Download PDF

Personal Profile

17 years of experience spanning information security, project management, network administration, IS audit and people management.


Mazoon College

Sep 2015Oct 2017

Master in Compute Science

This program is approved by the ministry of higher education, sultanate of Oman and run in cooperation with the banasthali University, India. Banastali offers an integrated system of education and it is accredited by national assessment and accreditation council (NAAC) of India with an A-Grade(a five star rating)

Bachelors in Computer and Internet Application

Give a necessary skills and knowledge on internet technology. In addition it prepares graduates to show a high quality of independent thought, flexibility and maturity based on a sound technical knowledge of the field.



may 2017may 2017

Certified Information Systems Security Professional (CISSP)

CISSP certification is the ideal credential for those with proven deep technical and managerial competence, skills, experience, and credibility to design, engineer, implement, and manage their overall information security program to protect organizations from growing sophisticated attacks. 

SANS Institute

OCt 2016oct 2016

Intrusion Detection In-Depth

delivers the technical knowledge, insight, and hands-on training you need to defend your network with confidence.  underlying theory of TCP/IP and the most used application protocols, such as HTTP, so that can intelligently examine network traffic for signs of an intrusion


sept 2016sept 2016

Reverse-Engineering Malware: Malware Analysis Tools and Techniques

helped forensic investigators, incident responders, security engineers, and IT administrators acquire the practical skills to examine malicious programs that target and infect Windows systems. Understanding the capabilities of malware is critical to an organization's ability to derive threat intelligence, respond to information security incidents, and fortify defenses. 

SANS Institute

Oct 2015Oct 2015

Defending Web Application Security Essentials

SANS Gulf Region 2015

Very heavy and extensive knowledge with experience and hand-on training on tools and techniques of how to defend web apps against hackers and malicious users

SANS Institute

May 2015May 2015

Virtualization and Private Cloud Security

SANS Secure Europe 2015 Amsterdam

Very extensive course to understand visualization in depth and what are the security challenges and how to hardened the hyper-visor

SANS Institute

Oct 2014Oct 2014

Network Penetration Testing and Ethical Hacking

SANS Singapore 2014

Very extensive course for security professional and white hat hackers. it helps to experience hacker tools and techniques to penetrate the vulnerabilities

TUV Nord

Jul 2011Jul 2011

ISMS ISO27001 Lead Auditor

Understand Audit strategy and gt knowledge to audit IT department and define non-compliance with the policy. understand the ISMS controllers and what to audit and how to prepare audit reports


Dec 2009Dec 2009

Certified Ethical Hacker V6

Understand hackers' techniques and become a hacker to exploit the vulnerabilities. understand the tools and the usage of it


Jan 2009Jan 2009

Certified Information Systems Security Professional (CISSP) Workshop

Understand IT Security in of all domains

bairaha Galobal Institute

Aug 2006Nov 2006

Cisco Certified Network Associate (CCNA)

Understand networking and basic router configuration





RoleProject Manager



Minimum security baseline

RoleTeam Member



Network monitoring System

RoleProject Manager



Vulnerability Assessment tool

Role: Team Member



Enterprise Mobility management

Role: Team Member



DLP implementation

Role: Project Manager 

Oman Airports management company



Role: Project Manager 



New branch (Relocation)

Role: Team Membe




Role: Team Member




Role: Team Leader

MINISTER of manpower


new branch

Role: Team Leader




Role: Project Manager 

Tools and Technology


SO27001:2013, OWASP


DLP, MDM, SEIM, Endpoint Protection, Network Monitor, Patch Assessments, Network Inventory and Vulnerability Scanners (DeviceLock, Symantec AppCenter, Good Technology, Sysmosoft, Air-Watch, Maas360, LogRhythm, McAfee Endpoint, Symantec EndPoint Protection, Kaspersky, Sophos, F-Secure, TrendMicro, Manage Engine, LogRhythm NMS, nCyrcle IP360, GFI LANGuard, Total Network Inventory, LAN Sweeper, nCyrcle CCM), Tenable SecurityCenter, Symantec DeepSight, Acunetix Web Scanner, FTK AccessDATA, WireShark, TCP Dump, Snort IDS, SafeNet Gemalto.


Windows 2012 Server, Windows 2008 R2 Server, Windows 2008 Server, Windows 2003 Server, Windows 2000 Server, Windows 10, Windows 8.1, Windows 8, Windows 7, Windows Vista, Windows XP, Ubuntu.


Fortinet, CISCO, Juniper, HP, F5.


MS Office 2013  (Word, Excel, Outlook, Access, PowerPoint), MS Visio, MS Project, Adobe Photoshop, Adobe Acrobat, WinZip, WinRAR, Google Chrome.


Security reporting
  • create security metrics and reports that management uses to understand the effectiveness of their security systems
Risk management
  • manage the contents of the organization’s risk register and carry out tasks regarding risk treatment, such as documenting risk mitigation or risk acceptance artifacts
Policy management
  • Monitor the compliance of security policies
  • Conduct clean desk reviews
  • Observe users’ security-related behavior
IT audits
  • Collecting and managing audit evidence as well as creating audit reports.
SOC operations
  • Monitor and manage security-related tools and systems
    for detecting security incidents, which are relayed to the appropriate personnel. 
information security policy review
  • Review information security policy and make changes if applicable
Safenet Gemalto
  • Installing and configure SafeNet servers
  • Managing SAS (SafeNet Authintication Server) users
  • Enrolling soft tocken
security information & event management (SIEM)
  • Prepare Implementation Plan
  • Deployment of SIEM Agents for log collection
  • Manage log sources in SIEM
  • Perform on demand investigations for security incidents
  • Define correlation rules and email alerts for critical events 
  • Fine tune log levels and classifications for performance improvement
  • Troubleshoot log sources in case of missing logs
Data Leakage Prevention
  • Prepare DLP Policy to monitor and restrict the critical information
  • Prepare DLP deployment plan
  • Roll-out DLP agent service to the endpoints
  • Manage and troubleshoot endpoints
  • Configure audit rules
infrastructure vulnerability management
  • Build inventory of infrastructure components 
  • Prepare annual vulnerability assessment plan
  • Define scan policies and scan types as per the assets
  • Configure different types of reports to share with respective functions
  • Coordinate and support remediation exercise 
  • Analysis, approve and document for any exceptions or false positives
  • Compliance and re-validation
Minimum Security Baselines (MSB)
  • Prepare MSB for infrastructure components and server roles
  • Assist respective teams to implement MSB
  • Define, understand and document the system limitation
  • Perform a compliance review as per the annual plan
Web vulnerability Scanner
  • Scan web application for vulnerabilities
  • Generate different type of reports
  • Coordinate with the development team to fix security gaps
  • Track the remediation status 
technology threat & warning system
  • Define user roles and groups
  • Create technology lists for different IT functions
  • Configure customized email/SMS alerts and reports
  • Coordinate internally to ensure the alert is being addressed timely
Enterprise Mobility Management Solution
  • Selection of appropriate solution to address the company needs
  • Prepare BYOD policy
  • Define and implement deployment plan
  • Manage project as a technical lead for smooth roll-out
  • Ensuring quality deliverables on phase wise activities
network management system

  • Configure devices, application  and databases for health and availability monitoring
  • Setup SNMP and WIM Credentials for secure access
  • Monitor VM-Hypervisor
  • Configure and manage critical asset
  • Define and manage roles users
  • Create customized dashboards for different functions

Managing Windows Infrastructure

  • Active Directory deployment
  • Server roles - DHCP, DNS, IIS, WSUS etc
  • Implementing security baselines aligned with industry benchmarks and company policies

Endpoint Protection
  • Update and upgrade of virus definition to the clients
  • Configure and manage policy on servers and client
  • Setup firewall rules and application white listing
  • Reviewing reports for compliance checks and exceptions

Work experience

Daleel Petroleum Company

Jul 2018Present

Senior GRC Specialist

  • Reporting to IM&T Senior Manager
  • Developing and implementing SOPs.
  • Work as consultant from governance point of view
  • Develop IM&T strategy
  • Enhance IM&T services by review performance and user satisfaction. 

Information Security Specialist

  • Reporting to Governance & Information Security Manager
  • Implementing of MSBs in all ICT software/Hardware where applicable
  • Review and approve end uses request of application installation and internet access
  • Review and check configuration of(AD, GPO, Firewall, Core Switch)
  • Managing Tenable SecurityCenter
  • Maintain Vulnerability assessment plan.
  • Running security scanning tools (Nessus and Acunetix) to look for vulnerabilities in workstations, servers, applications and network devices.
  • Managing MDM/BYOD Implementation project
  • Managing SIEM Rules and  Configuring SIEM alarms and alerts, and setting up feeds from new systems and devices.
  • Check rules and configuration of DLP in end user computer, examines DLP logs and takes appropriate action
  • Forensic Investigation in case data leak, unauthorized access and etc
  • Managing day-to-day access request (e.g. VPN, TeamViewer, Full Internet Access)
  • Managing and Implementing Multi-Factor Authentication
  • Collecting and managing audit evidence.
  • Monitor the compliance of security policies.
  • Manage the contents of the organization’s risk register and carry out tasks regarding risk treatment.
  • Create security metrics and reports that management uses to
    understand the effectiveness of their security systems.
  • Analysis of current trends in malware and the organization’s current
    controls to determine whether advanced malware protection (AMP)
    tools are warranted.
  • Analysis of the organization’s control and management framework against industry standards to determine whether changes are needed..
  • Conduct information security awareness program.
  • Review and monitor vendors based on SLA.

The Wave Muscat

Dec 2011Feb 2013

Senior Network Administrator

  • Managing network device and server
  • Troubleshooting servers and switches
  • Managing Active Directory
  • Configuring SAN and NAS Storage

The Wave Muscat

Jan 2011Nov 2011

Service Desk Support

  • Troubleshooting windows operating system
  • Managing endpoints and printers
  • Supporting end users

Ministry of Manpower

Feb 2006Jan 2011

Information Security Officer

  • Reporting to Head of Information Security
  • Manage the information security function in accordance with the established policies and guidelines
  • Establish and maintain information security standards and procedures compliance with ISO27001 standard, ITIL and COBIT and risk management policies, standards and guidelines
  • Function as an-internal consulting resource on information security issues
  • Conduct the information security risk assessment program, review compliance with the information security policy and associated procedures
  • Conduct information security efforts with other sections in the departments
  • Provide periodic reporting on information security issues to the head of information security section
  • Coordinate security orientation and security awareness programs
  • Asset in coordinating contingency plan tests on a regular basis. review access controls in MOM systems

Ministry of Manpower

Nov 2004Jan 2006

Senior Network Administrator

  • Network Fixing and Supporting
  • Troubleshooting Servers, Routers, Switches and Firewalls
  • Tender Proposal Evaluations.

Ministry of Manpower

Jan 2004Oct 2004

Help Desk Support

  • Troubleshooting users' computers, printers, Applications
  • Tender Proposal Evaluations.
  • Support remote MOM remote locations