Francisco Milagres

Francisco Milagres

Senior Manager at KPMG - IT Advisory - Risk & Compliance

Curitiba Area, Brazil

Current
  • Senior Manager at KPMG
Past
  • Visiting Professor at Estação Business School
  • Manager at KPMG
  • Information Security Officer at Banco Santander
  • Professor at IBTA
  • Professor at FAESA
  • Information Security Researcher at CPqD Telecom & IT Solutions
  • Graduate Student Researcher at USP - Universidade de São Paulo
  • Undergraduate Student Researcher at USP - Universidade de São Paulo

see less...

5 more...

Education
  • Estação Business School
  • Universidade de São Paulo
  • Universidade de São Paulo
Recommended
Francisco has 11 recommendations 11 people have recommended Francisco
Connections
500+ connections
Industry
Information Technology and Services

Francisco Milagres’s Summary

B.Sc. and M.Sc. in Computer Science at University of São Paulo and Certified Information Systems Security Professional (CISSP).

IT Advisory Services - Risk and Compliance - Senior Manager at KPMG in Brazil, in the southern region (Curitiba, Joinville and Porto Alegre offices). Leader of IT Audit and Advisory projects on financial services, industrial and consumer market clients since 2006.

Francisco Milagres’s Specialties:

IT Audit engagements for financial statement audits and for internal controls over financial reporting according to Sarbanes-Oxley, IT Sourcing, IT Strategy and Governance, COBIT/ITIL/27001 testing and benchmarking, ERP security testing and SoD (Segregation of Duties) reviewing, security testing and information protection projects.

Francisco Milagres’s Experience

  • Senior Manager

    KPMG

    (Partnership; Accounting industry)

    October 2008Present (1 year 10 months)

    Advisory Senior Manager at KPMG, Information Risk Management practice. In charge of IT security and audit engagements on industrial and financial services clients in the south region of Brazil (Curitiba, Joinville and Porto Alegre offices).

  • Visiting Professor

    Estação Business School

    (Education Management industry)

    February 2008December 2009 (1 year 11 months)

    Visiting Professor (Professor-Executivo Visitante) at Estação Business School (http://www.estacaopr.com.br), in Curitiba.

  • Manager

    KPMG

    (Partnership; Accounting industry)

    August 2006September 2008 (2 years 2 months)

    Advisory Manager at KPMG, Information Risk Management practice. In charge of IT security and audit engagements on industrial and financial services clients in the south region of Brazil (Curitiba, Joinville and Porto Alegre offices).

  • Information Security Officer

    Banco Santander

    (Public Company; 10,001 or more employees; SAN; Banking industry)

    November 2004July 2006 (1 year 9 months)

    As a member of the Computer Security and Incident Response Team (CSIRT), I was one of the analysts responsible for the security and incident response activities. My focus was the protection of on-line systems and the response to incidents that impacted these services.

    The main activities included protection, monitoring, requirements definition for new on-line products and security awareness training for protection against new threats such as phishing and malware.

    The main tasks performed were malware analysis, handling of Internet fraud, authorities and regulatory boards notifications, critical information (evidences) acquisition and retention, forensic analysis and incident reporting of misuse or fraud.

  • Professor

    IBTA

    (Privately Held; 201-500 employees; Higher Education industry)

    September 2005October 2005 (2 months)

    I was responsible for presenting a 20 hour class (“Information Security: Concepts and Standards” Discipline) to technology and computer science graduate students on basic information security concepts, risk assessment and management concepts, data classification and security standards, guidelines and procedures.

  • Professor

    FAESA

    (Privately Held; 501-1000 employees; Higher Education industry)

    June 2005June 2005 (1 month)

    I was responsible for presenting a 40 hour class (“Information Security on Web-Based Systems” Discipline) to graduate students on basic information security concepts, risk assessment and management concepts, data classification and the definition of standards, guidelines and procedures, applied to web-based systems. The course included case studies and hands-on activities.

  • Information Security Researcher

    CPqD Telecom & IT Solutions

    (Privately Held; 1001-5000 employees; Telecommunications industry)

    March 2004November 2004 (9 months)

    I was one of the analysts responsible for the definition of risk aspects regarding the development of a large-scale automated log correlation and security management security system.

    The research and development project involved a risk evaluation process on a Brazilian government agency network infrastructure and research to define the necessary tool requirements.

    This project also required the use of a model network infrastructure that included open source firewalls, intrusion detection systems, routers and servers that generated industry standard log information.

  • Graduate Student Researcher

    USP - Universidade de São Paulo

    (Educational Institution; 1001-5000 employees; Research industry)

    March 2003October 2004 (1 year 8 months)

    I was responsible for defining risk aspects regarding the use of ubiquitous computing and its relation to privacy needs. My masters thesis - "Application of context information on computer security" – required a risk evaluation process on ubiquitous computing systems and the management of privacy aspects regarding the use of data to custom live experience on pervasive computing.

    My master’s thesis required also the development of an open source application, with a secure development life-cycle, in order to make the integration of other ubiquitous research modules easier and safer, which was successfully accomplished by the end of this project.

  • Undergraduate Student Researcher

    USP - Universidade de São Paulo

    (Educational Institution; 1001-5000 employees; Research industry)

    November 2001February 2003 (1 year 4 months)

    During this research and development project, I was in charge of the development of security aspects regarding the architecture of agents in a multi-agent system in DEEPSIA (Dynamic On-line Internet Purchasing System Based on Intelligent Agents) e-commerce system.

    I was also in charge for the development of security routines to access message exchange procedures on mobile agents, that communicate over the Internet using secure protocols and require the protection of sensitive data (customer preferences, product data mining information and e-commerce websites ontology, for instance).

    During this project, I implemented cryptography procedures (ciphering and digital signature) on agents’ communications, according to DEEPSIA Project specifications and mobile agents’ requirements.

Francisco Milagres’s Education

  • Estação Business School

    MBA , Finance , 20092010

  • Universidade de São Paulo

    M.Sc. , Information security, ubiquitous and context aware computing , 20032004

  • Universidade de São Paulo

    BSc , Computer science, information security , 19982002

Additional Information

Francisco Milagres’s Honors:

ISSA Chapter Brasil-SP "SECMASTER 2003" Best Information Security Academic Research

View Full Profile

Public profile powered by: LinkedIn

Create a public profile: Sign In or Join Now

View Francisco Milagres’s full profile:

  • See who you and Francisco Milagres know in common
  • Get introduced to Francisco Milagres
  • Contact Francisco Milagres directly

View Full Profile