SENIOR INFORMATION SECURITY AND RISK CONSULTANT
SAMA
Total years of experience :12 years, 6 Months
Best Learning Experience: in August 2012, I engaged with the IR team in the forensic investigation and services restoration of the biggest cyber attack in cyber history that hit Aramco.
Evaluating and enhancing the security of perimeter network devices such as BGP and VSAT gateways
Evaluating existing IT security solutions for identifying gaps and proposing new security technologies
Performing vulnerability assessment and configuration compliance assurance for network devices
Performing technical security reviews for network protocols and services: RADIUS, EAP variants, 802.1x, CCMP, DNS, DHCP, OSPF, BGP
Advising and assisting various IT departments in projects related to information security (e.g. SCADA)
Revising and improving existing security standards, polices, procedures, guidelines and baselines
Defining and testing technical security requirements for Wi-Fi and VoIP infrastructure
Participating in security awareness programs and educational efforts
Investigating security incidents as a tier-three analyst
Updating and upgrading security systems as needed
Conducting IT risk assessment for the ministry headquarter and branches
Revising existing policies, procedures, standards, baselines and guidelines
Designing and building an Information Security Awareness Program based on the ministry's policies and requirements
Overseeing policies and procedures regarding the security of information assets
Overseeing identity and access management
Briefing executives on status and risks
Identifying goals and objectives for the ministry's IT security
Creating IT security units with specific responsibilities to implement the SoD model
Leading the design of a new DMZ for hosting servers that provide Internet-facing services
Making sure that vulnerabilities and compliance issues are addressed in accordance with its risk rates
Leading the implementation of disaster recovery, business continuity and ISO 27001 projects
Leading the implementation of security best practices
Activating and configuring non-utilized, existent security features and technologies to increase the security level and reduce the annual spending
Installing network appliances such as switches, routers, PIX firewalls and Novell devices
Configuring, maintaining and troubleshooting server farms and network platforms
Working as a system analyst and a programmer
Assisting in technical writings and revisions
Master of Science in Computer, Information and Network Security, GPA: 3.923 out 4 DePaul University, Chicago, IL, Graduation with Distinction: July 2009 Graduation: Securing all OSI layers of a virtual IT data center by applying IT security standards Intensive English Program
DePaul University, English Language Academy, Chicago, IL, June 2006 - December 2007
Taibah University, Medina, Graduation: August 2005 Graduation: In-depth Studying of cryptographic algorithms and coding an AES program. Bachelor of Science in Computer Science, GPA: 3.87 out 5