Founding Member

• May 2022 - Present

Security & Data Protection Advocate

• 2021 - Present

Advocating security at Elementor, a WordPress plugin for website builders installed on 8.0%+ of all websites. https://w3techs.com/technologies/details/cm-elementor Advocating security at Elementor, a WordPress plugin for website builders installed on 8.0%+ of all websites. https://w3techs.com/technologies/details/cm-elementor

Founder

• 2021 - Present

Cybersecurity & Privacy Culture Designers. A boutique consulting firm specializing in providing strategic consultancy services for fast-growing cloud-based startup companies. Cybersecurity & Privacy Culture Designers. A boutique consulting firm specializing in providing strategic consultancy services for fast-growing cloud-based startup companies.

Director, Board of Directors

• 2020 - Present

Board Director at Cybear, a startup company aiming to disrupt Security Operation Centers. Board Director at Cybear, a startup company aiming to disrupt Security Operation Centers.

CISO & Data Protection Leader

• Oct 2018 - Present

As Cloudinary's Chief Information Security Officer and Data Protection Leader, my main role (and goal) is to build the company's cyber security and privacy culture. As a CISO and an X-RedTeamer, I emphasize the connection between the offensive and the defensive, working on improving Cloudinary's security posture on an ongoing basis, on all fronts. Maintaining and improving the security posture of a company requires a holistic approach. As such, I'm dividing my time between… Show more As Cloudinary's Chief Information Security Officer and Data Protection Leader, my main role (and goal) is to build the company's cyber security and privacy culture. As a CISO and an X-RedTeamer, I emphasize the connection between the offensive and the defensive, working on improving Cloudinary's security posture on an ongoing basis, on all fronts. Maintaining and improving the security posture of a company requires a holistic approach. As such, I'm dividing my time between, • Business enablement. Our customers and their needs are our top priority. • Compliance efforts (ISO 27001/27017/27018/27032/27701/27799/22301 and SOC 2 Type II, end-to-end ownership and execution). • Leading Cloudinary's data protection efforts including all GDPR and CCPA related processes (end-to-end ownership and execution). • DevOps/IT/R&D security related processes and architecture enhancements. • Product security. Working as a Product Manager around technical security and privacy requirements. • Proactive offensive security operations. • Manage Cloudinary's bug bounty program (bugcrowd.com/cloudinary). Show less As Cloudinary's Chief Information Security Officer and Data Protection Leader, my main role (and goal) is to build the company's cyber security and privacy culture. As a CISO and an X-RedTeamer, I emphasize the connection between the offensive and the defensive, working on improving Cloudinary's security posture on an ongoing basis, on all fronts. Maintaining and improving the security posture of a company requires a holistic approach. As such, I'm dividing my time between… Show more As Cloudinary's Chief Information Security Officer and Data Protection Leader, my main role (and goal) is to build the company's cyber security and privacy culture. As a CISO and an X-RedTeamer, I emphasize the connection between the offensive and the defensive, working on improving Cloudinary's security posture on an ongoing basis, on all fronts. Maintaining and improving the security posture of a company requires a holistic approach. As such, I'm dividing my time between, • Business enablement. Our customers and their needs are our top priority. • Compliance efforts (ISO 27001/27017/27018/27032/27701/27799/22301 and SOC 2 Type II, end-to-end ownership and execution). • Leading Cloudinary's data protection efforts including all GDPR and CCPA related processes (end-to-end ownership and execution). • DevOps/IT/R&D security related processes and architecture enhancements. • Product security. Working as a Product Manager around technical security and privacy requirements. • Proactive offensive security operations. • Manage Cloudinary's bug bounty program (bugcrowd.com/cloudinary). Show less

Special Advisor, Strategic Projects (SME, External)

• Oct 2018 - Dec 2020

Cybersecurity Centre of Excellence @ PricewaterhouseCoopers (PwC). I decided to leave PwC and return as an external advisor two months before becoming a Senior Manager. This was because I couldn't pass on the opportunity of becoming Cloudinary's CISO. Cloudinary's leadership team provided me with a once-in-a-lifetime opportunity to design the company's security and privacy culture from scratch while still providing strategic consultancy services to the PwC global firm network. On… Show more Cybersecurity Centre of Excellence @ PricewaterhouseCoopers (PwC). I decided to leave PwC and return as an external advisor two months before becoming a Senior Manager. This was because I couldn't pass on the opportunity of becoming Cloudinary's CISO. Cloudinary's leadership team provided me with a once-in-a-lifetime opportunity to design the company's security and privacy culture from scratch while still providing strategic consultancy services to the PwC global firm network. On top of my consultancy work, I've also designed and developed PwCTF, an innovative Capture the Flag management platform (+ hacking challenges) for international recruiting, training and PR events. The platform has been adopted by the global firm as its official CTF platform for internal cyber training and recruitment events.

Manager, Red Team Services Lead

• Nov 2016 - Oct 2018

Cybersecurity Centre of Excellence @ PricewaterhouseCoopers (PwC). As part of my role at PwC's Cybersecurity Centre of Excellence I led the firm's offensive cybersecurity services. From technical to operational, it was my role to push for excellence across the board. My role included hands-on technical operations such as, • Red Team Engagements and Reconnaissance Operations. • Technical Cyber Security Risk Assessments. And also business related aspects such as… Show more Cybersecurity Centre of Excellence @ PricewaterhouseCoopers (PwC). As part of my role at PwC's Cybersecurity Centre of Excellence I led the firm's offensive cybersecurity services. From technical to operational, it was my role to push for excellence across the board. My role included hands-on technical operations such as, • Red Team Engagements and Reconnaissance Operations. • Technical Cyber Security Risk Assessments. And also business related aspects such as, • Cyber Security Due Diligence in Investments and M&A Transactions. • Global Business Development Management. • Global Sales Activities Management (end-to-end). Furthermore, I managed PwC's Joint Business Relationships (JBR) with multiple startups in Israel, working with them from the early ideation phase through the go-to-market process within PwC's global network.

Chief Information Security Officer

• Apr 2017 - Oct 2018

As eTribez's CISO, I've managed the company’s security and privacy strategy, end-to-end. My main responsibility was to work on improving eTribez's security posture on an ongoing basis, creating a robust and pragmatic InfoSec program in accordance with business, regulatory and customers requirements. eTribez’ cutting-edge technology provides a comprehensive suite of solutions to operate the most successful and efficient production processes in the entertainment industry. During… Show more As eTribez's CISO, I've managed the company’s security and privacy strategy, end-to-end. My main responsibility was to work on improving eTribez's security posture on an ongoing basis, creating a robust and pragmatic InfoSec program in accordance with business, regulatory and customers requirements. eTribez’ cutting-edge technology provides a comprehensive suite of solutions to operate the most successful and efficient production processes in the entertainment industry. During my time at eTribez I've worked with some of the biggest companies in the TV industry (Fox, FremantleMedia, ITV, Endemol, M6, NBC, CMT, Univision, D8, MTV, Shine, and RTL, to name a few) and with some of the biggest shows in the world (Big Brother, American Idol, America’s Got Talent, The Voice, The Amazing Race, MasterChef, Wipeout and many more.). Show less As eTribez's CISO, I've managed the company’s security and privacy strategy, end-to-end. My main responsibility was to work on improving eTribez's security posture on an ongoing basis, creating a robust and pragmatic InfoSec program in accordance with business, regulatory and customers requirements. eTribez’ cutting-edge technology provides a comprehensive suite of solutions to operate the most successful and efficient production processes in the entertainment industry. During… Show more As eTribez's CISO, I've managed the company’s security and privacy strategy, end-to-end. My main responsibility was to work on improving eTribez's security posture on an ongoing basis, creating a robust and pragmatic InfoSec program in accordance with business, regulatory and customers requirements. eTribez’ cutting-edge technology provides a comprehensive suite of solutions to operate the most successful and efficient production processes in the entertainment industry. During my time at eTribez I've worked with some of the biggest companies in the TV industry (Fox, FremantleMedia, ITV, Endemol, M6, NBC, CMT, Univision, D8, MTV, Shine, and RTL, to name a few) and with some of the biggest shows in the world (Big Brother, American Idol, America’s Got Talent, The Voice, The Amazing Race, MasterChef, Wipeout and many more.). Show less

Senior Red Team Member

• Dec 2014 - Nov 2016

Red Team, Cisco's Cyber Security Centre of Excellence. My role included hands-on technical operations such as, • Red Team Engagements and Reconnaissance Operations. • Cyber Research and Penetration Testing. • Technical Cyber Security Risk Assessments. And also business related aspects such as, • Cyber Security Due Diligence in Investments and M&A Transactions. • Global Business Development Management. Red Team, Cisco's Cyber Security Centre of Excellence. My role included hands-on technical operations such as, • Red Team Engagements and Reconnaissance Operations. • Cyber Research and Penetration Testing. • Technical Cyber Security Risk Assessments. And also business related aspects such as, • Cyber Security Due Diligence in Investments and M&A Transactions. • Global Business Development Management.

Network Technologies and Cyber Security Lecturer

• 2010 - 2016

Technion – Israel Institute of Technology, SGC Knowledge Transfer, Business-Class and John Bryce, to name a few. Technion – Israel Institute of Technology, SGC Knowledge Transfer, Business-Class and John Bryce, to name a few.

Chaos Engineer

• 2010 - Jan 2015

Consultant and Project Manager for multiple domestic and international consulting firms. During that time, I was also the CISO (contract) of Ashra (The Israel Foreign Trade Risks Insurance Corporation) and Reut (Management Company of Provident Funds). Specialties - • Enterprise architecture design & analysis. • Red Team engagements, reconnaissance operations and Penetration Testing. • Organizational risk and exposure analysis. • ISO/PCI DSS/WLA assessments and… Show more Consultant and Project Manager for multiple domestic and international consulting firms. During that time, I was also the CISO (contract) of Ashra (The Israel Foreign Trade Risks Insurance Corporation) and Reut (Management Company of Provident Funds). Specialties - • Enterprise architecture design & analysis. • Red Team engagements, reconnaissance operations and Penetration Testing. • Organizational risk and exposure analysis. • ISO/PCI DSS/WLA assessments and implementation processes (certified ISO Lead Auditor). • Cyber-related research. • CISO Services. Show less Consultant and Project Manager for multiple domestic and international consulting firms. During that time, I was also the CISO (contract) of Ashra (The Israel Foreign Trade Risks Insurance Corporation) and Reut (Management Company of Provident Funds). Specialties - • Enterprise architecture design & analysis. • Red Team engagements, reconnaissance operations and Penetration Testing. • Organizational risk and exposure analysis. • ISO/PCI DSS/WLA assessments and… Show more Consultant and Project Manager for multiple domestic and international consulting firms. During that time, I was also the CISO (contract) of Ashra (The Israel Foreign Trade Risks Insurance Corporation) and Reut (Management Company of Provident Funds). Specialties - • Enterprise architecture design & analysis. • Red Team engagements, reconnaissance operations and Penetration Testing. • Organizational risk and exposure analysis. • ISO/PCI DSS/WLA assessments and implementation processes (certified ISO Lead Auditor). • Cyber-related research. • CISO Services. Show less