Curriculum Vitae of Dr. Paul Pagliusi. Describes the career, including training, main titles, occupations, positions and deliveries made.

1. Paulo Pagliusi
LinkedIn: http://br.linkedin.com/in/paulopagliusi
Page: www.pagliusi.com.br
ACADEMIC EDUCATION
• Ph.D. in Information Security. Royal Holloway, University of London, completed in 2008.
• Master in Computer Science. UNICAMP, concluded in 1998.
• Postgraduate (Specialization) in Systems Analysis. PUC-Rio, concluded in 1989.
• Graduated in Systems Administration. Naval Academy, completed in 1985.
SUMMARY OF QUALIFICATIONS
• Doctor in Information Security and CIO of Apex-Brasil, Paulo Pagliusi is considered one of the most
renowned consultants in the country in strategic management of innovation & technological risk, an
area in which he has been working for over 25 years, helping global clients to analyze technology
problems & disruptive innovation in their information environments and overcome emerging
technology risks to keep business moving forward. He is one of the most requested speakers today,
having presented at more than 200 events in Brazil and abroad, and given more than 100 interviews
to national and foreign media.
• 30 years of professional experience in defense and private sector organizations, holding executive
positions, working in IT Governance, Implementation of Excellence & Innovation Programs in
Management, Information Security (IS) and Cyber Defense. He has been a leader, coordinator and
consultant on projects in the areas of: disruptive innovation, risk management and IT auditing,
information security governance, strategy and risk management of emerging technologies (IoT,
cloud, cognitive systems, blockchain), cryptography, privacy & data protection, cyber situational
awareness for Boards & Audit Committees, resilience of information systems and Internet fraud.
• He has carried out voluntary work since 2006, as founder, Board member, Vice-President and,
currently, Director of the international professional association ISACA (Association of Audit and
Controls of Information Systems) – Rio de Janeiro Chapter. From 2012 to 2018, he served on the
board of CSABR (Cloud Security Alliance) and was elected President of the Brazil Chapter in 2013.
Member since 2017 of the Security Committee of ABINC (Brazilian Association of Internet of Things)
and since 2014 of the Group of Interest in Science, Technology, Engineering, Mathematics and
Innovation (CTEMI) of the Clube Naval. It has an extensive network of interpersonal relationships
focused on IT, IS, innovation, governance and systems auditing, with professionals from different
levels, cultures and nationalities.
• Experienced leader, with a keen strategic vision, retired Captain of the Brazilian Navy, commanded 2
military organizations. With the ability to innovate, work as a team and willingness to learn, his
sharp and sophisticated communication naturally persuades teams to exceed goals. Decide with self-
confidence, firmness and initiative. Has a sense of urgency and command. His entrepreneurial style
is characterized by synergy, creativity and the ability to take risks.
• Persuasive, versatile and organized, he was manager and coordinator (Program Manager) of dozens
of projects, events and successful trainings in Research, Development & Innovation (R, D & I)
applied to innovation & IT environments, for organizations such as such as: KPMG, Deloitte,
Brazilian Navy, Petrobras, Eletrobras, Vale, Ministry of Defense, Banco do Brasil, Bradesco, Deutsche
Bank, Apex-Brasil, Atech, Accenture, Alpargatas, NEC (Arcon) Managed Security Services, Mercedes
Benz , IRB Brasil RE, FAPES-BNDES, FINEP, ESAF, AGU, ITI-Casa Civil and DSIC-GSI-Presidency.
• Academic experience as an undergraduate and graduate professor at institutions such as: IBMEC-RJ
(Executive MBA in Telecommunications and e-Business), PUC-Rio (CCE – Graduate in Systems
Analysis), IBPINET (ASIS - Advanced School of Internet Security). An active columnist, researcher
and active and requested lecturer, he was an external member of 12 Master's committees and gave
two hundred lectures at symposiums in Brazil and abroad.
• Excellent verbal and written communication skills, in Portuguese and English, having lived in the UK
for two years and three months (Naval Attaché – Embassy of Brazil in London).

2. 13Aug20 23
2
PROFESSIONAL EXPERIENCE
• Oct2020- Jan2023 – Apex-Brasil
Position achieved: CIO (Chief Information Technology Officer) and DPO (Data Protection Officer).
Responsibilities: Provide and maintain technological solutions in support of Apex - Brasil 's business
and management models, in an innovative and secure manner, contributing to achieving the
Agency's strategic objectives. Results: The new ICT Service Center was implemented, based on the
ITIL and COBIT frameworks. Restructuring of the ICT team, with the support of outsourced services
and cloud solutions, quadrupling the delivery of ICT projects at Apex-Brasil, with increased user
support, project management, and disruptive automation of ICT processes in support of decision-
making and greater transparency. Consolidation of the control and support structure for matters
related to the protection of personal data. Elevation of the level of visibility, control and protection
of information, with the implementation of services for Identity Management, Privileged Access
Management, Advanced Threat Protection, Detection and Response to incidents at endpoints and
multi-factor authentication. The delivery of these results was possible with the support of Gartner's
objective and relevant insights, whose contract was renewed and expanded to other areas.
• Feb 2018-Sep 2020 – KPMG
Position held: Partner at Tecnology Risk Consulting| Leader of the Government & Infrastructure
sector. Responsibilities: Risk and compliance management in IT & disruptive innovation
environments, through sound advice to help ensure emerging technology risks are managed.
Develop appropriate IT strategy in support of business objectives. Meeting regulatory, compliance
and innovation needs, identifying and controlling risks embedded in business systems. Risk
management and IT & innovation controls, evaluating process and technology aspects with
innovation recommendations to optimize efficiency. Results: Achieved the goal of innovating,
attracting business and applying knowledge by working on risk management projects in innovation
& technology. Activation, at KPMG Brasil, of the Defense and National Security (DNS) consulting
segment.
• Nov 2015-Jan 2018 – Deloitte
Position held: Director of Cyber Risk Services at the firm's Risk Advisory consultancy.
Responsibilities: As Director of Cyber Risk Services at Deloitte, he leveraged a Secure, Vigilant, and
Resilient approach that helped global clients overcome cyber risk to keep their businesses moving
forward. Results: Generating eminence and attracting business, in addition to applying knowledge
through work on Disruptive Innovation projects, Information Security Governance, IT Risk
Management and Auditing, Cyber Risk Strategy and Management, Privacy and Data Protection
Data, Cyber Risks Awareness for Leaders (Boards & C-Level) and Information Systems Resilience.
• May2014-Oct2015 – Pagliusi Cybersecurity
Position held: Founding Partner and CEO.
Responsibilities: Coaching and consulting on Strategic Cybersecurity for C-Level and Boards.
Results: Participation in the project to restructure the cybersecurity of the company IRB-Brasil RE,
upon its privatization, creating a security nucleus to adapt it to comply with the standards,
regulations and information security requirements of publicly traded companies, preparing IRB
successfully for the IPO. Participation in awareness campaigns for leaders in information security for
large companies, such as: Vale, Petrobras, Banco do Brasil, FAPES-BNDES, SENAC, Ambev,
Bradesco, Sulamerica. The portal (www.pagliusi.com.br ) registers more than 233,000 accesses.
• May 2012-Apr 2013 – Procela Intelligence in Security
Position reached: Founding Partner and CEO.
Responsibilities: defense consulting and strategic cyber intelligence, as well as innovation
development projects to provide advanced IT security solutions to efficiently and proactively
provide situational awareness through expert continuous monitoring systems in decision support

3. 13Aug20 23
3
and governance. Results: Approval, by FINEP, of projects for innovative and unique products, with
the company being sold to Grupo Modulo Security Solutions.
• Jan2013-Oct2013 – Ezute Foundation
Position achieved: Defense Systems Engineering Project Consultant.
Responsibilities : Provision of specialized professional services, in the area of Systems Engineering
and Project Management, within a System of Systems approach (SdS), during the pre-development
phase of the Blue Amazon Management System Program (SisGAAz) of the Brazilian Navy (MB).
Results : delivery, to MB, of a Request for Proposal (RFP) model, of the Management and Technical
Plans for Project Management and Integration, revised based on the redefinition of the Functional
Entities of SisGAAz, and the Feasibility Analysis of the SisGAAz Program, estimated at R$10 billion,
according to the Presentation Manual for the Feasibility Study of Large Scale Projects for the
Defense Area.
• Aug 2012-Nov 2012 – Embraer – Atech
Position achieved: Consultant in Information Security and Cybernetic Defense. Responsibilities:
Provision of specialized professional services, in the area of Information Security and within an SdS
approach, during the requirements survey phases (specification and analysis) and initial
architecture design (conception and creation) related to security and cybernetic defense from MB's
SisGAAz. Result: delivery, to the Brazilian Navy, of the cybersecurity requirements of the SisGAAz
Program, raised in accordance with the good practices recommended by the main national and
international standards, regulations and norms.
• Mar2011-May2012 – NEC (formerly Arcon) Managed Security Services
Position held: Director of Research, Development & Innovation and Manager of Products and
Processes. Responsibilities: Create and maintain a portfolio of IS products and services to drive
sales with high profitability based on a TIER III datacenter. Quality and compliance of company
processes with ISO 27000, ISO 9001, ISO 20000 (ITIL) AND COBIT standards. Result: obtained
approval of the economic subsidy Project with FINEP, of R$11 million, called System for mass, fast
and secure access to broadband IP networks.
• Jan 2010-Feb 2011 – Navy Personnel Payment (PAPEM)
Position achieved: Director (CEO) of the military organization, leading 160 employees.
Responsibilities: pay active and inactive military personnel, pensioners, amnesty recipients, ex-
combatants and Navy civil servants, totaling 190,000 people in the country and abroad, with an
annual total of R$16 billion. Result: continuation of the modernization of the personnel payment
system (in existence for 40 years), replacing it with a more secure one (implemented).
• Oct2008-Dec2009 – Navy Administration Board (DAdM)
Position reached: Deputy Director (Vice CEO) of the organization, leading 180 employees.
Responsibilities: supervising the Navy's Public Management Excellence Program, coordinating
Administrative, Budgetary (R$2.4 billion/year), Patrimonial and Electronic Document Flow
Management, in addition to providing legal assistance to the Force. Result: prepared the
restructuring plan for the Intendance Sector (Logistics, Administrative and Financial) of the Brazilian
Navy, aligned with the National Defense Strategy (implemented).
• Mar 1998-Sep 2008 – Naval Systems Analysis Center
Position achieved: Head of Systems Engineering Department, leading 200 employees.
Responsibilities : Program Manager of all CASNAV projects, aimed at providing innovative solutions
in the areas of IT, Operational Research and Cryptology for clients from the Navy, Ministry of
Defense, Ports and the Presidency of the Brazilian Republic. Results: Portfolio management with 40
pioneering and successful innovation projects, including “João-de-Barro” Programme, for the
development, via national hardware and free software, of the root AC systems of ICP-Brasil.
Founded and headed the Navy's Cryptology Division. At CASNAV, he has obtained ISO 9001
certification and three National Public Management Awards (2004, 2005 and 2007).

4. 13Aug20 23
4
LANGUAGES, COURSES AND ADDITIONAL QUALIFICATIONS
• English – Fluent, approved in the TOEFL (2000) and TOEIC (2017) exams. Spanish, French, German
and Italian courses.
• Experience abroad – Lived in London for 2 years and 3 months (Aug 2001 to Nov 2003).
• CISM certification (Certified Information Security Manager), issued by ISACA (2012).
• ABNT/ISO certification in Information Security Management standards ISO/IEC 27002:2005 and
27001:2006 (2006).
• Lead Auditor in BS (British Standard) 7799 - Det Norske Veritas (DNV - 2004) - ISO 27001.
• Management Excellence Courses: Public Management Assessment Instrument (2008) and
Organizational Management Model “Balanced Scorecard” (2003).
ADDITIONAL INFORMATION
• Author of the book: Internet Authentication for Remote Access - Authentication Solutions for
Internet Remote Access Networks Aiming Ubiquitous Mobility. Scholar's Press, Saarbrücken,
Germany, 2013 – ISBN 978-3639516869.
• From 2013, Paulo Pagliusi gained greater national and international visibility, after granting
interviews about state cyber espionage, in media such as “Fantástico” and newspapers “O Globo”,
“Estadão” and “Valor Econômico”, in addition to several radio stations, National and foreign TVs and
newspapers, such as the “New York Times”, “TV France 24”, “CBC News”, Swedish National Radio
and “The Asahi Shimbun”.
• Reference for the Brazilian government as an expert in the Snowden case, during the public
hearings of the Parliamentary Commission of Inquiry of the Federal Senate created to investigate US
espionage. He is one of the mentors of the Cyber Manifesto, which aims to encourage support and
create a shared vision to protect Brazil from cyber attacks.
• 5th “The Cream of Information Security Professionals” Award, elected one of the 50 most influential
IT professionals in the country (TI Brasil Intelligence - 2008).
• Winner of the 8th Innovation in Federal Public Management Competition (MPOG - 2004). “Brazilian
Personality of the 500 Years” Award, from the Cultural and Business Integration Center of São Paulo
(CICESP - 2001). “Professional Outstanding 500 Years of Brazil” award, from the Brazilian Institute
of Cultural Research and Statistics (IBPEC - 2000).
• Medals (Brazilian Navy): Order of Naval Merit Knight Degree (2010), Tamandaré Merit (2005),
Military Merit with Silver Pass (2002) and Bronze Pass (1992).
• Paulo Pagliusi has his name mentioned in the IT governance frameworks COBIT (Control Objectives
for Information and related Technology) 4.1 and COBIT 5, in RFC (Request for Comments) nº 5106
(2008), of the Internet Engineering Task Force (IETF) and in Study by the Organization for Economic
Co-operation and Development (OECD), entitled OECD (2020), On the Way to the Digital Era in
Brazil, OECD Publishing, Paris, ISBN 978-92-64-86547-1.