باسم حلمي

Information Security Specialist (January 1, 2014 -Current)
Diyar United Company (Kuwait)
• Execute Network vulnerability assessments, attack and penetration testing and web application
security reviews, network device configuration reviews, OS/DB security reviews.
• Perform network incident investigation.
• Perform computer forensics investigation.
• Perform internal and external vulnerability assessments.
• Perform wireless penetration testing.
• Perform web application and network penetration testing (Black box, Grey box and White box)
• Use of various methodologies used in attack and penetration testing
• Develop and test exploits and scripts (Python / Bash Scripting)


• Perform implementation for Symantec end point security solution, critical system protection and messaging gateway
• Perform project plan and resource assignment for the information security projects
• Prepare detailed review reports with recommendation and advice to the clients on securing the infrastructure as well as web application.
• Present and clearly communicate findings and recommendations to client's senior management,
business stakeholders, security team members, and IT resources.
• Manage task allocation, ensuring quality of the deliverables in line with industry standards and best practices
• Lead and Support the team in updating their skill and knowledge

Information Security Engineer (July 1, 2012 - December 28, 2013)
Raya IT (Egypt)
• Exploit security flaws and vulnerabilities with attack simulations on multiple projects working against specific client focused scopes of work.
• Flow from black box to gray box to white box tests dependent on client needs.
• Test a variety of client form factors and technologies based on scopes of work.
• Solve complex technical problems and articulate to non-IT personnel.
• Perform vulnerability assessments and penetration testing, utilizing tools commercial and open
source tools.
• Perform, review and analyze security vulnerability data to identify applicability and false
positives.
• Research and develop testing tools, techniques, and process improvements.
• Write technical reports that include suggested resolution for identified problem areas and perform operational risk assessment.
• Support company through the testing and evaluation of new technologies and security controls.
• Perform other information security related duties as assigned upon work location or assignment.

Information Security Engineer (January 1, 2012- June 30, 2013)
Raya Datacenter (Egypt)
• Penetration Testing for Raya Holding and RAYA Datacenter.
• Web application security assessment and penetration testing.
• Security administration for Infrastructure and network services.
• Investigation and incident handling under supervision of the information security manager.
• Assistant Auditor in RAYA ISO 27001 Certificate under the supervision of the information security
manager.
• Change management coordinator.
• Perform other information security related duties as assigned.
• Hardening Raya Datacenter and keeping it Secure and available 24/7.

Information Security and Internet safety focal point of Egypt (September 1, 2010- December 30, 2011)
Microsoft (Egypt)
Internship at Microsoft Egypt in CSR department.