Summary
Overview
Work History
Education
Skills
Certification
Languages
Timeline
Generic

Mohamed ossama zaidi

Summary

cybersecurity consultant with over 10 years of experience in penetration testing, project management, and security architecture design. My expertise mainly in offensive security projects includes management, consulting, and support SOC leadership, as well as the evaluation of web applications, mobile platforms, and infrastructures. I am an expert in penetration testing for critical infrastructures and in simulating real-world attacks. As a team leader, I have also developed operational processes that enhance the efficiency of security operations while training and guiding team members to optimize their performance.

Overview

11
11
years of professional experience
1
1
Certification

Work History

Cyber Security Consultant

Ministry of Defense Qatar armed Forces
01.2018 - Current
  • penetration testing on low-code platform application Mendix: critical web-application and android mobile application carrying sensitive information.
  • Review SOC design and implementation with performing offensive security testing which leads to increase the security posture.
  • design and implement windows Desktop security hardening to align with critical projects requirement.
  • Conduct comprehensive penetration tests on various security technologies and platforms, including windows/linux infrastructure technologies, resulting in a reduction in vulnerabilities identified during assessments
  • Bypassing defensive measures: Anti-Virus, endpoint protection, and sandBox with developing customs payload and tools in order to evade detection
  • Perform comprehensive infrastructure Penetration testing to identify security vulnerabilities and misconfigurations, using advanced techniques to enhance domain security and reduce risk exposure
  • Program payloads and malware for offensive testing purposes, allowing for dynamic functionality and adaptability based on specific testing scenarios
  • Developed and implement engagement rules for penetration testing and questionnaires, ensuring a structured approach that improved assessment efficiency by 20%
  • Design a success phishing campaign by introducing new techniques to lure the user attraction implementing undetected attachments
  • Enhance cybersecurity posture on servers and workstations by creating custom C2 payloads for testing, which challenged and strengthened endpoint security solutions, resulting in a 40% increase in detected threats
  • Lead cybersecurity projects from initiation to completion, managing timelines, resources, and stakeholder communication to ensure successful delivery of security initiatives within budget and scope
  • Lead Red-Teaming exercises, preparing detailed scopes and engagement rules
  • table top red teaming exercise with blue team.
  • Developed effective strategies and tools that improved incident response times by 50%
  • Leverage the MITRE ATT&CK framework to analyze and document adversary tactics and techniques, enhancing threat intelligence efforts and informing the development of targeted incident response plans
  • Conduct red team exercises utilizing MITRE ATT&CK, simulating real-world attack scenarios to identify security gaps and improve detection capabilities
  • Write technical proposals for necessary commercial tools, facilitating a streamlined procurement process that reduced costs
  • Implement security hardening measures for Windows terminals by designing custom tools tailored to the business environment, which increased compliance
  • Produce detailed technical reports with actionable recommendations, leading to the successful implementation of security improvements across multiple departments
  • Contribute to the high-level design of security architectures for diverse technological environments, optimizing project costs while maintaining robust security standards
  • Maintain security maturity through annual audits and security program assessments, resulting in a measurable improvement in overall security posture
  • Demonstrated familiarity with ISO 27001/27002/19011, CIS benchmarks, NIST, OSSTMM, and PTES standards, ensuring compliance and best practices across all projects
  • Develop technical security awareness training for developers, enhancing the security mindset within the development team and reducing security-related incidents by 30%
  • Support to SOC Teams (L2/L3) as a Subject Matter Expert (SME)
  • Establishment of Processes: Development and implementation of Standard Operating Procedures (SOPs) for OSINT and Threat Hunting in collaboration with the SOC team

Cyber Security Analyst

Ministry of Defense Qatar armed Forces
08.2014 - 01.2018
  • Monitor security events using SIEM, improving detection rules, which led to a 25% increase in threat detection accuracy over a year
  • Analyze network traffic and logs using multiple Security installed tools, creating security use cases for threat hunting, which allowed for the identification of critical attacks
  • Enhancing events detection and reducing false positive with creating rules and building blocks on SIEM Solution
  • Managed firewalls, optimizing configurations and policies, which improved overall network security and reduced unauthorized access
  • Improve security protocols by providing actionable recommendations based on lessons learned, leading to the implementation of three key security enhancements that fortified defenses
  • Participate in technical forensic investigations, contributing to incident analysis that successfully identified and mitigated multiple high-profile security breaches
  • Participate in testing several security solutions for facial recognition, providing insights that enhanced system reliability and compliance with privacy standards
  • Report on emerging security technologies suitable for integration into the existing environment, leading to the adoption of innovative tools that improved security posture
  • Collaborate in the technical design for the implementation of new security solutions, ensuring alignment with organizational objectives and improving deployment efficiency by 15%
  • Conduct penetration testing on web applications and APIs, identifying and remediating vulnerabilities that increased application security and reduced risk exposure
  • Perform comprehensive vulnerability assessments using commercial vulnerability tools, leading to the identification and remediation of critical vulnerabilities

Education

Master - Technologies of Network and Telecommunication

University of Carthage Faculty of Science of Bizerta
06.2013

Bachelor - Technologies of Network and Telecommunication

University of Carthage Faculty of Science of Bizerta
06.2011

Skills

  • Offensive Tools: Metasploit,Cobaltstrike,Nessus,BurpsuitePro
  • Programming Language: Python,Perl, Powershell, Bash, C/C#
  • Project Management Software: Jira, Google Workspace,ITSM
  • Vulnerability assessment
  • Social engineering
  • Security analytics

Certification

  • OSEP Offensive Security Experienced Penetration tester
  • OSCP Offensive Security Certified Professional
  • OSWP Offensive Security wireless Professional
  • CRTE Certified Red Team Expert
  • CRTP Certified Red Team Professional
  • CARTP Certified Azure Red Team Professional
  • CRTO Certified Red team Operator
  • CCNA Security
  • CCNA Networking
  • CEH V9 Certified Ethical Hacker

Languages

Arabic
English
French

Timeline

Cyber Security Consultant

Ministry of Defense Qatar armed Forces
01.2018 - Current

Cyber Security Analyst

Ministry of Defense Qatar armed Forces
08.2014 - 01.2018

Master - Technologies of Network and Telecommunication

University of Carthage Faculty of Science of Bizerta

Bachelor - Technologies of Network and Telecommunication

University of Carthage Faculty of Science of Bizerta

Similar Profiles

CREATE PROFILE
Mohamed ossama zaidi