cv
Basics
| Name | Eugene Fateev |
| Label | Cyber Security Engineer |
| [email protected] | |
| Phone | +48571991969 |
| Url | https://cybertwierdza.com |
| Summary | ISC2 CISSP certified Cyber Security Engineer with 12+ years in IT and cybersecurity. Passionate about penetration testing, AI/LLM security, PCI DSS compliance, and building secure architectures for payment systems and cloud environments. Active practitioner on Hack The Box, TryHackMe, and LetsDefend. |
Work
-
2025.05 - Present
Lead Cybersecurity Architect
SiriusOne
- Application Security & Pentesting: manual and automated penetration tests of web and cloud applications using Burp Suite, Nuclei, Metasploit, Invicti, OWASP ZAP; reports aligned with OWASP ASVS.
- Architecture Security Reviews: designed and evaluated secure architectures for payment systems and cloud workloads against CIS Benchmarks, NIST CSF, PCI DSS 4.0, AWS Well-Architected Framework.
- AI/LLM Compliance: built internal methodology for evaluating GenAI applications and RAG pipelines based on ISO/IEC 42001 and NIST AI RMF.
- AI Pentesting: designed and conducted AI/LLM-focused penetration testing using OWASP LLM Top 10 and MITRE ATLAS frameworks.
-
2023.06 - Present
Founder, Freelancer
Cyber Twierdza
Freelance cybersecurity consulting: penetration testing, compliance advisory (PCI DSS v4.0, ISO 27001:2022, DORA EU), cloud security assessments (Azure, AWS), SOC enablement, phishing simulations, and OSINT.
-
2023.05 - Present
Lead Cybersecurity Specialist
FTCo Limited
- Led SOC and Security Team: security initiatives, Strategic and Tactical Plans, communication with Executive Management.
- Risk Assessments: conducted risk assessments following ISO 27001:2022, ISO 42001:2023, and CIS RAM standards.
- Vulnerability Management: managed assessment processes and ensured timely remediation.
- Application Security: configured SAST/DAST tools and performed penetration testing.
- AI SOC Enablement: extended SIEM and SOAR use cases (Azure Sentinel, MS Defender, Elastic Stack) for AI-driven threat detection including LLM misuse and data leak patterns.
- PCI DSS Compliance: managed compliance programs including SAQ-D reports, scans, and coordination of external audits.
-
2021.11 - 2023.05
Lead CyberSecurity Specialist
Finteco
- Established and led SOC department (L1+L2 processes, KPI, SLA, documentation, training).
- Improved cloud security posture for AWS and Azure tenants.
- PCI DSS Internal Audit: compliance assessments, firewall reviews, development configuration standards, SAQ-D, ASV coordination, external QSA audit support.
- Vulnerability Management: established process and policy (PCI DSS, ISO 27001 scope); tooling: Tenable Nessus, Netsparker, SonarQube.
- IAM: Azure IAM, Conditional Access, MFA implementation across group companies.
- Technology stack: Azure Sentinel, ELK, MS Defender, Power Automate, Logic Apps, MITRE ATT&CK, MaGMa UCF, CIS Controls/RAM/CSAT.
-
2019.08 - 2021.11
Lead System Administrator
Finteco
- Azure IAM, RBAC, PAM, SSO configurations and Conditional Access rules.
- IAM management for group services (Atlassian, developer tools).
- Microsoft 365 support, SharePoint automations (Power Automate), MS Teams.
- Risk management activities and Security Baseline project.
- Vulnerability management: scanning, reporting, ASV scans (PCI DSS scope).
-
2018.02 - 2019.08
-
2012.10 - 2018.02
System Administrator
CTDev
- Implemented VoIP, upgraded network infrastructure (Avaya switches, Cisco wireless controller, VLANs).
- Migrated EcoPayz project servers (Windows 2003 → 2016), configured SQL failover clusters and Windows NLB.
- Completed Microsoft Silver Partner: Application Development qualification support.
-
2012.03 - 2012.10
System Administrator
CTXM
- Managed Linux infrastructure (SQUID, BIND, iptables, Postfix/Dovecot, OpenVZ, Bacula).
- Migrated physical servers to VMware vCenter infrastructure.
- Implemented access control, server room monitoring, and video surveillance (Security project).
Education
-
2005.09 - 2010.07 Engineer's degree
Belarusian State University of Informatics and Radioelectronics
Information Technology
Certificates
| Microsoft MCSA | ||
| Microsoft |
| Microsoft SC-900 | ||
| Microsoft |
| Microsoft AZ-900 Azure Fundamentals | ||
| Microsoft |
| Certified Linux Administrator (LPIC-1) | ||
| LPI / Pearson VUE |
| CCNA | ||
| Cisco / Pearson VUE |
| ISC2 CISSP | ||
| ISC2 |
| AWS Certified AI Practitioner | ||
| Amazon Web Services |
| HTB CPTS: Certified Penetration Testing Specialist | ||
| Hack The Box |
| CRTO: Red Team Ops | ||
| Zero Point Security |
| HTB CJCA: Certified Junior Cybersecurity Analyst | ||
| Hack The Box |
| HTB CWES: Certified Web Exploitation Specialist | ||
| Hack The Box |
Skills
| Penetration Testing | |
| Burp Suite | |
| Metasploit | |
| Nuclei | |
| OWASP ZAP | |
| Invicti |
| Application Security | |
| OWASP ASVS | |
| SAST | |
| DAST | |
| SonarQube |
| AI & LLM Security | |
| OWASP LLM Top 10 | |
| MITRE ATLAS | |
| ISO/IEC 42001 | |
| NIST AI RMF |
| Red Teaming | |
| CRTO | |
| MITRE ATT&CK |
| PCI DSS | |
| PCI DSS v4.0 | |
| SAQ-D | |
| ASV | |
| QSA coordination |
| Cloud Security | |
| Microsoft Azure | |
| AWS | |
| Azure Sentinel | |
| MS Defender |
| Risk Management | |
| ISO 27001:2022 | |
| CIS RAM | |
| CIS Controls | |
| NIST CSF |
| Security Operations | |
| SOC | |
| SIEM | |
| SOAR | |
| ELK | |
| Wazuh | |
| Suricata |
| Vulnerability Management | |
| Tenable Nessus | |
| OpenVAS | |
| CVE triage |
| Identity & Access Management | |
| Azure IAM | |
| RBAC | |
| PAM | |
| MFA | |
| Conditional Access |
| Linux |
| Hardening | |
| CIS Benchmarks | |
| OpenSCAP |
Languages
| Russian | |
| Native Speaker |
| English | |
| B2 |
| Polish | |
| A1 |
Interests
| Hobbies | |
| Scuba Diving | |
| Drone Pilot | |
| Snowboarding | |
| Radio Amateur | |
| Hacking CTFs | |
| Weiqi (1K) | |
| HomeLab | |
| Photography |