Global Project Leader, SOC - Security Operations Center Framework
OWASP, USA
Total years of experience :25 years, 7 Months
• Development of SOC - Security Operations Centre Framework
• To develop SOC's Strategy and Design; Setting up, Operate, Manage, Govern, Improve and Innovate SOC.
• Strategy selecting Models such as Centralized, Distributed, Collaborative, Constituency, Managed and Hybrid
• Process Flow e.g.:
◦ Monitoring: Identification, Consolidation, Correlation, Aggregation, Alerting and Retention
◦ Incident management: Detection, Analysis, Prioritization, Response, Containment, Eradication, Recovery, Forensic Investigation and Learning
◦ Threat Intelligence: Intelligence collection, Vulnerability management and Threat hunting
◦ Quality Assurance: Optimization, Tuning, Maintenance & Metrics
• People, Skills, Roles & Responsibilities: Tier 1, 2 and 3 Analysts
A Qatar Petroleum company
• Conducted Enterprise/ C-Level Cyber Security and Disaster Recovery Exercises
• Cyber/ ICS Security Governance, Risk & Compliance (GRC), KPI’s and Strategy
• Development, Implementation, Automation of Policies & Procedures as per ISO27001, 2 &5, ISA 99, IEC 62443, GDPR, NIST, SANS, NIAP, Qatar National ICS Security
• Vulnerability Scanning, WAF, Anomaly detection, Next Gen Firewall, MDM, NAC
• Project Manager SIEM/ SOC Implementation
• Security of Databases, OS, Networks (incl. Segregation), private Cloud
• Security & Audit of ERPs (including GRC, SOD - Segregation of Duties)
• Coordination and implementation of recommendations from external & internal (outsourced) Auditors;
• Implementation & maintenance of Business Continuity & Disaster Recovery Plan (as per ISO22301),
• Conducting periodic security Audits, reviews, Penetration Testing, user awareness Trainings, Anti-Phishing
• Management & Reporting of IT Security KPIs Metrics in terms of Vulnerabilities, Availability, Integrity and Incidents
• Zero/ No security breach or malware spread since I joined.
• Saving Millions by collaborating with CSC, Ministry of Interior for MSS including SOC/ SIEM, Vulnerability Scanning, Honey Pot etc.
Pioneer Chain of Shopping Malls & Hypermarkets in UAE
• IT & Security KPIs are Excellent (A) since Five years, No security breach since I joined
• Saved Millions of Dirhams by collaborating with aeCERT for MSS including SOC, SIEM LogRhythm
• Responsibilities include overall management of enterprise wide Information & Cyber Security Governance, Risk & Compliance (GRC) Strategy
• Developing, Implementation, Automation of Policies & Procedures in BMC Remedy Service Desk Solution (Implementation Project Manager) as per ISO27001, 2 &5 and PCI-DSS, NIFT, NESA & SANS
• Tools & Technologies: Palo Alto, LogRhythm, F5, Fortinet, Aruba, Malware Bytes, Trend Micro, Juniper
• Security of Databases, OS, Networks, private Cloud, Mobile Apps, E-Commerce, Payment Cards
• Security & Audit of ERPs Oracle JD Edwards & MS Dynamics Navion (including SOD - Segregation of Duties)
• Coordination with external & internal (outsourced) Auditors (PWC, Deloitte & KPMG)
• Implementation & maintenance of Business Continuity & Disaster Recovery Plan (BS25999)
• Conducting periodic security Audits, reviews, Penetration Testing, user awareness Trainings, Anti-Phishing
• Management & Reporting of IT Department’s KPIs Metrics in terms of Availability, Integrity and Incidents
Switzerland based Consulting Firm
Developed & Implemented Information Security Management System Policies & Procedures as per ISO27001, 2 and PCI-DSS for clients incl. ERPs, Apps SODs, DBs, OS, Network, Datacenter, coordinated with external & internal Auditors (KPMG & Deloitte); conducted periodic security Audits, reviews, Vulnerability Assessments, Penetration Testing, user awareness Trainings, Management & Reporting of IT & IT Security Governance Architecture incl. KPIs
One of worldwide Big 4 Audit and Consulting firms.
IT/IS Statutory, Security & Forensic Audits as per COBIT, SOX, PCI-DSS & ISO27000; for systems & ERPs like SAP R/3, SAP B1, Oracle Financials, BPCS, Teminos T24 etc.; Databases Oracle, MS SQL Server, DB2, Informix, MySQL; Platforms including Unix, IBM, AIX, AS400, Solaris, Linux & Windows; Network & Security appliances like Cisco, Juniper, Checkpoint, Symantec, RSA etc.; Vulnerability Assessments, Penetration Testing, Policies & Procedures development, Implementation & Risk Assessment against ISO 27001 - Information Security Management System (ISMS), BS 25999 - Business Continuity Management, Disaster Recovery, COBIT, SOX and ISO 20000 - ITSM based on ITIL; at world's leading Telecommunication Operators, Banks and IT Companies; Interacted with the prospective clients to discover new business opportunities and prepared business proposals.
NASDAQ USA & Dubai listed, ISO 27001 certified & CMMI 5 Company.
Policies & Procedures development, Implementation & Risk Assessment related to IT Security, Business Continuity and Disaster Recovery against ISO-27001 - Information Security Management System (ISMS), ISO-20000 - IT Service Management (based on ITIL), OCTAVE, Vulnerability Assessment and Penetration Testing at different clients including IT companies and leading Banks of Pakistan and UAE. Interacted with the prospective clients to discover new business opportunities and prepared business proposals.
Researched and Developed Regulations, Policies, Procedures, Guidelines and Standards of Information Security (IS) & IS Audit for Certification Authorities/Public Key Infrastructures (PKI); Participated in development of Prevention of Electronic Crime Law and Electronic Data Protection Law of Pakistan
Taught Subjects of “E-Commerce Application Development” (J2EE), “Mobile E-Commerce” (J2ME, WML Script etc.) and “E-Supply Chain Management” using Enterprise Resources Planning (ERP) SAP R/3.
Developed, Deployed and Audited numerous Systems including Medical Transcription, Management Information Systems, Financial Accounting, Inventory, Lease, Tax, Members Management & Student Information Management Systems, etc. Tools, Technologies and Platforms includes: Microsoft Visual Studio, Microsoft SQL Server, Crystal Reports, Java, Oracle, php, MySQL, Microsoft Windows Servers, Novel Netware and Linux.
Technical Syllabus Includes: CCNA, CCNP, MCSE, RHCT, OCP-DBA, SJCP (J2SE, J2EE, J2ME) Record Holder Gold Medalist Scholarship Holder Vice President - Event Management Society Welcome Speaker - Orientation Seminar