Professional Profile: Mr. Acosta is a Senior Cybersecurity Consultant with more than 15 years of experience, working in both South America and Europe in projects with several IBEX 35 companies (Spanish Exchange Index), banks, telecommunication companies, and largest payment card processors. His information security background includes consultancy and audit, training, implementation of security technologies and design, policy development, among others. David currently belongs to Colombian Army Reserve Forces (Professional Reserve) as a Lieutenant.

In 2008, he started to work with Spanish security company Internet Security Auditors, acting as Senior Security Consultant and Project Manager. This role includes vulnerability testing and assessment, security configuration analysis, PCI DSS and P2PE implementation, assessment, and audits, ISO/IEC 27001:2013 implantation, security management and operations, compliance projects related with LOPD (Spanish personal information protection act), security governance, security policies and procedures development and system analysis as well as security training (Authorized (ISC)²  and EC-Council Instructor).

Mr. Acosta is the founder and contributing author of PCI Hispano (, a specialized community portal in Spanish language covering Q&A of PCI SSC standards. He has written a lot of security articles in main Spanish information security magazines and ISACA journal, along with a pair of vulnerability advisories.

Education and Credentials:

  • A BS in Computer Engineering, District University of Bogotá (Colombia)
  • A MS in Information Security, La Salle – Ramón Llull University Campus Barcelona (Spain)
  • A MS in Project Management, La Salle’s Business & Engineering School of the Universitat Ramon Llull (Spain)
  • The Certified Information Systems Security Professional (CISSP), (ISC)²
  • The Certified Information Security Manager (CISM), ISACA
  • The Certified Information Systems Auditor (CISA), ISACA
  • The Certified in Risk and Information Systems Control (CRISC), ISACA
  • The PCI Qualified Security Assessor (PCI DSS and P2PE QSA), PCI SSC
  • The Business Continuity Management Standard Lead Auditor (BS25999), BSI
  • The Certified Network Associate – Security (CCNA Security), Cisco Systems
  • The Computer Hacking Forensic Investigator (CHFI – CHFI Trainer), EC-Council
  • The Certified Ethical Hacker (CEH), EC-Council
  • The OSSTMM Professional Security Tester Accredited Certification (OPST), ISECOM