Cyber security specialist with a passion and talent for aligning security architecture, plans, controls, processes, policies, and procedures with security standards and operational goals.
Conduct IT audits and reviews of systems, processes, applications, etc. post-implementation review, Cyber Security assessment, Manage Internal Audit, Risk assessment, GRC, Audit Report, and recommendation, Recommend improvement in internal controls designed to safeguard resources and to comply with applicable policies, procedures, Government laws, and regulations. Ensure compliance with audit manual and company’s policies and procedures. Assist in the development and implementation of the annual risk-based audit plan and budgeting.
ICS / SCADA Cybersecurity Management,
• OT Cybersecurity,
• VAPT of OT,
• Integration of Security Controls in OT Network i.e. opensource, Palo Alto etc.,
• IT and OT Security Auditing and assessment,
• Critical Infrastructure Cyber Security and Compliance review,
• Review information security Policy and Procedures,
• Information Security / Cyber Security awareness program,
• Pre/Post audit Implementation review,
• Report all draft observations along with Recommendations,
• Recommend improvement in internal controls designed to safeguard resources and to comply with applicable NTDC Policies, Procedures, Government Laws
Cyber Threats analysis / threat intelligence
• Vulnerability Assessment and Penetration Testing
• Cryptographic Products evaluation (FIPS -140-2),
• Cyber Security Evaluation of Software and Hardware Products,
• CIS implementation,
• Device hardening,
• Supports the administration and maintenance of security systems, including firewalls, network, host intrusion prevention/detection systems (IPS/IDS),
• virtual private networks (VPNs) analysis,
• endpoint protection,
• email security,
• digital forensic,
• Open Source SIEM Solution Deployment (WAZUH),
• DevSecOps.
• Integration of Web Security Tools (i.e. Acunetix, nmap etc.) in DevSecOps.
• CD / CI pipelining
IT Security Assessment (Products – Software / Hardware) Cyber Security Policies and Procedures etc.
Vulnerability Assessment and Penetration Testing.
Develop Cyber Security solutions for IT Systems.
• Perform Technical Audit of PKI Systems,
• Cyber Security policies and procedures audit for PKI Systems,
• IT Infrastructure Security and Risk Assessment,
• APIs Security assessment (REST / SOAP).
• Implementation of Web of Trust Audit Requirements.
Perform Technical Audit of PKI Systems.
IT Security policies and procedures audit for PKI Systems.
IT Infrastructure Security and Risk Assessment
Secure Products (Software & Web Apps) Security Evaluation & Auditing.
Digital Forensics.
Reverse Engineering & Analysis.
Source Code review
Wireless penetration Testing
Vulnerability Assessment and Penetration Testing,
• ISO 27001 Implementation
• Secure Products (Software & Web Apps) Security Evaluation & Auditing,
• Digital Forensics,
• Reverse Engineering & Analysis,
• Source Code review,
• Crypto-Products Evaluation (FIPS 140-2),
• Secure Protocol Analysis,
• Windows and Linux exploitation,
• AV evasion,
• Mobile Applications Security Assessment,
Manage IT work in Organization.
Virtualization (VMWARE ESXi) Deployment.
Configuration and Management of (AD, FTP, Web Servers)
Cryptography, Network Security, Secure Coding, OOP, Visual Programming
Web applications development. [WordPress, PHP], C#, Python
• ISO 27001 and 27002 (Implementation and Auditing).
• Penetration Testing and Vulnerability Assessment,
• Gap Analysis,
• Governance, Risk and Compliance
• NIST Cybersecurity Framework
• Power Sector Cyber Security Regulations (Pakistan)
• Information System Auditing
• GDPR
• IT Policy and Procedure development and analysis.
• 3rd Party Cyber Security Audit.