projects involved

 Over a three-year period, supported the Deputy Ministry of Research, Innovation & Digital Policy in building the Cybersecurity Directorate from the ground up, establishing governance frameworks, policies, and standards, and spearheading a multimillion-euro initiative to deploy security controls and solutions protecting the pubic administration digital infrastructure. 

 Established and developed the Information Security Offices of the two leading banks in Cyprus [Laiki  Bank | Bank of Cyprus] from the ground up, advancing them to a mature and robust security posture. 

 Member of the EUCS Ad-hoc Working Group, contributing to the discussions and shaping of the scheme’s core components and framework. 

Member of the European Cybersecurity Skills Framework (ECSF) Working Group, contributing to the development and alignment of cybersecurity roles, competencies, and skills across the EU. 

Policy Advising at the Association of Cyprus Banks, providing strategic guidance on cybersecurity, regulatory compliance, and digital transformation—focusing on the EU AI Act, Open Finance Framework, and Data Act—while supporting ACB’s active participation in the European Banking Federation (EBF) and National policy initiatives.

Supported one of Cyprus’s leading ICT providers in strengthening its security governance and control environment, culminating in the successful attainment of ISO 27001 certification. 

Developed and implemented cybersecurity performance metrics (KPIs and KRIs) and designed a dashboard to effectively communicate thresholds, trends, and real-time status to management. 

Developed a DLP strategy and programme. Recruited an enteprise wide DLP system (covering data in motion, data at rest, data in use) and put it in operation with a large number of rules in place.

Developed the cybersecurity strategy oat two financial institutions upon agreement with all stakeholders, the BoD and the Regulators. 

Managed the tactics and its implementation to completion.

Developed the Information Security Policies (High level and specific ones)  after reviewing with internal and external stakeholders and aligning them with regulatory frameworks.

Setup security controls in line with ISO27002, NIS2, GDPR, EBA Guidelines. PCI DSS, PSD2, Secure Controls Framework.

Assessed defined controls following a Capability Maturity Model, developed reemediation plan and monitored its progress to completion 

 Established the risk assessment framework in line with ISO27005 and carried our respective risk assessments. 

Established a security awareness program:

> in-class 

> e-learning 

> through phishing simulations,

Setup the framework for a 24x7 Security Operations Centre covering technology, people and processes pillars.  

 Designed and implemented a comprehensive Security Incident Response Plan (SIRP) and established a dedicated Security Incident Response Team (SIRT), conducting regular cybersecurity exercises to validate readiness and continuously improve response capabilities. 

Managed the penetration test program covering external, internal and social engineering scenarios.   

Developed the Information classification scheme, defined information owners and classified all information. Developed then controls to protect this information.

Defined a vulnerability and patch management program with daily scanning of systems, setup of patching cycles and monitoring of metrics.