Mostafa AbdelMoez Hassanin (Mosti)

Leading the security, trust, and safety for Switzerland's leading online marketplaces (> 15 brands).

Build the security and anti-fraud resilience of 15 online marketplace, protecting–and ensuring–the safety of ~1000 employees, as well as millions of customers.

The portfolio includes Real Estate (immoscout24.ch, homegate.ch, ImmoStreet.ch, home.ch, Acheter-Louer.ch, Flatfox), Automotive (autoscout24.ch, motoscout24.ch, Car For You), General Marketplaces (anibis.ch, tutti.ch, Ricardo.ch) and Finance and Insurance (financescout24.ch).

Leading security, trust, and safety for TX Markets (homegate.ch, ricardo.ch, carforyou.ch, tutti.ch)

Launch, lead and execute different initiatives across improving cybersecurity for 4 marketplaces, achieved zero downtime and increased awareness.. E.g., “Security Guild”, “Edge Security”, “Extended Detection and Response”, “Smooth-Prevent, Detect, React”, and more.

Orchestrated DevSecOps practices in CI/CD pipeline for 4 marketplaces.

Conducted threat modeling, risk & vulnerability assessments, and led remediation efforts, resulting in a stronger security foundation and reduced incidents and operational overhead in 4 marketplaces.

Code review and auditing (e.g., TypeScript, NodeJS, Go, C++, C#).

Deployed an edge gateway (including a firewall), an IAM system, and an AI-powered fraud prevention solution in 3 marketplaces. Leading a team of engineers and security champions.

Managed third parties (e.g., vendors, audits, competitions, and bug bounty programs).

Managed the security budget.

Led the design and development of platform security serving millions of monthly active users.

Initiated and directed enterprise, infrastructure, platform, and application security initiatives.

Established an Incident Response process (incl. SOC) leading to >20% reduction in operational time.

Integrated DevSecOps practices into the CI/CD pipeline and daily operations.

Conducted training in secure coding, ethical hacking, and security tools for >100 engineers.

Performed code reviews and audits in various languages, e.g., TypeScript, NodeJS, Go, Kotlin, Swift.

Designed and implemented fixes and features in cryptography, IAM, and session handling, impacting hundreds of thousands of sessions (and users).

Deployed an edge security component, reducing risks and operating costs by > 20%.

Conducted penetration tests and security analysis for more than 3 products.

Led threat modeling, risk & vulnerability assessments, and their remediation efforts.

Managed third-party relationships, including vendors and security audits, and the security budget.

Lead of Web and Mobile banking security.

Subject matter expert in cryptography, security protocols, firewalls, and Identity and Access Management (IAM).

Devised and implemented security concepts and hardening guidelines used at > 20 banks.

Led the technical architecture and design of industry standards, including PSD2, and applied security related specifications, standards, and protocols to over 5 products.

Designed a distributed IAM mechanism using HSM for cryptocurrency integration at a few banks.

Developed and communicated high-quality security concepts to stakeholders and community events.

Conducted code reviews (Java, Objective C, Kotlin, Swift, C#), penetration testing, threat modeling, and risk assessments.

Designed and implemented security libraries for identity management, cryptography, authentication, and authorization across various technologies (PL/SQL, J2EE, REST, SOAP, Spring).

Configured, deployed, and optimized static and dynamic analysis tools, and remediated findings.

Led network security and architecture, incl. network zoning, micro-segregation, and software-defined networks.

Provided security consultancy to over 10 national and international banks.