Arnel Carrido Reyes, fondly known as ACR, is an esteemed and seasoned information security consultant, as well as a distinguished cybersecurity architect in (Network Security (NetSec), Data Security (DataSec), Cloud Security (CloudSec), and Application Security (AppSec), with a wealth of industry experience spanning numerous years. ACR leads a team of ethical hackers and IT security consultants, forming a formidable force dedicated to ensuring robust security measures for organizations.
ACR's expertise encompasses a range of domains, including offensive security, data protection and privacy, cloud and network security, secure software development life cycle (SDLC), application security, DevSecOps, threat modeling, vulnerability assessment, and penetration testing. ACR has served as a trusted freelance and independent security consultant for multinational corporations, including Fortune 500 companies, as well as government organizations and military agencies across the Middle East, Asia Pacific, and North America.
Having held various management positions throughout his career, ACR has excelled as a senior manager in penetration testing and security architecture, Chief Technology Officer (CTO), IT Security Director, IT Security Consultant, and Security Solutions Architect, specializing in applications, network, and systems security. ACR's exceptional skills and reputation as a leading security consultant have made him a trusted advisor to numerous international companies and government organizations. ACR has spearheaded various security assessments, security control testing, vulnerability assessments, penetration testing, security compliance, and audit engagements worldwide, serving prestigious institutions such as banks, high-end hospitals, multinational corporations, and government entities, including military agencies and departments.
ACR holds multiple international certifications that showcase commitment to professional development and excellence is evident in his extensive list of international certifications. These certifications include Certified Information Systems Security Professional (CISSP), Licensed Penetration Tester Master (LPT MASTER), Certified Ethical Hacker (CEH), Computer Hacking Forensic Investigator (CHFI), EC-Council Certified Security Analyst (ECSA), Information Technology Infrastructure Library (ITIL), QualysGuard Certified Specialist (QGCS), FireEye Certified Systems Engineer (FCSE), Cisco Certified Network Associate (CCNA), Cisco Certified Network Professional (CCNP), Cisco Certified Network Associate Security (CCNA Security), Cisco Certified Network Professional Security (CCNP Security), Microsoft Certified Technology Specialist (MCTS), Microsoft Certified Information Technology Professional (MCITP) for Server Administrator (MCITP∫SA) & Enterprise Administrator (MCITP∫EA) & Database Administrator (MCITP∫DBA), Cisco Intrusion Prevention System Specialist (CIPSS), Cisco Internetwork Operating System Security Specialist (CIOSSS), Cisco Firewall Security Specialist (CFWSS), Cisco Adaptive Security Appliances Specialist (CASAS), Cisco Virtual Private Network Security Specialist (CVPNSS), Tripwire Certified Partner Sales Professional (TWCPSP), Master in Security Analytics, among others. His extensive certifications encompass a wide range of security and technology domains, demonstrating his comprehensive knowledge and expertise in a wide range of security domains, network infrastructure, and vendor-specific technologies.
ACR's professional qualifications and dedication to continuous professional development has been recognized by esteemed organizations such as the National Security Agency (NSA) and the Committee on National Security Systems (CNSS). They have satisfied the rigorous security requirements set by Cisco for the CNSS 4011 and CNSS 4013 advanced training standards. These certifications enable ACR to provide essential network security expertise to federal agencies and private sector entities, contributing to the protection of vital information resources.
Beyond his consulting work, ACR has made significant contributions to the field. He has developed various security systems, computer compliance auditor/surveillance systems, web-based applications, and accounting software. His technical prowess is complemented by exceptional writing skills, evident in his creation of policies and procedures for the companies he has worked with. These policies continue to be implemented and contribute to efficient management and operations within organizations.
ACR's consulting and training portfolio encompasses a broad spectrum and wide array of areas, including Cyber Crime Investigations & Forensics, ISO 27001 & 27002, BS 25999 (Business Continuity Planning), PCI Compliance, Information Security Management Systems (ISMS), Data Protection & Loss Prevention, Vulnerability Assessment, Systems/Network Penetration Testing, Risk/Threat Analysis (BIA), Compliance Testing, Security Information Event Management (SIEM), Security Expert Advisory, and secure infrastructure design. His expertise extends to technologies such as File Integrity Monitoring (FIM), Governance, Risk, and Compliance (GRC), DMZ firewalls, Secure VPNs, EAP/TLS, PEAP, SSL, PKI, Smart Cards, Biometrics, IPSEC, Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS), Vulnerability Scanners, Antivirus (AV) solutions, Honeypots, Audits, filtering policies, multi-layer encrypted file systems, patch management, and deployments. Additionally, ACR excels in developing customized and blended security strategies tailored to meet specific organizational needs.
ACR's diverse experience with various products and technologies has fostered his comprehensive knowledge of systems security. His unwavering passion and relentless pursuit of tracking down malicious hackers has exposed him to the intricacies of addressing the ever-evolving challenges and complex issues intricately entwined with the challenges of information systems security.
ACR holds a Bachelor's degree in Computer Science, which served as the foundation for his thirst for knowledge and has further enriched his knowledge through extensive training, seminars, and workshops on Unix/Linux, Microsoft technologies, Cisco systems, and Information Security.
ACR firmly believes in the philosophy that "Human knowledge belongs to the world." As a testament to this belief, he is committed in sharing his wealth of knowledge and expertise, and helping individuals protect themselves in the cyber world. He developed a security website "www.security-science.com", which offers comprehensive global security education and awareness to promote online safety, covering various aspects of defense-in-depth, including countermeasures for cybercrime and cyberterrorism.
In summary, ACR's extensive experience, diverse skill set, and dedication to continuous learning position him as an invaluable asset in the realm of information security. His expertise and leadership have made a substantial lasting impact on organizations worldwide and ensuring individuals are equipped with the knowledge and tools, enabling them to navigate the complex landscape of cybersecurity with confidence to safeguard their digital assets effectively.
[ ACR Professional Certificates | ACR Security Projects ]
SPEAKING ENGAGEMENT
July 2022 Hackathon 2022
Topic: Penetration Testing Automation for Web Applications and Services
Atlanta, Georgia, USA
May 2015 Information Security Bootcamp
Topic: Security Architecture Assessment
Seoul, Korea
March 2015 National Cyber Security Forum
Topic: Offensive Security Targeting the Military and Government
Jakarta, Indonesia
November 2012 Enterprise IT Risk Management & Mitigation
Topic: Cyber Crime & Investigation
Kuwait City, Kuwait
August 2008 Information Security Awareness
Topic: Hacking Defense & Countermeasure
Bicol, Philippines