Isaac Peña

Certified DeRisker - Threat Modeling Champion

2024

IriusRisk

• Threat modeling, diagramming, threats, countermeasures, reporting.

Certified SAFe 6 Practitioner

2023

Scale Agile, Inc.

• SAFe team member responsible for connecting to the Customer, planning the work, delivering value, getting feedback, and relentlessly improving.

AWS Certified Solutions Architect - Associate (SAA-C02)

2022

Amazon Web Services (AWS)

• Design Resilient Architectures
• Design High-Performing Architectures
• Design Secure Applications Architectures
• Design Cost-Optimized Architectures

Certified DevSecOps Professional

2022

Practical DevSecOps

• DevSecOps processes, tools and techniques
• Create and maintain DevSecOps pipelines
• Secure SDLC and CI/CD pipeline
• Software Component Analysis (SCA)
• Static Application Security Testing (SAST))
• Dynamic Application Security Testing (DAST)
• Infrastructure as Code Security Scanning
• Compliance as Code
• Vulnerability Management

Official Master’s Degree in Security Information & Communication Technology

2013 - 2016

Universitat Oberta de Catalunya (UOC)

• Legislation and Regulation
• Security Vulnerabilities
• E-commerce
• Secure Code Development
• Digital Identity
• IT Security Strategy Management
• Technical Auditing
• Forensic Analysis.

Master's Degree final project: "Web Application Security Audit" following the OWASP good practices

ITIL v3 Foundation

2013

Global Knowledge

• Management of IT services

Technical Engineering in Computer Systems

2008 - 2011

Universitat Oberta de Catalunya (UOC)

• Final Degree Project: "Monitoring a data center using a wireless network sensors"

OCSE & OCSA (OSSIM Certified Security Engineer/Analyst)

2010

Alienvault

• Advanced configuration, management and deployment of OSSIM platform
• Rules detection development for detect incidents and security events correlation
• Security incident analysis

CSSA (Certified SonicWall Security Administrator)

2008

SonicWall

• Design, implementation and control of secure network infrastructures

Advanced Technician in Computer System Administration

2003 - 2005

I.E.S. Lucus Solis

• System administration (Linux & Microsoft Windows)
• Network & databases administration
• Software development (C, C++)

Security Architect

2024 - Present

GFT Technologies

• Design and implementation of robust security architectures to protect assets against internal and external threats
• Assessing and mitigating security risks, identifying vulnerabilities and developing solutions to proactively address them
• Collaboration with cross-functional teams to integrate security measures into all phases of the software and systems development lifecycle
• Development of security policies and procedures, as well as training of staff in information security best practices

Security Architect

2019 - 2024

Admiral Group

• Threat modeling applying the STRIDE methodology
• Design and implementation of DevSecOps processes
• Development of tools and automation of security tasks and processes
• Cloud and on-premise security
• Security analysis of new developments, integrations, products and services
• Definition of non-functional security requirements
• Development of security reference architectures, policies, procedures, best practices and proof of concepts
• Preparing and directing hardening and patching measures

Security Software Engineer

2015 - 2019

Wellness TechGroup

• Software development, with a focus in security, for R&D projects and company products in the areas of Cybersecurity, Big Data and IoT
• Coding (Python 3.x), security analysis, security requirements definition, definition of the design and architecture of solutions
• Design and implementation of algorithms and data structure, debugging software, testing, documentation generation

Key technologies:

• Distributed processing applications with Apache Spark
• Message brokers (RabbitMQ, Redis)
• Publish and subscribe messages (Apache Kafka, MQTT)
• Hadoop Distributed File System (HDFS)
• Data processing in batch and streaming
• SQL and NoSQL DBs: MySQL, PostgreSQL, Elasticsearch, Solr, Hbase, Druid, MongoDB, InluxDB
• Crawling and scrapping web pages (scrapy)
• Asynchronous programming (Celery)
• JSON Web Tokens (JWT) and Digital Certificates authentication (PKI)
• Application integration with Identity and Access Management Systems (IAM)
• API REST Development (Flask, Tornado, FastAPI)

Honorary Assistant in the Electronic Technology Department

2014 - 2019

Universidad de Sevilla

Teacher in the following courses:

• "Computer threats: analysis. detection and modeling with Open Source tools"
• Subject of the master's degree: "Computer engineering and networks"

Development and coordination of research jobs and information dissemination about computer security:

• Attacks analysis with honeypots systems
• IDS snort preprocessors development (PoC)
• Comparative of Anomaly Detection Systems
• Research about Internet of Things and vulnerabilities

Security Incident Response Analyst & Team Leader

2010 - 2015

Andalusian Security Centre (AndaluciaCERT) - (Telefónica Soluciones, Wellness TechGroup)

• Prevention, detection and response to security incidents in a corporative network
• Malware analysis, digital forensic, security audits, design and publication of awareness material
• Design, support and improvement of systems, security and monitoring architecture
• Python tools development for task automation

System Administrator & Team Leader

2005 - 2008

Andalusian Government - Suministros y Desarrollos Tecnológicos (SDT)

• Responsible for the daty-to-day operations in development and production environments
• Study, planning and execution of systems, communications and security projects.
• Organize, install and support of organization's computer systems, local area network and security systems