عثمان على خان, RESEARCH DIRECTOR

عثمان على خان

RESEARCH DIRECTOR

Desertclouds.com

البلد
المملكة العربية السعودية - الخبر
التعليم
بكالوريوس, BSc Computer Science with Mathematics,
الخبرات
6 years, 8 أشهر

مشاركة سيرتي الذاتية

حظر المستخدم


الخبرة العملية

مجموع سنوات الخبرة :6 years, 8 أشهر

RESEARCH DIRECTOR في Desertclouds.com
  • المملكة العربية السعودية
  • أشغل هذه الوظيفة منذ مارس 2021

• Spearheaded the analysis of 50+ ransomware strains (e.g. Ryuk, HelloKitty, WannaCry) in sandbox environ ments, selectively testing specific strains in live exercises against company IT assets.
• Architected and deployed an Elasticsearch stack (ELK), achieving monitoring of 25+ internal KPIs, auto mated alerts on system issues, and a unified NOC dashboard.
• Designed the security policies and procedures for the company's GitHub organisation.
• Discovered 2 low risk vulnerabilities in a webapp penetration test against the company website.
• Designed core technical documentation: architecture diagrams (layer 1 to layer 7), operation manuals, and reference material.
• Coded a user management solution (involving OAuth tokens and the Microsoft Graph API) to reduce li censing cost of the company's lab-as-a-service by more than 30%.

Cisco Collaboration Project Engineer في Saudi Aramco
  • المملكة العربية السعودية - الخبر
  • يوليو 2020 إلى فبراير 2021

• Handpicked among a select few by top management to transition midway from an active red team assign-
ment to an urgent Cisco project to remediate operational challenges.
• Led and delivered expert security consultation to multiple operation teams during 2 major security audits.
• Reverse engineered missing deployment architecture diagrams (layer 3 and layer 7) from packet captures,
firewall hits, Cisco documentation, and other sources.
• Coded a JavaScript client checker to preempt user issues via 10 automated tests, solving a key pain point.

Cyber Security Analyst في Saudi Aramco
  • المملكة العربية السعودية - الخبر
  • أبريل 2020 إلى يوليو 2020

Discovered a critical vulnerability in BIOS affecting 30, 000+ company laptops as part of a penetration test.
• Coded a proof-of-concept Java ransomware that highlighted a flaw in the endpoint security controls.
• Coded a 2FA phishing website that was pivotal for a department-wide red team assessment.
• Performed purple team exercises on company services involving brute forcing and password spraying.

Network System Support Engineer في Saudi Aramco
  • المملكة العربية السعودية - الخبر
  • أكتوبر 2019 إلى مارس 2020

• Streamlined developer collaboration and unified the frontend codebase of 12 NOC centre dashboards.
• Mentored a colleague in Python to develop a unique 1, 000 line telephony registration parser.

Unified Communication Engineer في Saudi Aramco
  • المملكة العربية السعودية - الخبر
  • أبريل 2019 إلى سبتمبر 2019

• Coded a firewall parser and analyser based on algebraic factorisation and graph theory, leading to the dis-
covery of 100+ unnecessary firewall ACLs.
• Coded an automated security baseline compliance checker for 20 Linux/Solaris servers, speeding up com-
pliance checking from 8 hours to 2 minutes.
• Mentored an intern for 8 weeks, resulting in developing telephony reporting tools in Python.

Data Network Engineer في Saudi Aramco
  • المملكة العربية السعودية - الخبر
  • أكتوبر 2018 إلى مارس 2019

• Coded scripts to decrease the time taken to configure switches and routers by more than 50%.
• Coded a Q&A webapp in Python/Django that for a significant company event of 3, 000 attendee.

Unified Communication Engineer في Saudi Aramco
  • المملكة العربية السعودية - الخبر
  • أكتوبر 2017 إلى سبتمبر 2018

• Mentored a summer student for 8 weeks, resulting in developing Bash scripts that check system health.
• Lead the annual IT committee as vice-chairman to successfully host a 300 attendee event.

الخلفية التعليمية

بكالوريوس, BSc Computer Science with Mathematics,
  • في University of Leeds
  • يناير 2017

2:1 honours (UK System)

Specialties & Skills

IP Networking
Burp Suite
Scripting
Penetration Testing
x64 dbg
Scripting
Software Engineering
Kali Linux
Burp Suite
WireShark
ELK Stack (Elasticsearch)

حسابات مواقع التواصل الاجتماعي

غيت هاب
غيت هاب
github.com/othmanalikhan

اللغات

العربية
متمرّس
الانجليزية
متمرّس

التدريب و الشهادات

CTT CompTIA CTT Virtual Classroom Trainer Certification (الشهادة)
تاريخ الدورة:
October 2023
CCT EC Council Certified Cybersecurity Technician (الشهادة)
تاريخ الدورة:
July 2023
صالحة لغاية:
July 2026
CEI Certified EC Council Instructor (الشهادة)
تاريخ الدورة:
October 2023
صالحة لغاية:
October 2024

الهوايات

  • Bug Bounty Hunting
    Top 100 ranked ethical hacker on Saudi Arabia’s national bug bounty platform (bugbounty.sa)