Director - UAE Computer Emergency Response Team (aeCERT)
Telecommunications Regulatory Authority (TRA)
مجموع سنوات الخبرة :24 years, 10 أشهر
My primary role is overseeing the administration and operations of aeCERT, including: strategic planning, operations and maintenance of the network and system infrastructure; reviewing contracts, and developing organizational and administrative policies for the Board of Directors consideration. I am also responsible for negotiating and maintaining appropriate relationships between aeCERT and its sponsoring body (TRA), including agreeing key performance indicators, overall direction and management of the aeCERT strategic planning and budgeting liaison with UAE government organizations, international organizations and constituents at a senior level.
Assure that aeCERT has a long-range strategy which achieves its mission, and toward which it makes consistent and timely progress.
Provide leadership in developing program, organizational and financial plans with the Board of Directors and staff, and carry out plans and policies authorized by the board.
Promote active and broad participation in all areas of the aeCERT work. Areas include offering 30 services in the field of information security: monitoring & response, research and analysis, awareness and education and security quality management.
Enable the underlying technical infrastructure to offer aeCERT services. This includes building the network, system and application infrastructure and ensure end-to-end security.
Maintain a working knowledge of significant developments and trends in the field of Information security and CERTs.
Ensure that the Board of Director is kept informed on the condition of aeCERT and all important factors influencing it;
Establish sound working relationships and cooperative arrangements with constituents and CERTs locally, regionally and internationally;
Encourage staff development and education, and assist program staff in relating their specialized work to the total program of aeCERT.
Be responsible for developing and maintaining sound financial practices.
As the manager of security operations and maintenance, I was responsible for the planning, development, implementation and operations of the organization-wide information security program and ongoing activities to preserve the availability, integrity and confidentiality of information resources in compliance with applicable security policies and standards. I also provide management and oversight for the Disaster Recovery programs for all Data Centers. One of my main duties was to ensure that adequate and effective security processes & controls and lifecycles are followed and aligned to deliver compliance with established security policies. During the development of the strategy and guidelines in setting up the infrastructure, I established a world class network and security operation center in order to monitor, analyze and respond to potential incidents/attacks. Essential and other important responsibilities and duties included the following:
Develop, implement, enforce and review suitable and relevant information security policies, ensuring the compliance and conformance with legislation and regulations related to information security.
Implement and operate multi-layer security architecture across the overall spectrum of the internet (Narrowband, broadband, core and access service layers). This includes operations and maintenance of all security devices such as firewalls, intrusion detection/prevention systems, two factor authentication, hardening procedures, packet filtering routers ... etc.
Investigate suspected and actual breaches of security and undertake reporting/remedial action as required. Monitor attack attempts using different security information and event management solutions (SIEM). Maintain a log of any incidents and remedial recommendations and actions.
Act as a consultant to projects, advising on matters relating to security. Provide advice and take action, where necessary, in response to Audit findings and recommendations in respect of information security.
Maintain currency with security and security enhancing technologies and ensure knowledge transfer to the team to enable measures to be implemented where and when necessary/desirable.
Lead the creation, planning, development and maintenance of the information systems disaster recovery and business continuity plans.
Oversee the performance of periodic network and systems risk assessments and control validation to ensure successful compliance and certification with international standards such as ISO 270001, 9000, ITIL, Sun Tone.
Carry out security assessment and preventive maintenance tests (vulnerability assessment and penetration testing) to identify current and future internal and external security vulnerabilities, and provide the optimum mitigation mechanisms to reduce information security risks.
2004 - 2006 Khalifa University Sharjah, UAE Masters of Science in Computer Engineering
1995 - 2000 Khalifa University Sharjah, UAE Bachelor of Engineering in Computer Engineering • First Class Honors Degree