FROM TO Rafael Rodríguez, CISA, CISM, CEH

Rafael Rodríguez, CISA, CISM, CEH

From to

FROM TO Rafael Rodríguez, CISA, CISM, CEH

FROM TO Rafael Rodríguez, CISA, CISM, CEH

$ whoami

• Computer Science Engineer (ULL)

• IT Auditor, Ernst & Young (Las Palmas, 2006-2007) • IT General Controls, consultancy in compliance-related

topics

• IT Security Auditor, Deloitte (Madrid, 2007-2012) • « Ethical hacking », gaming security, PCI-DSS

• IT Internal Auditor, Siemens (Munich, 2012-present) • IT security for all Siemens worldwide

• Managing forensic cases for internal and external investigations

About Siemens

• ~360.000 employees in ~190 countries

• 4 sectors

• Healthcare: from diagnostic devices to software for hospital management

• Industry: from plant automation to large drives technologies

• Energy: from wind turbines to power transmission

• Infrastructure and cities: from trains to smart grid

What I am (normally) doing

• As auditor:

• Running IT security audits

• Leveraging the risk to the business

• Reporting to high management

• As forensic investigator:

• Collecting and processing data as required by lawyers

• Supporting investigations looking for: • Misbehaviour of invididuals (fraud, corruption, etc.)

• Facts for supporting Siemens on a litigation

Key success factors

• Cultural sensitivity • Chinese != Germans != Americans != Spaniards != …

• Soft skills • Ability to communicate, deliver presentations, establish networks with

peers and clients, manage others, solve conflicts, etc.

• Work smarter, not longer • Timetable flexibility, home office, self-management

• Orientation to the next step • What do you want to become when you grow up?

Questions?