Bogdan Costache

Bogdan has 8+ years of experience providing Cyber Security services, focusing on Application Security, Cyber Resilience and Response, and Emerging Products Security. Bogdan’s employs a risk-driven approach to bridge between technical and non-technical stakeholders, and translate business needs into secure transformations while identifying attack vectors and mitigating points of failure. Bogdan is using his technical background to support the implementation of projects and ensure a secure and predictable environment, aligned with risk profile of the organizations, internal security standards, guidelines and leading practices.

Professional and industry experience

Bogdan spearheads the delivery and continuous improvement of Mobile Security service lines within the US, and has global experience in information and digital product solutions security assurance, mobile pentesting, risk assessments, internal audit and cyber security transformations. Bogdan is a regular conference speaker on software security, emerging threats and attacks, and emerging technologies topics.

• Mobile Security specialist, focusing on Mobile Security Framework development and implementation, Mobile Application SDLC assessments and Mobile Device Security policy implementation; conference speaker
• Assess and implement secure development lifecycle processes and frameworks focused on mobile applications and IoT product development
• Maturity assessment of development practices, capabilities and tools for Waterfall, Prototyping, Secure Agile and DevSecOps methodologies
• Built remediation roadmaps for large organizations that were in the process of transforming their product or software development capabilities (Agile and DevOps)
• Threat intelligence focused on mobile application development, targeted platform attacks for iOS and Android OS
• Technical security evaluations of emerging solutions/products and security controls in Financial Services industry
• IoT Product Security assessor - source code review, design review, pentesting
• “Lead Evaluator” for Product Assurance engagements, leading CESG (now NCSC) Commercial Product Assurance (CPA) security assessments for a series of connected smart devices
• Enterprise Security operations: enterprise protection managers, vulnerability scanning, IDS, traffic inspectors, fraud prevention, Information Property leak, physical security, BCP/DR

Technical skills

• Mobile: MobileIron, BES12, Blackberry UEM, Samsung KNOX, Citrix MAM, Microsoft Intune
• Cloud: Amazon Web Services (AWS), Microsoft Azure, Salesforce
• DevOps: Jira, GitHub, Kubernetes, Jenkins, Docker, Artifactory, TeamCity, Bamboo, Puppet, AppDynamics, Subversion.
• Network Security: OSPF Multiarea, BGP, L2TP/IPSec VPN, MPLS, VRRP
• Application Security: McAfee ePO, Dell Secureworks, Qualys Scans, Websense, Mobile Iron, Check Point FDE, Check Point EMDRE, Check Point IPsec Gateway, Symantec Endpoint Protection & Trend Micro Business Security
• Programming skills: Java (Android SDK), Objective C, bash scripting, C#, SMALI, Assembly