BACHIR BENYAMMI

Algiers, Algeria +213-***-***-*** ac8x4p@r.postjobfree.com in/bachirbenyammi

Information Security Specialist

PROFILE SUMMARY

A certified professional with 8 years+ of experience and excellent record in IT, project management, information security, risk management, cyber security and forensics.

A detail-oriented, and autonomous expert, skilled at managing and operating in a wide range of platforms, with a problem-solving mindset, a set of multilingual, and good communications skills.

When it comes to security, he strives to secure systems, adopt best practices, mature processes and optimize risks while optimizing resources, raising awareness and sharing knowledge.

Past work experience includes, not only, deploying and managing IS, but also, developing and maintaining IT infrastructures, as well as providing customer support, and computer repairs.

PROFESSIONAL SKILLS

-Information security, cybersecurity

-Security management, security consulting

-Technical training, security awareness

-IT risk management, risk assessment

-Security auditing, IS auditing, audit planning

-Security controls implementation, hardening

-Vulnerability assessment, security testing

-Security maturity assessment, evaluation

-Business consulting, process analysis

-Project management, team management

-IT infrastructure deployment, DevOps

-Cloud computing, virtualization

-IT service management, IT monitoring

-Configuration management, review

-Software development, web development

-Cyber forensics, data recovery

-Technical support, troubleshooting

-Systems engineering, open source

PROFESSIONAL CERTIFICATIONS

-Certified Trainer – PECB 2018

-Certified ISO/IEC 27032 Lead Cybersecurity Manager – PECB 2018

-Certified Network Associate Cyber Ops (CCNA Cyber Ops) – Cisco 2018

-International English Language Testing System (IELTS) – British Council 2017

-Certified ISO/IEC 27005 Lead Risk Manager – PECB 2016

-Certified ISO/IEC 27001 Lead Implementer – PECB 2014

-Certified ISO/IEC 27001 Lead Auditor – PECB 2013

-Certified Méhari Risk Manager – PECB 2013

PROFESSIONAL EXAMS (on certification path)

-Certified in Information Systems Auditing (CISA) (579/800) – ISACA 2019

-Six Sigma Green Belt (84%) – PECB 2017

-Certified in Risk and Information Systems Control (CRISC) (508/800) – ISACA 2016

WORK EXPERIENCE

Cybersecurity Consultant - Independent 2015 to present

-Conducting management and security audit for the benefit of a non-profit organization, measuring the maturity against good practices (such as ISO 27001, ISO 20000, Cobit & CMMI), recommending remediations actions and raising awareness

-Conducting training and security awareness sessions in public and private organizations (100+ participants), assisting professionals, new graduates and students in their career paths

-Setting up a solution integration business, seeking partnerships with vendors, promoting IT and security-related products and services, conducting discussions with potential clients, preparing technical proposals and presentations, deploying IT infrastructures and solutions

-Reviewing PECB courses, contributing to security-related, community-based projects, submitting resources (e.g. articles, sheets, schemas), improving and/or translating materials

GIE Monétique – E-payment regulator Hydra, Algiers

Information Security Manager May 2018 to September 2018

-Managing the security for the organization, raising awareness within employees, evaluating the security maturity and elaborating an action plan for the reinforcement of controls

-Writing security policies for the inter-banking electronic payment system, reviewing contracts with third parties and RFPs for inclusion of the relevant security clauses

-Drafting the project charter and project plan for the implementation of an Information Security Management System (ISMS) and compliance with electronic payment regulations, security policies and standards, including mainly PCI-DSS, ISO 27001 and ISO 27002

-Presenting ISMS project plans to steering committees and coordination with peers within the inter-banking network for reviewing the project phases, tasks and deliverables

Techno Stationery - Office supplies distributor Mohammadia, Algiers

Information Security Manager March 2017 to December 2017

-Managing the information security for the group (400+ employees), evaluating the IT department security and project management maturity, developing a plan to improve the security posture and estimating the relevant security budget and resources

-Preparing and presenting an ISMS project plan to top management, developing a risk management project charter and plan following ISO 27005 and Méhari risk methodology

-Investigating a targeted spear-phishing attack, remediating the threat and reporting the findings to the authorities, analyzing spam campaigns and implementing corrective measures, managing the incident response team while handling ransomware attacks

-Conducting regular, security and risk-related briefings, workshops and presentations, evaluating project management tools, building and presenting a project maturity tool

MBIS Algérie - Cyber security & forensics solutions integrator Hydra, Algiers

Technical Project Manager January 2010 to October 2014

-Assisting a consultancy firm (Paladion Networks) in the implementation of an ISMS and securing the ISO 27001 certification for Ooredoo, supporting consultants in daily activities, facilitating meetings, elaborating progress reports and translating technical documents

-Traveling worldwide to seek public security and safety related solutions, facilitating business discussions with potential clients, define requirements and customize solutions

-Managing dozens of public security and safety related projects, deploying and managing IT infrastructures, managing teams, troubleshooting issues and providing technical support

-Managing technical staff training & skills development, conducting interviews with potential candidates and interns, and supervising interns’ graduation projects

-Conducting workshops on ethical hacking and penetration testing, facilitating discussions, training and presentations, translating technical tenders, proposals and service offers

-Developing and managing company’s IT platforms (e.g. private clouds, network and security monitoring tools, company’s website)

Imagine Partners Algérie - IS consulting & engineering Dely Brahim, Algiers

Systems Engineer September 2008 to October 2009

-Deploying, managing, customizing and maintaining the IT infrastructure (dozens of solutions), migrating to Linux environments, managing instances, and automating backups

-Writing deployment guidelines, installation procedures and ensuring technical support

-Developing and maintaining Orange - France Telecom’s internal web information portal

PROFESSIONAL TRAINING

Online training

-Cisco Cybersecurity Scholarship (CCNA Cyber Ops), Cisco 2018

-Introduction & Cybersecurity Essentials, Cisco Networking Academy 2018

-Six Sigma Green Belt, PECB 2017

-Certified ISO/IEC 27032 Lead Cybersecurity Manager, PECB 2017

Instructor-led training

-How to become a consultant, Kaizen Academy 2018

-Certified ISO/IEC 27001 Lead Implementer, Kereon Inc. 2014

-Risk management using CLUSIF MEHARI method, Kereon Inc. 2013

-Certified ISO 27005 / 31000 Risk Manager, Kereon Inc. 2013

-Certified ISO/IEC 27001 Lead Auditor, Kereon Inc. – Canada 2012

-System, database and network administration - India, China, USA & Canada 2011 to 2014

-Cyber forensics, security auditing & pentesting, Paladion Networks – India 2010 to 2012

-Interconnecting Cisco Networking Devices (ICND 1&2), Microtel 2010

ACHIEVEMENTS & REALIZATIONS

Recent projects

-ISO27k Toolkit (collection of ISMS-related materials)

Developing a security program maturity evaluation tool and a risk management process

Translating the statement of applicability, implementation and certification processes

-EDUCAUSE HEISC (information security assessment tool)

Improving the worksheet questionnaire and translating the tool interface

- MEHARI Expert (risk management knowledge base)

Developing modules (stakes analysis, illustration of services and ISO 27002 scoring)

Translating and upgrading the knowledge base to support ISO 27002:2013 controls

Introducing a case study, enhancing asset classification, and fixing bugs

-Publishing various projects, academic thesis and presentations

Training sessions

-2 security awareness sessions, A non-profit organization, 25 participants, 2 days 2019

-Security awareness session, Municipality of Central Algiers, 12 participants 2018

-PECB ISO 27001 Lead Auditor, Subs. of Bank of Algeria, 3 participants, 5 days 2018

-PECB ISO 27005 Risk Manager, Subs. of Bank of Algeria, 3 participants, 4 days 2018

-Security conference on privacy and online safety, Private school, 30 participants 2018

-CompTIA Security+ training course, Techno Stationery, 11 participants, 12 days 2017

-2 CompTIA Security+ courses, Subs. of SONELGAZ, 20 participants, 10 days 2017

-Several workshops on ethical hacking and penetration testing, 7 participants 2011 - 2013

CONFERENCES & EXHIBITIONS

-SECUR-IT, SECURA North Africa Expo & Conference

-HIMAYATIC, Cybersecurity fair

-Intelligent Support Systems Training, ISS World Europe, Asia, Middle East & Africa

-International Exhibition of Internal State Security, Milipol, Doha – Qatar

PROFESSIONAL MEMBERSHIPS & AFFILIATIONS

-Professional Evaluation and Certification Board (PECB), Member, 2013 to present

-IS Audit and Control Association (ISACA), Silver level membership - 2015 to present

-The Open Web Application Security Project (OWASP), Individual membership, 2019

ACADEMIC STUDIES

-Master’s Degree, Computer Science, Laghouat University 2008

-Bachelor’s Degree, Information Systems, Laghouat University 2004

-Baccalaureate in Mechanics, Berriane Polytechnical High School 2000

LANGUAGES

-English, French & Arabic: professional working proficiency - Tamazight: native

Contact this candidate