Sergey Lapin

More than 5 years of experience as Chief Information Security Officer, 9 years of experience as IT Security Engineer, 6 years of experience as Linux/Unix System Administrator, and more than 15 years of experience in IT.

• Design security architectures for IT projects
• Strong knowledge in application security - static and dynamic code analysis and reverse engineering
• Familiar with Enhanced Mitigation Experience Toolkit (DEP, ASLR, SEHOP, EAT/EAF, HSA, NPA, BUR)
• Skilled in Penetration testing, Ethnical hacking techniques and familiar with penetration testing methodology (OWASP and OSSTMM)
• Understand Linux, Unix and Windows systems internals
• Knowledge Win32 API, PE and ELF file formats
• Experienced in analysis malware and malicious code (including identify anti-analysis techniques, i.e., encryption, obfuscation, virtual machine detection and packers)
• Mitigation of DDoS-attacks, remediation and forensic investigations
• Skilled in vulnerability assessment, understand intrusion techniques and attacks (Code Execution, Command Execution, Cross-Site Scripting, Header Injection, File Disclosure, File Inclusion, File Manipulation, SQL Injection, XPath Injection and etc.)
• Comprehensive knowledge of analyzing network and in-deep knowledge common network protocols (TCP/IP stack and DNS, SMTP, DHCP, etc.)
• Familiar with industry standards (ISO 27001, NIST 800, PCI DSS, Sarbanes-Oxley Act, ITIL)
• Working experience with Firewalls, Intrusion Detection Systems/Intrusion Prevention System, SIEM
• Knowledge of encryption technology, cryptography protocols and tools (PGP, S/MIME, SSL/TLS, DriveCrypt) including PKI
• Risk assessment and application threat modeling (STRIDE/DREAD models)
• Assess, test and select new security products and technologies
• Experience in develop Data-Loss-Prevention procedures and using DLP tools
• Good manager (able to manage a team), analytical skills and experienced with a project management
• In-deep knowledge of FreeBSD/OpenBSD/NetBSD, Linux (Kali [ex. BackTrack], RedHat, ASP, Ubuntu, CenOS, SUSE, Debian), Solaris and Microsoft Windows (9x, NT, 2000, 7, 8, Server 2008 R2) operating systems.
• Experience with automation tools (Puppet, Ansible, Jenkins)
• Strong knowledge configuration of common services: Apache, ngnix, DNS (bind), FTP, MTA (Postfix, Exim), Proxy(Squid), IMAP/POP3, VPN, MySQL, PostgreSQL
• Knowledge cloud based solutions and virtualization (AWS, Docker, VMWare, KVM, VirtalBox, Vagrant)
• Programmer skills (Bash shell, PowerShell scripting, C/C++, Perl, Python, Ruby, PHP and ASM (Intel Assembler)
• Good communication skills, both oral and written
• Responsive, organized and excellent problem solver
• Ability to learn and apply new technologies effectively and fast