PROJECT MANAGEMENT

PROJECT MANAGEMENT

PROJECT MANAGEMENT TEAM

These are the assigned practitioners to serve under the project which
highlights their experience and expertise on the domain requirements
 PROJECT TEAM STAFFING

Black Bear Securities Project Team

For the role definitions, we have included profiles of personnel who would make up the Project
Management and Consultancy Team across the different roles.

The team are experts on risk management, digital forensics and incident response, vulnerability
assessments and penetration testing, vulnerability research and cyber threat intelligence. They have
worked with organizations like MITRE as vulnerability assessors for the CNA project in the Philippines.
They have combined certifications which includes OSCP, eJPT, CEH, etc. and they have done a
number of national level contributions such as the COMELEC source code review. They specialize in
finding flaws on the code and checking potential data exfiltration techniques either through the system
or APIs. The team has a few CVEs accredited to their name.

They have done a number of engagements for various industry verticals and ASEAN countries like
Indonesia, Hong Kong, etc. They are also the trainers for VAPT and Offensive Red Teaming for armed
forces, law enforcement and other private/public organizations.

They specialize in finding flaws relating to People, Process and Technology. They are highly
experienced professionals with more than 50 yrs of combined experience in the field of MSOC/CSIRT,
VAPT, CTI, DFIR and Red Teaming.

Here are the profiles of the people assign to the project based on the assigned RACI Matrix:

Role in the Project: Network Architecture Consultant – Responsible | Accountable

Areas of • Network and Security Operations

Expertise • Network Architecture Review
• Risk Assessment
• ISO9001 and ISO27001
• Incident Response
• Project Management
Education • Bachelor of Science in Electronics and Communications Engineering (Licensed)
and • Cisco Certified Network Associate
Certifications • Juniper Networks Certified Internet Associate – Enterprise Routing (JNCIA-ER)
• Juniper Networks Certified Internet Specialist – Enterprise Routing & Switching
(JNCIS-ENT)
• ITIL Foundation Certificate for Service Management
• Nexusguard Certified Security Analyst
• Nexusguard Certified Seccurity Specialist
• Nexusguard Web Application Security (NWAS)
Experience Mandy has a total of 16 yrs. in the field of Network and Security Operations. With experience
in handling customers on a global scale supporting clients from Communications Service
Providers, financial sector, e-commerce, entertainment and government sectors. He
experienced the evolution of threats and technologies, thus having a huge advantage in
ensuring our clients to be up to standards in terms of resiliency and security. His exposure to
international practices and standards, ensures that the delivery of services to our clients will
be of the highest quality.
Role in the Project: MSOC Delivery Manager – Responsible | Accountable
Areas of • Cyber Security Strategy and Roadmap
Expertise • SOC/CSIRT Design

Unit B 7/F 8 Rockwell Bldg., Hidalgo Drive, Rockwell Center, Brgy Poblacion, Makati City 1210
Website: www.blackbearsecurities.com I Email: [email protected] I Contact: +63286837594
 PROJECT TEAM STAFFING

• Digital Forensics Incident Response

• Cyber Threat Intelligence
• ISO27001, ISO277001 and ISO27032
• Project Management
Education • Bachelor of Science in Computer Engineering
and • Executive Masters in Business Administration – Ongoing
Certifications • Microsoft Certified Systems Administrator (MCSA)
• Trend Micro Certified (TCSM and TCSE)
• CompTIA Certified (Security+ and Network+)
• EC-Council (C|EH and C|HFI)
• CREST Practitioner Security Analyst (CPSA) – Ongoing
• ISACA Certified Information Security Manager – Ongoing
• Nexusguard (Certified Pentester, Security Associate, Security Specialist, Incident
Responder, Web Applications Security)
• ISO27001 Lead Implementer
• Dominguez Public Relations Certified Practitioner
Experience Martin is a seasoned cyber security specialist with a cumulative experience of 18 years in the
information security industry, majority of which he has spent focusing on malware analysis,
SOC/CSIRT design, threat intelligence, incident response, project management and data
privacy. He is also a registered Data Privacy Officer in the Philippines and in Singapore. His
experience pans across various industry verticals and geographies in Asia Pacific and Japan,
Middle East and North America. He has authored various courses and conducted training for
various CERTs and Law Enforcement across APJ notably the Nanyang Technological
University in Singapore. He serves as Highly Technical Consultant (HTC) for government
agencies and corporations improving and developing the people, process and technology
strategies both in ICT infrastructure and policy development. The highlight of his career is the
commanded 2 command centres in Singapore during the Annonymous attack in 2013 against
the Singapore Government and development of various business units from ground up till
profitability.
Role in the Project: VAPT Practitioner | Bug Bounty – Responsible | Consulted
Areas of • VAPT of Web Applications
Expertise • Source Code Review
Education • Bachelor of Science in Information Technology
and • Nexusguard Web Application Seurity (NWAS)
Certifications • EC-Council (C|EH) – Ongoing
• eLearn Security- EWPT
Experience Kent is an experienced bug bounty hunter who has reported Critical security findings to
international companies such as Google, Microsoft, Dell, Ibotta, Ford Motors, AT&T, Netflix
and many more. He has published findings like CVE-2019-7527.
Role in the Project: VAPT Practitioner | Vulnerability Research – Responsible | Consulted

Areas of • VAPT of Web Applications

Expertise • VAPT for Networks
• VAPT for Mobile IOS
Education • Bachelor of Science in Information Technology
and • Certified Digital Forensics Professional (eCDFP)
Certifications • Mobile Application Penetration Tester (eMAPT)
• CREST Registered Penetration Tester (CRT)
• CREST Practitioner Security Analyst (CPSA)
• Web Application Penetration Tester (eWPT)
• Offensive Security Certified Professional (OSCP)
• Certified Junior Penetration Tester (eJPT)
• Certified Ethical Hacker (CEH)
• ITIL® v3 Certified

Unit B 7/F 8 Rockwell Bldg., Hidalgo Drive, Rockwell Center, Brgy Poblacion, Makati City 1210
Website: www.blackbearsecurities.com I Email: [email protected] I Contact: +63286837594
 PROJECT TEAM STAFFING

Experience Jeffrey is involved in various engagement teams on diversified projects across vertical
industries. His area of focus is on Cyber Security Advisory and Penetration Testing. He has
a background founded in cybersecurity penetration testing, security operation analyst,
security consultant (attack simulation) and network & system administrator. He is
experienced in performing and overseeing cybersecurity assessments, penetration testing
including network, web, and mobile applications. Jeffrey possesses strong web application
security experience with a thorough understanding of application vulnerabilities, including
automated and manual testing. Jeffrey has helped various clients in both government and
commercial sectors uncover critical vulnerabilities that exist on their applications and advised
them on potential consequences if those vulnerabilities were left unpatched. Aside from that,
Jeffrey also actively participates in public bug bounty programs to further develop his skills in
penetration testing.
Role in the Project: Red Team Lead – Responsible | Consulted

Areas of • VAPT of Web Applications

Expertise • VAPT for Networks
• Application and Exploit Developer
Education • Bachelor of Science in Information Technology
and • GIAC Web Application Penetration Tester (GWAPT)
Certifications • GIAC Exploit Researcher and Advance Penetration Tester (GXPN)
• Offensive Security Certified Professional (OSCP)
• Offensive Security Certified Expert (OSCE)

Experience Gerard is a seasoned offensive security and software engineer with over 10 years of combined
working experience in both fields. He graduated with honors (Cum Laude). He considers
himself a lifelong learner and continued to further his skills after he graduated as he completed
several well-regarded certifications in the IT industry, both in software engineering and IT
security. He also leverages his software development background to develop automations and
tooling that can streamline the processes his team is involved in.
Role in the Project: DFIR Team Lead – Responsible | Consulted

Areas of • Digital Forensics

Expertise • Data Privacy
• Cyber Threat Intelligence
Education • Bachelor of Science in Information Technology
and • Certified Information Systems Security Professional (CISSP)
Certifications • Nexusguard Certified Incident Responder (NCIR)
• Digital Forensic Expert Witness
• Advance Malware Analysis – Interpol
• Cybersecurity Practices for Industrial Control Systems – DHS CISA
• Access Data Certified Examiner
• Civil Service Professional
Experience Rodel is a cyber security enthusiast with more than 10 years’ worth of experience focusing on
penetration testing and digital forensics. He used to work for a law enforcement agency doing
digital forensics and cybercrime investigation. He also worked with law enforcement and
defense agencies in the past by providing them with the resources they needed to efficiently
carry out their tasks when it comes to defending cyberspace. He also helped various
educational institutions, including Harvard University, secure their IT infrastructures by
responsibly disclosing any vulnerabilities he had found. He attended training such as
Advanced Malware Analysis conducted by INTERPOL, ICS training by US-DHS CISA, and
was certified as an expert witness in a regional trial court. He also completed various digital
forensics training such as Access Data Certified Examiner and Digital Forensics course from
Charles Sturt University. He spends his time searching for vulnerabilities in various software,
which ultimately resulted in a CVE contribution under his name.

Unit B 7/F 8 Rockwell Bldg., Hidalgo Drive, Rockwell Center, Brgy Poblacion, Makati City 1210
Website: www.blackbearsecurities.com I Email: [email protected] I Contact: +63286837594
 PROJECT TEAM STAFFING

Role in the Project: Red Team Practitioner – Responsible | Consulted

Areas of • VAPT of Web Applications

Expertise • VAPT for Networks
Education • Bachelor of Science in Electronics and Communications Engineering
and • Cisco Certified Network Administrator (CCNA)
Certifications • Cisco Certified Network Professional (CCNP)
• eLearnSecurity Junior Penetration Tester (eJPT)
• EC-Council (C|EH-Practical)
• Comptia Pentest+
• Offensive Security Certified Professional (OSCP)
Experience Gil is a licensed Electronics Engineer and has been in the IT industry for over 10 years. He
has 7 years of experience in information security in banks leading and managing the internal
and external Vulnerability Management (VM) and Penetration Testing.
Role in the Project: VAPT Practitioner | Vulnerability Research – Responsible | Accountable

Areas of • VAPT of Web Applications

Expertise • VAPT for Networks
• Wireless and Infrastructure VAPT
• Basic Mobile App VAPT
• Adversary Simulation & Red Team Operations
• Computer Digital Forensics
Education • Bachelor of Science Information Technology
and • eLearn Security
Certifications • Web Application Penetration Tester
• Offensive Security Certified Professional
• eLearnSecurity Certified Professional Penetration Tester
• Certified Red Team Operator
• eLearn Security Certified Threat Hunting Professional (eCTHP)
Experience Rhenzo is an experienced IT Professional that has an extensive skill in System
Administration and currently specializing in Digital Forensics & Penetration Testing Field.
Attended in some Capture the Flag Challenges like SANS CTF and Hackthebox CTF. He
possesses network and web application security experiences with a deep understanding of
multiple vulnerabilities, including manual and automated testing and assessed various
clients in both government and commercial sectors on uncovering critical vulnerabilities that
are existed on their systems (network, infrastructures, applications) and advised them on
potential consequences if those vulnerabilities were left unpatched.
Role in the project: VAPT Practitioner | Vulnerability Research – Responsible | Consulted

Areas of Expertise • VAPT of Web Applications

• VAPT for Networks
• VAPT for API application
• VAPT for Mobile application
• VAPT for Wireless

Education and • Bachelor of Science in Electronics Engineering

Certifications • Licensed Electronics Engineer
• Offensive Certified Professional (OSCP)
• Practical Network Penetration Tester (PNPT)
• elearnSecurity Web Application Penetration Tester (eWPT)
• elearnSecurity Junior Penetration Tester
• Recorded Future Certified Analyst
• CompTIA Security+

Unit B 7/F 8 Rockwell Bldg., Hidalgo Drive, Rockwell Center, Brgy Poblacion, Makati City 1210
Website: www.blackbearsecurities.com I Email: [email protected] I Contact: +63286837594
 PROJECT TEAM STAFFING

Experience JC is an experienced Penetration Tester with almost 4 years of experience in the

industry, handled multiple successful VAPT projects such as Web, API, Wireless,
Mobile. Currently he is working as a Senior Penetration Tester.
Role in the Project: GRC Practitioner | GRC Implementation – Responsible | Accountable

Areas of Expertise •ISO 20000

•ISO 27001
•ISO 22301
•ISO 9001
•ISO 22000
•ITIL/COBIT
•PCI-DSS
•WLA-SCS
•Data Privacy Act - Compliance
•Management Systems / Certification Auditor
Education and •Bachelor of Science in Computer Science
Certifications •ITIL Foundation Certified
•ITIL OSA Certified
•Certified BCM Implementer
•Certified ISMS Implementer
•Certified Lead Auditor
Experience Ted is an information security professional for 31 years specializing in the areas of
information risk management and information security development and implementation.
At present, he is the practice leader for IT Governance and Information Security
Management System (ISO 27001). His responsibility includes handling all
information security consulting projects and ensures that they can be certified
against the ISO 27001 standard. He also handles development of Information
Technology Service Management (ITSM-ISO 20000), Business Continuity
Management (BCM-ISO 22301) Payment Card Standards (PCI-DSS) and Quality
Management Systems (QMS-ISO 9001). He started his career in information security
as a technology implementer and management consultant working for an independent
consulting and assessment firm.
Role in the Project: Data Privacy Practitioner | GRC Implementation – Responsible | Accountable

Areas of Expertise • Data Privacy Act - Compliance

• Database Management
• Web Application Development
• Philippine Laws and related legal knowledge
Education and • Bachelor of Science in Computer Science
Certifications • Juris Doctor – Philippine Bar Passer
• IBM Certified Designer – Cognos 10 Business Intelligence Reports
• IBM Academic Associate – DB2 Database and Application Fundamentals
• IBM Certified Specialist – Rational Appscan
• NPC registered Data Privacy Officer

Experience Jofrank is a registered data privacy officer and a practicing lawyer in the Philippines with
a background in computer applications. As a computer programming enthusiast, he has
various certifications under IBM and is a professor in New Era University focused on
application development. His knowledge on application security and data privacy is
advantage to any organization who wants to comply to data privacy laws in the
Philippines and abroad.
Role in the Project: Microsoft and Network Expert – Responsible | Consulted

Areas of Expertise • Network Security

• SOC

Unit B 7/F 8 Rockwell Bldg., Hidalgo Drive, Rockwell Center, Brgy Poblacion, Makati City 1210
Website: www.blackbearsecurities.com I Email: [email protected] I Contact: +63286837594
 PROJECT TEAM STAFFING

• Incident Analysis and Review

• Operations Enablement
• Management Information System
Education and • Bachelor of Science and Information Technology
Certifications • Nexusguard (Certified Network Security Analyst, Specialist)
• (ISC2) Certified in Cyber Security
• CCNA Trained
• Comptia Trained (Security+ and Network+)

Experience Glen is a data driven and detail-oriented network security analyst and specialist with 10
plus years of experience in IT Industry. His support experience pans across various
industry like electronic devices manufacturing and cloud based manage services with
the scale from small to large organization. He currently leads the Security Operations
Center of a PH based technology solution provider.
Role in the Project: IR – Responsible | Consulted

Areas of Expertise • Digital Forensics

• Incident Response
• Threat Hunting
• SOC
Education and • Bachelor of Science and Information Technology
Certifications • GIAC (GIAC Certified Forensics Analyst)
• eLearn Security Threat Hunting Professional
• eLearn Security Junior Penetration Testing
• Certified Ethical Hacker
Experience John is an accomplished professional in IT industry with a strong background in
cybersecurity. With seven years of experience spanning various sectors, including
financial banking, IT firms, telco, and consulting. He is also an instructor of one of the
training provider in the Philippines. His commitment to continuous growth and
professional development is evident through his management of various cybersecurity
certifications.
Role in the Project: Malware Analysis – Responsible | Accountable

Areas of Expertise • Malware Analysis

• Reverse Engineering
• Threat Assessment
• Compromise Assessment
• Tools Developer
Education and • Bachelor of Technology in Information Technology
Certifications • ISC2 Certified Information Systems Security Professional (CISSP)
• EC-Council (C|EH and ECSA)
• Trend Micro Certified (TCSM and TCSE)
Experience Reuel is a 20-year veteran on malware analysis and reverse engineering specializing
on regional threats within APJ and tools development. He has worked with the anti-
malware industry in providing threat analysis, conducts research on current and
emerging threats and writes malware analysis research.
As a developer he also develops various scripts and tools for malware analysis and
clean-up being used in the field by the incident response teams. As an educator he has
taught various topics on malware analysis and programming like C/C++, Program Logic
Formulation, etc.
Role in the Project: Malware Analyst Associate | Accountable
Areas of Expertise • Malware Analysis & Reverse Engineering
• Cyber Defense & Threat hunting

Unit B 7/F 8 Rockwell Bldg., Hidalgo Drive, Rockwell Center, Brgy Poblacion, Makati City 1210
Website: www.blackbearsecurities.com I Email: [email protected] I Contact: +63286837594
 PROJECT TEAM STAFFING

• Scripting & Coding

Education and • Bachelor of Science in Computer Science
Certification • TVL – Information and Communication Technology
• Elearn Malware Analysis Professional (eCMAP)
• Elearn Security Junior Penetration Tester (eJPT)
• GuideM Certified Cyber Defense Professional (GCDP)
• Oracle Autonomous Database Cloud Certified Specialist
• Oracle Autonomous Database Cloud Infrastructure
Experience Aldwin is a dedicated and results-driven malware analyst. Proficient in
deobfuscating malware through reverse engineering, he adeptly combines this
expertise with his skill in scripting, enabling the seamless integration of open-
source tools. Beyond his technical acumen, he is an avid speaker delving into
cybersecurity topics. His active participation in CTF competitions not only
demonstrates his passion but also underscores his unwavering commitment to
skill expansion and the continual progression of the field.
Role in the Project: Project Coordinator – Responsible | Accountable

Areas of Expertise • Project Management

• Customer Service
Education and • SAS Project Management Fundamentals
Certification • Nexusguard Certified Cybersecurity Specialist
• Nexusguard Web Application Security
Experience Nichole has a year of project management experience. She managed numerous clients
and projects with various businesses around the world before transitioning towards cyber
security. She guarantees the success of the plan and its execution. She assists in cyber
security training sessions as well, making sure to lead the students and assist them in
completing their tasks. She oversees organizing, carrying out, overseeing, controlling,
and wrapping up tasks. In addition, she is responsible for the entire project's scope, its
team and resources, and its success or failure.

Unit B 7/F 8 Rockwell Bldg., Hidalgo Drive, Rockwell Center, Brgy Poblacion, Makati City 1210
Website: www.blackbearsecurities.com I Email: [email protected] I Contact: +63286837594
 PROJECT TEAM STAFFING
https://www.blackbearsecurities.com

CORPORATE HEADQUARTERS
Address: 8 Rockwell Drive, 8 Rockwell Center, Makati City, Philippines
Number: +63286837594 | Email: [email protected]

FOLLOW US

Unit B 7/F 8 Rockwell Bldg., Hidalgo Drive, Rockwell Center, Brgy Poblacion, Makati City 1210
Website: www.blackbearsecurities.com I Email: [email protected] I Contact: +63286837594