About author

Author portrait
Henrich Slezak

Henrich Slezák, CISA is co-founder of IstroSec, member of Board of Directors and currently serving as Head of Advisory. He is focused on GRC, information security management, security auditing, training and awareness and consultation on information security with more than 13 years of experience in governmental and private sector.

His key skills are:

  • information security management (deployment and auditing),
  • risk management,
  • information security auditing,
  • compliance (ISO 27000 series and GDPR),
  • information security incident management,
  • physical and environmental security,
  • development of security policies,
  • procedures and operational materials,
  • awareness, education and cyber security exercises,
  • penetration testing by social engineering,
  • speaking at conferences,
  • international relations management in incident response.

Henrich is experienced in:

Creating audit programs, and audit plans, leading and performing audits of information security according to all major frameworks and standards and creating audit reports with recommendations on mitigation strategies and consultations regarding implementations.

Conducting information security risk assessments according to all major frameworks, including building asset inventories, identifying vulnerabilities, threats and calculating risk; creating risk treatment plans and assisting with implementation of security controls.

Assessing maturity of cyber security programs according to all major cyber security capability and maturity models, creating cyber security strategies and roadmaps.

Assessing readiness for information security incidents and helping clients with achieving preparedness and capabilities for swift and effective reaction to incidents.

Implementing information security frameworks, creating suites of policies, standards and procedures.

Providing virtual chief information security officer (vCISO) services for clients lacking this role in their organizational structure and governing information security programs.

Conducting information security incident tabletop exercises to test preparedness and incident response plans.


Author's posts