Erick Bartolomeu Urbano Sotelo

Information Security & Systems Audit Specialist

Praia, CV.

About

Highly accomplished Information Security and Systems Audit Specialist with over a decade of experience in critical infrastructure management, PKI, and DNSSEC. Proven track record in leading internal audits, ensuring regulatory compliance, and driving the successful attainment of industry-recognized certifications like WebTrust. Expert in optimizing IT operations, enhancing cybersecurity posture, and implementing robust data management solutions across diverse technical environments.

Work

ECR-CV (Root Certification Authority of Cabo Verde)

Systems Auditor, Internal Auditor

Praia, Cabo Verde, Cabo Verde

Jan 2020

→

Present

Summary

Led comprehensive system audits and managed critical PKI components to ensure regulatory compliance and operational integrity for the national Root Certification Authority.

Highlights

Managed Data Center operations, verifying physical and logical controls to ensure robust security and continuous availability.

Planned and executed internal audits, establishing clear chains of custody for evidence and conducting thorough log analysis to identify and mitigate risks.

Oversaw the security of sensitive Hardware Security Module (HSM) artifacts, managed PKI ceremonies, and ensured the integrity of CRL/OCSP and CP/CPS processes.

Played a direct, pivotal role in the successful attainment of the WebTrust seal for ECR-CV, significantly enhancing organizational credibility and trust.

ARME (Regulatory Agency for Communications and Economic Regulation)

IT Technician; Systems Administrator

Praia, Cabo Verde, Cabo Verde

Sep 2018

→

Jan 2020

Summary

Spearheaded the technical management of the .CV DNSSEC infrastructure and administered diverse IT systems, ensuring high availability and robust security for critical national services.

Highlights

Acted as Technical Lead for .CV DNSSEC, designing signature architecture, managing KSK/ZSK & rollovers, publishing DS records, overseeing ceremonies, and conducting continuous monitoring and integrity testing.

Conducted internal IT system audits, preparing detailed reports and implementing follow-up actions to address identified vulnerabilities and enhance security posture.

Administered a wide array of systems including Active Directory, DNS, DHCP, Linux/Windows servers, web servers (IIS/Apache/Nginx), and databases (SQL Server, MySQL/PostgreSQL/Oracle).

Managed virtualized environments (VMware/Proxmox/LXC), storage solutions, disaster recovery, system hardening, vulnerability management, and SSL certificate lifecycles.

Integrated regulatory information systems (siras.cv, sgir.cv), provided critical support for codigopostal.cv, developed Power BI dashboards, and automated operational tasks.

ARE (Regulatory Agency for Communications and Economic Regulation)

Technician, Information Systems Unit

Praia, Cabo Verde, Cabo Verde

Sep 2011

→

Sep 2018

Summary

Designed and implemented information systems while managing IT infrastructure and projects to support the regulatory agency's operational objectives.

Highlights

Designed and implemented various information systems, improving data processing efficiency and accessibility for internal stakeholders.

Administered critical IT infrastructure, ensuring system stability and performance for regulatory operations and minimizing downtime.

Managed and contributed to multiple IT projects, delivering solutions on time and within scope to meet organizational needs and strategic goals.

Oversaw information management processes, ensuring data integrity, security, and compliance with internal policies and standards.

Universidade do Mindelo

Lecturer

Mindelo, Cabo Verde, Cabo Verde

Mar 2010

→

Aug 2011

Summary

Instructed students on fundamental computer science topics, including computer architecture and operating systems, at the university level.

Highlights

Taught comprehensive courses in Computer Architecture and Operating Systems, preparing students for advanced technical roles.

Developed and delivered engaging curriculum, fostering a strong understanding of core IT principles among students.

COPA, SA

IT Technician

Praia, Cabo Verde, Cabo Verde

Jul 2010

→

Jun 2011

Summary

Provided technical support for network infrastructure and managed ERP PRIMAVERA systems to ensure business continuity.

Highlights

Managed network configurations and provided comprehensive support for ERP PRIMAVERA, ensuring seamless business operations.

Maintained network integrity and connectivity, troubleshooting issues to minimize downtime and enhance user productivity.

CVWIFI

IT Technician / Linux Systems Administrator

Praia, Cabo Verde, Cabo Verde

Nov 2008

→

Jun 2010

Summary

Maintained computer and network systems, including Linux servers and network devices, to ensure reliable IT operations for CVWIFI.

Highlights

Performed maintenance on computer systems and networks, resolving technical issues and ensuring continuous operation for all users.

Administered Linux servers and network devices, optimizing performance and ensuring system security and availability.

Education

Universidade de Cabo Verde (Uni-CV)

Praia, Cabo Verde, Cabo Verde

Sep 2022

→

Present

Postgraduate

Information Security

Courses

Cryptography

Fundamentals

Secure Software

Secure Infrastructures

Security Audit and Law

Universidade Jean Piaget (Uni-Piaget)

Praia, Cabo Verde, Cabo Verde

Oct 2021

→

Sep 2022

Postgraduate

Systems and Informatics Engineering

Courses

E-business Technologies

Data Warehouse

Database Technologies

Mobile and Ubiquitous Computing

Project Management

Web Applications

Data Mining

Testing/Quality

IT Management

Universidade do Mindelo

Mindelo, Cabo Verde, Cabo Verde

Sep 2003

→

Sep 2009

Bachelor

Management Informatics

Courses

Systems

Projects

Application Development

Distributed Systems

Linux/Microsoft Networks

Databases

Languages

Spanish (Native)

Portuguese (Fluent - C2)

English (Advanced - B2)

French (Intermediate - B1)

Certificates

DNSSEC

Jan 2021

Issued By

ITU

Risk Management and Incident Response

Jan 2021

Issued By

Luxemburg House of Security (KISA)

Power BI - Level II

Jan 2021

PRIMAVERA Academy (Installation/Platform, Logistics, Treasury, Finance, HR, POE, Usage/Accounting and Fiscal)

Jan 2016

Issued By

PRIMAVERA Academy

Skills

Information Security & Audit

System Auditing, PKI, Cryptography, HSM, WebTrust, ISO 27001/27002, COBIT, ITIL, Vulnerability Management, Security Hardening, Incident Response, CISA (Knowledge), CISM (Knowledge), Accreditation Audits, Chain of Custody.

Networking & DNS

DNSSEC, DNS, BIND, Knot, KSK/ZSK, DHCP, Active Directory, Network Administration, DNS Monitoring, DNS Validation.

Operating Systems & Virtualization

Linux (Ubuntu, AlmaLinux, Rocky Linux), Windows Server, VMware, Proxmox, LXC, Virtualization.

Databases & Web Servers

SQL Server, MySQL, PostgreSQL, MariaDB, Oracle (Concepts), IIS, Apache, Nginx.

Data & Business Intelligence

Power BI, Data Engineering, Data Warehouse, Data Mining.

Tools & Methodologies

Scripting, Automation, Docker (Concepts), Agile Methodologies, Project Management, Documentation, Systematic Audit Evidence.