You're seeing this page as if you were . The main menu is still yours, though. Exit from immersion
Berkay AksakalBA

Berkay Aksakal

Independent GRC & Security Consultant

€ 700/dag
Leuven, BE
8-15 jaar

Gemiddelde responstijd: 1 uur

Over Berkay

I help Belgian and European organisations become ISO 27001 and NIS2 compliant — end-to-end, not just on paper.

If you need someone who can take you from zero to a working information security framework, that's what I deliver. Most recently: a complete ISO 27001 implementation for a Belgian enterprise comprehensive policy framework (Information Security Policy, Access Control, Incident Response with GDPR breach notification, Vendor Management, Change Management, BCP/DR), with every control mapped simultaneously to ISO 27002 and NIS2.
One project, two compliance objectives.

What makes me different: I combine governance work with hands-on technical depth. I don't only write policies — I build the technical evidence behind them: cloud security tooling (Python-based security scanner), 18+ Sigma detection rules for SOC teams, and threat intelligence experience from years as the first point of contact for enterprise CTI clients. Auditors get documentation; your engineers get something that actually runs.

Typical projects I take on:

ISO 27001 implementation and gap assessments (full policy framework to audit-readiness)
NIS2 readiness assessments and remediation roadmaps
DORA and EU Cyber Resilience Act advisory
Third-party / vendor risk management programmes
GDPR-aligned incident response and breach notification procedures

Background: Independent cybersecurity consultant based in Leuven. Security under real pressure is where I come from — compliance frameworks are how I translate it for European organisations.

Available immediately for short assessments or multi-month implementations. Working languages: English, Turkish, Dutch (Intermediate).
  • Turks

    Tweetalig / moedertaal

  • Engels

    Vloeiend

Kan op locatie werken
Leuven (tot 50km)

Werkervaring

  • Independent Practice
    Independent GRC & Security Consultant
    DIGITAAL BUREAU & IT-CONSULTANCY
    juli 2024 - Vandaag (2 jaren)
    Leuven, België
    • ● Incident Response & Playbooks: Improved incident response processes and procedures for enterprise clients — designing IR playbooks and automation workflows to streamline triage, containment, and remediation, and ensuring structured escalation paths across IT and business teams.
    • ● Technical Audits & Assessments: Executed technical security audits and vulnerability assessments — reviewing configurations, identifying control gaps, and producing prioritised remediation roadmaps aligned to ISO 27001 and NIS2 requirements.
    • ● Security Architecture Advisory: Advised on secure system architecture and design — reviewing technical proposals, recommending security controls, and balancing protection requirements with operational efficiency across cloud and on-premise environments.
    • ● Compliance Implementation: Delivered ISO 27001 implementation end-to-end for a Belgian enterprise client — 40+ page policy framework mapped to ISO 27002:2022 and NIS2 obligations, covering access control, incident response, vendor management, and BCP/DR.
    • ● Tooling & Automation: Built Python-based security automation workflows integrating LLM agents — reducing manual security operations effort while maintaining consistent, documentation-ready output quality.
    • ● Stakeholder Communication: Translated complex security findings into clear, actionable recommendations for both technical teams and non-technical leadership — producing structured reports that enabled informed risk decisions.
    Cybersecurity Threat Intelligence ISO 27001
  • Brandefense
    Cyber Threat Intelligence Manager
    februari 2021 - juli 2024 (3 jaren en 5 maanden)
    • ● Advanced Incident Analysis: Performed advanced-level analysis on escalated security events and alerts across SIEM, EDR, and MDR platforms — conducting deep-dive log and telemetry correlation to identify indicators of compromise and support 3rd-line incident response.
    • ● Endpoint & Identity Security: Managed and evaluated endpoint protection solutions including EDR/MDR platforms — assessing detection coverage, tuning alert logic, and coordinating remediation across endpoint and identity security layers.
    • ● Vulnerability & Risk Management: Operated end-to-end vulnerability management cycles — assessing CVE exposure in real-world operational context, prioritising remediation by exploitability and business impact, and reporting risk posture to technical and executive stakeholders.
    • ● Security Tooling Evaluation: Evaluated and provided engineering feedback on SIEM and MDR security tooling — assessing detection quality, automation capability, and long-term operational maintainability; produced structured make-vs-buy recommendations.
    • ● Cross-functional Coordination: Coordinated across engineering, product, legal, and compliance teams to resolve security incidents and service requests — maintaining remediation timelines and ensuring regulatory obligations were documented and met.
    • ● Threat Intelligence Operations: Maintained MITRE ATT&CK alignment across security controls — mapping adversary TTPs to detection gaps and translating threat intelligence findings into practical control improvements and incident response guidance.
  • Lacasca IT Solutions
    Security & Risk Advisory
    januari 2018 - januari 2021 (3 jaren)
    • ● Security Controls Management: Managed information security controls for enterprise clients — monitoring security risk signals, identifying early warning indicators, and coordinating remediation through structured risk register methodology.
    • ● Endpoint & IAM Audits: Audited and managed endpoint and identity security configurations (MFA, EDR, MDM) — maintaining secure posture during large-scale infrastructure migrations and ensuring consistent baseline enforcement.
    • ● Incident Support: Assisted clients through security incidents and post-incident reviews — converting findings into updated IR procedures, improved governance documentation, and actionable process improvements.

Aanbevelingen

Wees de eerste die Berkay aanbeveelt

Help deze freelancer om te schitteren door te vertellen hoe het is om met hem of haar te werken.

Deze freelancerprofielen matchen ook met zoekopdracht.

AgathaA

Agatha Frydrych

Backend Java Software Engineer

4.7

(3)

2

BaptisteB

Baptiste Duhen

Fullstack developer

4.6

(4)

5

AmedA

Amed Hamou

Senior Lead Developer

4

(2)

7

AudreyA

Audrey Champion

Web developer

4.3

(3)

4

Opleidingen

  • Master of Science
    University of Istanbul, Institute of Social Sciences
    2014
    Master of Science
  • BA
    University of Anadolu
    2012
    BA

Categorieën