Information Security Expert
Vlad Styran is an internationally known cyber security enthusiast, security leader, and ethical hacker, with main areas of expertise focused on Penetration Testing, Social Engineering, and Security Awareness. To help companies better protect their critical data and staff from modern cyber threats, he has created a unique methodology of identification, assessment, and treatment of "human factor" security issues.
At Berezha Security, Vlad is responsible for delivery of first-rate security assessment services and consults the clients on a broad range of cyber security matters, such as application/software security, cyber security awareness, bug bounty programs, security policy and compliance.
Since 2011, Vlad co-organizes UISGCON – the largest Ukrainian information security conference. He is a notable blogger, podcast producer, and conference speaker.
- Certified Information Systems Security Professional (CISSP)
- Certified Information Systems Auditor (CISA)
- Offensive Security Certified Professional (OSCP)
- ISO 27001 Lead ISMS Auditor (ISO27001LA)
- Certified Ethical Hacker (CEH)
Skills and Qualifications
Proven leadership skills; efficient recruitment abilities, talent development, and staff coaching.
Strong presentation and persuasion skills; ability to train, educate, inspire staff, and transform organizational culture.
Network, application, and social engineering penetration testing; clean, prioritized, and actionable reporting; business-focused risk management.
Deep knowledge in organizational processes, information security management and audit, operating environments, databases, networks, cloud technology, and software development.
Practical knowledge of regulatory compliance and security standards: PCI DSS, PTES, OWASP, NIST SP800, ISO27000, COBIT.
MS in Applied Mathematics and Mechanics, Chernivtsi National University, Chernivtsi, Ukraine, 2002.
English – fluent. French – good user.
Co-founder, Director of Operations
Berezha Security (Information Security Consulting), November 2014 – present
Pursuing the dream of building a high-quality security consulting company that lets business, expertise, hacker community, and public interest help each other survive and thrive in cyberspace.
Head of Information Security Center of Excellence
LUXOFT (Software Engineering Services), June 2014 – August 2016
Raised the Information Security consulting practice from the point of deep resource and demand crisis to the level of high availability, sustainable growth, and company-wide recognition in one of the largest global software engineering service providers.
Deputy Head of Information Security Consulting Services Department, Head of Security Assessment Team
BMS Consulting (Information Security and IT Integration), February 2011 - June 2014
Opened, raised, and secured viable profitability of a new line of business by creating, growing and developing the most successful team of penetration testers in the country.
Head of IT Audit
Astelit (Mobile Telephone Network Operator), Jul 2009 - January 2011.
Increased the coverage and effectiveness of the corporate internal controls by extending the IT General Controls framework by 40% while keeping staff growth at 25%. Identified and facilitated timely remediation of several business-critical security issues.
Information Security Specialist
eCall (Financial Services), Dec 2007 – Jul 2009.
Helped attract new business opportunities by establishing the Information Security Management System in line with ISO 27001 requirements and adopting a risk-based approach to customer data treatment and service delivery. Improved infrastructure security by implementing centralized software update management, malicious web and email content filtering, and role-based access control.
Information Security Engineer
Jet Infosystems (Information Security and IT Integration), Nov 2005 – Dec 2007.
Helped numerous clients in Eastern Europe and Asia increase their security posture by integrating Data Loss Prevention, Virtual Private Network, and centrally managed Firewalls solutions. Identified and helped remove multiple critical security issues by providing managed Vulnerability Assessments.
Mirasoft Group (Software Engineering Services), May 2005 – Nov 2005.
Initiated the processes of IT security operations company-wise. Increased infrastructure security through systems hardening and migration of applications to inherently less vulnerable platforms. Established the culture of security incident response.