Pedro G. Leon

Working Experience
English Español



Working Experience





I am certified as an Information Privacy Professional (CIPP/US) and Information Sytems Security Professional (CISSP).

From June to September 2013 I worked as a research intern in the Technology Policy Group at Microsoft Research, where I performed statistical analysis on survey data to understand contextual determinants of Internet users’ privacy preferences. Final report available here

From May to August 2009 I worked as an intern with SETLabs, Infosys Technologies; where I developed an Information Security Measurement Framework to evaluate the level of security of information systems considering technical, operational and organizational aspects and taking as a reference information security standards and best practices such as ISO-27001:2005, NIST Special Publications on Information Security, Risk Management and Measurement, CMMI, PCI, OWASP Application Security Verification Standard, CVSS, among others.

From 2006 to 2008 I worked in the Audit department of the Central Bank of México. My experience includes the participation in the development of the IT Audit annual plan; planning and execution of risk based audits; implementation of IT audit methodologies based on industry's best practices, and information security standards, such as NIST, Cobit, ISO 17799, ITIL; evaluation of DRP/BCP plans and operational procedures within the bank; and supervision of compliance with internal regulations on IT. In particular, I performed exhaustive audits to diverse processes and IT infrastructure at the Bank including, central bank operations, ERP, the internal communication network, the internet access, Email system, Active Directory, Databases, etc.

From 2003 to 2006 I worked in the Information Technologies department of the Central Bank of México. My experience includes the design, implementation and management of the first converged network at the bank (voice and data), the administration of PBX, telephone accounting and billing systems, voice recording systems, and interactive voice response systems. Management of wireless, LAN and VPN networks. Design and implementation of structured cabling systems and fiber optic for internal data transmissions.