FROM TO Rafael Rodríguez, CISA, CISM, CEH
Rafael Rodríguez, CISA, CISM, CEH
From to
FROM TO Rafael Rodríguez, CISA, CISM, CEH
FROM TO Rafael Rodríguez, CISA, CISM, CEH
$ whoami
• Computer Science Engineer (ULL)
• IT Auditor, Ernst & Young (Las Palmas, 2006-2007) • IT General Controls, consultancy in compliance-related
topics
• IT Security Auditor, Deloitte (Madrid, 2007-2012) • « Ethical hacking », gaming security, PCI-DSS
• IT Internal Auditor, Siemens (Munich, 2012-present) • IT security for all Siemens worldwide
• Managing forensic cases for internal and external investigations
About Siemens
• ~360.000 employees in ~190 countries
• 4 sectors
• Healthcare: from diagnostic devices to software for hospital management
• Industry: from plant automation to large drives technologies
• Energy: from wind turbines to power transmission
• Infrastructure and cities: from trains to smart grid
What I am (normally) doing
• As auditor:
• Running IT security audits
• Leveraging the risk to the business
• Reporting to high management
• As forensic investigator:
• Collecting and processing data as required by lawyers
• Supporting investigations looking for: • Misbehaviour of invididuals (fraud, corruption, etc.)
• Facts for supporting Siemens on a litigation
Key success factors
• Cultural sensitivity • Chinese != Germans != Americans != Spaniards != …
• Soft skills • Ability to communicate, deliver presentations, establish networks with
peers and clients, manage others, solve conflicts, etc.
• Work smarter, not longer • Timetable flexibility, home office, self-management
• Orientation to the next step • What do you want to become when you grow up?
Questions?