Every named engagement

DLT-enabled eGovernment platform — "Single Point of Trust"

Sovereign / institutional · 2024 – Present

DLT-enabled eGovernment platform integrating AI and Zero Trust principles. "Single Point of Trust" architecture with immutable audit trails and accountable digital decision-making supporting institutional reform.

—

Mission-grade AI platform — sensor fusion

Defence · 2024 – Present

Mission-grade AI platform combining computer vision and radar–camera sensor fusion for edge deployment. Confidence-scored insights, traceable outputs, audit-ready reporting in regulated environments.

—

Modular AI-enabled UAS demonstrator

Defence · 2024 – Present

Modular AI-enabled UAS demonstrator based on a mothership–subsystem architecture enabling distributed operations, governed autonomy, resilience, and explainable AI under policy constraints.

—

23 international and Romanian banks — transformation & cybersecurity

Worldwide · 2024 – Present

Large-scale banking transformation and cybersecurity programmes — core-banking migrations, data-centre consolidation, cybersecurity modernisation. Named clients: UNFCU, EIB, Société Générale, HSBC, BNP Paribas, Credit Suisse.

23-bank portfolio

Enterprise PAM / IAM — satellite + Azure AD + AD FS

Worldwide · 2024 – Present

Enterprise PAM/IAM solutions integrating satellite networks, Azure AD and on-prem AD FS — improving privileged-access governance and authentication security.

—

Palo Alto · CyberArk · CrowdStrike · DLP · SIEM · DDoS

Worldwide · 2024 – Present

Product Owner & senior technical authority across cybersecurity platforms (Palo Alto, CyberArk, CrowdStrike, DLP, SIEM, vulnerability management, DDoS). Automation and advanced diagnostics.

MTTR reduced by up to 58%

Romanian Ministry of Energy — AI engine + energy modelling

Romania · 2024 – Present

AI natural-language engine and online energy-system modelling platform supporting EU energy-transition planning.

—

eJustice AI — Armenia 2025–2026 (Phase 2 AI Agentic Upgrade)

Armenian Government & National Police · Yerevan · 2025 – 2026 (direct continuation of 2014–2015 UNDP/EU programme)

Phase 2 AI agentic upgrade for the National Police criminal justice platform — direct continuation of the 2014–2015 full-lifecycle eJustice programme. Deliverables: AI case routing and decision-support (NLP-based); EU AI Act governance framework (bias assessment, transparency, auditability, human-in-the-loop safeguards); national trainer certification in responsible AI; supervision and audit of implementation.

EU AI Act compliance framework · ~€60M programme (cumulative Phase 1 + 2)

eJustice AI — Georgia 2026 (Phase 2 AI Agentic Upgrade)

Georgian Government · 112 Emergency Services / eJustice · Tbilisi · 2026 (direct continuation of 2014–2015 UNDP programme)

Phase 2 AI agentic upgrade for the 112 Emergency Services / eJustice platform — direct continuation of the 2014–2015 full-lifecycle programme. Deliverables: AI dispatch optimisation and predictive resource allocation; AI transparency and accountability framework; national trainer certification in AI adoption; supervision and audit of implementation.

UNDP / EU frameworks · ~$50M programme (cumulative Phase 1 + 2)

AI Governance & Agentic eJustice — 35 States (EU AI Act Aligned)

PIR2-IT · Worldwide · 2024 – Present

AI-enabled eJustice and DPI governance across 35 states, fully aligned to the EU AI Act. Scope: NLP case routing and triage; predictive court scheduling; AI-assisted legal document processing; automated cross-border judicial cooperation flows (e-CODEX/ECRIS-compatible); digital evidence chain-of-custody; citizen-facing identity-verified portal; human-in-the-loop safeguards; full audit trails. National governance domains: justice and law enforcement, public administration, healthcare, financial regulation, energy and critical infrastructure, defence. Full ToR lifecycle delivered (diagnostic → vision → architecture → governance → roadmap → delivery → M&E → supervision and audit → continual improvement).

WBG | EU | FIDIC | JBIC frameworks

Digital Public Infrastructure — 35 States

PIR2-IT · Worldwide · 2024 – Present

eIDAS-compatible digital identity and trust services; data exchange and interoperability (API/iPaaS/ESB/eventing); e-signature, electronic notary, and national PKI; citizen-facing portals. Phased roadmaps, funding strategies, M&E frameworks, and supervision of implementation for each engagement across 35 states. Professional services delivered throughout the full project lifecycle for the majority of citizens in each country.

WBG ID4D | EU Structural Funds | FIDIC | UNDP/UNOPS

AI-driven governance application

London, UK · 2021 – Present

AI-driven governance application designed to strengthen accountability, transparency and decision traceability across complex public- and private-sector organisations. Integrates AI, automation and governance principles to support responsible decision-making, risk management and compliance with legal, ethical and operational requirements. Provides an end-to-end view of decision processes, linking strategic objectives, policies, responsibilities and measurable outcomes into a coherent governance framework.

—

Romania Govt & EU Programmes — AI policy & smart-outsourcing advisory

Romania · 2020 – 2023 · 38+ ministries / stakeholders

Research and policy initiatives on the impact of AI and emerging technologies on national and organisational strategies. Advisory on governance, enterprise architecture, cybersecurity and project implementation across multi-stakeholder environments. Smart outsourcing / IT-service procurement initiatives.

Key activities

• Led research on AI impact across national strategy, governance and operating models
• Delivered advisory across enterprise architecture and cybersecurity for regulated multi-stakeholder programmes
• Supported smart-outsourcing / IT procurement: requirements, evaluation criteria, operational constraints
• Aligned proposals with EU programme constraints and national policy direction

Frameworks: TOGAF · ISO 27001 · NIST CSF · GDPR · EU AI Act readiness · ITIL v3

38+ ministries / public-sector stakeholders

NATO NDW / CPS — Content Collaboration Section (interim head)

NATO / NCIA · The Hague · Aug 2023 – May 2024

Interim Head of Section accountable for the end-to-end service lifecycle of Content Collaboration platforms (Semantic MediaWiki and associated). Direct accountability for SLAs / OLAs across classified environments, service-change governance, CAB representation, KPI definition and reporting.

Key activities

• Coordinated and monitored 2nd- / 3rd-line support, incident investigation and root-cause resolution
• Served as first point of escalation for major incidents affecting the services
• Coordinated change enablement and release / deployment, representing services at CABs by delegation of the SAO
• Authorised new release packages and supported transition into service operation
• Defined and reported KPIs and associated service metrics; proactively monitored them

Frameworks: NIST 800-53 · ISO 27001 · PCI DSS · NCA ECC · ITIL v3 (service lifecycle) · PRINCE2

SLA / OLA portfolio · classified environments

NATO content-collaboration hybrid-cloud migration

NATO / NCIA · The Hague · 2023 – 2024

Migrated all NATO content-collaboration systems to hybrid cloud. Immutable / audit-ready versioning patterns. PAM/IAM, SIEM/SOAR and GRC platforms integrated with satellite and terrestrial networks for mission-critical environments.

Key activities

• Designed secure-infrastructure architecture aligning controls with NIST 800-53, ISO 27001, PCI DSS and NCA ECC
• Delivered 3rd-line operational support and advanced troubleshooting across classified estates
• Integrated satellite-enabled PAM/IAM with SIEM/SOAR and GRC for cross-domain access governance
• Translated complex security-architecture concepts into actionable guidance for stakeholders

Frameworks: NIST 800-53 · ISO 27001 · PCI DSS · NCA ECC · Hybrid-cloud reference architecture

—

InfoSec policy, phishing exercises & PII handling

NATO / NCIA · The Hague · 2023 – 2024

Oversaw all InfoSec policies tied to Content Collaboration lifecycle management. Designed and led phishing / social-engineering exercises and awareness training. Managed privacy complaints and internal risk registers. Conducted internal audits and served as escalation point for incidents affecting PII.

Frameworks: ISO 27001 · GDPR · NIST CSF · NATO information-handling directives

—

EEAS Cyber Security & Architecture programme

EEAS · Brussels · Jun 2022 – Dec 2023

Co-led the EEAS Portfolio Manager of Infrastructure function focusing on technical aspects, integration and operation of critical mission systems. Defined yearly EEAS portfolio (Technical Coherence, Digital Transformation, Cyber Defence) and aligned projects / programmes for cross-EEAS coherence.

Key activities

• Led a 50+ member team across apps migration, networking, satellite and cybersecurity engineering
• Deployed NGFW (Palo Alto, FortiGate, Check Point), WAF, IDS/IPS, sandbox, EDR, DLP, vulnerability management, PAM, IAM and DDoS protection
• Served as escalation point for 3rd-line troubleshooting and architecture validation; single point of contact with vendor 3rd-line
• Established cloud-governance frameworks, cost-optimisation and performance-monitoring practice
• Performed TOGAF modelling, architecture and design across capability targets, operational requirements and interoperability requirements

Frameworks: TOGAF · ISO 27001 · PCI DSS · GDPR · HIPAA · NIST 800-53 · COBIT · ITIL · IIBA · IREB · PRINCE2 · Agile

Team 50+ · multi-domain portfolio

EU BICES — intelligence networking support

EEAS · Brussels · 2022 – 2023

Support and architecture for EU BICES (Battlefield Information Collection and Exploitation System) within EEAS portfolio. Secure intelligence networking and cross-domain interoperability across member-state and partner-organisation feeds.

Frameworks: NATO STANAG · NAF · TOGAF · ISO 27001

—

EU Space & satellite security architecture

EEAS · Brussels · 2022 – 2023

Security architecture for EU Space programmes and hybrid satellite / terrestrial networks. PAM/IAM, SIEM/SOAR and GRC platforms integrated with satellite communications for mission-critical EU operations.

Frameworks: ISO 27001 · NIST 800-53 · TOGAF · PCI DSS · GDPR

—

EU Intelligence Applications — architecture & security

EEAS · Brussels · 2022 – 2023

Architecture, security and integration support for the EEAS Intelligence Applications portfolio. Controlled-access models and cross-domain integration patterns.

Frameworks: TOGAF · ISO 27001 · NIST 800-53

—

EEAS C3 cyberspace requirements & architecture

EEAS · Brussels · 2022 – 2023

Manage cyberspace environment (including EUMIL military sector C3) and analyse upcoming cyberspace requirements. Develop architectural diagrams, block diagrams and systems-engineering artefacts for capability evolution.

Key activities

• Capture, develop, analyse and evaluate capability requirements
• Maintain requirements traceability and version / configuration control
• Develop PoCs using hypothesis testing, MCDA, experimentation and wargaming
• Collaborate with 24 national / international military and civilian organisations including 9 Centres of Excellence and 5 universities

Frameworks: TOGAF · NATO STANAG · NAF · IIBA · IREB · ISO 31000

—

EEAS Disaster Recovery Centre

EEAS · Brussels · 2022 – 2023

Disaster Recovery Centre design and implementation for EEAS critical mission systems. RTO / RPO definition, failover testing and continuity evidence.

Frameworks: ISO 22301 · ISO 27031 · NIST CSF

—

EEAS Document Management System

EEAS · Brussels · 2022 – 2023

Document Management System architecture and secure integration for EEAS, with traceability and audit-ready versioning across institutional content lifecycle.

Frameworks: ISO 27001 · GDPR · ISO/IEC 24760 (identity) · TOGAF

—

EEAS Oracle EBS upgrade with encryption & identity governance

EEAS · Brussels · 2022 – 2023

Secure cloud migration and Oracle E-Business Suite upgrade with embedded encryption (AES-256), tokenisation, identity governance and data-protection controls.

Frameworks: ISO 27001 · PCI DSS · GDPR · NIST 800-53

—

EEAS apps migration & hybrid-cloud adoption

EEAS · Brussels · 2022 – 2023

Cloud-security and architecture programmes across AWS, Azure and GCP. Apps migration combined with containerisation, serverless and hybrid-cloud patterns for scalability, automation and operational resilience.

Frameworks: AWS Well-Architected · Azure CAF · GCP Cloud Adoption · DevSecOps · ITIL v3 · ISO 27001

—

IT audits & security assessments — banks & multinationals

IBM · 2019 – 2024

Lead IT audits and security assessments for clients across Financial Services (Citibank, DB, Group Société Générale, Raiffeisen), Service Industry, Public Sector (Interpol, EU), Healthcare, and Manufacturing (Mercedes Benz, EADS).

—

Cyber Crisis Management programme

IBM · 2019 – 2024

Advise, implement and manage the Cyber Crisis Management programme — strategic crisis decision-making, large-scale crisis response. One of the largest, most respected teams of crisis and continuity management professionals.

—

SIEM platforms with AI / ML threat-hunting

IBM · 2019 – 2024

Operate SIEM platforms with threat-hunting capabilities. Combined proactive and reactive incident management using AI, Machine Learning, Elastic Search, cloud technology to rapidly adapt and respond to cyber disruptions. Real-time decisioning for ongoing security incidents.

—

Global Security Operations Center oversight

IBM · 2019 – 2024

Oversee Global SOC positions in daily tasks and projects. Selection of technology (cloud, SOA, etc.), devices and software for the network and information security infrastructure. Cryptographic key management in support of CIO function as Single Point of Authority.

—

CyberPro — AI-driven cybersecurity platform

IBM Innovation Center · 2019 – 2024

Designed, developed and operationalised "CyberPro", an AI-driven cybersecurity platform integrating SIEM (Splunk, QRadar), SOAR (Cortex XSOAR, IBM Resilient), EDR (CrowdStrike, Carbon Black, Defender for Endpoint) and DLP (Symantec, Microsoft Purview) for real-time threat correlation and automated incident response.

Key activities

• Network defence with Palo Alto, FortiGate, Check Point, IDS/IPS (Snort, Suricata), Zscaler, Proofpoint
• Unified risk dashboard integrating SIEM + GRC metrics
• Third-party risk assessments, policy mapping, SOC 2 / ISO 22301 business-continuity validation
• ISO 27001 audit readiness, PCI DSS gap analyses, GDPR compliance

Frameworks: ISO 27001 · PCI DSS · NIST 800-53 · ISO 22301 · SOC 2 · GDPR · COBIT 5 · ITIL v3

+53% improvement · 1,750+ hours saved

IBM Zero Trust · micro-segmentation · HSM key management

IBM Innovation Center · 2019 – 2024

Zero Trust architectures, network micro-segmentation and encryption programme (TLS 1.3, AES-256, HSM-based key management) for defence and financial-services clients of the IBM Innovation Center.

Key activities

• Architected hybrid and multi-cloud environments (Azure, AWS, GCP) with secure connectivity, monitoring and identity governance
• Centralised IAM (Azure AD, Okta, CyberArk PAM) with cloud-native monitoring (Azure Sentinel, AWS GuardDuty, Security Hub)
• Enforced secure-design standards across requirements, design and deployment with teams of 25+ engineers / architects

Frameworks: Zero Trust (NIST 800-207) · ISO 27001 · NIST 800-53 · PCI DSS · TOGAF

—

IBM DevSecOps pipeline — containers + secrets management

IBM Innovation Center · 2019 – 2024

Containerised workloads (Docker, Kubernetes, OpenShift) with DevSecOps pipelines (Jenkins, GitLab CI/CD, HashiCorp Vault) enforcing security-as-code across IBM Innovation Center delivery.

Frameworks: DevSecOps · CIS Kubernetes Benchmark · OWASP · ISO 27001 · NIST 800-53

—

Security Issues in IoT

Feb 2017 – Present

Multi-year initiative on security issues in the Internet of Things — research, advisory and community contribution.

—

Apache CloudStack

Feb 2016 – Present

Apache CloudStack — top-level Apache Software Foundation (ASF) project. Open and flexible cloud orchestration platform for reliable and scalable private/public IaaS clouds. Java-based management server and agents for hypervisor hosts (XenServer/XCP, KVM, Hyper-V, VMware ESXi/vSphere). Native API; optional S3/EC2 compatibility; orchestration of L2-L7 network services.

—

Private Blockchain in Public Sector and International Financial Institutions

Jan 2016 – Present

Permissioned blockchain network design for public sector and IFI use cases — invitation-based / validated participation, restricted access control, network-starter governance.

—

UN cyberspace concept & member-state recognition

UN HQ · New York · 2016 – 2019

Defined UN cyberspace concept and influenced UN member states to recognise UN as Single Point of Authority for UN and member-state cyberspace. Stakeholder management with budget secured to develop the collective cyberspace, cyber-security programme planning, and cyber-risk implementation.

US$125M (2015) + US$124M (2016) member-state budgets

UN SIEM platforms — real-time AI / ML threat-hunting

UN HQ · 2016 – 2019

Designed, implemented and operated UN SIEM platforms with real-time, automated threat-hunting capabilities. Combined proactive and reactive incident management using AI, ML, Elastic Search, cloud. Real-time decisioning for security incidents.

—

UN hybrid cloud (Azure + AWS), IoT, DLT, big data, virtualization

UN HQ · 2016 – 2019

Drove cloud requirements, security controls and implementation (Azure and AWS), IoT, DLT, big data, virtualization, Office 365, BCP, code development, DevSecOps. Aligned security, technology, application and financial/business processes to new cloud environment and mobile.

Significant cost savings via Microsoft / Oracle / Cisco renegotiation

DevSecOps automation with AI-driven answers

UN HQ · 2016 – 2019

Automated DevSecOps with AI-driven security and vulnerability detection in continuous delivery workflow. Every build checked every time. Risk assessment based on actual libraries called in context of the environment and dependencies.

—

United ID — UN System inter-agency harmonisation

UN HQ · 2016 – 2019

Worked at Enterprise level to increase system-wide harmonisation on ICT matters through inter-agency mechanisms (United ID). Common ICT security approaches and solutions (processes, standards) for the entire UN System. Liaised with Finance, HR and internal-affairs units across UN — Umoja system.

—

UN blockchain community & strategy

UN HQ · 2016 – 2019

Created a blockchain community and acted as leader to develop a strategy for the UN. Spoke at UN events on Digital ID solutions / Blockchain, Bitcoin / Ether / cryptocurrencies, TechNovation Day: Blockchain.

—

UNFCU — global cybersecurity & digital-banking transformation (250K+ members · 120+ countries)

UN HQ / UNFCU · 2016 – 2019

Global cybersecurity and digital-banking transformation programme for 250,000+ UNFCU members across 120+ countries. Portfolio of 300+ projects spanning cloud adoption, core-banking migration & modernisation and cybersecurity compliance.

Key activities

• Architected hybrid multi-cloud (Azure / AWS / GCP) for mission-critical banking apps with Zero Trust, micro-segmentation, AES-256 / TLS 1.3
• Product Owner for cybersecurity platforms (Palo Alto, CyberArk, CrowdStrike, DLP, SIEM)
• 3rd-line engineering support for firewall, PAM and EDR; MTTR reduced by 55% via automation and incident playbooks
• Migrated 80% of workloads to Azure / AWS hybrid cloud maintaining PCI DSS Level 1 compliance

Frameworks: ISO 27001 · PCI DSS Level 1 · NIST 800-53 · ISO 22301 · COBIT 5 · GDPR · SOC 2 · Zero Trust (NIST 800-207)

300+ projects · 250K+ members · 120+ countries

UN M365 E5 Security Suite deployment

UN OICT · 2016 – 2019

Deployment of Microsoft 365 E5 Security Suite across UN workforce — DLP, MFA, Intune MDM, Conditional Access — supporting the global cybersecurity and digital-workplace transformation.

Frameworks: Microsoft Zero Trust · ISO 27001 · NIST 800-53 · GDPR

—

UN Oracle EBS R12 upgrade — tokenisation & database encryption

UN OICT · 2016 – 2019

Oracle E-Business Suite R12 upgrade across UN estate with tokenisation and database encryption embedded, aligning ERP security to PCI DSS-grade controls.

Frameworks: PCI DSS · ISO 27001 · NIST 800-53

—

UN active-active data-centre architecture

UN OICT · 2016 – 2019

Active-active data-centre architecture with automated failover using VMware SRM and Azure Site Recovery. Tested results: 99.98% availability, RTO < 4h, RPO 15 min.

Frameworks: ISO 22301 · ISO 27031 · NIST CSF

99.98% availability · RTO < 4h · RPO 15 min (tested)

UN Smart-Outsourcing programme (SOC · infrastructure · DevSecOps)

UN OICT · 2016 – 2019

Smart-Outsourcing programme covering SOC, infrastructure and DevSecOps operations. Delivered USD 3.2M OPEX savings while maintaining PCI DSS Level 1 compliance.

Frameworks: ITIL v3 · PCI DSS · ISO 27001 · COBIT 5

USD 3.2M OPEX savings

UN enterprise agreements — Microsoft + AWS with security / performance KPIs

UN OICT · 2016 – 2019

Negotiated enterprise agreements with Microsoft and AWS embedding performance and security KPIs. Yielded ~20% annual cost optimisation across UN workloads.

Frameworks: Vendor governance · Microsoft Cloud Adoption Framework · AWS Well-Architected · ITIL v3

~20% annual cost optimisation

UN Zero Trust + security-awareness enterprise programmes

UN OICT · 2016 – 2019

Enterprise-wide Zero Trust programme combined with security-awareness training, improving organisational resilience and compliance maturity. ISO 27001 / PCI DSS / GDPR / SOC 2 audit findings reduced by 35% within one year.

Frameworks: Zero Trust (NIST 800-207) · ISO 27001 · PCI DSS · GDPR · SOC 2

-35% audit findings within 1 year

Freelance — eGovernment Blockchain engine designed, sold & integrated into IBM

Concurrent freelance · Sep 2015 – Aug 2019

Concurrent freelance B2B engagement during the UN HQ years. Conceptualised a state-of-the-art Blockchain engine tailored for e-government — cryptographic assurance, controlled access models, immutable evidence trails. Successfully negotiated the sale to IBM and coordinated its integration into IBM's global public-sector solution stack.

Frameworks: Hyperledger Fabric · Quorum · Corda · ISO/IEC 24760 · TOGAF · NIST 800-53

—

ICJ & ICC — International Courts Digitalisation (The Hague)

International Court of Justice & International Criminal Court · The Hague · 2016 – 2019

Senior IT Adviser and Architect for digitalisation programmes at the ICJ and ICC. Defined digital transformation vision, guiding principles (judicial independence, rule of law, security, accessibility), and KPI framework for each institution. Designed target architecture: multi-tier case management platform with classified document handling, e-filing with legally binding digital signature chain-of-custody, secure cross-border evidence exchange, encrypted judicial record repository, hearing management system, and interoperability with UN Secretariat, UNDP, and member-state delegations via secure API/ESB layer. Security-by-design for classified and highly sensitive judicial records; data governance model aligned to international judicial data protection standards; access control and full audit trail for judge, counsel, and registry workflows. Financed under UN internal budget; delivery supervised and audited against UN OICT standards.

UN internal budget (OICT standard)

UNAT & UNDT — Digital Justice Strategy, Target Architecture & Delivery

UN Administrative Tribunal & UN Dispute Tribunal · New York · 2016 – 2019

Defined digital justice transformation strategy for the UN Administrative Tribunal (UNAT) and UN Dispute Tribunal (UNDT): strategic vision, guiding principles (user-centricity, rule of law, institutional independence, digital-by-default), measurable objectives, and KPI framework. Designed target architecture: multi-tier case management platform with API-first integration layer, identity federation (UN United ID), e-filing with digital signature chain-of-custody, secure document exchange (encrypted at rest and in transit), automated hearing scheduling engine, and interoperability with UN HR (PeopleSoft), legal registry, and finance (ERP) systems via ESB/API middleware. Security-by-design and privacy-by-design embedded throughout; GDPR-aligned data governance model for judicial records. End-to-end delivery through go-live with phased roadmap, change management plan (Prosci/ADKAR), M&E framework (case throughput, e-filing adoption, scheduling efficiency, user satisfaction), and supervision/audit of implementation. Outcome: full digitalisation of both tribunals serving UN staff globally across 190 countries.

UN internal budget (OICT standard)

18-Country Digital Public Services Programme — Asia & Africa

UN HQ (OICT) · Afghanistan, Bangladesh, Cambodia, Ethiopia, Kenya, Myanmar, Nepal, Pakistan, Rwanda, Senegal, Tanzania, Uganda, Zimbabwe & others · 2016 – 2019

Digital public services, national identity infrastructure, e-governance platforms, and capacity building across 18 UN member states in Asia and Africa. Professional services delivered throughout the full project lifecycle — diagnostic, strategic vision, governance framework, phased roadmap, target architecture, change management plan, M&E framework, supervision and audit of implementation — for the majority of citizens in each country.

OPEX US$56M / CAPEX US$12M (UN HQ portfolio)

NNHQ Target Architecture & ICT migration

NATO HQ · Brussels · 2015 – 2016

Coordinate with NNHQ Transition Office (HQTO) for migration of personnel and equipment into the NNHQ. Coordinate with ANWI project (Infrastructure-as-a-Service hosting all business and applications). Comment and propose ICT migration paths. Maintain ICT technical drawings, space allocation and inventory. Contribute to NNHQ Target Architecture (TA) → Baseline Architecture (BA).

US$67M+ budget executed

ANWI / AVI / ESS contractor coordination

NATO HQ · 2015 – 2016

Coordinate with NNHQ contractors — Active Network Infrastructure (ANWI) for IaaS, Audio-Visual Infrastructure (AVI), Electronic Security Services (ESS). Vendor relationships and IT-related contracts.

—

Disaster recovery + 90% server virtualization

NATO HQ · 2015 – 2016

Designed and executed first disaster-recovery centre fail-over. Successful DR plan and business continuity plan. Led server virtualization effort — virtualized 90% of systems infrastructure. AIS audits and system accreditation for classified systems.

—

INTERPOL Global Complex for Innovation — IT Security Advisor

Singapore · Jan 2015 – Sep 2015 · 90 working days

Led six task forces to deliver strategy, observations and recommendations for enhancing institutional, operational, legal and technical frameworks for digital identity and cybercrime. Business analysis, strategic and security challenges, new concept and strategy translated into business and technical requirements for the National Cyber Review II (NCR). Drafted methodology for cyber-defence policy, concepts and capabilities at nations level.

—

Senior IT Adviser — EU Regulation 910/2014 (eIDAS)

EU · Jan 2011 – Sep 2015 · 140 working days

Senior IT advisory framework contract on Regulation (EU) No 910/2014 — electronic identification and trust services for electronic transactions in the internal market (repealing Directive 1999/93/EC).

—

SSEDIC — Single European Digital Identity Community (5-year programme)

EU · 2009 – 2015

5-year consultation period with 200+ European and international eID experts and stakeholder organisations. Recommendations and roadmap for the Single European Digital Identity Community supporting Horizon 2020.

—

Emergency services architecture — Georgia (112)

Tbilisi, Georgia · Oct 2014 – Oct 2015 · 50–90 days

Architecture, coding, security, operation and data-protection of emergency services. Enterprise Architecture Strategy & Roadmap. Technical roadmap for emergency video-call service. BMC Remedy Suite + Kinetics framework. Established a Center for Secure Information Systems & Digital Identity. Trained the trainers. http://112.ge

M50$ committed

National digital identity for Armenia — Police IT system

Yerevan, Armenia · Mar 2014 – Oct 2015 · 60–90 days

Armenian Government & Armenian Police — new IT system: digital identity architecture, cyber-security, data centre, DRC, personal data protection, risk management. Single secured and unified information environment (e-Governance). Roadmap and budget for interoperability with criminal justice, voting, idCard, passport, cadastre, justice, car registration, insurance.

M60$ committed

Digital identity, people registration & voting — Afghanistan

Kabul, Afghanistan · Aug 2013 – Jul 2015 · 75 days

Validate business model, functional requirements, and obtain support for new digital identity management for people registration and voting. Solution Design Team management. Technical roadmap for implementation. Lead consulting team (3 experts). Risk assessment and mitigation.

M36$ budget

ECB cloud / digital architecture & cryptocurrency

Frankfurt, DE · Sep 2014 – Nov 2015 · 120 working days

Lead Solution Design team for modern cloud / digital and cryptocurrency architecture. Identify and document business flows, data exchanges, identity authorisation and security level. Integrations with European and governmental agencies. Updated Business Continuity Plan. Support ECB negotiations with EU, NATO, INTERPOL.

—

ENISA — National Cyber Security Strategy framework

EU · Aug 2013 – Dec 2013 · 60 working days

Member of expert advisory group defining the National Cyber Security Strategy (NCSS) framework and action plan to improve security and resilience of EU national infrastructures and services. Part of the task force ensuring that national eIDs work for cross-border public-service access in EU.

—

VAUBAN — IT PMO Head / IT Director, Banking Transformation

BRD Bank — Groupe Société Générale · Bucharest · May 2011 – Aug 2013 · Full-time

PMO effective operation, IT Strategic Planning and Banking Transformation Programme. Set-up Center for Secure Information Systems. Enterprise Architecture Strategy & Roadmap. Coordination with PMOs/CSICs in Croatia, France, Russia, Bulgaria, Moldova. New Core Banking — INFOSYS Finacle / Oracle Flexcube. Cards & alternative channels (Mobile/Internet Banking, WU@ATM, WU@POS, prepaid). 900+ servers, 550+ applications, 120+ audit recommendations closed (89%).

US$3.93M IT savings · US$2.88M vendor negotiations · US$63M budget · OPEX -44.2%

Cernavoda NPP (Nuclearelectrica / SIVECO) — IT Advisor

Romania · Sep 2013 – Aug 2015 · 190 days

Restructured entire SMS system (BMC 8.5 → 9), new workflows. Reengineered processes for Change & Service Request, Unified Event Management with event correlation, Service Catalogue and Service Level Management. Cyber-security audit per NRC Title 10 §73.54, NRC RG 5.71, NEI 08-09, NEI 13-10, 10 CFR 73.54, NIST SP800-53/82, ISO 2700x. Audit of DCS, HMI, PLC, RTU, SCADA. 100% audit compliance achieved.

—

Document Management & Portal System — Romanian Immigration

Romania · May 2013 – Aug 2013 · 69 days

SMC implementation based on IBM Tivoli Suite. EU Secret level — implications for information security and technical design (Approved products, certification, homologation). Solution design with Azure cloud, Microsoft 2008 Suite, MS SQL 2008. Custom software development (700 person-days). WEB Services / XML integration. Enterprise IBM servers, Enterprise SAN, LTO, LAN/WAN, CA IAM, PKI. Established small PMO.

—

IT Health System — ePrescription, ePatientFolder

Romania · Sep 2013 – Aug 2015 · 90–120 days

Solution design with Oracle WebLogic and DB 11g. Custom software development (700 person-days, Java). Integration via Web Services / XML. IBM Cloud, Mobile devices, VMware, Oracle Finance, BPM, IBM servers, Enterprise SAN, LTO, LAN/WAN, IAM Oracle, PKI, BCP. Data centre relocation. SAP NW Identity Management implementation. Center for Secure Information Systems with trained trainers. ISO 2700x compliance support. PMO setup.

—

Transfond — electronic payment & inter-banking compensation

Romania · 2008 – 2011

IT system for electronic payment (T24, Murex, TI+) and inter-banking compensation. Process design and compliance with international mechanisms. Data protection. PCI-DSS & ISO 27001 certification. 30T transactions/day. 99.9998% availability.

—

IBM Data-Center — Tier 4 (~8000 m²)

Romania · 2009 – 2011

Led from business case through Go Live: new IBM Data-Center (~8000 m², 99.995%/year). Defined and implemented business and operational processes. Service Catalogue, Budget management, SLA monitoring. Service-provider processes for PaaS, AaaS, SaaS, IaaS (cloud private, hybrid, public). ISO 27001/27002 risk assessment. PCI-DSS & ISO 2700x certification support.

SD consolidation: 45 small SD → 1 central · €500K/year saving

ECB · EU · CE · ING · Citibank · JPM · Raiffeisen · Société Générale · CEC Bank

Multi-country · 2008 – 2011

IT Risk Analysis System (ISO 2700x). Solution design of new Core Banking. Cloud private/public PoC. Data centre relocation, HW/SW/MW/NW/SAN consolidation. Set-up Business Intelligence Competence Center (Data Architecture, Quality, Governance, BI & Executive Dashboard).

—

Raiffeisen — Risk & Card upgrade + CSIS

Romania · 2008 – 2011

Upgraded Risk Analysis System (Murex), Card System (Murex), RISC and x86 server infrastructure. Center for Secure Information Systems: SIEM, DB Security, ISMS & ISR, MDM, Managed Security Services. Process improvement (ITIL).

—

Romanian Ministry of Internal Affairs — National Cyber Security

Romania · Oct 2008 – May 2011

Large-scale cyber-defence system (>€4M, EU funds). Unitary mechanism of reaction and response to security incidents. Risk reduction, knowledge, capabilities and decision mechanisms in the Romanian Government. 250 offices / 500,000 assets across the country. Service Management System (Tivoli Business Service Manager), SLA monitoring. ISO 2700x, NIST. http://www.natowatch.org/node/1532

>€4M (EU funds)

Romanian Electronic Passport — sovereign programme

Romania · Aug 2008 – Nov 2010

Architecture + project management of large-scale system covering full ePassport lifecycle. Sensitive environment. Training for 500+ users. 4 main sites / 4 Tier-3 data centres, 45+ offices in Romania, 250+ offices worldwide. Business continuity. New business and operational processes. ISO 27001 risk assessment, audit, policy.

>€30M

Romanian National Agency of Cadastre & Land Registration

Romania · 2008 – 2011

Roll-out of enterprise IT system (infrastructure, application, business processes) for cartographic products and Ortophotoplan coverage (GIS), cadastral plans, topographic plans for the entire country.

>€7M

Single Window — cross-border trade Romania / EU

EU + Romania · 2008 – 2011

European Commission and Romanian Ministry of Finance. Single Window application and infrastructure (design, project management, training, change management). Set-up Business Intelligence Competence Center.

>€2.3M (EU funds)

IBM Blue Gene Supercomputer

Romania · 2008 – 2011

Only supercomputer of its size in Romania and one of 3 in Central / Eastern Europe at the time. 13.9 TFlops compute power: 1024 processors, 4096 cores, 4 TB RAM, 32 I/O nodes.

—

National ePassport programmes (multi-country)

Romania · Moldova · Bulgaria · Slovenia · Poland · Spain · Hungary · Egypt · Nigeria · UAE · 2009 – 2011

Subject-matter expert for national biometric travel-document architecture, secure issuance chain, ICAO-compliant chip personalisation, PKI trust services, border-control integration.

Multi-country sovereign programmes

National eID and citizen identity (multi-country)

Romania · Moldova · Bulgaria · Croatia · Poland · Slovenia · Spain · Hungary · Egypt · Nigeria · UAE · 2009 – 2011

Sovereign citizen-identity platforms — authentication, credential issuance, national PKI integration. End-to-end Digital Public & Private Business — citizen onboarding and cross-border eID access (eIDAS interoperability).

Multi-country sovereign programmes

National eHealth — patient registration & ePrescription

Romania · Moldova · Ukraine · Armenia · Georgia · Greece · 2009 – 2011

Patient registration, ePrescription, EHR exchange, identity-linked patient access, audit-ready clinical data flows.

—

Cadastre / land-registry digitalisation (multi-country)

Romania · Bulgaria · Moldova · Ukraine · Hungary · Russia · 2009 – 2011

Sovereign land-registry digitalisation — geospatial data integrity, registration workflows, judiciary and notary interoperability.

—

eJustice Romania

Romania · 2009 – 2011

Citizen access to justice services based on digital identification.

—

National PKI Romania

Romania · 2009 – 2011

Root and subordinate CAs, certificate lifecycle, trust anchors for sovereign identity and document services.

—

eNotar — Bulgaria + Moldova

Bulgaria · Moldova · 2009 – 2011

Electronic notary services — identity-bound electronic signatures, document integrity, registry-of-acts interoperability.

—

EURODAC + Asylum DB

EU · 2009 – 2011 (advisory continuing)

Senior IT Adviser on EURODAC — fingerprint datasets to determine responsibility for examining asylum applications across EU States.

—

Telekom Romania — NGN, MPLS, M2M, OSS/BSS upgrade

Romania · 2008 – 2011

Framework contract upgrade and extension of NGN, MPLS, M2M, OSS/BSS. Whole-system transformation. IT Security audit (ISO 27001).

FwC >€30M

IBM + Vodafone — M2M / Cloud / IoT PoC

Worldwide · 2008 – 2011

Proof of concept for M2M system, Private cloud, PaaS, IaaS, AaaS, BSS/OSS integration and transformation plan. Security rules.

—

IBM EMEA Center of Excellence — Defence & Security (internal CoE leadership)

IBM EMEA · Worldwide / Bucharest · 2008 – 2011

Led the IBM EMEA Center of Excellence for Defence and Security. Defined and managed business and technical requirements; architected / designed critical military systems; co-led development, verification and validation across 28+ IT upgrade / migration projects.

Key activities

• Defined yearly IBM Portfolio across Technical Coherence, Digital Transformation and Cyber Defence
• Performed TOGAF modelling, architecture and design across capability targets and interoperability requirements
• Direct support of national / international / multi-national C2, C3, C5 activities
• Collaborated with 146 national / international military and civilian organisations including 36 Centres of Excellence

Frameworks: TOGAF · COBIT · ITIL · PRINCE2 · RUP · ISO 900X · ISO 27K · ISO 31000 · NIST · C2I / C3I / C4ISR / C5I

28+ IT upgrade / migration projects · 146 orgs · 36 CoEs

IRIS — SNCFR National Railway Digital Transformation

Societatea Naţională a Căilor Ferate Române (SNCFR) · Romania · 2008 – 2011

Enterprise IT architecture for national railway digital transformation. Scope: safety-critical systems, passenger services, operations infrastructure, and IT/OT integration. Architecture definition, technology roadmap, and delivery oversight for one of Romania's largest state-owned transport enterprises.

IBM Romania national programme

Motorola Center of Excellence for Cybersecurity (CoE-CS)

Worldwide · 2006 – 2008

Developed and led Motorola CoE-CS. Strategy and design of major systems initiatives around information security worldwide. Recognised as main pillar — invested in: US$18M (2006) and US$26M (2007). 35 experts directed; 23 new experts hired with 108 internationally recognised certifications.

US$18M (2006) + US$26M (2007)

Crypto-X program — digital / biometric identity & authorisation

Worldwide · 2006 – 2008

Established the Crypto-X programme and digital / biometric identity and authorisation initiatives. Coordinated Linux software developers across USA, Canada, Brazil, China, India, UK, France, Germany on cores, peripherals and device drivers (crypto devices, digital identification, IP Security protocols).

—

Motorola estate cyber-rationalisation + CSIS

Worldwide · 2006 – 2008

Assessed >3,000 legacy applications, consolidated 839. Defined Motorola Cybersecurity policy and standards (zero-trust concept). Redesigned Internet Access Point and network topology (firmware rules, VPNs, router security, SSL). Established Center for Secure Information Systems (CSIS). Implemented Motorola's first internal/external cybersecurity audit and compliance program.

—

Oracle PeopleSoft — HRMS, FMS, SCM, CRM, EPM

Worldwide · 2006 – 2008

Implemented Oracle PeopleSoft (HRMS, Financial Management Solutions, SCM, CRM, Enterprise Performance Management) and Oracle ESB at organisational level.

US$45M budget executed

CMM/CMMI Level III + Motorola Romania PMO (120+ resources)

Bucharest · 2006 – 2008

Led CMM/CMMI software process improvement programme — achieved Level III. Set up local Motorola PMO (120+ resources) aligned with Freescale's PMO framework. Lean Six Sigma process improvement.

US$2.93M IT savings · 9.88% below budget

EURODAC — Romania (EU funds)

Romania · 2002 – 2006

EURODAC system — EU asylum-applicant identification via fingerprint datasets. Business-intelligence flows and implementation. EU Secret.

>€3M (EU funds)

Border Protection integrated system

Romania · 2002 – 2006

Border Protection integrated system — radars, mobile surveillance, military equipment. OSS modernisation. EU Secret.

>€13M (EU funds)

Ucka Tunnel — modernization of integrated electronic safety system

Croatia · 2002 – 2006

Croatia Ministry of Transportation — Ucka Tunnel modernization of integrated electronic safety system.

>€1M

Bulgarian Min. Transportation — Corridor IV GSM-R rail

Bulgaria · 2002 – 2006

New integrated telecom rail system (including GSM-R) on Corridor IV Pan European.

>€29M (EU funds)

Bulgarian Min. Energy — optical fibre + tele-transmission + CSIS

Bulgaria · 2002 – 2006

New optical fibre and tele-transmission system. Established a Center of Security Information Systems (ISO 2700x). Designed and executed audit on enterprise network, VPN and key applications. Automated continual auditing system/database.

>€3M (EU funds, FIDIC)

Black Sea + Danube surveillance

Romania · 2002 – 2006

Black Sea and Danube surveillance — CCTV, radars, telecom, special devices, GIS.

—

Metro Dubai — telecom solution offer

UAE · 2002 – 2006

Prepared offer for Dubai Metro — telecom solution, risk identification/quantification/analysis, project estimation.

—

Teletrans — integrated IP + PABX telecom system

Romania · 2002 – 2006

New integrated telecom system (IP, PABX). OSS/BSS integration and whole-system transformation.

>€3M (FIDIC)

Paris Charles de Gaulle Airport — Borderless Networks

France · 2002 – 2006

Borderless Networks infrastructure — routing, switching, network security, application delivery networking, Unified Computing System, Storage, Wireless, Security and Identity Services Engine.

—

Romanian airports — telecom + IT security + SCADA

Romania · 2002 – 2006

Otopeni Airport — unified telecommunication, IT security, IP. Cluj Airport — SCADA, telecom, IT security; audit of DCS/HMI/PLC/RTU/SCADA. Cogalniceanu Airport — unified telecom, SCADA, audit of control systems.

—

Orange Romania — backbone + GSM + OSS/BSS transformation

Romania · 2002 – 2006

Telecom system: backbone & GSM systems, OSS/BSS, whole-system transformation.

FwC >€40M

Telekom Romania — Borderless Networks + SAP IDM

Romania · 2002 – 2006

Borderless Networks infrastructure (routing, switching, network security, application delivery, UCS, Storage, Wireless, Security and Identity Services Engine, NGN, MPLS, PABX, M2M, OSS/BSS). SAP NLM and SAP NW Identity Management implementation. Cyber investigations, computer forensics, threat intelligence, vulnerability assessments and incident response.

FwC >€40M

Traumatology Hospitals — IP + telemedicine PoC

Romania · 2002 – 2006

Telecom solution (IP) and telemedicine proof of concept across the network.

<€1M (EU funds)

Kozloduy Nuclear Power Plant — SCADA + telecom audit

Bulgaria · 2002 – 2006

Audit and modernisation of SCADA and telecommunications systems. Process optimisation. Roadmap definition.

—

Cernavoda NPP — telecom roadmap + IT security audit

Romania · 2002 – 2006

SIVECO subcontractor — audit and roadmap for telecommunication system. IT security audit. IT infrastructure and I&C system: DCS, HMI, PLC, RTU, SCADA.

—

OMV Petrom — Tier 3 data centre + DR

Romania · 2002 – 2006

New data centre (Tier 3), cyber security, business continuity and disaster-recovery data centre.

>€250K

National ePassport — France · Germany · Morocco · South Africa

Multi-country · 2002 – 2006

Subject-matter expert for national biometric travel-document — secure issuance, PKI trust services.

>€32M

National eID and citizen identity (multi-country)

Romania · Moldova · Bulgaria · Croatia · Poland · France · Germany · Morocco · South Africa · 2002 – 2006

National eID and digital identity — sovereign citizen-identity platforms, authentication, credential issuance.

Multi-country sovereign programmes

DigiNotar — Romania

Romania · 2002 – 2006

DigiNotar — electronic notary trust services for Romania.

—

Civil registration — France · Romania · Germany · Morocco · South Africa

Multi-country · 2002 – 2006

Civil registration — births, marriages, deaths, identity-linked registry.

—

Société Générale — telecom & secure-banking network integration

Romania / EMEA · 2002 – 2006

Alcatel-era engagement with Groupe Société Générale: secure banking network integration, OSS/BSS modernisation and core-banking telecom infrastructure (predecessor to the later VAUBAN programme delivered as freelance 2011 – 2013).

Frameworks: ITIL v3 · COBIT · ISO 27001 · PCI DSS

—

BCR Bank — Alcatel-era core-banking & telecom network integration

Romania · 2002 – 2006

Alcatel-era BCR Bank engagement: core-banking telecom and network integration, secure-network projects across the European banking estate.

Frameworks: ITIL · ISO 27001 · PCI DSS · TOGAF

—

BNR — National Bank of Romania — telecom & network

Romania · 2002 – 2006

Alcatel-era engagement with BNR (National Bank of Romania): telecom and secure-network integration for central-bank operations.

Frameworks: ITIL · ISO 27001 · TOGAF · Central-bank operational standards

—

CEC Bank — Alcatel-era telecom & network integration

Romania · 2002 – 2006

Alcatel-era CEC Bank engagement: telecom and secure-network integration for the Romanian state savings bank estate.

Frameworks: ITIL · ISO 27001 · TOGAF · PCI DSS

—

Alcatel Center of Excellence — Defence, Security & Intelligence (internal CoE leadership)

Alcatel Romania · Timișoara · 2002 – 2006

(Co-)Led the Alcatel Center of Excellence for Defence, Security and Intelligence markets, with the Alcatel Romania Enterprise Architecture function. Defined the yearly Alcatel Romania Technical Portfolio across ICT Architecture, Digital Workplace, Digital Transformation and Cyber Defence.

Key activities

• Aligned portfolio across Alcatel Information Enterprise; identified programmatic / technical touchpoints
• Performed TOGAF modelling, architecture and design for completeness, consistency and clarity
• Developed PoCs using hypothesis testing, MCDA, experimentation, wargaming and simulation
• Collaborated with 46 national / international military and civilian organisations including 17 Centres of Excellence

Frameworks: TOGAF · COBIT · ITIL · PRINCE2 · PMI · ISO 900X · ISO 31000 · NIST

—

Magurele nuclear research lab — SCADA + biometric security + I&C

Romania · 1996 – 2002

SCADA system, biometric security systems, instrumentation & control.

—

Cernavoda Nuclear Power Plant — biometric security

Romania · 1996 – 2002

Biometric security system for Cernavoda NPP (via UTI).

—

Citibank — biometric security + Building Automation

Romania · 1996 – 2002

Biometric security systems and Building Automation System for Citibank.

—

BRD Bank · BCR Bank — security systems + BAS

Romania · 1996 – 2002

Security systems and Building Automation System for BRD Bank and BCR Bank.

—

Orange Romania — security + site rehabilitation + data center

Romania · 1996 – 2002

Security systems, site rehabilitation, data centre.

—

Ericsson — security + I&C + telecom systems

Romania · 1996 – 2002

Security system, I&C installation, telecommunication systems.

—

Philip Morris — SCADA + WMS + BAS + HVAC

Romania · 1996 – 2002

Security systems, warehouse management system, SCADA, Building Automation System, HVAC.

—

BAT — security + warehouse mgmt + BAS

Romania · 1996 – 2002

Security systems, warehouse management system, Building Automation System.

—

Retail — Sodexho pass · Selgros · Metro

Romania · 1996 – 2002

Security systems and Building Automation System for retail clients Sodexho pass, Selgros and Metro.

—

Baneasa · Henri Coanda · Tarom — airport security + BAS + PSS

Romania · 1996 – 2002

Security systems, Building Automation Systems, and PSS (Tarom) for Romanian airports and airline.

—

Romanian Ministry of Defence + Ministry of Internal Affairs

Romania · 1996 – 2002

Security systems, Building Automation System, PKI for the Ministry of Defence and Ministry of Internal Affairs.

—

Helinick IT strategy, roadmap & ERP selection

Helinick · Bucharest · 1996 – 2002

Current-state assessment, IT strategy and roadmap. Evaluation and selection of new ERP. Reorganisation of Technical Services and Applications teams. Annual IT business plan and budget. System & networking administration. Database design (Windows / Linux / UNIX). Cyber investigations, computer forensics, vulnerability assessments and incident response.

US$200K+ Y1 OPEX savings · US$150M+ annual budget · 35 projects on time / on budget