Mete Eminağaoğlu, PhD

Transcription

1 Mete Eminağaoğlu, PhD Information security, IT governance, risk analysis, cryptography, machine learning, data mining, academic, information systems audit and control manager / consultant, project manager, general management 1. PERSONAL DETAILS 1.1. Personal Details Nationality Turkish Languages Turkish (native), English Date of Birth 1973 Driving licence Turkish B Military Service Fulfilled 1.2. Contact Information mete.eminagaoglu@yasar.edu.tr 1.3. Educational Background PhD., Trakya University, Computer Engineering M.Sc., Izmir Institute Of Technology, Computer Software Science B.Sc., Ege University, Computer Engineering Izmir Ozel Turk Koleji 1.4. Employment 2009-present Yasar University Full-time Lecturer Izmir University of Economics Part-time Lecturer Navigator Business & Information Management Services S.A., Assistant General Manager Arkas Holding S.A. Information Systems Security Manager Inform. Security Consultancy & Audit Dept Digiturk, Digital Platform Iletisim Hizmetleri A.S. T.C. Kara Kuvvetleri Komutanligi, Elazig 8. Kolordu Komutanligi, Elazig, TURKEY Security Specialist - IT Dept, Sys & Network Group Network Security & Information Systems Support Officer - OBIM. (military service as a second lieutenant) 11/ /1999 Izmir Institute of Technology 05/ /1996 Chronicle 02/ /1995 New Holland Trakmak A.S. Research Assistant -Computer Engineering Dept Software Engineer - Software R&D Department Software Engineer IT Department 1

2 1.5. Experience 1. June 2007 January 2009 NAVIGATOR Business & Information Management Services SA, Konak Izmir / TURKEY Management of all the executive tasks in Navigator which services to 3 rd parties; Information Security and IT Quality Assurance, Business Applications consultancy, Process and Performance Improvement consultancy, IT Recruitment consultancy Taking part or manageing in some of Navigator s Information Security & IT Governance audit & training projects including (some of the clients: Türk Ekonomi Bankası, Societe Generale Krediver, Türkiye Finans Katılım Bankası, Bristol-Myers Squibb, Bosphorus Shipping Agency, Brightwell BV); ISO27001 & CobiT training & consultancy Business Continuity Planning Internet & web application security Secure software development 2. May 2002 June 2007 Arkas Holding SA, Alsancak, Izmir, TURKEY Development, consultancy and management of Information Security within Arkas Group of Companies, including; Corporate Information Security Strategies Internal Security Audits, Education & training (Information Security Awareness), Education & training (Information Security Technical Concepts), Technical & administrative consultancy, Development & publishing of Information Security policies, procedures & technical standards, Computer forensics & forensic analysis, Contingency planning, emergency & incident response, Tiger Team - penetration tests & vulnerability assessments, Risk Analysis Planning & Implementation of Corporate IT Security Systems Infrastructure & related projects; Network Firewalls, Network & host based IDS / IPS, Content Filtering, Network & desktop Anti-Virus, Personal Firewalls, PKI ( & data encryption, digital signatures, SSL CA) Spyware & malware protection, Wireless network security, VPN gateways, Patch management. Professional Services to 3 rd Party Companies; Education (Information Security Awareness) Training (Information Security - Technical & Administrative) Information Security Audits Information Security Consultancy - Administration & Solution Provider Part-time Instructor at Izmir University of Economics, Department of Computer Programming; Computer Security Course 3. February 2001 May 2002 Digiturk, Digital Platform Iletisim Hizmetleri A.S Besiktas, Istanbul, TURKEY LAN, Intranet & Internet security management Checkpoint FW & Nokia IP650 administration ISS Real Secure IDS administration Test & management of several security-based systems (VPN devices, Radius RAS Servers, SSL accelerators, e-tokens, sniffers, security scanners) 2

3 Win 2K & Win NT4.0 local security management MS IIS 4.0 & 5.0 system / security management & maintenance MS Exchange 5.5, 2000 system / security management & maintenance System & network administration on Win2K, WinNT 4.0 Servers & MS AD architecture Design & programming of data security, system management, network security & networking applications using C, VB December 1999 October 2000 T.C. Kara Kuvvetleri Komutanligi, Elazig 8. Kolordu Komutanligi,Elazig, TURKEY LAN, Intranet & Internetworking security management Network administration, MS Exchange Server 5.5 management, IIS 4.0 management on Win NT Server 4.0 platform Web site design & development for the 8 th Army Corps Intranet Design & development of several Client / Server applications on the 8 th Army Corps Intranet using VBScript & JavaScript Design & development of several application programs using VB4.0,C 5. November 1996 June 1999 Izmir Institute of Technology Urla, Izmir, TURKEY Several research projects related with software security, information security, network & Internet security, database security, cryptanalysis, secure , symmetric data encryption Lecturer (C programming lab CENG -1.mid term students) Given OS security, software security, cryptology seminars Several optimization case-studies using Genetic Algorithms Operating system security benchmark tests and researches on Linux, AIX, Windows NT platforms Simulation applications using SimDL Web Page Design using Web Browse objects for Visual Basic 4.0, VBScript, HTML Design & development of Internet Client/Server applications with VBScript, Visual Basic 4.0 and Active X 6. May 1996 November 1996 CHRONICLE Cankaya, Izmir, TURKEY System Analysis & Project Design Application and on-demand programs with MS VB 3.0 & 4.0, MS Access 7.0 Design & development of Kronik Ofis - Accounting System Software Package Administration & application development on Microsoft SQL Server 6.0 & 6.5 platforms: Account Tracking System with Transact SQL on MS SQL Server Office Automation Programs with MS SQL Server 6.5 Database using Visual Basic SQL Server Library, ODBC API, RDO and DAO Integration, redesign and transportation of Kronik Ofis database from MS Access 7.0 to MS SQL Server 6.5 platform SQL Application Programs using Client-Server Architecture 7. February 1995 November 1995 New Holland Trakmak A.S. Izmir, TURKEY Unisys - BTOS System Administration Systems Analysis & Design Design & development of application programs with MS Access 2.0 Design & development of application programs using Cobol and VSAM file system on BTOS platform 1.6. Professional Certifications March 2006 October 2005 ISO 27001:2005 Lead Auditor BSI-Global, TURKEY CISA (Certified Information Systems Auditor) 3

4 Information Systems Audit & Control Association December 2004 CISSP (Certified Information Systems Security Professional) International Information Systems Security Certification Consortium July 2004 October 2003 BSI BS7799: Lead Auditor BSI-Global, TURKEY SACIS-P (Security, Audit & Control of Information Sys Professional) Smart Valley Mihrabat Cad. Yayabey Sok. No: 33/1 Kavacik, Istanbul, TURKEY 2. SCHOLARLY ACTIVITIES 2.1. PhD Thesis EMINAGAOGLU M, Using Machine Learning Techniques for Deriving a Conceptual Information Security Risk Assessment Model, Computer Engineering, Supervisor: Prof. Dr. Mr. Saban EREN, Trakya University, TURKEY - (dissertation phase) 2.2. MSc Thesis EMINAGAOGLU M, Genetic Algorithmic Approach to the Differential & Linear Cryptanalysis of Symmetric Cryptosystems, Computer Software Engineering, Supervisor: Assoc. Prof. Mr. Ahmet KOLTUKSUZ, Izmir Institute of Technology, TURKEY, BSc Thesis EMINAGAOGLU M, Transportation Simplex Method Modeling & Its Application in Office Automation Systems using a Relational Database, Ege Universtiy, TURKEY, Publications 1. Gökşen Y., Doğan O., Eminağaoğlu M., A Proposed Model for Candidate Selection Process in Political Parties Based On Fuzzy Logic Methodology, Mathematical and Computational Applications, ISSN: X, (2011) *(formally accepted to be published in forthcoming issue in 2011). (Indexed in SCI-expanded) 2. Eminağaoğlu M., Eren Ş., Implementation and Comparison of Machine Learning Classifiers for Information Security Risk Analysis of a Human Resources Department (extended version of prev. symp. work), International Journal of Computer Information Systems and Industrial Management, ISSN: , Vol.3, (2011). (Indexed in INSPEC) 3. Eminağaoğlu M., Uçar E., Eren Ş., The positive outcomes of information security awareness training in companies; a case study, Elsevier, Information Security Technical Journal, ISSN: , Vol. 14 No.4, pp: , (2009). (Indexed in SCOPUS) 4. Eminağaoğlu M., Gökşen Y. "Information Security; What is and What is Not, Information Security Problems in Turkey and Some Related Solutions", Dokuz Eylül University Social Sciences Institute Journal, ISSN: , Vol.11, No.4, pp: 1-15, (2009). (Indexed in DOAJ) 5. Eminağaoğlu M., Eren Ş., Uçar E., Using Binary Classifiers for Information Security Risk Analysis: A Case Study, ISCSE 2011 The 2nd International Symposium on Computing in Science & Engineering - Proceedings Abstracts, 1-4 June 2011, Kuşadası, TURKEY, pp: , (2011). 6. Gökşen Y., Eminağaoğlu M., Doğan O., Data Mining in Medical Records for The Enhancement of Strategic Decisions: A Case Study, EBEEC 2011 The 3rd International Conference The Economies of 4

5 Balkan and Eastern Europe Countries in The Changed World Book of Abstracts, 5-8 May 2011, Pitesti, ROMANIA, pp:52, (2011). 7. Eminağaoğlu M., Eren Ş., Implementation and Comparison of Machine Learning Classifiers for Information Security Risk Analysis of a Human Resources Department, Proceedings of the IEEE 2010 International Conference on Computer Information Systems and Industrial Management Applications (CISIM), 8-10 October, Kraków, POLAND., pp: , (2010). 8. Eminağaoğlu M., Eren Ş., Improvement of Password Usage in Companies by means of Customized Technical Solutions and Employee Awareness; a Case Study, The 1st International Symposium on Computing in Science & Engineering, 3-5 June 2010, Kuşadası, TURKEY. 9. Eminağaoğlu M., Kılıçaslan Y., Uçar E., Güner E.S., Using machine learning techniques for information security risk analysis, Proceedings of the Human Factors in Information Security Conference, Elsevier, February 2010, London, U.K. 10. Eminağaoğlu M., Position paper: Analysis and assessment of information security risks using machine learning techniques, Proceedings of the 1st JRC-Turkey Workshop on ICT Security, JRC- IPSC EU Comission, 1-2 December 2009, Izmir, TURKEY. 11. Gökşen, Y., Eminağaoğlu M., Đş Süreçlerinin Etkinliğinde ve Đnsan Gücünün Planlamasında Bilişim Sistemlerinin Rolü, 2 nd ed. ISBN: Altın Nokta Basım Yayın Dağıtım, Konak, Đzmir, TURKEY (November, 2009) 12. Kurtel K., Eminağaoğlu M., Eren Ş., Modeling Business Process Exceptions in UML 2 Notation Proceedings of the XXIII. microcad International Scientific Conference, pp: 67-74, March 2009, University of Miskolc, HUNGARY. 13. Eminağaoğlu M., Using Genetic Algorithms for the Cryptanalysis of Simple Symmetric Block Cryptosystems ISCIS 99 International Symposium on Computer and Information Sciences, Ege University, Izmir, TURKEY (1999). 14. Koltuksuz A., Eminağaoğlu M., Gazioğlu V., Operating Systems Security, Proceedings, The International Symposium on New Achievements in Information and Military Technologies, T.S.K. - K.K.K., June 1997, Ankara, TURKEY) (1997) Other ALES (Academic proficiency exam of Y.Ö.K.) Score: ÜDS (English language proficiency exam of Y.Ö.K.) Score: TECHNICAL SKILLS 3.1. Programing Languages MS Visual C++, MS Visual C#, MS Visual Basic, MS SQL, VBScript, JavaScript, ANSI C, 8086 Assembly, Cobol, SimDL 3.2. Operating Systems Win. 2003, Win. XP, Vista, Win. 7.0, Win. 2K Server & Pro, Win. NT 4.0, Win. 95 / 98, Unix (IBM AIX, Linux RedHat), IBM i-series (OS/400), BTOS, MS DOS, Nokia IPSO Series 3.3. Hardware Platforms IBM (Workstation 6000 Series, AS/400), Unisys (CTOS), Intel PC, Nokia Appliance IP 530 & IP Database Microsoft SQL Server (2000, 7.0, 6.5, 6.0), MS Access (2.0 & 7.0) 3.5. Other Checkpoint (FW-4.1, NG, NGX), WEKA v.3.6.0, MS CA Server, MS Active Directory 2000 & 2003, MS EFS & IPSEC, Cisco IOS, Cisco AiroNet Series, PGP, Symantec (Enterprise A/V, Norton Internet Security), Computer Associates (Unicenter TNG, Innoculan), TrendMicro for Unix, Sybari for MS Exchange, ZoneAlarm Personal Firewall, Kerio Personal Firewall, ISS Proventia Desktop Security, RSA (SecurID, Ace Server), Squid, WebSense, SuperScout, Snort, ISS (Real Secure, Internet Scanner, DB Scanner, System Scanner), GFI LanGuard, Eeye Retina, Nmap, Nessus, SPI Dynamics WebInspect, SolarWinds, MS Office, MS Project, Microsoft Exchange (5.5 & 2000), Kerio Mail Server, MS IIS (4.0, 5.0, 6.0), SAP (R/3, SRM, SEM) 5

6 4. COURSES 4.1. Teaching Experience St. Pölten University of Applied Sciences, AUSTRIA, Graduate & Undergraduate Track 1: CISSP domains; IT Operations Security & Application Development Security Track 2: Information Security Risk Management & Software Risk Management (LLP Erasmus Teaching Staff Mobility Programme; 3 rd May th May 2010) Yasar University, Undergraduate STAT 380 ISO27001/27002 Information Security Management, Dept. of Statistics & Computer Engineering STAT 360 CobiT & ISO Audit of Information Systems, Dept. of Statistics & Computer Engineering Yasar University, Vocational School VCP2 029 IT Security, Dept. of Computer Programming VCP1 110 Introduction to Computer Programming with C++, Dept. of Computer Programming VCP1 210 Programming and Problem Solving, Dept. of Computer Programming UFIT 010 Information Technologies, Dept. of Computer Programming Izmir University of Economics, Undergraduate CS 304 Operating Systems Security, Department of Computer Engineering LOG 464 ISO27001/27002 Information Security Management, Department of Logistics Management Izmir University of Economics, Vocational School VCS272 Computer Security, Software & Programming Department Arkas Holding S.A. 1. Information security awareness training to all the employee in group of companies in Arkas Holding. 2. IT Security, Information Security training to IT staff and to some other departmant staff in several companies in Arkas Holding. 3. IT Security, Information Security, IT Auditor courses to several companies in public & private sectors in Turkey (as a freelance trainer). Navigator S.A. 1. IT Security, Information Security, IT Auditor, Business Continuity Planning & Management, IT Quality Assurance, IT Governance training courses (ref. stand: CobiT, ISACA, ISO27001, ISC 2 ) to several companies in public & private sectors in Turkey. 6