Last Updated on 12/18/2021

Mostafa AbdelMoez Hassanin (Mosti)

Security, Trust, and Safety Expert & Leader | Mostafa AbdelMoez Hassanin

About Me

Mostafa has over a decade of information security experience in file sharing, banking, finance, and online marketplaces. He holds a B.Sc in Computer Science (Loughborough), M.Sc. Software and Systems Security (Oxford), and an Executive MBA (INSEAD). He also posseses various software and security certifications, and has received training in public and media relations as well as crisis management, backed with industry experience.

Mostafa has played a pivotal role in establishing and developing the security practices and capabilities of Switzerland’s leading brands, such as Ricardo, Tutti.ch, Homegate, Immoscout24, and Autoscout24. He has also contributed significantly to the security of Switzerland’s banking and finance industry, authoring security concepts, guidelines, technical standards, and overseeing their implementation and deployment.

Mostafa is an elected Information and Communication Technology (ICT) Expert in Canton Zug, and as a Group CISO, he’s currently leading the efforts of safeguarding billions of Swiss Francs in assets, the digital safety of hundreds of employees, and the protection of millions of customers in Switzerland’s largest group of online marketplaces (SMG Swiss Marketplace Group AG).

Mosti:

I am fully committed to open-source software and actively contribute to multiple projects. I have a genuine passion for research and immerse myself in extensive reading. Exploring the interconnected web of knowledge through Wikipedia’s hyperlinks and engaging with YouTube recommendations has proven to be time well spent, as it has broadened my understanding across various domains. During my leisure hours, I find great pleasure in building things and indulging in physical activities such as football (soccer), squash, or swimming, depending on the season or the mood.

You can call me with whatever matches this regex expression: ^Mo(?:$|st|jo){1,}[fiav]{0,3}$. If you are not interested to figure them all out, go for Mosti.

Projects

Create a safe browsing (and e-comemrce) experience for around 80% of Swiss population.

With the team, led, drafted, implemented, and executed varius initiatives to address security, trust, and safety at ricardo.ch, tutti.ch, homegate.ch, and carforyou.ch.

Led the development and execution of Avaloq's PSD2 Security initiatives, overseeing the design, implementation, and deployment across multiple banks and institutions.

Directed the technical design and execution of Avaloq’s PSD2, including the creation of security concepts, standards, and guidelines. Led engineering teams to design and implement the security mechanisms in the APIs and the infrastructure. Engaged with multiple banks and third-party organizations in Switzerland and internationally, facilitating the deployment of the APIs across several banks. The APIs are now complete and deployed at multiple banks with their their security concepts, frameworks and hardening guidelines.

Experience

SMG Swis Marketplace Group AG

Group Director of Security and Anti-Fraud (Group CISO)

2022-present

Leading the security, trust, and safety for Switzerland's leading online marketplaces (> 15 brands).

Build the security and anti-fraud resilience of 15 online marketplace, protecting–and ensuring–the safety of ~1000 employees, as well as millions of customers.

The portfolio includes Real Estate (immoscout24.ch, homegate.ch, ImmoStreet.ch, home.ch, Acheter-Louer.ch, Flatfox), Automotive (autoscout24.ch, motoscout24.ch, Car For You), General Marketplaces (anibis.ch, tutti.ch, Ricardo.ch) and Finance and Insurance (financescout24.ch).

TX Markets

Head of Security Engineering (Security Architect/Lead)

2020-2022

Engineering Technical Lead

2020-2020

Leading security, trust, and safety for TX Markets (homegate.ch, ricardo.ch, carforyou.ch, tutti.ch)

Launch, lead and execute different initiatives across improving cybersecurity for 4 marketplaces, achieved zero downtime and increased awareness.. E.g., “Security Guild”, “Edge Security”, “Extended Detection and Response”, “Smooth-Prevent, Detect, React”, and more.

Orchestrated DevSecOps practices in CI/CD pipeline for 4 marketplaces.

Conducted threat modeling, risk & vulnerability assessments, and led remediation efforts, resulting in a stronger security foundation and reduced incidents and operational overhead in 4 marketplaces.

Code review and auditing (e.g., TypeScript, NodeJS, Go, C++, C#).

Deployed an edge gateway (including a firewall), an IAM system, and an AI-powered fraud prevention solution in 3 marketplaces. Leading a team of engineers and security champions.

Managed third parties (e.g., vendors, audits, competitions, and bug bounty programs).

Managed the security budget.

Ricardo AG

Principal Security Engineer (Security Lead)

2019-2020

Led the design and development of platform security serving millions of monthly active users.

Initiated and directed enterprise, infrastructure, platform, and application security initiatives.

Established an Incident Response process (incl. SOC) leading to >20% reduction in operational time.

Integrated DevSecOps practices into the CI/CD pipeline and daily operations.

Conducted training in secure coding, ethical hacking, and security tools for >100 engineers.

Performed code reviews and audits in various languages, e.g., TypeScript, NodeJS, Go, Kotlin, Swift.

Designed and implemented fixes and features in cryptography, IAM, and session handling, impacting hundreds of thousands of sessions (and users).

Deployed an edge security component, reducing risks and operating costs by > 20%.

Conducted penetration tests and security analysis for more than 3 products.

Led threat modeling, risk & vulnerability assessments, and their remediation efforts.

Managed third-party relationships, including vendors and security audits, and the security budget.

Avaloq Evolution AG

Sr. Security Software Engineer

2017-2019

Security Software Engineer

2016-2017

Lead of Web and Mobile banking security.

Subject matter expert in cryptography, security protocols, firewalls, and Identity and Access Management (IAM).

Devised and implemented security concepts and hardening guidelines used at > 20 banks.

Led the technical architecture and design of industry standards, including PSD2, and applied security related specifications, standards, and protocols to over 5 products.

Designed a distributed IAM mechanism using HSM for cryptocurrency integration at a few banks.

Developed and communicated high-quality security concepts to stakeholders and community events.

Conducted code reviews (Java, Objective C, Kotlin, Swift, C#), penetration testing, threat modeling, and risk assessments.

Designed and implemented security libraries for identity management, cryptography, authentication, and authorization across various technologies (PL/SQL, J2EE, REST, SOAP, Spring).

Configured, deployed, and optimized static and dynamic analysis tools, and remediated findings.

Led network security and architecture, incl. network zoning, micro-segregation, and software-defined networks.

Provided security consultancy to over 10 national and international banks.

Education

INSEAD

Executive Masters in Business Administration (EMBA)

2022-2024

Final Project was A business case on Free Space Optical communications (FSO). Platform for secure and robust communications for challenging environments. Grade: Distinction.

University of Loughborough

B.Sc. Computer Science

2009-2013

Dissertation was InterEYE: Secured Instant Web Email. InterEYE is a gaze-input pattern-based authentication system, that grants access to a P2P web-based email client. Grade: Merit.

University of Oxford

M.Sc. in Software and Systems Security

2017-2019

Dissertation advised by Prof. Ivan Martinovic, Automatic detection of ciphers from execution traces. Grade: Distinction.

Skills

Mostafa’s expertise spans the entire spectrum of cybersecurity, from cultivating a security-conscious culture to producing secure code and fortifying infrastructure and products with a keen business acumen.

  • Extensive and in-depth expertise in computer science and security.
  • Security governance and compliance.
  • Risk management and strategy.
  • Product management and strategy.
  • Web, mobile, and cloud security.
  • Fraud detection and prevention.
  • Incident/crisis management.
  • Culture, recruit, and retain top talent.

Keywords: Data Protection, ISO 27001/2, PCI-DSS, EMV, FINMA, NIST, DoD, STRIDE, SDLC, AEGIS, CCE, MITRE ATT&CK.

Preferred Languages: Java, Python, C++/C, Go.