protects users and sensitive data while allowing communication across new, legacy, and mission-critical applications  Provided pre- and post-sales support for web security, email security, and data loss prevention, and helped ensure clients’ systems are designed and implemented to the best standards  Implementation lead for clients in pharma, private medical services and insurance within the M&A processes  Assisted with various data security projects that required compliance with different standards and regulations  Trained the sales team in project development and closure, and the IT team in data and web security  Speaker at different industry events

CISA

ISACA

2012

CDPSE

ISACA

2020