Bayt.com
Mohammad Sarhan, Information Security Manager

Mohammad Sarhan

Information Security Manager

General Authority of Civil Aviation

Location
Saudi Arabia
Education
Master's degree, information Security
Experience
23 years, 2 Months

Share My Profile

Block User


Work Experience

Total years of experience :23 years, 2 Months

Information Security Manager at General Authority of Civil Aviation
  • Saudi Arabia - Jeddah
  • My current job since October 2010

Establish Information Security Department at General Authority of Civil Aviation in 2010.
Manage Information Security Department (Governance, Access Control, Security Operation Center)
Manage Information Security Projects.
Develop and implement information security policy and procedure based on (ISO 27001)
Develop Risk Management Methodology and conduct Risk Assessment and Mitigation process
Develop Business Continuity and Incident Management Framework
Implement spam filtering (Cisco IronPort) and Network Admission Control.
Conduct Security Awareness for GACA Employees
Restructure DMZ and implement Cisco Firewall and IPS (Internet, WAN, VPN, and Internal Firewalls).
Implement database monitoring (Guardium) and Web Application Firewall (F5)
Conduct Penetration testing and vulnerability scan to mitigate the existing vulnerabilities.
Implement change audit and compliance solution (Tripwire)
Build Security Operation Center (SOC) and install/configure SIEM solution (HP Arcsight) to monitor GACA infrastructure 24 hours 7 days a week.
Enhance GACA security level and mitigate risks to acceptable level.

Server Services Manager at General Authority of Civil Aviation
  • Saudi Arabia - Jeddah
  • March 2008 to September 2010

Manage server farm including:
GACA Domain Controller (Active Directory) that cover all GACA airports.
Microsoft Exchange Server (5000 employees)
Microsoft SharePoint
Microst SQL Database
Oracle Database
Backup and SAN Storage

System Engineering at General Authority of Civil Aviation
  • Saudi Arabia - Jeddah
  • March 2001 to February 2008

Microsoft Active Directory.
Microsoft Windows Network Infrastructure,
Microsoft Exchange Server,
Microst SQL Database Administrator.

Education

Master's degree, information Security
  • at Saudi Electronic University
  • June 2017
Bachelor's degree, Computer Science
  • at King Abdulaziz University
  • April 2001

Specialties & Skills

IT Security
+Endorse 1
Information Security Management
+Endorse 1
ISO 27001
+Endorse 1
Database Administrator
+Endorse 1
Information Security
+Endorse 1
Management
+Endorse 1

Languages

English
Expert

Training and Certifications

CISSP (Training)
Training Institute:
ISC
Date Attended:
May 2011
Duration:
40 hours
Certified Information Security Auditor (Training)
Training Institute:
VinSys Dubai
Date Attended:
June 2015
Duration:
40 hours
Certified Ethical Hacker (Training)
Training Institute:
Vinsys Dubai
Date Attended:
June 2015
Duration:
40 hours
ITIL (Training)
Training Institute:
ITIL
Date Attended:
October 2008
Duration:
40 hours
Communication Skills (Training)
Training Institute:
Communication Skills
Date Attended:
May 2008
Duration:
40 hours
Project Management Professional (Training)
Training Institute:
PMP
Date Attended:
May 2009
Duration:
40 hours
Managing Messaging Security using Microsoft Exchange Server 2007 (Training)
Training Institute:
Microsoft
Date Attended:
April 2008
Duration:
40 hours
Implementing a Microsoft SQL Server 2005 Database (Training)
Training Institute:
Microsoft
Date Attended:
May 2010
Duration:
40 hours
Maintaining a Microsoft SQL Server 2005 Database (Training)
Training Institute:
Microsoft
Date Attended:
November 2007
Duration:
40 hours
Oracle Database 10g: Administration Workshop I & II (Training)
Training Institute:
Oracle
Date Attended:
November 2009
Duration:
80 hours
Oracle Database 10g: Program with PL/SQL (Training)
Training Institute:
Oracle
Date Attended:
January 2008
Duration:
40 hours
Oracle Database 10g: Introduction to SQL (Training)
Training Institute:
Oracle
Date Attended:
November 2009
Duration:
40 hours
Microsoft MCSE (Training)
Training Institute:
Microsoft MCSE
Date Attended:
March 2005
Duration:
240 hours
Cisco CCNA ( ICND1& ICND2) (Training)
Training Institute:
Cisco
Date Attended:
December 2010
Duration:
40 hours
Implementing and Maintaining Microsoft SQL Server 2005 Reporting Services (Training)
Training Institute:
Microsoft
Date Attended:
January 2009
Duration:
40 hours
Oracle ADF 11g (Training)
Training Institute:
Oracle
Date Attended:
April 2009
Duration:
40 hours
Certified Professional Manager (Certificate)
Date Attended:
October 2012
Valid Until:
November 2012
Security Principles (Certificate)
Date Attended:
January 2010
Valid Until:
February 2010
Network and Host Security (Certificate)
Date Attended:
April 2011
Valid Until:
April 2011
PKI and SCCM (Certificate)
Date Attended:
October 2011
Valid Until:
October 2011
ISO 27001 - Lead Implementer (Certificate)
Date Attended:
April 2011
Valid Until:
April 2011
TripWire Enterprise operator (Certificate)
Date Attended:
January 2012
Valid Until:
January 2012
ISO 27001 - Lead Auditor (Certificate)
Date Attended:
April 2011
Valid Until:
May 2011