Security Solution Architect
IBM
مجموع سنوات الخبرة :18 years, 2 أشهر
I work as Security Solution Architect with IBM MEA. I’m based in Dubai and below is my main highlights:
• Lead the development of highly complex and critical proposals (50m+)
• Lead the solution architecture and design activities across the whole IBM Security Portfolio (Services and Solutions)
• Lead the design of complex cost cases to provide competitive prices
• Design the Operational Models for Managed Security Services RFPs
I work as Security Solution Architect with IBM MEA. I’m based in Dubai and below is my main highlights:
• Lead the development of highly complex and critical proposals (50m+)
• Lead the solution architecture and design activities across the whole IBM Security Portfolio (Services and Solutions)
• Lead the design of complex cost cases to provide competitive prices
• Design the Operational Models for Managed Security Services RFPs
(Melbourne, Australia)
I work as a Security Architect under the IBM Integrated Security Business Unit. I’m responsible of building Security and Infrastructure solutions based on the IBM methodology and by meetings with the customers to help them defining their business and technical requirements
I have diverse experience and knowledge in different areas including:
Corporate and technology Security Design and Assessment
Infrastructure and Security Managed Services and Hosting
Design and assessment of Cloud Infrastructure and Security
Leading and designing SIEM deployment (QRadar and Arcsight)
Building solutions that meet the PCI-DSS standard
Leading PKI Design and Implementation
Leading Penetration Testing and Vulnerability Assessment engagements
Security reviews against the ISO27001 Standard
Team lead for a group of solution architects
Develop proposals and statement of works to respond to RFPs and RFSs
Costing the efforts required for managed services/ technologies/ resources to meet the customer requirements
Microsoft Infrastructure services including Active Directory services and windows servers
Networking including firewalls, routers, and switches, and IPS/ IDP
Email security technologies and architecture
Storage technologies
VMware environment
Business continuity and disaster recovery
(Saudi Arabia) Deloitte From Oct 2011 - Dec 2011
(Manager)
worked as a Manager for Deloitte Middle East, and a leading the Security & Privacy team in Saudi Arabia.
Key Projects
► Web Application & Infrastructure Penetration Testing for a governmental entity in Saudi Arabia where the scope of work was as follows: a) Gray-box Penetration testing for a web-based internal system connected across Saudi Arabia based on OWASP top 10 and more.
b) Black-box Penetration Testing for the infrastructure
(Kuwait) Ernst & Young (EY) From May 2008 - July 2011
(Assistant Manager)
Previously I was working as Assistant Manager with EY Kuwait office, and used managing the Infrastructure & Security stream within the IT Advisory service line. Below are most of the activities and areas that I'm responsible of:
* Management
• Managing the Infrastructure & Security related projects including Project Activities, resources allocation and chargeability, clients' meetings and expectations, Billing Cycle, and Change Management
• Business Development including sales & marketing
• Pre-sales activities including development of and responding to RFIs & RFPs, and development of Meeting Decks, Brochures, and Proposals
• Counsellor for number of resources and responsible for their development plans
• Training and development for the team in different information security areas
* Technical
• IT Strategy Development
• Business Continuity & Incident Response Management
• IT Capabilities Enhancement including development of competencies, Learning Maps, and Assessment Tools.
• Information Security Development & Assessment bases on ISO/IEC 27001
• Core Banking Application Penetration Testing and Interface Control Testing
• Infrastructure Penetration Testing and Vulnerability Assessment (Internal and External)
• Security Architecture Enhancement and Design
• Infrastructure configuration review for (routers, firewalls, windows OS, Unix OS, MS-IIS, Apache Server, Oracle database, anti-virus, patch management, and ms-exchange)
• IT Risk Assessment & Risk Management
• Development of information security policies and procedures
• IT Internal Audit
* Key Projects
► Development of IT Strategy for one of the key ministries in Kuwait, in which we have assessed the current state and based in which created five year implementation roadmap including the key initiatives with the timeline, resources, and budgets
(Jordan) Price WaterHouse Coopers (PwC) - From Aug 2006 - May 2008
(Senior Consultant)
Previously I was working for Price WaterHouse Coopers in Jordan as Senior Consultant, during which I was engaged in various security projects. Below are the most of the activities that I was dealing with, during my stay in PwC.
* Web Application penetration testing
* Infrastructure penetration testing and vulnerability assessment (Internal and External)
* Security architecture enhancement and design
* Infrastructure configuration review for (routers, firewalls, windows OS, Unix OS, MS-IIS, Apache Server, Oracle database, anti-virus, patch management, and ms-exchange)
* Security operations centre (SOC) development and implementation management
* Development of marketing materials (Meeting Decks, Brochures, Proposals, etc )
* Training and development for the team in different information security areas
* Key Projects
► Involved in risk assessment project and security architecture review for a government sector in Saudi Arabia covering the network infrastructure design and development of procedures for systems administration, patch management process and the backup operations
► Designed and implemented an enterprise security management solution for security operation center covering various devices (firewalls, IDS, antivirus, Cisco ACS and others) for a government insurance sector in Saudi Arabia
► Conducted a security assessment and vulnerability assessment activities for a network infrastructure including routers, switches, firewalls, Unix, Windows and web servers for a leading telecom operator in Saudi Arabia
► Conducted revenue assurance for a leading cellular service provider in Iraq
► Performed internal IT audit for a leading cellular service provider in Iraq covering the entire infrastructure
(Jordan) Jordan Telecom Group (Orange Telecom) - From May 2005 - July 2006
The official title is (Systems Administrator) but I was effectively a (Security Administrator)
* Securing and Harding Orange's Network and servers
* Performing Vulnerability Assessments & Penetration Tests against the infrastructure and any newly implemented system
* Designing, Implementing and administering the Patch Management process across the organization
* Monitoring IDS reports and handling the incidents
* Administering Orange's Infrastructure
Products
* Microsoft ( MS Exchange, Active Directory, ISA Server)
* Cisco ( PIX Firewall, IDS, IPS)
* Websense
* Symantec (Symantec Mail Security, Symantec Anti-Virus)
* Pen-Test Tools (Retina Security Scanner, Nessus, NMAP, Shadow Security Scanner, LAN Guard, Gold Desk, APP Detective, Acunetix, WebInspect, Watch Fire, Meta sploit)
Bachelor in Computer Science Executive Summery I have more than 10 years of diversified experience in the IT Networking & Security field, I have started as an instructor teaching Networking, Systems, and Security courses, then moved to a telecom operator where I had a chance to enhance my hands-on experience, as I was administering the infrastructure security and responsible of monitoring scanning and hardening applications, systems and network devices. Afterwards, I moved to the consulting world where I enhanced my business knowledge as well as my technical knowledge, during which, I have been involved in many IT Security projects, including IT Strategy, Business Continuity, ISO 27001 assessment & Roadmap development, Network Design review, host configuration review, and penetration testing for web applications, network devices, and operating systems. I worked with two big4 companies PwC and currently managing the Infrastructure & Security stream in Ernst & Young - Kuwait Office
