Sergei Beliachkov

Experience

• 

  Gazprom

  Dec 2009 - Jun 2017

  Energy corporation. 480K+ of employees● Audited 80+ companies for compliance with ISO 27001, GDPR and domestic PII legislation. Optimized reports for the C-level management, by conducting a situational analysis, involving a wide range of experts in different companies, ● Developed and implemented several corporate cybersecurity standards based on ISO 27005 and NIST SP 800-37 and regulatory documents in the field of PII privacy. Standardized security and data privacy requirements within the Group. Show less

  • Deputy Head of the Department

    Sept 2014 - Jun 2017

  • Senior Specialist

    Dec 2009 - Sept 2014
• 

  Stoloto

  Jun 2017 - Oct 2020

  Head of Information Security (CISO)

  Lottery company 2K+ of employees● Implemented an information security management system in accordance with the international ISO 27001 standard, which resulted in increased transparency and maturity of the organization's cybersecurity, as well as increased customer loyalty and commitment.● Formed an IS risk matrix for the company to implement a risk-based approach to information security issues in the holding and prioritized tasks in the field of cybersecurity and optimized the allocation of resources among other business projects which led to a reduction in cybersecurity costs by more than 10%. ● Applied DLP, secure print service, BrandProtection, anti-DDOS within the holding cooperating with IT, legal, HR, PR, physical security, marketing and sales departments successfully reduced the most unacceptable cybersecurity risks indicated in the information security risk matrix.● Identified and prevented the leaks of confidential information from the company estimated at more than $2M by conducting ongoing cybersecurity awareness programs and using cybersecurity controls. ● Organized and conducted external audits of the company for compliance with ISO 27001 and PCI:DSS standards and external PenTest of the company's websites. This made it possible to increase the loyalty of customers and contractors and bring the company closer to passing attestation for compliance with the WLA:SCS standard. Show less

• 

  LLC Solar Security

  Oct 2020 - Sept 2021

  Service Manager - vCISO

  Security Services Provider 1K+ of employees● Deployed information security services SOC, WAF, antiDDOS, AV, NGFW, PAM, VPN, WEB-proxy and led negotiations avoiding fines for violating the SLA and ensuring cybersecurity for a customer with 7K+ users and 1K+ servers. ● Orchestrated multiple security vendors, cybersecurity service providers, and related businesses and successfully cleaned up the client's infrastructure from the presence of a foreign APT group, recovered infrastructure from a breach and mitigated customer cybersecurity risks. ● Carried out the modernization and optimization of managed security services. A thorough inventory and redesign of the existing architecture of cybersecurity services made it possible to reduce their cost and increase the number of services provided to the customer by 1.5 times. Show less

• 

  Sberbank-Technology

  Sept 2021 - now

  Head of Department

  Software production company 8K+ of employees● Organized from scratch an information security system for cloud SaaS products for B2B and B2C clients, developed threat models in accordance with the MITRE ATT&CK matrix and implemented security controls based on NIST SP 800-53 and CSA Cloud Controls Matrix (CCMv4) frameworks to reduce and mitigate current cybersecurity risks and helped launch a new sales channel for the company's software products in less than two months, overtaking competitors in more than six months.● Established a new virtual CISO service for the external market In 3 months, and won over 10 contracts with external software production teams over the next 6 months adding over USD $400K.● Deployed from scratch information security controls in OpenStack cloud region organized monitoring and incident response for an infrastructure of 2000+ servers which allowed to reduce critical levels of cyber risks and avoid potential losses from cyber breaches, and also helped the company to meet the contractual service level agreement (SLA) and avoid penalties. ● Formed information security requirements, based on NIST SP 800-160 standard, for the company's application production CI/CD pipeline for 500+ components and deployed such code security tools as SAST, DAST, SCA etc. Reduced application vulnerabilities and production costs by 30%, by implementing security reviews early in production. Show less