Image de profil de lucianoferrari
Membre depuis le 3 juin 2011
0 Recommendations


En ligne Hors ligne
A global, multi-cultural passionate information technology senior professional with strong background leading Information Security Risk and Vulnerability Management, Public Key Infrastructure (PKI) and IT Network global and regional projects.
$68 USD/hr
2 commentaires
  • 33%Travaux complétés
  • 100%Selon le budget
  • 100%Dans les temps
  • N/ATaux de Réembauche


Avis récents

  • image de fxphil Crack my bitcoin Wallet.dat file $30.00 USD

    “He tried and did a good job but couldn't complete due to my choice of passwords. Its a difficult task for sure. He did help me and I suggest sending him 10 dollars for his troubles. He as a freelancer can not be marked down for this.”

  • image de swalia Article writing $30.00 USD

    “The Freelancer is just starting out and I am sure will do a great job in future.”


Manager, Information Security

May 2015

Risk Management

Information Security

Oct 2001

Vendor Risk Management: Developed a Vendor Risk Assessment tool increasing the capability of the team and increased efficiency with automation for requests by 35%. The tool includes an on-line assessment, initial risk definition for each vendor and initial remediation required. Risk Assessment: Improved time to answer the Risk Assessment from 30 days to 1-2 weeks making questions more clear. Added +150 questions to the assessment but made it smarter and dynamic asking specific questions on the beginning of the assessment to capture business scope and profile. (For example questions for e-commerce site, or hosting provider, or digital marketing, etc.) Compliance with Kimberly-Clark Standards: Added an area on the on-line risk assessment for vendors to upload required documents for review and analysis against SSAE 16 requirements, PCI compliance, etc. Increased the number of Risk Assessments performed per year by 60% through Global training and creating a synergy and work process with Procurement and Legal teams. The relationship with these two areas positioned security to engage and participate in vendor selection processes and also review of Master Agreements, Contracts and Statement of Work. Security Framework: Changed the process and increased the scope of Risk Assessments to adjust with security best practices following NIST and ISO. Covered not only “confidentiality” but also integrity and availability. Diminished 75% of escalated Risk Assessments to management (Sr. Manager and CISO) resolving vendor and business risk issues and remediation requirements at the lowest level possible. Translate Technical Requirements to Business Language: Implemented a Risk Management process to a spinoff Health Care company (Halyard Health) on time and on budget. Participated in meetings with the Chief Information Security Officer (CISO) and Business Director to translate technical security concerns to business language providing pragmatic understanding of the real threat to empower the business to make smart decisions. Public Key Infrastructure (PKI): Led implementation of a cloud PKI solution (Symantec mPKI) for mobility to a spin-off new company (Halyard Health) on time and on budget. Led and managed the global PKI solution for Kimberly-Clark including Root Certified Authority, Issuing/Subordinated Certified Authorities, NDES server, OCSP, Safenet Luna SA 5 Hardware Secure Module (HSM) and integration with MDM solution Vulnerability Management: Proved to management the need for a Vulnerability Management Solution. Designed and implemented from definition of scope, vendor selection, installation and operation of the devices. Built processes, procedures and policy for executing the discovery and vulnerability scans and integrating with support areas (desktop, network, server, etc.). Increased visibility of threats and engaged other teams to patch and update their devices increasing the overall security. Performed discovery and vulnerability scans every 30 days and specific scans when new threats appeared (i.e. Poodle, Shellshock, Heartbleed, etc.) using Beyond Trust Retina and Nessus Policies and Standards: Developed Information Security Standards (Cryptography, PKI, Hardware Disposal, Password Management, Remote Access, Two Factor Authentication, Risk Management and Vulnerability Management). Data Privacy: Led an information security Data Privacy project with Global Security and Legal. Security Awareness: Promoted multiple information security awareness campaigns including social engineering calls raising the security knowledge of employees. Security Strategy: Provided definition of Information Security Strategy for Risk, Vulnerability, PKI and Third Party Access Management. Data Loss Prevention (DLP): Led development and implementation of a DLP Solution for a single location in Latin America as a pilot. Configured the device to monitor for two weeks before implementing the policy settings. IT Network: Managed $3M Capital Budget for Latin America Network Operations. Led Latin American MPLS Data Network deployment. Successfully reduced 50% of Latin American network costs and doubled capacity. Led standardization of IT infrastructure in Latin American reducing the Total Cost of Ownership. Reduced 20% of Data Center Infrastructure with VMware virtualization.



2006 - 2007 (1 year)

Masters Computer Network

2000 - 2001 (1 year)

Technology in Microelectronics

1993 - 1997 (4 years)


CCNA (2005)


Cisco Certified Network Cisco Associate

CISSP (2013)


PCIP (2014)


Payment Card Industry Professional

CRISC (2016)


Certified in Risk and Information Security Controls


Brasil chefia projeto da Kimberly-Clark

Luciano Ferrari é o brasileiro que está à frente das iniciativas mais sustentáveis no departamento de tecnologia da Kimberly-Clark no mundo. O profissional foi escolhido pelo engajamento com o assunto e pela implementação de soluções simples e eficazes no país.

Replacing Tokens with Digital Certificates for User Authentication on Remote VPN. Is this a Bad Idea?

Imagine that you were sent a request by senior management, you have a new mission: reduce the costs of the tokens license, improve the user experience via something simpler and keep the same level of security for your remote VPN users. Would you say no? Would you say that this impossible to achieve? Or would you investigate and try to deliver a solution for the business? If you believe this is impossible, I can tell you that you can have something that comes very close.


  • Connecté à Facebook
  • Freelance Préféré
  • Paiement vérifié
  • Téléphone Vérifié
  • Identité Vérifiée
  • E-mail vérifié

Mes meilleures compétences

Voir des freelances similaires