Open to opportunities

Cesar Diaz

@cesardiaz

Message

I deliver strategic cybersecurity leadership across offensive security, GRC, and data-driven vulnerability management.

Dominican Republic

Message

What I'm looking for

I’m looking for a cybersecurity role where I can lead offensive security and vulnerability management with strong GRC alignment, collaborate with incident response teams, and keep building data-driven and AI-informed security strategies.

Right now, I serve as an Offensive Security Coordinator at Promerica Bank, where I lead offensive security strategies to strengthen the organization’s cybersecurity posture. I coordinate targeted penetration tests on critical banking infrastructure and oversee the vulnerability management lifecycle with alignment to OWASP, NIST, and MITRE ATT&CK. I also integrate vulnerability management tracking and penetration testing findings into custom PowerBI dashboards, giving executive leadership enhanced visibility and data-driven decision-making.

Previously, as Manager of IT Security and Monitoring at the Ministry of Environment and Natural Resources (MMARN), I led and mentored a dedicated IT Security and Monitoring team of 3 professionals. I designed, implemented, and maintained robust security processes tied to strategic cyber risk management goals, and I organized comprehensive cybersecurity awareness and training campaigns to reduce human-centric security risks across staff. I focused on continuous improvement in cybersecurity and information security processes.

At the National Cybersecurity Center DR (CNCS), I worked as a Cybersecurity Operations Analyst within CSIRT-RD, supporting high-impact incident response across multiple state institutions. I developed a specialized self-assessment platform based on the NIST CSF framework to benchmark and improve security posture, and I performed cyber threat intelligence analysis and continuous monitoring to identify and neutralize emerging risks at a national scale. I also authored technical reports, security alerts, and best practice guides, and contributed to vulnerability assessments and penetration tests.

Earlier in my career as a Jr. Cybersecurity Audit Consultant in the Red Team Audit Department at Devel Group, I conducted vulnerability analysis and penetration test audits and delivered actionable reports to stakeholders. I’ve built my foundation through hands-on security auditing (including Wi-Fi network security audits and PCI DSS controls), incident response support, and technical reporting. I bring a forward-looking approach—combining certified offensive capabilities (e.g., Burp Suite) with strong operational security thinking, and an interest in incorporating AI and data analytics into cybersecurity strategies.

Experience

Work history, roles, and key accomplishments

Current

Offensive Security Coordinator

Current

Promerica Bank (Dominican Rep.)

Oct 2024 - Present (1 year 8 months)

Led offensive security strategy to strengthen the bank’s cybersecurity posture. Designed and integrated Power BI dashboards for vulnerability management tracking and penetration testing findings, and coordinated targeted testing and the vulnerability management lifecycle aligned to OWASP, NIST, and MITRE ATT&CK.

Offensive Security Red Team Operations Penetration Testing Vulnerability Management Power BI OWASP NIST CSF Incident Response Digital Forensics

IT Security & Monitoring Manager

Ministry of Environment and Natural Resources (MMARN)

Dec 2023 - Oct 2024 (10 months)

Managed and mentored an IT Security and Monitoring team of 3, driving continuous improvement in security operations. Designed and executed cyber risk management strategies and cybersecurity awareness training campaigns that reduced human-centric security risks among staff.

Security Operations IT Security Management Cyber Risk Management Security Processes Security Awareness Team Leadership Continuous Improvement Information Security Governance

Cybersecurity Operations Analyst

National Cybersecurity Center DR (CNCS)

Sep 2022 - Dec 2023 (1 year 3 months)

Developed and implemented a self-assessment platform using the NIST CSF framework to benchmark and improve government cybersecurity posture. Supported incident response for high-impact events, performed threat intelligence and continuous monitoring at national scale, and authored technical reports, alerts, and best-practice guides.

NIST CSF Cyber Threat Intelligence Incident Response Monitoring Security Assessments Technical Reporting Penetration Testing CSIRT Operation

Jr. Cybersecurity Audit Consultant

Devel Group

Apr 2021 - Sep 2022 (1 year 5 months)

Conducted vulnerability analysis and penetration test audits and delivered actionable reports with remediation recommendations to stakeholders. Supported phishing simulations and performed Wi-Fi security audits, system hardening reviews, and PCI DSS control evaluations.

Penetration Testing Vulnerability Analysis Security Auditing System Hardening PCI DSS