Paulo Sergio Pagliusi, Ph.D., CISM
• Ph. D. in Information Security. Royal Holloway, University of London, completed in 2008.
• M.Sc. in Computer Science. UNICAMP, completed in 1998.
• Post-graduate degree in Information Systems Analysis. PUC-RJ, completed in 1989.
• Graduated in Systems Administration. Naval Academy completed in 1985.
• 30+ years of professional experience in large organizations, acting in executive positions,
with expertise in Enterprise Risk Services, Information Technology (IT) Governance,
Research, Development and Innovation (R, D & I) in: Information Security (IS), Security
Architecture of Systems, Cryptography, Electronic Document Management, Auditing
standards ISO9001 & ISO27001, Excellence in Management practices, Digital Security,
Cyber Warfare, Cloud Computing Security. Solid experience in IT and IS in last 20+ years.
• Paulo has been invited and attended the public audience of the CPI (Parliamentary
Commission of Inquiry) of American Cyber Espionage promoted by the Brazilian Federal
Senate, and was also one of the Cyber Manifesto mentors, a move which aims to stimulate
and support the creation of a shared vision to protect Brazil from cyber attacks.
• An experienced leader with keen strategic vision, which has led two military organizations.
With capacity for innovation, teamwork and willingness to learn, his sharp and sophisticated
communication naturally persuades teams to exceed goals. He is relentless in selling ideas
or products. Decide with confidence, determination and initiative. Has sense of urgency and
command. Free-spirited and adventurous, he is quick and active. His entrepreneurial style is
characterized by synergy, creativity and ability to take risks.
• Persuasive, versatile and well organized, always working with energy, has coordinated
dozens of projects, events and trainings of R, D & I, applied to IT and IS systems, for
organizations such as: Center of Analysis of Naval Systems (CASNAV), Command of Naval
Operations, Naval War College, Brazilian Navy, Petrobras, ISACA Rio Chapter, Ministry of
Defense, Ministry of Ports, Arcon, FINEP, ESAF, AGU, National Institute of Information
Technology (ITI) - Civil House, and Department of Information and Communications
Security (DSIC) at Brazilian Presidency.
• Academic background as lecturer of undergraduate and postgraduate courses, in institutions
such as: IBMEC-RJ (Executive MBA in Telecommunications and e-Business), PUC-Rio (CCE -
Systems Analysis), and IBPINET (ASIS - Advanced School of Internet Security). Active
writer, researcher and demanded lecturer that has coordinated dozens of projects, courses,
and seminars on IT and IS related area in the Navy, Ministry of Defense and Presidency of
Republic - member bunker of twelve masters viva -, having delivered more than a hundred
lectures at symposia in Brazil and abroad (e.g. US, South Korea, Slovakia, Austria, UK).
• Performs volunteer work since 2006, as founder, Director and former Vice President (VP
from 2015 until 2016) at ISACA – Rio Chapter and since 2012, as Cloud Security Alliance
(CSA) - Brazil Chapter former Director, President and VP (from 2013 to 2018). Leader of
Security Committee of the Brazilian Association of Internet of Things (ABINC, since April,
2017). Has extensive relationships network in IT, IS and information systems audit area,
with public and private professionals of different levels, cultures and nationalities.
• Excellent verbal and written communication skills in Portuguese and English, having lived
two years in England during his Ph.D. course.
• Feb2018-Today – KPMG
Position reached: Partner, Technology Risk Consulting.
Responsibilities: As Partner of Technology Risk Consulting at KPMG, Paulo helps global
clients assess, manage and optimize information technology risk, which aids them
analyze business technology issues and get ahead of emerging tech risks, so their
business can keep moving forward.
Results: Helping clients recognize and responsibly manage the risk and reward from the
adoption of emerging technology, a key driver in enabling business.
• Nov2015-Jan2018 – Deloitte
Position reached: Director, Cyber Risk Services.
Responsibilities: As Director of Cyber Risk Services, from Enterprise Risk Services |
Management Consulting area at Deloitte, Paulo makes use of a Secure, Vigilant &
Resilient approach, which helps global clients get ahead of cyber risk so their business
can keep moving forward.
Results: Security, Vigilance & Resilience strategies tailored to clients’ specific risks.
• Mai2014-Oct2015 – Pagliusi CyberSecurity
Position reached: Founder Partner and CEO.
Responsibilities: provide coaching and consulting in Strategic Cybersecurity for boards,
C-Level executives and managers of large corporations, focused on developing cyber
security strategies and implementation programs tailored to clients’ specific risks.
Results: Improvement of the level of cyber awareness and maturity in large companies
in the financial area (eg. Banco do Brasil), oil and gas (eg. Petrobras), mining (eg.
Vale), investment (eg. BNDES), and insurance (eg. IRB Brazil RE).
In IRB Brasil RE, in particular, held consulting for critical evaluation of IS status and
posture of the newly privatized company, estimating the degree of maturity of cyber
risk management for providing, to Board of Directors and C-Level executives,
recommendations of strategic actions for greater resilience to cyber risks. Although
Pagliusi company is newly launched, its portal registers today 50,000+ hits.
• Mai2012-Abr2014 – Procela Security Intelligence
Position reached: Founder Partner and Director.
Responsibilities: provide advanced IT security to provide, efficiently and proactively,
situational awareness through continuous monitoring systems in decision support and
governance. Result: Patent INPI of innovative and unique products - SIEM
ProcelaUmbra and ProcelaGeo (for monitoring mobile devices). The company has been
sold to a large Brazilian enterprise from information security business.
• Mar2011-Abr2012 – Arcon Managed Security Services
Position reached: Director of R, D & I and Products and Processes Manager.
Responsibilities: Create and maintain a portfolio of products and IS services to boost
sales with high profitability. Quality and compliance business processes with ISO 27000,
ISO 9001, ISO 20000 (ITIL) and COBIT. Result: A Project, including economic support
from FINEP (US$4 mi), called System for mass access, fast and secure broadband IP
networks, was approved.
• Jan2010-Feb2011 – Navy People Pay-Office (PAPEM)
Position reached: Director (CEO) of the military organization, leading 160 employees.
Responsibilities: make the payment of active duty military, retired, pensioners,
amnestied, former combatants and civil servants of the Navy, totaling 190,000 people
in the country and abroad, with annual total of US $ 10 billion. Result: modernizing the
payment system of personnel (in existence for 40 years), replacing it with a safer.
• Oct2008-Dec2009 – Navy Administration Director Office (DAdM)
Position reached: Vice Director (Vice CEO), leading 180 employees.
Responsibilities: oversee the National Program of Excellence in Public Management in
the Navy; coordinate the Administrative, Budget ($ 2.5 billion / year), Patrimonial and
administrative IT Management, and the legal advice of the Force. Result: drafted the
plan for restructuring Supply sector (Logistics, Administration and Finance), aligned to
the National Defense Strategy (now deployed).
• Mar1998-Sep2008 – Center of Analysis of Naval Systems (CASNAV)
Position reached: Head of Department of Systems Engineering (CIO), leading 150
employees. Responsibilities: management coordination of all CASNAV projects, intended
to provide solutions in areas of IT, Operations Research and Cryptology for customers
in the Navy, Ministry of Defense, Brazilian Presidency, Central Bank, ITI, and dozens of
other government agencies. Results: Portfolio management with 40 successful projects
delivered, including the "João-de-Barro" (Ovenbird) Project for systems development,
through national hardware and free software, of the Root Certification Authority (CA) of
the Brazilian PKI (ICP-Brazil). Has founded and headed the Navy Division of
Cryptology. CASNAV obtained ISO 9001 and three National Awards for Public
Management (2004, 2005 and 2007).
• Jan2007-Feb2008 – Navy Spares Warehouse (DepSMRJ)
Position reached: Director (CEO) of the military organization, leading 90 employees.
Responsibilities: accounting, control, store and provide 110,000 distinct parts items -
with book value of $ 3.6 billion - for Navy ships and submarines. Results: Implantation
of a pioneering project, which included the use of the first wireless network approved
by the Navy, with military standard security, for inventory automation and control.
LANGUAGES, COURSES AND ADDITIONAL QUALIFICATIONS
• Certified Information Security Manager (CISM) – ISACA (July2012)
• Lead Auditor in BS (British Standard) 7799 - Det Norske Veritas (DNV - 2004).
• ABNT Certification/ISO standards in Information Security Management ISO/IEC 27002:2005
and 27001:2006 (2006).
• English - Fluent, approved in TOEIC (2018). Has learned Spanish, French and Italian.
• Abroad Experience – Has lived in London for two years (Aug2001 to Nov2003).
• Excellence of Public Management Courses: Assessment Instrument of Public Management
(2008) and Organizational Management Model "Balanced Scorecard" (2003).
• Leader of Security WG of the Brazilian Association of Internet of Things (ABINC), Vice
President of the Cloud Security Aliance (CSA) - Brazil Chapter and Director of ISACA Rio
• 5th Prize "The Cream of Professional Information Security", voted one of the 50 most
influential professionals in IT in the country (Brazil IT Intelligence - 2008).
• Winner of the 8th Competition Innovation in Federal Public Management (MPOG - 2004).
• Award "Personality Brazil 500 Years" (CICESP - 2001)
• Award "Outstanding Professional 500 Years of Brazil" (IBPEC - 2000).
• Medals (Navy), Naval Order of Knight Merit Degree (2010), Tamandaré Merit (2005),
Military Merit with Silver Colander (2002) and Bronze Colander (1992).