Acerca de Mònica
Freelance SOC Manager & Security Governance Lead
How I help
I help founders, CTOs, and security leaders stand up or level up their security function fast. I build and manage SOC teams, define operating procedures, and implement ISO 27001 and SOC 2 programs that pass audits without slowing the business. I combine hands-on incident response and detection engineering with board-level reporting and governance so you get real risk reduction, measurable KPIs, and audit-ready proof.
Typical projects & deliverables
SOC leadership & operations
- SOC blueprint (mission, scope, interfaces) and operating model.
- Runbooks & playbooks
- Detection engineering roadmap: use-case, ATT&CK mapping.
- KPIs & dashboards: MTTD/MTTR, alert volume, false-positive rate, use-case coverage, control health.
- Purple-team loop
- Tooling alignment: SIEM (Splunk/QRadar/Elastic/ArcSight), EDR (Defender/CrowdStrike), NSM/IDS (Snort/Suricata), ticketing, and case management.
Governance, risk & compliance
- ISO 27001
- ISO 27005
- SoA, policy suite, internal audit plan, management review, certification prep.
- SOC 2 Type I/II
- Executive artifacts
- Secure SDLC
- ENS
Build-from-scratch engagements
- Greenfield security in 90–120 days: risk baseline, core controls, incident process, detection MVP, on-call rotation, policy set, awareness briefing, and first audit plan.
- Hiring & enablement: role specs, interview loops, onboarding pathway, and mentoring program.
- Operate & transfer: I run the function initially, then transition to your permanent leader.
What working together looks like
1. Rapid assessment (2–3 sessions). Scope, goals, current tooling, top risks, audit timelines.
2. 90-day plan. Milestones, owners, and KPIs; quick wins + structural fixes.
3. Execution with transparency. Weekly status, risk register updates, and dashboard reviews.
4. Sustain & evolve. Embed metrics, coach leaders, and prep the next audit cycle.
Español
Bilingüe o nativo
Catalán
Bilingüe o nativo
Inglés
Competencia profesional completa
Solo teletrabajo
Lleva a cabo sus proyectos principalmente en remoto
Experiencia
- DeloitteSENIOR CYBER SECURITY ANALYSTAGENCIAS DE SUBCONTRATACIÓNoctubre de 2022 - Hoy (3 años y 8 meses)Madrid, Spain• Implement a manage endpoint security solution utilizing Crowdstrike and Microsoft Defender to secure workstations and servers.• Use Splunk, Crowdstrike and Microsoft Defender, among other tools for security response to triage security issues.• Interrogate and monitor agency network traffic and conduct network vulnerability security assessments on DoD networks.• Analyze security reports (Appscan, Nessus, Red Teams) to identify vulnerabilities and create mitigation strategies.• Provide remediation plans for non-compliant servers• Analyze security and firewall logs and investigate all irregularities as needed.• Maintain confidentiality of information residing in corporate databases, workstations, servers, and other systems.• Assist in the development of security policies, plans, and procedures to meet government regulations and industry best practices.• Train new and current cyber security analysts on existing or new technologies, new or existing processes.• Maintain SOC Dashboards in Splunk.• Hunt for current threats on SIEMs based on information provided by news and government sources.• Act as lead in incident response and analysis.• Maintain quality control of tickets and overall quality of all SOC related tasks.
- INCIDE Digital Data S.L.DFIR ANALYSTHIGH TECHfebrero de 2019 - noviembre de 2022 (3 años y 9 meses)Barcelona, Spain• Forensics acquisitions and analysis.• Threat hunting projects.• Incident response.• Remote analysis and acquisition with GRR and F-Response.• Monitoring and vulnerability analysis of SIEM security events(DLP/TCP/IP/VPN/Firewall/Proxy/Windows events/EDR) through different solutions (Splunk, Qradar, Arcsight, Kibana).• Development and implementation of event-based security alerts and monitoring (DLP/TCP/IP/VPN/Firewall/Proxy/Windows events/EDR/IPS/IDS) via different solutions (Splunk, Qradar, Arcsight, Kibana).
- GMVIT SECURITY AUDITHIGH TECHdiciembre de 2017 - abril de 2018 (4 meses)Barcelona, Spain• Plan, execute and lead security audits.• Inspect and evaluate financial and information systems, management procedures and security controls.• Work with management to ensure security recommendations comply with company procedure.• Collaborate with departments to improve security compliance, manage risk and bolster effectiveness.• Report of audit findings.
Recomendaciones
Sé el primero en recomendar a Mònica
Ayuda a este freelance a destacar compartiendo tu experiencia.
Estos perfiles de freelance también coinciden con tus criterios
Agatha Frydrych
Backend Java Software Engineer
4.7
(3)
2
Baptiste Duhen
Fullstack developer
4.6
(4)
5
Amed Hamou
Senior Lead Developer
4
(2)
7
Audrey Champion
Web developer
4.3
(3)
4
Formación
- M.D. IN CYBERSECURITY AND INFORMATION SECURITYUCLM (Universidad de Castilla la mancha)2021M.D. IN CYBERSECURITY AND INFORMATION SECURITY
- M.D. IN TELECOMMUNICATION ENGINEERINGUPV (Universitat Politècnica deValència)2025M.D. IN TELECOMMUNICATION ENGINEERING