Download PDF

Personal Profile

14 years of experience spanning information security, project management, network administration, IS audit and people management.

Education

Sep 2015Oct 2017

Master in Compute Science

Mazoon College

This program is approved by the ministry of higher education, sultanate of Oman and run in cooperation with the banasthali University, India. Banastali offers an integrated system of education and it is accredited by national assessment and accreditation council (NAAC) of India with an A-Grade(a five star rating)

Sep 2004Aug 2007

Bachelors in Computer and Internet Application

Majan College University College

Give a necessary skills and knowledge on internet technology. In addition it prepares graduates to show a high quality of independent thought, flexibility and maturity based on a sound technical knowledge of the field.

Certifications

may 2017may 2017

Certified Information Systems Security Professional (CISSP)

isc2

CISSP certification is the ideal credential for those with proven deep technical and managerial competence, skills, experience, and credibility to design, engineer, implement, and manage their overall information security program to protect organizations from growing sophisticated attacks. 

OCt 2016oct 2016

Intrusion Detection In-Depth

SANS Institute

delivers the technical knowledge, insight, and hands-on training you need to defend your network with confidence.  underlying theory of TCP/IP and the most used application protocols, such as HTTP, so that can intelligently examine network traffic for signs of an intrusion

sept 2016sept 2016

Reverse-Engineering Malware: Malware Analysis Tools and Techniques

eguardian

helped forensic investigators, incident responders, security engineers, and IT administrators acquire the practical skills to examine malicious programs that target and infect Windows systems. Understanding the capabilities of malware is critical to an organization's ability to derive threat intelligence, respond to information security incidents, and fortify defenses. 

Oct 2015Oct 2015

Defending Web Application Security Essentials

SANS Institute

SANS Gulf Region 2015

Very heavy and extensive knowledge with experience and hand-on training on tools and techniques of how to defend web apps against hackers and malicious users

May 2015May 2015

Virtualization and Private Cloud Security

SANS Institute

SANS Secure Europe 2015 Amsterdam

Very extensive course to understand visualization in depth and what are the security challenges and how to hardened the hyper-visor

Oct 2014Oct 2014

Network Penetration Testing and Ethical Hacking

SANS Institute

SANS Singapore 2014

Very extensive course for security professional and white hat hackers. it helps to experience hacker tools and techniques to penetrate the vulnerabilities

Jul 2011Jul 2011

ISMS ISO27001 Lead Auditor

TUV Nord

Understand Audit strategy and gt knowledge to audit IT department and define non-compliance with the policy. understand the ISMS controllers and what to audit and how to prepare audit reports

Dec 2009Dec 2009

Certified Ethical Hacker V6

EC-Council

Understand hackers' techniques and become a hacker to exploit the vulnerabilities. understand the tools and the usage of it

Jan 2009Jan 2009

Certified Information Systems Security Professional (CISSP) Workshop

IntelleSecure

Understand IT Security in of all domains

Aug 2006Nov 2006

Cisco Certified Network Associate (CCNA)

bairaha Galobal Institute

Understand networking and basic router configuration

ACHIEVEMENT

20172017

MULTI-FACTOR AUTHENTICATION

OMAN AIRPORTS MANAGEMENT COMPANY

RoleProject Manager

20152015

Minimum security baseline

OMAN AIRPORTS MANAGEMENT COMPANY

RoleTeam Member

20152015

Network monitoring System

OMAN AIRPORTS MANAGEMENT COMPANY

RoleProject Manager

20152015

Vulnerability Assessment tool

OMAN AIRPORTS MANAGEMENT COMPANY

Role: Team Member

20152015

Enterprise Mobility management

OMAN AIRPORTS MANAGEMENT COMPANY

Role: Team Member

20142014

DLP implementation

OMAN AIRPORTS MANAGEMENT COMPANY

Role: Project Manager 

20142014

SIEM IMPLEMENTATION Project

Oman Airports management company

Role: Project Manager 

20082009

New branch (Relocation)

MINISTER OF MANPOWER

Role: Team Membe

20082009

NEW branch (RELOCATION)

MINISTER OF MANPOWER

Role: Team Member

20082009

NEW BRANCH

MINISTER OF MANPOWER

Role: Team Leader

20082009

new branch

MINISTER of manpower

Role: Team Leader

20052005

Active DIRECTORY

MINISTER OF MANPOWER

Role: Project Manager 

Tools and Technology 

Standards

SO27001:2013, OWASP

Security:

DLP, MDM, SEIM, Endpoint Protection, Network Monitor, Patch Assessments, Network Inventory and Vulnerability Scanners (DeviceLock, Symantec AppCenter, Good Technology, Sysmosoft, Air-Watch, Maas360, LogRhythm, McAfee Endpoint, Symantec EndPoint Protection, Kaspersky, Sophos, F-Secure, TrendMicro, Manage Engine, LogRhythm NMS, nCyrcle IP360, GFI LANGuard, Total Network Inventory, LAN Sweeper, nCyrcle CCM), Tenable SecurityCenter, Symantec DeepSight, Acunetix Web Scanner, FTK AccessDATA, WireShark, TCP Dump, Snort IDS, SafeNet Gemalto.

Systems: 

Windows 2012 Server, Windows 2008 R2 Server, Windows 2008 Server, Windows 2003 Server, Windows 2000 Server, Windows 10, Windows 8.1, Windows 8, Windows 7, Windows Vista, Windows XP, Ubuntu.

Network: 

Fortinet, CISCO, Juniper, HP, F5.

Software: 

MS Office 2013  (Word, Excel, Outlook, Access, PowerPoint), MS Visio, MS Project, Adobe Photoshop, Adobe Acrobat, WinZip, WinRAR, Google Chrome.

Skills

Security reporting
  • create security metrics and reports that management uses to understand the effectiveness of their security systems
Risk management
  • manage the contents of the organization’s risk register and carry out tasks regarding risk treatment, such as documenting risk mitigation or risk acceptance artifacts
Policy management
  • Monitor the compliance of security policies
  • Conduct clean desk reviews
  • Observe users’ security-related behavior
IT audits
  • Collecting and managing audit evidence as well as creating audit reports.
SOC operations
  • Monitor and manage security-related tools and systems
    for detecting security incidents, which are relayed to the appropriate personnel. 
information security policy review
  • Review information security policy and make changes if applicable
Safenet Gemalto 
  • Installing and configure SafeNet servers
  • Managing SAS (SafeNet Authintication Server) users
  • Enrolling soft tocken
security information & event management (SIEM)
  • Prepare Implementation Plan
  • Deployment of SIEM Agents for log collection
  • Manage log sources in SIEM
  • Perform on demand investigations for security incidents
  • Define correlation rules and email alerts for critical events 
  • Fine tune log levels and classifications for performance improvement
  • Troubleshoot log sources in case of missing logs
Data Leakage Prevention
  • Prepare DLP Policy to monitor and restrict the critical information
  • Prepare DLP deployment plan
  • Roll-out DLP agent service to the endpoints
  • Manage and troubleshoot endpoints
  • Configure audit rules
infrastructure vulnerability management
  • Build inventory of infrastructure components 
  • Prepare annual vulnerability assessment plan
  • Define scan policies and scan types as per the assets
  • Configure different types of reports to share with respective functions
  • Coordinate and support remediation exercise 
  • Analysis, approve and document for any exceptions or false positives
  • Compliance and re-validation
Minimum Security Baselines (MSB)
  • Prepare MSB for infrastructure components and server roles
  • Assist respective teams to implement MSB
  • Define, understand and document the system limitation
  • Perform a compliance review as per the annual plan
Web vulnerability Scanner
  • Scan web application for vulnerabilities
  • Generate different type of reports
  • Coordinate with the development team to fix security gaps
  • Track the remediation status 
technology threat & warning system
  • Define user roles and groups
  • Create technology lists for different IT functions
  • Configure customized email/SMS alerts and reports
  • Coordinate internally to ensure the alert is being addressed timely
Enterprise Mobility Management Solution
  • Selection of appropriate solution to address the company needs
  • Prepare BYOD policy
  • Define and implement deployment plan
  • Manage project as a technical lead for smooth roll-out
  • Ensuring quality deliverables on phase wise activities
network management system


  • Configure devices, application  and databases for health and availability monitoring
  • Setup SNMP and WIM Credentials for secure access
  • Monitor VM-Hypervisor
  • Configure and manage critical asset
  • Define and manage roles users
  • Create customized dashboards for different functions


Managing Windows Infrastructure


  • Active Directory deployment
  • Server roles - DHCP, DNS, IIS, WSUS etc
  • Implementing security baselines aligned with industry benchmarks and company policies



Endpoint Protection
  • Update and upgrade of virus definition to the clients
  • Configure and manage policy on servers and client
  • Setup firewall rules and application white listing
  • Reviewing reports for compliance checks and exceptions

Work experience

Mar 2013Present

Information Security Specialist

Oman Airports Management Company
  • Reporting to Governance & Information Security Manager
  • Implementing of MSBs in all ICT software/Hardware where applicable
  • Review and approve end uses request of application installation and internet access
  • Review and check configuration of(AD, GPO, Firewall, Core Switch)
  • Managing Tenable SecurityCenter
  • Maintain Vulnerability assessment plan.
  • Running security scanning tools (Nessus and Acunetix) to look for vulnerabilities in workstations, servers, applications and network devices.
  • Managing MDM/BYOD Implementation project
  • Managing SIEM Rules and  Configuring SIEM alarms and alerts, and setting up feeds from new systems and devices.
  • Check rules and configuration of DLP in end user computer, examines DLP logs and takes appropriate action
  • Forensic Investigation in case data leak, unauthorized access and etc
  • Managing day-to-day access request (e.g. VPN, TeamViewer, Full Internet Access)
  • Managing and Implementing Multi-Factor Authentication
  • Collecting and managing audit evidence.
  • Monitor the compliance of security policies.
  • Manage the contents of the organization’s risk register and carry out tasks regarding risk treatment.
  • Create security metrics and reports that management uses to
    understand the effectiveness of their security systems.
  • Analysis of current trends in malware and the organization’s current
    controls to determine whether advanced malware protection (AMP)
    tools are warranted.
  • Analysis of the organization’s control and management framework against industry standards to determine whether changes are needed..
  • Conduct information security awareness program.
  • Review and monitor vendors based on SLA.
Dec 2011Feb 2013

Senior Network Administrator

The Wave Muscat
  • Managing network device and server
  • Troubleshooting servers and switches
  • Managing Active Directory
  • Configuring SAN and NAS Storage
Jan 2011Nov 2011

Service Desk Support

The Wave Muscat
  • Troubleshooting windows operating system
  • Managing endpoints and printers
  • Supporting end users
Feb 2006Jan 2011

Information Security Officer

Ministry of Manpower
  • Reporting to Head of Information Security
  • Manage the information security function in accordance with the established policies and guidelines
  • Establish and maintain information security standards and procedures compliance with ISO27001 standard, ITIL and COBIT and risk management policies, standards and guidelines
  • Function as an-internal consulting resource on information security issues
  • Conduct the information security risk assessment program, review compliance with the information security policy and associated procedures
  • Conduct information security efforts with other sections in the departments
  • Provide periodic reporting on information security issues to the head of information security section
  • Coordinate security orientation and security awareness programs
  • Asset in coordinating contingency plan tests on a regular basis. review access controls in MOM systems
Nov 2004Jan 2006

Senior Network Administrator

Ministry of Manpower
  • Network Fixing and Supporting
  • Troubleshooting Servers, Routers, Switches and Firewalls
  • Tender Proposal Evaluations.
Jan 2004Oct 2004

Help Desk Support

Ministry of Manpower
  • Troubleshooting users' computers, printers, Applications
  • Tender Proposal Evaluations.
  • Support remote MOM remote locations