Jano Bermudes is a director in Navigant’s Information Security Investigations & Assessment practice. He is based in London and leads our proactive cyber security and reactive incident response team outside of the America’s region. Jano is an experienced consultant with a strong career track record solving tough client problems, delivering innovative solutions and complex security transformation engagements across a range of industry sectors and global clients.
Jano has a background in big 4 professional services consulting and has held leadership positions in both PricewaterhouseCoopers and KPMG. Prior to joining Navigant, Jano was a director in KPMG cyber security practice and leader of their cyber strategy, risk & transformation capability.
Jano has led the delivery of numerous complex international engagements across a range of industry sectors and global clients within banking & financial services, telecommunications, utilities, oil & gas, public sector, pharmaceuticals and industrial manufacturing.
Representative engagements Jano has led are:
- Case Study 1: Industrial Control Systems Security, Utilities (Gas and Electricity Generation and Distribution): A risk based, business and regulatory focused Industrial Control Systems (ICS) Security, control assessment against NIST with a prioritized remediation and investment plan based on criticality and return on investment (ROI), leading to a multiyear architecture design and implementation programme against best practices such as NIST and IEC 62443, for a global Utilities client.
- Case Study 2: Cyber Strategy, Power Grid & Distribution: A product security posture review and threat assessment for a global Industrial manufacturing giant in power generation, transmission, industrial manufacturing robotics and consumer goods, across 16 business units and over 5 countries to answer a board level question of 'are we doing enough security, and are we fast enough', in the realm of our industrial security products.
- Case Study 4: Multiyear Co-sourcing Engagement with an Oil & Gas Major: Negotiated and provided technical oversight of a multi-year co-sourcing arrangement for the provision of cutting edge security service integration across a wide range of high risk topics allowing the local security team to concentrate on business risk, delivering security and architectural assessments on over 30 major technology programmes in a project delivery office that was responsible for over $200m per anum in project spend.
Representative projects included:
- Most confidential ‘secure cell’ design
- Extranet and intranet hardening
- Application security hardening
- Security in development and project management life cycles
- Cloud and mobile security
- Process control automation/Industrial control systems security
- Database and application hardening including Oracle Exadata, SAP HANA and others
- Case Study 5: Global Customer Security Review, Telecommunications Giant: After suffering a significant customer data breach that was widely publicized and caused share prices to dip in its major operating regions, this Telco reached out for help. I designed and led a customer data mapping and security review aligned to the telecom business process framework (eTOM), to ensure the technical review had a business value focus. The review covered 39 countries and several thousand stores and in country partner locations across the US, Europe, Africa and India. The resulting security transformation lasted several years and our team was a significant partner in a large range of Cyber Security and technical assurance services.