CYBERSECURITY EXPERT

Doron Aloosh

Chief Information Security Officer | Application Security | Compliance Specialist

ISO 27001 SOC2 PCI-DSS CISM
Get In Touch View Services

SECURITY LEVEL: MAXIMUM

CLEARANCE: TOP-TIER

01. About

Cybersecurity manager with expertise in applications security and information security regulations/compliance.

Ben-Gurion University graduate with a B.Sc and M.Sc in Industrial Management Engineering and Machine Learning. Creative and self-learning professional with over 15 years of experience in the cybersecurity field.

Currently serving as Chief Information Security Officer at Lightico, overseeing security and compliance in a global SaaS Fintech company, maintaining top compliance and regulation standards including ISO 27001, SOC2 Type 2, PCI-DSS Level 1, and CAIQ.

15+
Years Experience
500+
Professional Network
4
Major Certifications

Core Competencies

🔒 Application Security Architecture
🔒 Security Compliance (ISO 27001, SOC2, PCI-DSS)
🔒 Penetration Testing & Vulnerability Assessment
🔒 Third Party Risk Management (TPRM)
🔒 Secure SDLC & DevSecOps
🔒 Cloud Security & Infrastructure Protection
🔒 Machine Learning & Data Science
🔒 Team Management & Leadership

02. Services

Security Compliance & Auditing

Achieve and maintain ISO 27001, SOC2 Type 2, PCI-DSS Level 1, and other compliance certifications. Expert guidance through the entire audit process.

  • ISO 27001 Lead Auditing
  • PCI-DSS QSA Assessments
  • SOC2 Type 2 Compliance
  • CAIQ & Security Questionnaires

Application Security Testing

Comprehensive security assessments for web applications, APIs, and mobile apps through manual and automated penetration testing.

  • Web & API Penetration Testing
  • Mobile App Security Assessment
  • Code Review & SAST/DAST
  • OWASP Top 10 Remediation

Security Architecture Design

Design and implement secure architectures for cloud and on-premise environments, with focus on defense-in-depth strategies.

  • Cloud Security Architecture
  • Zero Trust Implementation
  • Secure SDLC Integration
  • Security Controls Design

Third Party Risk Management

Evaluate and manage vendor security risks through comprehensive security assessments and ongoing monitoring programs.

  • Vendor Security Assessments
  • Security Questionnaire Review
  • Contract Security Requirements
  • Continuous Monitoring Programs

CISO Advisory & Consulting

Strategic security leadership and guidance for organizations building or enhancing their security programs.

  • Virtual CISO Services
  • Security Program Development
  • Security Team Building
  • Executive Security Training

Secure Development Training

Empower development teams with secure coding practices and security awareness training programs.

  • Secure Coding Workshops
  • OWASP Training
  • Security Awareness Programs
  • Developer Security Champions

03. Experience

Chief Information Security Officer

Lightico
Apr 2022 - Present � 3+ years

Overseeing the security and compliance in a global SaaS Fintech company. Maintaining top compliance and regulation such as ISO 27001, SOC2 Type 2, PCI-DSS Level 1, CAIQ. Successfully managing security assessments for financial enterprise clients.

Cyber Security Engineer

Lightico
Feb 2021 - Jul 2022 � 1.5 years

Software security architect. Secure coding guidance for R&D, designing and implementing solutions for existing security issues. Continuous security testing using code analysis and application tests (PT). Product security - Working as a PM around Lightico platform security and privacy requirements.

PCI-DSS Qualified Security Assessor (QSA)

Comsec
Dec 2018 - Feb 2021 � 2+ years

Assisting SMBs, enterprises and startups in the US, Europe and Asia to design secure PCI compliant environments. Working with developers and CISOs to build effective security controls, resulting in PCI-DSS Level 1 certification. Managing PCI assessments projects by leading a team of 3 consultants.

Application Security Consultant

Comsec
Jun 2016 - Dec 2018 � 2.5 years

Web PT: Performing hands-on web applications/API/mobile apps penetration tests for customers. Onsite assessment for vast of critical software and applications: manual CR, SDLC consulting.

Information Security Manager

Israeli Ministry of Defense
Aug 2012 - Mar 2016 � 3+ years

Information Security Manager in a government office. Controlling and monitoring projects of complex and advanced technologies, in vast fields: Cyber, Electro-Optics, Communication Systems etc.

Information Security Manager

Israeli Military Intelligence
Jan 2007 - Dec 2011 � 5 years

Security officer in the Israeli Military Intelligence.

04. Certifications & Education

CISM

Certified Information Security Manager�

ISACA

Credential ID: 1842349

ISO

ISO 27001 Lead Auditor

IBITGQ

Credential ID: 757541

QSA

Qualified Security Assessor

PCI Security Standards Council

Education

Master of Science (M.Sc.)

Industrial Engineering and Management with Specialization in Data Science (ML)

Ben-Gurion University of the Negev

2017 - 2020

Courses in: Machine Learning, Statistics, Computer Vision, Big Data, Social Network Analysis

Bachelor of Science (B.Sc.)

Engineering/Industrial Management - Information Systems

Ben-Gurion University of the Negev

2012 - 2016

Final Project: Developed mobile application with vocal interface (Vocaball) in Unity (C#)

05. Frequently Asked Questions

PCI-DSS compliance requirements vary based on transaction volume. As a Qualified Security Assessor (QSA), I can help you navigate PCI-DSS Level 1-4 requirements, perform gap assessments, implement necessary controls, and guide you through the certification process.

The timeline typically ranges from 6-12 months depending on your organization's current security posture, size, and complexity. As an ISO 27001 Lead Auditor, I can accelerate this process through proper planning, gap analysis, and efficient ISMS implementation.

A comprehensive penetration test includes: reconnaissance, vulnerability scanning, manual testing, exploitation attempts, privilege escalation testing, and a detailed report with findings, risk ratings, and remediation recommendations. I specialize in web applications, APIs, and mobile app security testing.

Yes, I offer vCISO services for organizations that need strategic security leadership without a full-time executive. This includes security program development, policy creation, team building, vendor management, compliance oversight, and board-level reporting.

TPRM is the process of identifying, assessing, and mitigating security risks from vendors and third-party service providers. I help organizations establish TPRM programs, conduct vendor security assessments, review security questionnaires, and implement continuous monitoring.

Absolutely. I have extensive experience helping SaaS companies achieve and maintain SOC2 Type 2 compliance. This includes control implementation, evidence collection, readiness assessments, and ongoing compliance maintenance.

06. Get In Touch

Let's Connect

Whether you need security consulting, compliance guidance, or want to discuss your organization's security posture, I'm here to help.

Location

Tel Aviv District, Israel

LinkedIn

500+ connections