SOC team leader

• Jul 2023 - Present

Senior CSIRT Analyst

• Jan 2022 - Jun 2023

• Act as Security Incident Manager for alerts « HIGH » & « MAJOR » • Run DLP monitoring operations • Run CSIRT analysis • Lead forensics activities • Act as Security Incident Manager for alerts « HIGH » & « MAJOR » • Run DLP monitoring operations • Run CSIRT analysis • Lead forensics activities

Cyber Security Instructor

• Apr 2021 - Sep 2022

- Provide trainings in cybersecurity for master 2022: ethical hacking 2021: how to Build and run a Security Operation Center - SOC organization – incident handling process (NIST & PICERL) – Cyber Threat Intelligence – MITRE ATTACK Framework – investigation tools (cyberChef, EDR, SIEM, Sandboxes,...) - Practical cases of incident handling using NIST process - Incident handling using TheHive & Cortex - Excellent feedback from students and program manager Show less

Principal CyberSecurity Professional

• Nov 2020 - Dec 2021

open for new challenges Founder and Manager at CyberID FZ http://cyberid.ae Provide below services: - Senior Detection Engineering - Senior Incident Handling - Proactive Threat Hunting - Cloud Detection and incident Response - Digital Forensics & Incident response - Trainings: DFIR - SOC - Active Directory attack & defense, .... open for new challenges Founder and Manager at CyberID FZ http://cyberid.ae Provide below services: - Senior Detection Engineering - Senior Incident Handling - Proactive Threat Hunting - Cloud Detection and incident Response - Digital Forensics & Incident response - Trainings: DFIR - SOC - Active Directory attack & defense, ....

Digital Forensics and Incident Response Instructor

• May 2021 - Jun 2021

Provided a 5 day DFIR training to a leading Transport and Logistic company based in France. The training was remotely provided. Training program: Day1: Host digital forensics - Windows Forensic artefacts: Prefectch, amcache, shimcache,... - MACB timestamps: show evidences of file copy, creation, ... - collect and parse windows evidences with KAPE - Generate super-timeline with PLASO - Analyze super-timeline with Timeline Explorer Day2: Memory forensics - Why memory forensics - Memory structure - Memory analysis with Volatility 3 - Alternative memory analysis way with MemProcFS LABS: - analyze a memory image: find malicious processes, dump process objects, find process injections,... - challenge of a memory image Day3: Active Directory Attack and Defense - Run live Attack on AD environment - Collect evidences for detecting such attacks - mitigation techniques on AD attacks - LABS: - Attacks with impacket & PuripleSharp - AS-REP-Roasting attack, Kerberoasting, Pass The Hash, Password Spraying, .... - collect evidences of these attacks - mitigation techniques Day4: Live Response - Incident Response with PICERL methodolgy - deep dive in PICERL and answer howto in each incident phase - Many hunting tips LABS: - Analyze a use case with TheHive - install and study GRR Day5: DFIR in the Cloud - DFIR in Micorsoft Azure cloud environment - memory forensics challenge correction - review super-timeline and conclusion - Q&A Show less

senior Cyber Security Specialist

• Sep 2018 - Nov 2020

• Work as Senior SOC analyst for Digital14 customers • Incident response and threat hunting • Implemented TheHive SIRP, configured and training all SOC team • Implements SIEM rules and playbooks • Perform threat hunting • Incident response • Threat intelligence SANS Digital forensics and Carbon Black EDR certified • Work as Senior SOC analyst for Digital14 customers • Incident response and threat hunting • Implemented TheHive SIRP, configured and training all SOC team • Implements SIEM rules and playbooks • Perform threat hunting • Incident response • Threat intelligence SANS Digital forensics and Carbon Black EDR certified

Cyber Security Specialist

• Aug 2016 - Jul 2018

As part of the Cyber Security Team As part of the Cyber Security Team

Cybersecurity consultant / analyst

• Jan 2016 - Jul 2016

Cybersécurity consultant Senior SOC analyst Cybersécurity consultant Senior SOC analyst

IT Security Consultant

• Apr 2014 - Dec 2015

SOC Analyst SIEM Integration SOC Analyst SIEM Integration

Security Operations Center Analyst

• Sep 2010 - Mar 2014

SIEM Integration Log Management Log Visualisation SOC analyst SIEM Integration Log Management Log Visualisation SOC analyst

Recherche & Développement

• Apr 2010 - Aug 2010

Work on OpenTrust PKI Impact of use Elliptic Curves algorithm (ECC) on Opentrust PKI Enrollment on Browsers ECC with OpenSSL Work on OpenTrust PKI Impact of use Elliptic Curves algorithm (ECC) on Opentrust PKI Enrollment on Browsers ECC with OpenSSL