Head-Enterprise Security
Head-Enterprise Security
Head-Enterprise Security
PROFILE SUMMARY:
Highly accomplished Enterprise OT/ IT Security Architect with 20 years of expertise in designing & architecture of multilayered
defense strategy known as “DEFENCE-IN-DEPTH” to protect OT&IT systems against remote attacks, Man-in-the-middle attacks,
Network control plane attacks, Masquerading attacks, Snooping and scouting Malware attacks. Excellent communicator and
presentation skills to support the development and communication of business related strategies and roadmaps to both senior
business stakeholders and a highly technical audiences. Extensive experience in managing the team of security, network and test
engineers to identify the IT security risks in various applications, systems and networks and recommending the practical solutions
for fixing the security related issues.
In-depth knowledge of industry standards and industry frameworks ( e. g. TOGAF, SABSA, COBIT, COSO, ISO 27001&2, PCI, ISA-
62443-3-2-WD - ISA99, CIP (NERC), API 1164, ISO/IEC 17799, AGA-12, NISCC, NIST 800-82/53, TR 27019, Sarbanes-Oxley Act
(SOX) .
In-Depth Knowledge of ICT- Qatar QCERT NIA/NIST/NERC Regulatory compliance, Process reviews, ISO 27001-2 controls and
Developing cyber security policies and procedures.
Extensive background in all stages of security audits, including planning; study, evaluation, and testing of controls;
reporting; and follow-up.
Extensive experience in dealing with OIL& GAS, Water& Electricity Utility, Manufacturing industry to
assurecompliancewithISA/NIST/NERC/ICTQatar-QCERT-NIAregulatoryinformation security issues.
Extensive experience in vulnerabilities assessment of RTUs/DCS/PLC/IEDs from Siemens, Schneider, Honeywell. Rockwell,
ABB, Alstom etc.
Extensive experience in, Risk/Vulnerability Assessment Tools and Methods, IT Security Framework Design and
Implementation, Security Risk/Vulnerability Management , Security Metrics and Measurement, Identity Management,
Firewalls ,Security Policy Design, enforcement and Troubleshooting.
Expertise in Implementing automated vulnerability scanners like Tenable Nessus that includes all kinds of SCADA plug-ins
[TEN09] to automatically detect weaknesses in the PCN environment.
Expertise in developing and implementing security awareness & training programs and giving recommendations regarding
prevention.
In-Depth Knowledge of IT and PCN Specific risk/vulnerability Assessment & management and Securing zones of equipment on
the plant floor, as per ISA/IEC 62443 standards.
in depth knowledge of protocol and network topologies like Profibus, RS-232 && RS-485, DSL,DNP3, Modbus, Profinet, ZigBee,
IEC 104
Extensive experience in building, configuring, and managing Microsoft Windows servers (HIS, Archival, OAG, FE, SCADA/DMS,
PDS/DTS, GIS) in enterprise environments(HP ProliantDLxxx& Dell Power edge).
Extensive experience in Hardening Windows operating systems to National Institute of Standards and Technology (NIST)
compliance.
Hands-on expertise in managing Microsoft Active Directory to include implementation of Group Policy Objects (GPOs), support
of file and print services, Domain Controller replication and organizational unit management.
In-depth knowledge of Vulnerabilities of the Industrial Control Network, Vulnerabilities of RTUs and SCADA Equipment,
Vulnerabilities of the Network Communications and its mitigation,
Acute understanding of networking, hardware, software, and data centers, as well as emerging technologies, such as
BMS,Security Surveillance( CCTV/IP Camera, Biometric, Anti Crash, Barrier , MIDS, FIDS)and mobile devices.
Travelled to Africa (Sudan), Middle East (Saudi Arabia, Qatar, Bahrain, Oman, UAE) Singapore, Malaysia, Brunei Darussalam, Mongolia, China, Nepal etc.
AREAS OF EXPERTISE
Security Project Team and budget Policy/ Procedure Creation
Management management
Upstream, Off-Shore Team SABSA-ZACHMAN,TOGAF/OSA/SOA/SOMF/
midstream and Management&Projec DODAF/E2AF/COBIT
downstream t Planning
Application
Security
Security Audit IT- Business Analysis&Technical Administration
and Procurement&Vendo
Assessment/ r Management
Process Design
and
implementation
NOTABLE PROJECTS:
QATAR GASBusiness Process (Project)/ Information/ Application/ Technology/Security Reference Architecture
Development, It Architecture Principles Blue Print Design, Risk& Vulnerability Assessment of Enterprise
Architecture Tools and Technologies and Template Development.
CUSTOMER PROFILE:Qatargas is a unique global energy operator in terms of size, service and reliability. The
Company operates 14 Liquefied Natural Gas (LNG) trains with a total annual production capacity of 77 million tons.
This makes Qatargas the largest LNG producer in the world.
PROJECT OBJECTIVE:The scope of this project has been to:
1. Develop process (project) /information /application /technology/security reference architecture.
2. Risk &Vulnerability Assessment of EA tools and plug-ins.
3. Develop and draft Policy and Standard for QG solution’s Infrastructure evaluation System.
4. Providing advisory services to PMO on individual solutions for each business stream (example:
a. Evaluated& advised right solution for “Emergency Management& Fire protection division” to automate
the work flow and optimize the delivery of services from days to minutes.
b. Evaluated& advised right solution for “Communication& personal Administration division” for digital
transformation and any time anywhere digital library hosting.
My Role: Delivering all the above objective
KAHRAMAA’S ICS/SCADA SECURITY RISK& VULNERABILITY ASSESSMENT&BCP/BCM:
Customer Profile:Qatar General Electricity &Water Corporation is government authority to supply and support
Electricity and Water needs of the kingdom.
Project Objective: The scope of this project is to conduct Risk &Vulnerability Assessment and Design and deploy
BCP/BCM Policy, Standard and Procedure forKahramaa’s ICS/ SCADA System.
My Role: Conducting Risk& Vulnerability assessment on People, Process, Tools and technology as per global best
practices and ICT Qatar/NIA , NIST and NERC Standards& security Guidelines and Leading the team of security
Consultants in the development of ICS /SCADA Security Blueprint for conducting the Risk Assessment /Vulnerability
assessment and BCP of Kahramaa’s ICS/SCADA system.
Travelled to Africa (Sudan), Middle East (Saudi Arabia, Qatar, Bahrain, Oman, UAE) Singapore, Malaysia, Brunei Darussalam, Mongolia, China, Nepal etc.
ARAMCO-MARAFIQ BERRY GAS PLANT –:
Customer Profile: Aramco &Marafiqare the Government owned companies in Kingdom of Saudi Arabia, Aramco is
one of the world’s largest OIL& Gas Company and Marafiq is Saudi Arabia largest water and electricity Supplier
covers entire Eastern State &kingdom Capital Riyadh.
Project Objective: The scope of this project was to conduct Risk Assessment and plan, design, and deploy complete
Wired& wireless Network Infrastructure for SCADA system, Security surveillance system & Unified Communication.
My Role: Conducted Risk assessment on People,Process, Tools and technology as per global best practices and
MarafiqStandards security Guidelines and led the team to supply and deliver long distance secured Wireless PTP
WAN infrastructure from O&M Center to Gas plant and various pumping stations.
OMAN OIL MARKETING COMPANY LLC
Customer Profile: This is the Government owned companies in Oman responsible for marketing its OIL & Natural
GAS worldwide.
Project Objective: The scope of this project was toconduct audit& risk assessment and plan, design, and deploy
complete Data centre Infrastructure Security.
My Role: Conducted audit& risk assessment , planned, designed and deployed/implemented the security solution
which also includes BCP/DRP using Trend micro, Symantec Veritas, GFI, DELL|EMC storage and other third part
solutions.
OMAN REFINERY COMPANYLLC(ORPC).
Customer Profile: This is the Government owned companies in Oman responsible for Production & Development of
OIL & Natural GAS and other resources.
Project Objective: The scope of this project was to Audit& asses the Business process and supply, Installation,
configuration, customization, testing and deployment of Service Management System /Help Desk System.
My Role: Audited, implemented, and customized the Help Desk System which includes Altiris Help Desk system,
Windows 2003, Dell Servers and other third party solutions.
GUJRAT GAS LTD.
Customer Profile: This is the Government owned companies in Gujrat state of India responsible for Production &
Development of OIL & Natural GAS and other resources.
Project Objective: The scope of this project was to Audit & asses the Business requirement for Data center Hosting &
Network Infrastructure.
My Role: Assessed the business requirement and provisioned most cost effective and efficient Data center
Collocation services and hosted the network Infrastructure with Managed Physical and logical security services.
SKJ GROUP OF COMPANIES, BRUNEI DARUSSALAM (CONTRACTOR AT BRUNEI SHELL PETROLEUM):
Customer profile:
This is one of oldest & largest Group of companies in Brunei Darussalam involved in Oil & Natural Gas, , Crude oil
Vessels and Tanker, Shipping, Scaffolding, Construction; Furniture & Interior, Information & Telecommunication
Services.
Project Objective: The scope of the project was to conduct risk assessment and develop and deploy a smart Business
Automation infrastructure & Quality Management System.
MY Role: Auditing & Risk assessment of the current infrastructure and developing and deployment of Quality
Management System, Quality Operation Procedure, Quality System Procedure as per ISO 9000:2000, ISO
17799(BS7799), ISO 20000(BS 15000), ISO 27001 and ITIL framework.
MAADEN ALUMINUM SMELTER, KINGDOM OF SAUDI ARABIA:
Customer profile:
Wolrds Largest Aluminum Smelter worth more than USD$20 Billion; having a 14 Kilometer of PCD Fiber optic
Travelled to Africa (Sudan), Middle East (Saudi Arabia, Qatar, Bahrain, Oman, UAE) Singapore, Malaysia, Brunei Darussalam, Mongolia, China, Nepal etc.
network distribution for for SCADA/ICS system.
Project Objective: The scope of the project was to conduct risk assessment and develop and deploy a smart
securednetwork infrastructure& Quality Management System.
My Role:ConductedRisk Assessment/Security Audit for Fiber & UTP network for ISO & BICSI standards compliance
and Quality Audit and certification for Network Distribution and Unified communication / IP Telephony System and
Planned, designed, architected Implemented and tested Scalable Unified Communication system (Cisco IP Telephony
Solutions) Infrastructure for 1500 Employees. Led the successful distribution, termination and of testing around 400,
000 meter Fiber & Copper Backbone core network infrastructure for SCADA &voice & data network.
KENANA SUGAR COMPANY LTD, REPUBLIC OF SUDAN:
Customer profile:
Wolrds Largest Sugar production company worth more than USD$500 Million; having a 4 Kilometer of PCN Fiber
optic network distribution for SCADA/ICS system.
Project Objective: The scope of the project was to conduct risk assessment and develop and deploy a smart secured
network infrastructure& Quality Management System.
My Role: Conducted Risk Assessments for process, technology and people, and Planned, designed, architected
Secured Wireless WAN (Long distance Free Frequency PTP) Infrastructure and factory SitePCD Network
Infrastructure
ROYAL COURT AFFAIRS (DEWAN, THE PALACE) SULTANATE OF OMAN
Customer Profile: This is the Ministry of Royal Kingdom of Oman which is responsible for His Majesty Internal and
Global Affairs.
Project objective: The scopes of this project was to audit and analyze the current infrastructure , capacity planning,
reengineering the data center and propose an efficient Active Directory, File system auditing tools.
Equipments& software used: includes Multi Vendor Solutions, Netpro Change Auditor, Netpro Directory Analyzer,
Dell\EMC SAN Storage, HP and IBM Blades, Computer Associates Solutions, Citrix Solutions, Complete Microsoft
Infrastructure software, and third party equipments& Tools.
My Role: Conducted Security Audit , Planned and successfully implemented Enterprise Change Auditing Tools,
which gives the complete report of all the changes ( threat /Vulnerabilities) enterprise wise and the impact of that
change to the business and recovery and resumption option to undo the unwanted and un-expected changes driven
by hackers and internal threats.
FGMR GROUP FORCEPOINT/TRITON DATA LEAKAGE PREVENTION INFRASTRUCTURE DEPLOYMENT:: Planned the
POC for DLP solutions and provisioned the demo infrastructure for websence/trintron/forcepoint Data leakage
prevention solutions.
SYNTELLECT GROUP IBM MAAS360 MOBILE DEVICE MANAGEMENT DEPLOYMENT - Planned the POC for MDM
solutions and provisioned the demo infrastructure for IBM MaaS360 Mobile Device Management solutions for all
employees and developed BYOD policy & procedures.
IBM INDIA LTD ADVANCED CYBER SECURITY TRAINING TO SR. ENGINEERS: Developed course materials and
provisioned lab and conducted on site hands on training to Sr. Security Consultants/Engineers @IBM India Chennai
branch.
ENTERPRISE SECURITY TOOLS& TECHNOLOGY:
Nextnine, Industrial defender, Splunk, Arcsight,,NetWitness, Encase, FTK, Tenable Nessus, Tofino Xenon,
QualysGuard, Nessus, Cenzic Hailstorm, HP Fortify, IBM AppscaneEye, McAfee ePO, McAfee HIPS (Entercept), ,
McAfee IntruShield , McAfee Network Security Manager system ,SNORT, Cisco ASA, Cisco Security Manager, MS
Travelled to Africa (Sudan), Middle East (Saudi Arabia, Qatar, Bahrain, Oman, UAE) Singapore, Malaysia, Brunei Darussalam, Mongolia, China, Nepal etc.
TMG Forefront/ ISA Server, Checkpoint NG, Fortinet fortigate, Sonicwall, Juniper Netscreen,Backtrack, Ecora
Enterprise, Retina,, nMap, ISS Scanner, AppDetective, LANalyzer, SAINT, kismet, GFI LanGuard, Paros Proxy, Dsniff
etc.
HIGH AVAILABILITY TOOLS:
Cisco, Barracuda, Citrix, Radware, F5, VMWare, VCS, SUN Cluster, MS Cluster.
DRP/BCP/BACKUP TOOLS:
PlateSpin Forge, Symantec VERITAS Netbackup/Backup Executive, Acronis, Doubletake.
NETWORK MONITORING & MANAGEMENT:
Fidelis XPS, RSA ,HP OpenView, Cisco works, Cisco QPM, CISCO NAM, Dell Open Manage, Solarwinds, OP
Manager, GFI LAN Guard, NETPRO Change Auditor.
PROJECT MANAGEMENT:
MS PROJECT 2007/2010, Oracle Primavera, MS Office 2010.
LEADERSHIPCAREER HISTORY:
2018 TO PRESENT – ENTERPRISE ARCHITECT- IT/OT SECURITY & GRC , QATARGAS, QATAR
2008-2010 –DGM-SR. SOLUTION ARCHITECT (MANAGED SECURITY & IDC) BHARTI AIRTEL ENTERPRISE SERVICES
LTD
EDUCATION &TRAINING
MASTER OF SCIENCE - INFORMATION TECHNOLOGY.
BACHELOR OF INFORMATION TECHNOLOGY.
HIGHER NATIONAL DIPLOMA IN SOFTWARE ENGINEERING.
CERTIFICATION& TRAINING
TOGAF 9.2 Certified Enterprise Architect
Advanced Training on Global Industrial Cyber Security Professional (GICSP)
Certified Information System Security Manager(CISM)
Certified Ethical Hacker(CEH)v8
Certified Computer Hacking Forensic Investigator (CHFI)v8
Information Technology Infrastructure Library (ITIL) v3.
Microsoft Certified System Engineer (MCSE 2000)
Cisco Certified Network Professional (CCNP)
ISO9000:2000 Certified Internal Auditor.
Advanced Training on Global Industrial Cyber Security Professional (GICSP)
Travelled to Africa (Sudan), Middle East (Saudi Arabia, Qatar, Bahrain, Oman, UAE) Singapore, Malaysia, Brunei Darussalam, Mongolia, China, Nepal etc.
Advanced Training on Certified Information system Security Professional( CISSP)
Advanced Training on Certified Information system Auditor( CISA)
Advanced Training on Strategy &Performance Management/ Balanced Scorecards Solution Deployment.
Advanced Training in Business Continuity& High Availability Management.
Travelled to Africa (Sudan), Middle East (Saudi Arabia, Qatar, Bahrain, Oman, UAE) Singapore, Malaysia, Brunei Darussalam, Mongolia, China, Nepal etc.