Alessandro Sardo

About Me

Cyber security professional with an innate passion for advisory.

A business-oriented computer engineer with over 7 years of experience in providing large financial and industrial organizations with practical advice about how to better protect against cyber attacks, navigate in the constantly evolving cyber threat landscape and take advantage of opportunities in today's digital world in a safe way.

Proven track record in empowering enterprises to make cost-effective decisions on risk mitigation strategies and investments, maintain the trust of their customers, transform their governance and achieve compliance with local and international regulations.

Currently based in western Switzerland (Geneva region), but active in the entire EMEIA (Europe, Middle East, India and Africa) area.

Specialties

Information and cyber security advisory

Assist large enterprises with strategic advices, practical insights and benchmarking information related to the cyber world.

Information security and cyber risk management

Assessment, mitigation and ongoing monitoring of information security, IT security and cyber security risks.

Ethical hacking and penetration testing

Identification of vulnerabilities in IT infrastructures, web and mobile applications. Delivery of social engineering assessments.

Data privacy and data protection

Implementation of data privacy regulatory requirements. Design and evaluation of data leakage prevention (DLP) controls.

Security governance and transformation

Definition of cyber security strategies and governance frameworks. Support with large transformation programs.

Business continuity management

Development and implementation of Business Continuity Plans (BCP) and Disaster Recovery Plans (DRP).

Resume

A summary of my professional journey to date is included below. If you're curious and would like to know more, do not hesitate to contact me.

Work experience
2011 - present
Manager - Ernst & Young, Geneva (CH)
Provided information and cyber security advisory services to large financial and industrial organizations as part of the IT Risk & Assurance team of EY Switzerland. Currently responsible for the advisory market in western and southern Switzerland (Romandie, Tessin).

Major achievements:
- Significantly expanded the firm's information and cyber security advisory capabilities in the covered regions by leading a team of local skilled resources
- Strengthened business development and acquisition of cyber security advisory services for organizations based in those regions, increasing direct and indirect sales by over 100% per year
- Managed and led operational delivery of a portfolio of engagements annually worth over 1 mCHF, always meeting deadlines and gross margin expectations
- Leveraged network of international contacts to increase cross-border cooperation between the Swiss practice and teams from the rest of the EMEIA area (e.g. United Kingdom, Germany, Poland, Luxembourg, India)
- Constantly obtained excellent feedback for the work provided, recognizing the superior quality and the ability to communicate on par with both technical experts and senior business executives
2009 - 2011
Senior Consultant - Ernst & Young, Milan (IT)
Provided information and IT security advisory services to medium and large financial organizations as part of the IT Risk & Assurance team of EY Italy.

Major achievements:
- Led operational delivery of most information and IT security advisory services provided to Italian-based financial institutions
- Supported senior management in business development and go-to-market activities, leading to significant improvements in closing ratio
- Facilitated communication and integration between the Italian practice and other EY teams from the rest of Europe
2008 - 2009
Software Engineer - Delos, Turin (IT)
Designed, developed and improved secure firmware and drivers for paramedical devices.

Major achievements:
- Designed and developed firmware and drivers that obtained independent quality certifications
- Reverse engineered, improved functionality and remediated vulnerabilities in firmware of which source code had been lost
2006 - 2007
System Administrator - Polytechnic University of Turin (IT)
Managed a mid-sized domain composed of heterogeneous system architectures (Windows, Linux, BSD, Solaris).

Major achievements:
- Led migration of legacy IT platforms to virtualized environments, achieving 30% annual cost savings
- Designed and deployed a new network security solution, increasing protection of critical assets and security monitoring capabilities
- Reorganized backup infrastructure and implemented live failover for critical systems, leading to major improvements in data availability

Education
2006 - 2009

Master of Science in Computer Engineering

Polytechnic University of Turin (IT)
2002 - 2006

Bachelor of Science in Computer Engineering

Polytechnic University of Turin (IT)

Certifications
2014

ISO/IEC 27001:2013 Lead Implementer

EY CertifyPoint
2012

Certified Information Security Manager (CISM)

Information Systems Audit and Control Association (ISACA)
2012

Certified Informatiom Systems Auditor (CISA)

Information Systems Audit and Control Association (ISACA)
2010

Certified Ethical Hacker (C|EH)

EC-Council
2009

Certified Information Systems Security Professional (CISSP)

International Information Systems Security Certification Consortium (ISC)²

Skills

Soft skills

Flexibility and hands-on approach
Meticulous attention to quality
Effective communication at both technical and business levels
Initiative, problem solving and self-awareness
Leadership and teamwork
Adaptability to multicultural environments

Knowledge

ISO/IEC 27001:2013 Standard
NIST Cybersecurity Framework
Payment Card Industry Data Security Standard (PCI DSS)
FINMA Regulations (e.g. RS 08/21 Annex 3)
EU General Data Protection Regulation
...and many more

Languages

Italian

native

English

fluent

French

basic

Contact Me

If you wish to know more about me, feel free to reach out via social networks:

-