Jude Gil Verchez
Tabaco City
Summary
Results-driven IT professional with a proven track record in planning, analyzing, and implementing security initiatives. Recognized for expertise in providing comprehensive security design and frameworks. Adept at identifying vulnerabilities and developing effective strategies to mitigate risks. Strong problem-solving skills combined with a deep understanding of industry best practices.
Overview
3
3
years of professional experience
1
1
Certification
Work History
Cybersecurity Engineer
Questronix Corporation
Makati City, Metro Manila, Philippines
08.2021 - Current
- Conducted regular audits of IT infrastructure to ensure adherence to established cybersecurity policies and best practices.
- Reduced cyber threats for the organization by conducting regular vulnerability assessments and penetration testing.
- Managed a team of junior cybersecurity engineers, fostering a collaborative environment focused on continuous improvement and innovation.
- Maintained up-to-date knowledge of industry trends and threat landscape through ongoing research and professional development activities.
- Ensured compliance with relevant regulations such as ISO 27001 and PCI-DSS by implementing comprehensive privacy safeguards.
- Evaluated emerging security technologies, recommending appropriate tools to enhance organizational defense capabilities.
- Conducted thorough risk assessments to identify areas needing improvement within current security protocols.
- Streamlined incident response procedures, resulting in faster remediation of security incidents.
- Developed custom security solutions tailored to the unique needs of each client, enhancing overall protection levels.
- Monitored systems for signs of suspicious activity using advanced analytics tools, proactively identifying potential risks.
- Trained employees on cybersecurity best practices, significantly reducing human error-related breaches.
- Designed secure network architecture, mitigating potential risks and vulnerabilities.
- Served as a liaison between technical teams and executive leadership, effectively communicating complex cybersecurity concepts in layman''s terms.
- Collaborated with cross-functional teams to develop comprehensive cybersecurity policies and procedures.
- Implemented necessary controls and procedures to protect information system assets from intentional or inadvertent modification, disclosure or destruction.
- Authored security and vulnerability reports, detailing logged incursions and suggesting remediation efforts.
- Developed and maintained company-wide endpoint security solutions.
- Implemented multi-factor authentication for all users, strengthening access controls and preventing unauthorized system access.
- Worked with business partners to balance requirements, security and risk reduction.
- Traveled to client sites to perform onsite testing.
- Created policies and procedures for emerging security technologies and proposals.
Education
Bachelor of Science - Electronics and Communications Engineering
Ateneo De Naga University
Naga, Province Of Camarines Sur, Philippines2021
Skills
- Unix Scripting, Python, PowerShell
- Web Application Security
- Network Security
- Mobile Application Testing
- Vulnerability Assessment
- Security Architecture
- API Security
- Security Information and Event Management
- Risk Assessment
- Critical Thinking
- Problem-Solving
- Penetration Testing
- Threat Modelling and Threat Hunting
- Security Assessment
- Security Awareness Training
- Incident Response
- Malware Analysis and Triage
- Endpoint Protection
- Compliance Management
- Ansible Automation Platform
- Windows/Linux OS
- Blue/Red Teaming
- Identity Management
- Security policy development
Additional Information
- Blue Team Champion - Questronix Corporation (2022 and 2023)
Certification
- RootCon16 Web Application Penetration Testing – RootCon Hacking Conference
- Basic German Foreign Language Course Level 1 - Bicol University Language Center
- Practical Malware Analysis & Triage – TCM Security
- Cyber Defense and Threat Hunting (3rd placer CTF Challenge) – GuideM
- MaaS360 Cloud Extender Administrator Foundation – IBM
- Qradar on Cloud – Questronix
- IBM Cybersecurity Analyst Professional Certificate – Coursera
- SANS Blockchain Summit 2022 – SANS
- Blue Team Summit & Training 2022 – SANS
- SANS APAC ICS Summit Singapore 2022 – SANS
- NSE 1 Network Security Associate – NSE Training Institute
- API Security Architect – API Academy Certification Program
- Crowdstrike-Partner 1: Sales & Product Training – Crowdstrike University
- Crowdstrike-Partner 2: Sales Engineering Training - Crowdstrike University
- Crowdstrike-Partner 3: Solution Architecture Training - Crowdstrike University
- Crowdstrike-PSA 206: Falcon Allies Program - Crowdstrike University
- Crowdstrike-PSA 204: Current Integrations - Crowdstrike University
- Crowdstrike-PSA 201: Partner Technology Update, Partner Ecosystem, and Reference Architecture – Crowdstrike University
- Basic Python Training – StackSkills
- Advanced Python Training – StackSkills
- Data Analysis using Python with NumPy and Pandas - StackSkills
Accomplishments
API Security
- Handled incident response, drafted playbooks and adapted this incident response workflow to one of the top banks in the Philippines.
- Successful integration of security solution to several modules such as F5, Akamai and IBM APIC as part of the CI/CD pipeline for the DevSecOps Project.
- Reduced the timed consumed during procurement process and manpower needed by successfully automating vulnerability assessment and penetration testing on web applications and APIs using RedHat Ansible on environments such as AWS and OpenShift.
- Successful PoC to demonstrate the importance and feasibility of the proposed solution to industries including government, healthcare and banks.
Cyberdefense in Depth
- Fine-tuned Darktrace to gain visibility in the environment to identify anomalous behaviors and tackle cyber-attacks and created correlations to create more useful and actionable alerts and lessen false positives.
- Identified attacks on C-level executive accounts and assisted in mitigating them.
- Administration of SIEM and EDRs and conducted continuous monitoring of the environment and served as L2 for security incident handling.
- Developed incident workflow and specific playbooks for security incidents.
Security Solution Deployment
- Successful installation of McAfee-Trellix ePO Orchestrator across 80+ endpoints, enforcing policy and security and assisted in monitoring the environment.
- Successful deployment of email security solution and provided support to integrate and configure the solution with the client’s Active Directory.
- Conducted knowledge transfer to IT admins on how to monitor their environment and provided solutions on how to mitigate specific security threats.
VAPT Engagement
- Identified 30+ phishing websites, 5 of which are active, impersonating clients during VAPT engagement.
- Successful real-time monitoring of one of the phishing websites capabilities gathering mobile numbers and storing the gathered information on a text file.
- Successful vulnerability assessment and penetration testing of Web Applications for 300+ endpoints and identified low to high vulnerabilities and provided resolutions for mitigation.
- Conducted security configuration review and risk assessments based on NIST, ISO27001, PCI-DSS and CIS to determine posture and improve security
Mobile Application Testing SAST/DAST
- Identified vulnerabilities during source code review for a mobile application of one of the life insurance companies in the Philippines and provided recommendations according to secure coding best practices.
ISO 27001 Review
- Reviewed, drafted and customized policies based on ISO 27001 and assisted in the preparation for an ISO 27001 audit for a company based in Australia.
- Reviewed policies and permissions on Microsoft AD and Microsoft Intune and implemented least privilege access using RBAC.
Timeline
Cybersecurity Engineer
Questronix Corporation
08.2021 - Current
Bachelor of Science - Electronics and Communications Engineering
Ateneo De Naga University