You're seeing this page as if you were . The main menu is still yours, though. Exit from immersion
Berkay AksakalBA

Berkay Aksakal

Independent GRC & Security Consultant

700 €/jour
Leuven, BE
8-15 ans

Délai de réponse moyen : 1h

À propos de Berkay

I help Belgian and European organisations become ISO 27001 and NIS2 compliant — end-to-end, not just on paper.

If you need someone who can take you from zero to a working information security framework, that's what I deliver. Most recently: a complete ISO 27001 implementation for a Belgian enterprise comprehensive policy framework (Information Security Policy, Access Control, Incident Response with GDPR breach notification, Vendor Management, Change Management, BCP/DR), with every control mapped simultaneously to ISO 27002 and NIS2.
One project, two compliance objectives.

What makes me different: I combine governance work with hands-on technical depth. I don't only write policies — I build the technical evidence behind them: cloud security tooling (Python-based security scanner), 18+ Sigma detection rules for SOC teams, and threat intelligence experience from years as the first point of contact for enterprise CTI clients. Auditors get documentation; your engineers get something that actually runs.

Typical projects I take on:

ISO 27001 implementation and gap assessments (full policy framework to audit-readiness)
NIS2 readiness assessments and remediation roadmaps
DORA and EU Cyber Resilience Act advisory
Third-party / vendor risk management programmes
GDPR-aligned incident response and breach notification procedures

Background: Independent cybersecurity consultant based in Leuven. Security under real pressure is where I come from — compliance frameworks are how I translate it for European organisations.

Available immediately for short assessments or multi-month implementations. Working languages: English, Turkish, Dutch (Intermediate).
  • Turc

    Bilingue ou natif

  • Anglais

    Capacité professionnelle complète

Accepte de travailler sur site
Leuven (jusqu’à 50 km)

Expériences

  • Independent Practice
    Independent GRC & Security Consultant
    AGENCE & SSII
    juillet 2024 - Aujourd'hui (2 ans)
    Leuven, Belgique
    • ● Incident Response & Playbooks: Improved incident response processes and procedures for enterprise clients — designing IR playbooks and automation workflows to streamline triage, containment, and remediation, and ensuring structured escalation paths across IT and business teams.
    • ● Technical Audits & Assessments: Executed technical security audits and vulnerability assessments — reviewing configurations, identifying control gaps, and producing prioritised remediation roadmaps aligned to ISO 27001 and NIS2 requirements.
    • ● Security Architecture Advisory: Advised on secure system architecture and design — reviewing technical proposals, recommending security controls, and balancing protection requirements with operational efficiency across cloud and on-premise environments.
    • ● Compliance Implementation: Delivered ISO 27001 implementation end-to-end for a Belgian enterprise client — 40+ page policy framework mapped to ISO 27002:2022 and NIS2 obligations, covering access control, incident response, vendor management, and BCP/DR.
    • ● Tooling & Automation: Built Python-based security automation workflows integrating LLM agents — reducing manual security operations effort while maintaining consistent, documentation-ready output quality.
    • ● Stakeholder Communication: Translated complex security findings into clear, actionable recommendations for both technical teams and non-technical leadership — producing structured reports that enabled informed risk decisions.
    Cybersecurity Threat Intelligence ISO 27001
  • Brandefense
    Cyber Threat Intelligence Manager
    février 2021 - juillet 2024 (3 ans et 5 mois)
    • ● Advanced Incident Analysis: Performed advanced-level analysis on escalated security events and alerts across SIEM, EDR, and MDR platforms — conducting deep-dive log and telemetry correlation to identify indicators of compromise and support 3rd-line incident response.
    • ● Endpoint & Identity Security: Managed and evaluated endpoint protection solutions including EDR/MDR platforms — assessing detection coverage, tuning alert logic, and coordinating remediation across endpoint and identity security layers.
    • ● Vulnerability & Risk Management: Operated end-to-end vulnerability management cycles — assessing CVE exposure in real-world operational context, prioritising remediation by exploitability and business impact, and reporting risk posture to technical and executive stakeholders.
    • ● Security Tooling Evaluation: Evaluated and provided engineering feedback on SIEM and MDR security tooling — assessing detection quality, automation capability, and long-term operational maintainability; produced structured make-vs-buy recommendations.
    • ● Cross-functional Coordination: Coordinated across engineering, product, legal, and compliance teams to resolve security incidents and service requests — maintaining remediation timelines and ensuring regulatory obligations were documented and met.
    • ● Threat Intelligence Operations: Maintained MITRE ATT&CK alignment across security controls — mapping adversary TTPs to detection gaps and translating threat intelligence findings into practical control improvements and incident response guidance.
  • Lacasca IT Solutions
    Security & Risk Advisory
    janvier 2018 - janvier 2021 (3 ans)
    • ● Security Controls Management: Managed information security controls for enterprise clients — monitoring security risk signals, identifying early warning indicators, and coordinating remediation through structured risk register methodology.
    • ● Endpoint & IAM Audits: Audited and managed endpoint and identity security configurations (MFA, EDR, MDM) — maintaining secure posture during large-scale infrastructure migrations and ensuring consistent baseline enforcement.
    • ● Incident Support: Assisted clients through security incidents and post-incident reviews — converting findings into updated IR procedures, improved governance documentation, and actionable process improvements.

Recommandations

Soyez le premier à recommander Berkay

Contribuez à la réussite de ce freelance en partageant votre expérience de collaboration avec lui.

Ces profils de freelance correspondent également à vos critères

AgathaA

Agatha Frydrych

Backend Java Software Engineer

4.7

(3)

2

BaptisteB

Baptiste Duhen

Fullstack developer

4.6

(4)

5

AmedA

Amed Hamou

Senior Lead Developer

4

(2)

7

AudreyA

Audrey Champion

Web developer

4.3

(3)

4

Formations

  • Master of Science
    University of Istanbul, Institute of Social Sciences
    2014
    Master of Science
  • BA
    University of Anadolu
    2012
    BA

Catégories