Rosauro F. Donato

INFORMATION SECURITY Manager / CYBER Security / Risk Consultant, AUDIT, GRC US FEDRAMP FISMA agencies Mix NIST, ISO27001, PCI, SOC2, HIPAA, Hi-TRUST Financials, Technology, Healthcare | United States (+63) 9472827334 | 09055701985 | renie.donato@gmail.com | Manila, NCR My Information Security, Cyber Security, IT Security hype: "In reality, we can’t improve what we can’t measure. We have to combine Both Business Strategies, Process, Technology Tools & People. Risk Assessment, Risk mitigation, business Impact Analysis BIA, Intelligence & Research, Deep Investigations, deployment, Setup Round d’ clock Threat Monitoring, Data Traffic, Prevention & Control, Incident response team Setup FW Firewall, IDS/IPS Intrusion Detection/Protection, AV Anti-Virus, WebSec, EmailSec, Train staff in Monitoring, threat Identification, Virus, Malware, APT’s, Impact mitigation, & visibility context on mission critical Systems. Creation & implementation of Standards, Guidelines & Policies to Educate people. Investigate on insider threats, IoT / BoT attacks, Privilege Abuse to prevent compromise attacks Meeting stakeholders, Aligning business requirements components to IT strategies Skills – Framework & methodologies, (reference NIST methods) Job role alignment, Business challenges, hands on Risk management & IT SECURITY skills, Prospect & opportunities. Why? There are two types of companies, 1 that is already Been hacked and 2 that still don’t know yet that they’ve been or being Attack. SKILLs Before an attack – Discover, enforce, harden Security During attack – Detect, block, defend After Attack – scope contain, re-mediate To truly protect against all possible attacks. Defenders must understand The attacker’s mindset, their motivations, and their methods before, during & after the attack. Hackers nowadays have replicated your network & got even more sophisticated, they even have their splunk & antivirus to test, penetrate, & take control of your network. The best is yet to come. I am readily available 24x7 over the sun mode! Flexible and Negotiable anytime. Should you need my attention, Please feel free to contact me anytime at your convenience. " Experience 23 years of total experience June 2016 – Present Consultant - INFORMATION SECURITY Manager / CYBER Security / Risk Consultant, AUDIT, GRC | US FEDRAMP FISMA agencies, Mix NIST, ISO27001, PCI, SOC2, HIPAA, Hi-TRUST | Financials, Technology, Healthcare etc | United States oThycotic PAM Software, all mix US FEDRAMP agencies underground || 6 years 5 months | BGC Makati US Global I am an IT Infrastructure Systems Engineer, Information Security (INFOSEC), AUDIT, GRC & CYBER SECURITY - my main objective is to provide management direction & support for Information Security in accordance w/ business requirements and relevant laws & regulations. Avoid penalties by Leading & implementing ISO 27001 / ISMS (Information Security Management Systems & NIST SP 800-53 (US National Institute for Standards & Technology - Special Publication 800-53), COBIT5, ITILv3, frameworks & methodologies, best practices, RISK driven standards. Securing Vulnerabilities of the Enterprise as we are the 1st & last line of defense. In lay man’s term, I catch the bad guys, (hackers) and keep them OFF the System. My main scope role aside from my JD is to deliver & Transition Organizations as follows: Assess readiness, for ISO27001 / ISMS, ISO27001 / ISMS Lead Implementer, Lead a team of Cyber Security CSIRT, GRV (Governance , Risk & Compliance), Risk Assessments, Plan Mitigation, Implement Control measures to reduce & mitigate risks, do GAP Analysis, assess PRIVACY & Business Impact Analysis (PIA / BIA), do AUDIT s, Organize & Implement IS Policies as per ISMS, ISO27K1, NIST SP 800-53, PCIDSS, COBIT5, SOX, ITIL, Train all IT Staffs, HR & all users, train White hackers on Penetration Techniques VAPT (Vulnerabilities Assessments & Pen Testing) , Plan implement BCP Business Continuity Planning & DR DISASTER RECOVERY. Setup round d' clock monitoring of incidents, resolving, reporting & documenting as well as measuring effectiveness of control sets for continues improvement. Please see my CV > Assess > remediate) as annual surveillance, maintenance & reviewed for continual improvement & management reporting as per ISMS / ISO 27001 standards. Lastly, getting ready for ISO 27001 certifications. Then continuously monitoring & improving process. Strong leader and problem-solver dedicated to streamlining operations to decrease costs and promote organizational efficiency. Uses independent decision-making skills and sound judgment to positively impact company success.

• JETSTAR & QANTAS Airlines of Australia
• Utilizing WINDOWS 2003 / WIN2K mixed mode server on multiple CITRIX Presentation Farm servers, EXCHANGE and ESX VM Virtual
• Machines enterprise environment
• IT Security / INFOSEC Vulnerability Management VM
• May 2007 - Nov 2007 WINTEL Project Team Lead (8 months) Hewlett-Packard, Philippines AP
• Industry Computer / Information Technology (Hardware)
• Specialization IT/Computer - Network/System/Database Admin
• Role Supervisor/Team Lead
• Position Level Supervisor / 5 Years & Up Experienced Employee
• Team Lead - HP ITO GCP RMC - WINTEL Tower /HP AsiaPacific Philippines
• HP Infrastructure Technology Organization ITO / Global Center Philippines - GCP
• Remote Management Center RMC
• Project Name - P&G - Procter and Gamble NT
• Infrastructure support Client - Hewlett-Packard, GCP- Global Center
• P&G - Procter and Gamble NT Infrastructure support Project Description
• Project involves managing of globally distributed NT Infrastructure of P&G (which includes 3 large Data Centers for NA/EMEA/AP region) at GCP, Philippines
• This includes maintenance of Primary ERP Supply Chain Management and its DR site, RTCIS critical manufacturing sites and other critical Financial systems
• Contribution to Project Supporting more than 9000 NT Boxes in 24x7 over the sun mode remote support environment
• IT Security / INFOSEC Vulnerability Management VM
• Around Six plus Years of Experience in the field of Windows
• June 02 – Sept 2005 SR IT Helpdesk / Technical Support Engineer II (3 years 4 months) MARAFIQ | Saudi Arabia - Utilities / Power Industry
• Providing Technical Support over a LAN / WAN / INTERNET Enterprise Network of computers utilizing Windows 2000 Servers on a Multiple Platform of Windows NT / 2000, ORACLE, SAP R/3 and AIX UNIX on a Fast Ether NET Environment
• Promptly solves