Francisco Milagres

February 2008 – August 2011 (3 years 7 months) Curitiba Area, Brazil

Visiting Professor (Professor-Executivo Visitante) at Estação Business School (http://www.ebs.edu.br), in Curitiba.

Privately Held; 51-200 employees; Information Technology and Services industry

May 2011 – July 2011 (3 months) Porto Alegre Area, Brazil

Founded in 1999 and operational in all of Latin America, Axur is a Brazilian technology company specialized in the concept of cloud care, to protect the business from public and private organizations by identifying and combating cyber threats. With advanced technology, certified engineers, international partnerships and global monitoring infrastructure, Axur provides customized solutions for highly complex projects, appropriate to the needs of large corporations.

Partnership; 10,001+ employees; Accounting industry

October 2008 – April 2011 (2 years 7 months) Curitiba Area, Brazil

Senior Manager at KPMG, IT Advisory Services - Risk & Compliance practice. In charge of IT Audit engagements and Advisory on industrial and financial services clients in the south region of Brazil (Curitiba, Joinville and Porto Alegre offices).

Partnership; 10,001+ employees; Accounting industry

August 2006 – September 2008 (2 years 2 months) Curitiba Area, Brazil

Manager at KPMG, IT Advisory Services - Risk & Compliance practice. In charge of IT Audit engagements and Advisory on industrial and financial services clients in the south region of Brazil (Curitiba, Joinville and Porto Alegre offices).

Privately Held; 10,001+ employees; Banking industry

November 2004 – July 2006 (1 year 9 months) São Paulo Area, Brazil

As a member of the Computer Security and Incident Response Team (CSIRT), I was one of the analysts responsible for the security and incident response activities. My focus was the protection of on-line systems and the response to incidents that impacted these services.

The main activities included protection, monitoring, requirements definition for new on-line products and security awareness training for protection against new threats such as phishing and malware.

The main tasks performed were malware analysis, handling of Internet fraud, authorities and regulatory boards notifications, critical information (evidences) acquisition and retention, forensic analysis and incident reporting of misuse or fraud.

Privately Held; 201-500 employees; Higher Education industry

September 2005 – October 2005 (2 months) Campinas Area, Brazil

I was responsible for presenting a 20 hour class (“Information Security: Concepts and Standards” Discipline) to technology and computer science graduate students on basic information security concepts, risk assessment and management concepts, data classification and security standards, guidelines and procedures.

June 2005 – June 2005 (1 month) Vitória Area, Brazil

I was responsible for presenting a 40 hour class (“Information Security on Web-Based Systems” Discipline) to graduate students on basic information security concepts, risk assessment and management concepts, data classification and the definition of standards, guidelines and procedures, applied to web-based systems. The course included case studies and hands-on activities.

Privately Held; 501-1000 employees; Telecommunications industry

March 2004 – November 2004 (9 months) Campinas Area, Brazil

I was one of the analysts responsible for the definition of risk aspects regarding the development of a large-scale automated log correlation and security management security system.

The research and development project involved a risk evaluation process on a Brazilian government agency network infrastructure and research to define the necessary tool requirements.

This project also required the use of a model network infrastructure that included open source firewalls, intrusion detection systems, routers and servers that generated industry standard log information.

Educational Institution; 51-200 employees; Research industry

March 2003 – October 2004 (1 year 8 months) São Carlos Area, Brazil

I was responsible for defining risk aspects regarding the use of ubiquitous computing and its relation to privacy needs. My masters thesis - "Application of context information on computer security" – required a risk evaluation process on ubiquitous computing systems and the management of privacy aspects regarding the use of data to custom live experience on pervasive computing.

My master’s thesis required also the development of an open source application, with a secure development life-cycle, in order to make the integration of other ubiquitous research modules easier and safer, which was successfully accomplished by the end of this project.

Educational Institution; 51-200 employees; Research industry

November 2001 – February 2003 (1 year 4 months) São Carlos Area, Brazil

During this research and development project, I was in charge of the development of security aspects regarding the architecture of agents in a multi-agent system in DEEPSIA (Dynamic On-line Internet Purchasing System Based on Intelligent Agents) e-commerce system.

I was also in charge for the development of security routines to access message exchange procedures on mobile agents, that communicate over the Internet using secure protocols and require the protection of sensitive data (customer preferences, product data mining information and e-commerce websites ontology, for instance).

During this project, I implemented cryptography procedures (ciphering and digital signature) on agents’ communications, according to DEEPSIA Project specifications and mobile agents’ requirements.