Cyber Security Operations, Incident Response and Investigations. Threat Hunting and ISOC Monitoring.
My best asset is that I am proven to create, nurture, lead and inspire teams to achieve & exceed expected results. I am highly motivated, experienced, and commercially aware professional, confident from both technical and business perspectives. I have been studying Subject Matter Expert courses in 10 Different Universities. In near future, I plan to become a Darktrace Cyber Immune System technologist and Intend to complete Information Technology and the CyberLaw at LSE, and my Ph.D in Advanced Cyber Security & Digital Forensics. I am currently an Ec-Council Member, Certified Ethical Hacker – WHITE Hat – RED Team.
I’m heavy focus on Internal Controls, Incident Response, Threat Intelligence and vulnerability hunting, a passionated Cyber Security professional and leader with a keen interest of establishing and running Security Operations, SOC and IR teams. I have a strong technical and hands-on background, which I believe is essential for a Cybersecurity manager in today’s threat landscape.
My job duties typically include planning and implementing security measures to protect computer systems, networks and data. As a information security analysts are expected to stay up-to-date on the latest intelligence, including hackers’ methodologies, in order to anticipate security breaches. Also are responsible for preventing data loss and service interruptions by researching new technologies that will effectively protect a network.
Additional duties include:
- Creating, testing and implementing network disaster recovery plans
- Performing risk assessments and testing of data processing systems
- Installing firewalls, data encryption and other security measures
- Recommending security enhancements and purchases
- Training staff on network and information security procedures
- Working as project lead on PCI DSS certification: Merchants level-1 level-2, level-3 and level-4 compliance projects
- Liaising with management at all levels, presenting results and co-ordinating work and requirements
- Conducting compliance & risk assessments, including completing PCI Report of Compliance (ROC)
- Documenting project plans, action plans, presentations and project results for managements
• Experienced: SIEM, Sandboxing, HIPS, NGFW, DLP, IDS, IPS, & Freeware tools.
• Vulnerability Assessment & Penetration Testing: KaliLinux, BurpSuite Pro, Metasploit Pro, Acunetix, Qualys, Nessus, Nexpose, Veracode, Nmap, OpenVAS, Armitage, ZAP, w3af, Nikto, Arachni, Mallory, Firebug, SoapUI, SQLmap, Cain&Abel, BeEF, Fiddler, Canape, Responder, Echo Mirage, TcpCatcher, IBM-AppScan, HB-WebInspect, SAINT Security, Core Impact, Carbon Black, Bit9, ElasticSearch, John the Ripper, Hydra, NetSparker.
• Application investigation tools such as Intrusion Detection System (IDS): Splunk, McAfee Nitro, Alertlogic. DDoS Mitigations: Arbor Networks, Akamai, Experience with Digital Forensic tools: EnCase, FTKSuite, X-Ways, OxygenForensics, NetWitness, Autopsy, MPE+, DEFT Evidence, dtSearch, CAINE Investigator, Cisco’s, Juniper’s & Midnight Commander.
• Packets Analysis and Manipulation: Wireshark, Moloch, Wireshark, Netcat, Bro, Medusa, Maltego, Tshark, TCPdump, Tcpreplay, Netcat, Scapy, cURL
• Security Standards and Protocols: IPsec, SSL/TLS, DTLS, DNSSEC, RADIUS, Diameter, EAP, PKI, X.509, ISO/IEC 27001, PCI DSS, OWASP, NIST, DREAD
• Networking: IPv4, IPv6, TCP, UDP, Switching, VLANs, QinQ, Routing, Load Balancing, Firewalls, ACLs, DMZ, DPI, NAT, VPN, DMVPN, HTTP, FTP, DNS, DHCP, SIP, RTP, PPP, GRE, GTP, PMIPv6, CAPWAP
• Linux Tools and Servers: IPtables, OpenSSL, BIND, DHCPd, strongSwan, FreeRADIUS, Apache, MySQL, PostgreSQL, Snort
• Scripting, Automation and Data Parsing: Batch, Bash, Tcl, Python, Ruby, Javascript, REST, JSON, XML
• Software QA/Testing: Waterfall, Agile Scrum, White/Black/Gray-Box Testing, Sanity Testing, Integration Testing, System Testing, Security Testing, Negative Testing, Performance Testing, Regression Testing, Test Plans, Test Cases, Bug Logging, Revision Control Systems – Perforce
• Virtualization: VMware, VirtualBox, Vagrant, KVM
• Ixia Products: IxExplorer, IxLoad, BreakingPoint, ATI Processor, ThreatARMOR
I develop and implement flexible security solutions, dictated by the needs of a hybrid and rapidly evolving decentralised business environment implementing PRINCE2 & Agile philosophies.
I’m a results-oriented person who can achieve tangible improvements in the corporate security arena and I perform with excellent technical skills, as well as proven security leadership experience. Simple is always better, more is rarely worth it and anything too complicated to understand is useless. I like to test my own abilities by working on the impossible or things no one has ever done before, i.e. “where no one has gone before”. I love the varied challenges I encounter in my work. Always with a strong desire to find broken things as not only one of my strengths but also my weakness.
My Portfolio
My History
Exploit/ PenTest
My Skill
My Videos
Course Catalog
My Certification
Other Certification
InfoSec Toolkit
InfoSec Events
Certifications
Microsoft Technology Associate (MTA)Score:95% Computer Hacking Forensic InvestigatorScore:141/150 Certified Ethical HackerScore:123/125 Certified Forensic AnalystScore:78% PRINCE2® Projects In Controlled EnvironmentsScore:73 Information Technology Infrastructure Library -ITIL®Score:95% Certified Information Security Professional – CISP®Score:94% Certified Information Security Manager Score:80%
Expertise
PCI-DSS Auditing-Initial to Final phasesExpert Internal & External Pen TestingPro Threat Analysis and Risk TreatmentPro Forensics and Incident ManagementPro Intrusion Detection IDS and AnalysisPro Architecture ReviewsExpert Network Performance AuditPro Incident Handling & RemediationExpert
Software skills
77/100HTML/CSS 70/100JSP 75/100AJAX 71/100JQuery 70/100PHP 5.0.x 64/100MySQL 60/100Python 55/100Java 62/100C, C++ and C# 43/100Oracle 32/100Delphi 68/100XML 70/100SOAP-Simple Object Access Protoco 63/100JSON-JavaScript Object Notation 47/100Silverlight 55/100Linux 70/100Window 77/100VPN 70/100VPS 60/100Dedicated Server 74/100Windows Server 70/100Linux Server 75/100Kali Linux 57/100Debian 65/100CentOS 49/100Fedora 68/100Ubuntu 84/100VirtualBox 67/100Mobile Aplications 70/100Web Aplications 73/100SEO 64/100Social Engineering 77/100Photoshop 70/100Illustrator 60/100InDesign 53/100Acrobat 50/100Flash 70/100Dreamweaver 50/100Fireworks 50/100Premiere Pro 50/100After Effects
Cyber Lab
77/100Aircrack-ng 70/100Airodump-ng 60/100Zodiac 70/100Nmap 57/100Brutus aet-2 65/100Hping3 50/100Crack 50/100Kismet 55/100Vncrack 60/100Miranda 75/100Thunderbird (for sending phishing emails) 71/100Metasploit framework 70/100SureApp (web application scanner) 65/100Yersinia 55/100VMware 72/100Bluebeep 70/100Milw0rm 64/100Wireshark 60/100Etherpeek 55/100Arpspoof 62/100Fragrouter 43/100Netcat 32/100Cain&Able 68/100Rootdown.pl 70/100Adm tools 63/100THC Tools 47/100rtpbreak 55/100fpfake 70/100yphack 77/100ypsnarf 70/100ldapexplorer 60/100solarwinds 74/100pwdump3-7 70/100voiphopper 75/100dns_mre 57/100burpsuite 65/100winautopwn 49/100yersinia 68/100vconfig 84/100iproute2 67/100iptables 70/100ettercap 73/100openssl 64/100curl 77/100rpcbind 70/100rpcdump 60/100nemesis 53/100sing 50/100lotus.sh 70/100dnsa 50/100 gomma_pane 50/100fwsa 50/100sapinfo
