Download PDF

Summary

A self-motivated and organized professional with over 12 years' experience providing thorough and skillful support. 

Work History

Information Security Specialist

Oman Airports Management Company
Mar 2013Present
  • Reporting to Governance & Information Security Manager
  • Implementing of MSBs in all ICT software/Hardware where applicable
  • Review and approve end uses request of application installation and internet access
  • Review and check configuration of(AD, GPO, Firewall, Core Switch)
  • Managing SecurityCenter
  • Managing MDM/BYOD Implementation project
  • Managing SIEM Rules and Configuration
  • Check rules and configuration of DLP in end user computer
  • Forensic Investigation in case data leak, unauthorized access and etc

Senior Network Administrator

The Wave Muscat
Dec 2011Feb 2013
  • Managing network device and configuration
  • Managing file share server
  • Troubleshooting servers and switches
  • Managing Active Directory
  • Troubleshooting Exchange server
  • Worked on SAN and NAS Storage configuration

Service Desk Support

The Wave Muscat
Jan 2011Nov 2011
  • Troubleshooting windows operating system
  • Managing endpoints and printers
  • Supporting end users

Information Security Officer

Ministry of Manpower
Feb 2006Jan 2011
  • Reporting to Head of Information Security
  • Manage the information security function in accordance with the established policies and guidelines
  • Establish and maintain information security standards and procedures compliance with ISO27001 standard, ITIL and COBIT and risk management policies, standards and guidelines
  • Function as an-internal consulting resource on information security issues
  • Conduct the information security risk assessment program, review compliance with the information security policy and associated procedures
  • Conduct information security efforts with other sections in the departments
  • Provide periodic reporting on information security issues to the head of information security section
  • Coordinate security orientation and security awareness programs
  • Asset in coordinating contingency plan tests on a regular basis. review access controls in MOM systems

Senior Network Administrator

Ministry of Manpower
Nov 2004Jan 2006
  • Network Fixing and Supporting
  • Troubleshooting Servers
  • Troubleshooting CISCO Routers
  • Troubleshooting Layer 3 Switches
  • Networking Items Tender Analysis
  • Troubleshooting Juniper Firewall

Help Desk Support

Ministry of Manpower
Jan 2004Oct 2004
  • Troubleshooting users' computers
  • Troubleshooting printers and MFBs
  • Troubleshooting finance system
  • Tender analysis
  • Support remote MOM remote locations

Education

Master in Compute Science

Mazoon College
Sep 2015Jul 2017

This program is approved by the ministry of higher education, sultanate of Oman and run in cooperation with the banasthali University, India. Banastali offers an integrated system of education and it is accredited by national assessment and accreditation council (NAAC) of India with an A-Grade(a five star rating)

Bachelors in Computer and Internet Application

Majan College University College
Sep 2004Aug 2007

Give a necessary skills and knowledge on internet technology. In addition it prepares graduates to show a high quality of independent thought, flexibility and maturity based on a sound technical knowledge of the field.

Certifications

Intrusion Detection In-Depth

SANS Institute
OCt 2016oct 2016

delivers the technical knowledge, insight, and hands-on training you need to defend your network with confidence.  underlying theory of TCP/IP and the most used application protocols, such as HTTP, so that can intelligently examine network traffic for signs of an intrusion

Reverse-Engineering Malware: Malware Analysis Tools and Techniques

eguardian
sept 2016sept 2016

helped forensic investigators, incident responders, security engineers, and IT administrators acquire the practical skills to examine malicious programs that target and infect Windows systems. Understanding the capabilities of malware is critical to an organization's ability to derive threat intelligence, respond to information security incidents, and fortify defenses. 

Defending Web Application Security Essentials

SANS Institute
Oct 2015Oct 2015

SANS Gulf Region 2015

Very heavy and extensive knowledge with experience and hand-on training on tools and techniques of how to defend web apps against hackers and malicious users

Virtualization and Private Cloud Security

SANS Institute
May 2015May 2015

SANS Secure Europe 2015 Amsterdam

Very extensive course to understand visualization in depth and what are the security challenges and how to hardened the hyper-visor

Network Penetration Testing and Ethical Hacking

SANS Institute
Oct 2014Oct 2014

SANS Singapore 2014

Very extensive course for security professional and white hat hackers. it helps to experience hacker tools and techniques to penetrate the vulnerabilities

ISMS ISO27001 Lead Auditor

TUV Nord
Jul 2011Jul 2011

Understand Audit strategy and gt knowledge to audit IT department and define non-compliance with the policy. understand the ISMS controllers and what to audit and how to prepare audit reports

Certified Ethical Hacker V6

EC-Council
Dec 2009Dec 2009

Understand hackers' techniques and become a hacker to exploit the vulnerabilities. understand the tools and the usage of it

Certified Information Systems Security Professional (CISSP) Workshop

IntelleSecure
Jan 2009Jan 2009

Understand IT Security in of all domains

Cisco Certified Network Associate (CCNA)

bairaha Galobal Institute
Aug 2006Nov 2006

Understand networking and basic router configuration

Technology Summary

Security:

DLP, MDM, SEIM, Endpoint Protection, Network Monitor, Patch Assessments, Network Inventory and Vulnerability Scanners (DeviceLock, Symantec AppCenter, Good Technology, Sysmosoft, Air-Watch, Maas360, LogRhythm, McAfee Endpoint, Symantec EndPoint Protection, Kaspersky, Sophos, F-Secure, TrendMicro, Manage Engine, LogRhythm NMS, nCyrcle IP360, GFI LANGuard, Total Network Inventory, LAN Sweeper, nCyrcle CCM), Tenable SecurityCenter, Symantec DeepSight, Acunetix Web Scanner, FTK AccessDATA, WireShark, TCP Dump, Snort IDS.

Systems: 

Windows 2012 Server, Windows 2008 R2 Server, Windows 2008 Server, Windows 2003 Server, Windows 2000 Server, Windows 10, Windows 8.1, Windows 8, Windows 7, Windows Vista, Windows XP, Ubuntu.

Network: 

Fortinet, CISCO, Juniper, HP, F5.

Software: 

MS Office 2013  (Word, Excel, Outlook, Access, PowerPoint), MS Visio, MS Project, Adobe Photoshop, Adobe Acrobat, WinZip, WinRAR, Google Chrome.

Skills

security information & event management (SIEM)
  • Prepare Implementation Plan
  • Deployment of SIEM Agents for log collection
  • Manage log sources in SIEM
  • Perform on demand investigations for security incidents
  • Define correlation rules and email alerts for critical events 
  • Fine tune log levels and classifications for performance improvement
  • Troubleshoot log sources in case of missing logs
Data Leakage Prevention
  • Prepare DLP Policy to monitor and restrict the critical information
  • Prepare DLP deployment plan
  • Roll-out DLP agent service to the endpoints
  • Manage and troubleshoot endpoints
  • Configure audit rules
infrastructure vulnerability management
  • Build inventory of infrastructure components 
  • Prepare annual vulnerability assessment plan
  • Define scan policies and scan types as per the assets
  • Configure different types of reports to share with respective functions
  • Coordinate and support remediation exercise 
  • Analysis, approve and document for any exceptions or false positives
  • Compliance and re-validation
Minimum Security Baselines (MSB)
  • Prepare MSB for infrastructure components and server roles
  • Assist respective teams to implement MSB
  • Define, understand and document the system limitation
  • Perform a compliance review as per the annual plan
Web vulnerability Scanner
  • Scan web application for vulnerabilities
  • Generate different type of reports
  • Coordinate with the development team to fix security gaps
  • Track the remediation status 
technology threat & warning system
  • Define user roles and groups
  • Create technology lists for different IT functions
  • Configure customized email/SMS alerts and reports
  • Coordinate internally to ensure the alert is being addressed timely
Enterprise Mobility Management Solution
  • Selection of appropriate solution to address the company needs
  • Prepare BYOD policy
  • Define and implement deployment plan
  • Manage project as a technical lead for smooth roll-out
  • Ensuring quality deliverables on phase wise activities
network management system


  • Configure devices, application  and databases for health and availability monitoring
  • Setup SNMP and WIM Credentials for secure access
  • Monitor VM-Hypervisor
  • Configure and manage critical asset
  • Define and manage roles users
  • Create customized dashboards for different functions


Managing Windows Infrastructure


  • Active Directory deployment
  • Server roles - DHCP, DNS, IIS, WSUS etc
  • Implementing security baselines aligned with industry benchmarks and company policies



Endpoint Protection
  • update and upgrade of virus definition to the clients
  • Configure and manage policy on servers and client
  • Setup firewall rules and application white listing
  • Reviewing reports for compliance checks and exceptions

References

Anand / Information Security Consultant

(+968) 93671599