Hi all, I'm Mark

I am a highly experienced Chief Information Security Officer (CISO) currently serving at Trustifi. With a deep understanding of various domains, including email security, website security, API security, SCADA/ICS, and IoT, I am dedicated to safeguarding digital environments against potential threats.

What I do

Keeping Hackers Guessing and Cyber Threats Stressing!

Coding and Development

⚡ Angular/AngularJS and C# development

⚡ Python and Bash scripting for tools and exploitation

⚡ Secure Software Development Life Cycle practices, ensuring secure coding standards

Cloud Infra-Architecture

⚡ Experience of working on multiple cloud platforms

⚡ Hosting and maintaining websites along with integration of databases

⚡ Working with email infrastructures with multi-purpose security configurations

Hacking

⚡ API Security Specialist

⚡ Web Application Security Experience

⚡ Vulnerability and Penetration Testing

Proficiency

Web Application Security
95%
API Security
85%
Compliance and Regulations
100%
Coding and Development
90%
Network Security
80%
Penetration Testing and Vulnerability Scanning
90%

Education

John Bryce College
Cyber Security Intelligence Professional (CSI PRO)
September 2014 - September 2016Grade A+

I received a comprehensive education at college in the field of cyber security. This included training in security issues, penetration testing, vulnerability scanning and assessment, exploitation, and social engineering. Through hands-on projects and group work, I developed the necessary technical and communication skills to succeed in this field.

  • Comprehensive understanding of network security protocols and architectures
  • Securing APIs to protect sensitive data and prevent unauthorized access
  • Website security best practices and techniques
  • Identifying and mitigating website vulnerabilities, including cross-site scripting (XSS), SQL injection, and code injection
  • Web application firewalls (WAFs) and intrusion detection/prevention systems (IDS/IPS)
  • Conducting penetration testing and vulnerability scanning for network, APIs, and websites
  • Industry standards and regulations related to network, API, and website security, such as OWASP, PCI DSS, and GDPR
  • Proficient in creating and customizing Metasploit payloads, e.g. Meterpreter, for penetration testing and post-exploitation activities
  • Post-exploitation techniques, such as privilege escalation, lateral movement, and data exfiltration

Experience

/img/icons/common/nation-e.png

Nation-E

Cyber Security Specialist
Nov 2014 – Aug 2017
As a Cyber Security Specialist at Nation-E, my main focus was on exploiting ICS/SCADA devices and running proof of concept demonstrations for potential clients to showcase the capabilities of our product in stopping zero day threats and exploitations. I was able to successfully publish a CVE for one of the exploits I discovered. In this role, I gained valuable experience in the field of cyber security and the protection of critical infrastructure systems.
    /img/icons/common/trustifi.png

    Trustifi

    Information Security Specialist
    Aug 2017 – Aug 2018
    As an Information Security Specialist, I have gained expertise in researching and analyzing email security threats and conducting vulnerability and penetration testing. My work has allowed me to become a trusted resource for information security within my organization.
      /img/icons/common/trustifi.png

      Trustifi

      Information Security, Compliance and Data Protection Officer
      Aug 2018 - Oct 2021
      As a Information Security, Compliance and Data Protection Officer, I have developed and implemented email security protections in the product, proprietary metrics and signatures, and managed my company's Information Technology environment while also creating internal Information Security policies to ensure the security and compliance of our systems. Leading, developing and certifying the company for compliance, regulations and standards such as GDPR, HIPAA and ISO 27001.
        /img/icons/common/trustifi.png

        Trustifi

        Chief Information Security Officer
        Oct 2021
        As a CISO with experience in email security and compliance, I have developed and implemented email security measures to protect against various threats including spam, phishing, and malware. I am skilled in leading a cyber security team and have managed VIP clients. My expertise in this field has allowed me to effectively secure email systems in accordance with regulations such as GDPR, HIPAA, and ISO 27001.

          Feedbacks and Bug Bounties

          United States Department of Defense

          In April, 2017, I helped the DoD to find vulnerabilities on their servers under HackerOne's program. My research and findings on the DoD servers was on the Pentagon's VISA/Passport Program, Military websites and servers and research centers.

          Schneider Electric

          In March, 2017, I successfully exploited Schneider Electric's devices used for SCADA/ICS in critical infrastructures and created CVE's.

          FlexiSpy

          In June, 2017, I found two high to critical vulnerabilities on FlexiSPY's service and got awarded with bug bounty.

          Instacart

          In May, 2017, I found two medium-high vulnerabilities on Instacart service and got awarded with bug bounty.

          Projects

          ICS and SCADA tools and exploits

          Schneider Electric exploit script confirmed by Scheider Electric in a POC with confirmed CVE.

          CVEExploit

          Successful Pilot with Israel Electric Corporation (IEC)

          The pilot was conducted throughout 2015 and was led by Dr. Leonid Lev and Leonid Rosenblum of IEC, and cyber-security experts from Nation-E. The successful pilot demonstrated Nation-E’s ability to integrate with IEC’s communication systems and protect against a number of different cyber-attacks on its communication lines.

          Press Release

          Want to work with me?

          Reach out to me using the form below.

          Reach Out!

          My mailbox is open for you

          Keeping Hackers Guessing and Cyber Threats Stressing!

          Israel