Security Manager

Mahmoud Kaddoura MBA, SABSA, CISSP, CISA, CISM, GIAC, CEH, ITIL

Tel: +971-**-****-*** Email: **********@*****.*** PERSONAL PROFILE

A dedicated, versatile and meticulous Security Manager, OT/IOT Specialist and Strategic Consultant with solid technical background and outstanding project management skills. Extensive security operations and compliance expertise, and a track record of analyzing business needs, developing IT solutions, developing and leading Information Security teams, designing multi-tenant security operations centers, OT Security Solutions and service delivery for Managed Security Service providers An accomplished bilingual communicator with first-class presentation and negotiation skills, together with the ability to forge relationships at all levels, as well as lead, train and motivate teams to meet challenging performance goals CAREER & ACHIEVEMENTS TO DATE

Senior Manager 2016-present

Digital14: Cyber Security Firm, Managed Security Services Provider Key Achievements

Promoted from Manager to Senior Manager to Director, Security, at D14

Leading teams from world-class companies to deliver strategic projects

(PWC, Accenture, McKinley’s, IBM, Microsoft, Gartner, Dell EMC)

Reviewing and Evaluating RFPs for digital and cyber security services

Developing Technical and commercial Proposals

Designing and Implementing Security Programs and Strategies for multiple enterprises

Conducting Due Diligence Tasks for the networks and systems in critical infrastructure

Provided consultancy services for multiple customers to assess, design and build their own mature Security services

Building strong business relationships with the clients and engaged at C-level

Conducting organizational assessment and design

Producing and Reviewing Performance Metrics

Participating heavily in analysis and advisory calls with Gartner

Develop and Lead the Center of Excellence within the organization

Designing and Building Security Solutions for the IT/OT/IOT networks and critical infrastructure

Leading Due Care Tasks in IT/OT/IOT networks to address regulatory and standard requirements

Leading a team to conduct end-to-end cyber risk assessments

Conducting monthly meetings to present findings to executive management

Designing and Building OT/IOT based Next Security Operations Center with advanced services and capabilities

Building competitive security teams and drafting their career development plans

Engaged and leading the development of security solutions based on customer requirements

Designed, Established and managed a full-fledged MSSP, Intelligence Focused Security Operations Center

Responsible of producing and maintaining the financials and KPI’s of the security team

Provided the leadership for the Security team and ensures the delivery of the common sets of services

Provided the leadership for the Security Threat Management & Analytics team

Provided the leadership for the Security Engineering team

Responsible for maintaining all Security documentation on the knowledge management platform, providing training on them and creating/maintaining the Security training program

Responsible for creating/maintaining/auditing the Security service catalogues, cost models and processes

Responsible for analyzing client requirements, use cases development/maintenance, log analysis/integration and correlation rule updates

Responsible for building the development plans, with all required courses and certificates, for the Securtiy team and monitor their progress

Engaged with the clients and vendors to build proposals, SOWs, RFPs and RFIs

Engaged in meetings, presentations and discussions with C-Level and Senior management

Played a significant role in long-term security strategy and planning, including initiatives geared toward operational excellence

Worked with World-Class security experts to mature services and take them to second levels

Participated in Marketing campaigns to promote Cyber Security Services in multiple conferences

Engaged in major projects with vendors to design and implement mega security projects

Managed and increased the effectiveness and efficiency of the security team, through improvements to each function as well as coordination and communication between support and business functions

Attended multiple security courses and conferences to stay updated with the recent technologies and how they can be used to enhance and mature cyber services

Projects

Leading Strategic Security projects for the largest Nuclear Power Plant in UAE

Leading Strategic Security projects for the largest Oil and Gas Company in UAE

Leading Strategic Security program for the largest smart government entity in UAE

Leading Strategic Security program at the national level in UAE

Leading the design and implementation of Cyber Security Services for an MSSP

Participating in the design and delivery of Cyber Security Program for EXPO2020

Leading the implementation of Cyber Security Solutions for multiple entities at large scale Technical Operations Manager, Security Infrastructure Specialist Infrastructure Analyst 2009-2016 Injazat Data Systems: A Mubadala Company: Data Centre and Managed Services Key Achievements

Promoted from Infrastructure Analyst through to Technical Operations Manager, Security, at Injazat Data systems

Designed, established and managed a Multi–tenant Security Operations Centre with a 20-strong security team

Delivered services to multiple clients across a range of industries including the finance sector and government

Assessed the vulnerability of client organizations, devised strategy and delivered highly effective security solutions

Helping multiple clients to build their security programs and strategies including the execution phase

Supported the sales team by providing advice to client executives in pre-sales consultations and presentations

Designed new security solutions and services, conducted cost-benefit analysis, and presented business cases

Developed plans for Business Continuity and Disaster Recovery to restore operations following security breaches

Applied Multi-Tenant SIEM solutions, reviewed controls in the cloud, and managed security for Tier IV datacentres

Major team player in the design of encryption solutions using McAfee End Point Protection and Microsoft Bitlocker

Developed templates for implementing firewalls, intrusion prevention and gateways to facilitate security projects

Prepared for and participated in security assessments and audits, gaining certifications including ISO and ADSIC

Led the Incident Handling team for major attacks targeting the infrastructure of nationally critical organisations

Applied forensic utilities for advanced security incidents, and served as an expert for investigations by legal teams

Conducted regular routine inspections of client organisations to identify any issues and risks, and analyse failures

Monitored overall performance of security units installed in multiple organisations, to produce comparative data

Managed a key project to migrate multiple data centres into one, including the action plan & dependencies matrix

Applied the ITIL framework to security operations including reviews of SLAs, and Statement of Work formulations

Liaised with suppliers to consult on the features and application of security products as well as costs and licensing

Reviewed NIST standards, CIS Standards and SANS documents to develop guidelines for customer infrastructure

Created and recorded network diagrams, high and low level designs, configurations and all other structured data

Maintained up-to-date expertise in trends in security strategy, emerging threats, and the activities of competitors Infrastructure Support Engineer 2005-2009

Consolidated Contractors International, Abu Dhabi: The largest construction company in the Middle East Key Achievements

Infrastructure Support Engineer, managing the Windows AD Forest of 100 domains across many different sites

Acted as Domain Administrator, maintaining and securing existing sites and building Active Domains for new sites

Managed DNS, DHCP, Active Directory, all servers, firewalls, network devices, and email and web gateway devices

Monitored audit logs for non-authorised access, and managed security for access to the building and datacentre CAREER & ACHIEVEMENTS TO DATE (continued)

Key Achievements (continued)

Applying different Strategic approaches (Issue Management, Scenario Planning)

Participating in Entrepreneurship and Startups

Developing Multi-Million Business Cases

Achieving the highest scores in the annual performance appraisals

Designed and implemented multiple Security platforms using commercial and open source tools, as a SME

Developing and Publishing articles about security services and designs

Developing Cyber and Information Security Policies, Processes and Procedures

Designed and Built a TIP platform to deliver an enhanced security intelligence services

Developing Content for the detection (Use Cases) and Response (IRPs) for the OT and IOT threats

Develop and Lead the Center of Excellence within the organization

Leading a team to conduct end-to-end cyber risk assessments

Engaged with the clients and vendors to build proposals, SOWs, RFPs and RFIs

Implemented the Access Control List, NAT and routing, and defined AV policy for administration of AV software

Configured IPSec VPN connections between HQ and remote sites to ensure the confidentiality of data in transit

Served as the custodian for critical data, maintaining controls to restrict access to and any operations on the data

Configured access control safeguards, and monitored cameras and motion detection systems to identify intruders

Inspected the environmental controls in the datacentre, and instigated and resolved any environmental alerts

Participated in regular checks of power supplies and UPSs, and carried out scheduled tests of their functionality

Managed backup solutions, telephony systems and some in-house applications such as payroll and billing software

Key player on security due diligence, troubleshooting and solutions, and implementing controls for ISO compliance

Provided support, guidance and training for workstation end-users, including fault-finding and problem-solving QUALIFICATIONS, TRAINING & PERSONAL DETAILS

Fluent English and Arabic Nationality: Palestinian Masters of Business Administration, University of Strathclyde 2016-2018 Award: High Distinction

Bachelor of Engineering in Communication and Electronics, Faculty of Engineering, BAU 2000-2005 Award: Jamal Abdul Naser Award, Top of the Class, Engineering Certification: CISSP, CISA, CISM, CEH, ITIL, GIAC . SABSA Cisco: CCNA, CCNP, CCSP, ASA, Firewall Security, IOS Security, IPS, VPN Security, Web Security Field Engineer, IronPort Security Associate and Professional, Lifecycle Services Advanced Security, 4011 and 4013 Recognition Microsoft: MCTS, Database Administrator; Systems Engineer; Systems Administrator; Systems Administrator: Messaging; Professional; Active Directory, Configuration; Applications Infrastructure; Network Infrastructure, Configuration; Implementing MS Internet Security and Acceleration ISA Server; Designing and Implementing Databases with MS SQL Server; Installing, Configuring, and Administering MS SQL Server; Planning and Maintaining, and Implementing, Managing, and Maintaining a MS Windows Server Network Infrastructure Other: Symantec Certified Specialist, McAfee Certified Product Specialist, ITIL Foundation V3, TCSP, JNCIA-Junos, JNCIS-SEC, BCCA, BCCP,

Courses:

Network Penetration Testing and Ethical Hacking; Blackhat McAfee MFIRE, Cyber Security, and Network Forensics; Communication Skills; Problem Solving; Leadership; Project Management PMP; Vmware; RSA Envision, SANS ICS515, ICS410

SKILLS & KEY COMPETENCIES

Exceptional IT infrastructure and security expertise Influential, encouraging leader & strong team player

Comprehensive IT solution design & testing acumen Shrewd and incisive decision-maker/problem-solver

Business continuity and disaster recovery expertise Highly organised, proactive, versatile & resourceful

First-class program & project management prowess Calm, confident & assured in pressurised situations

Proven leadership, training & team building prowess Natural ability to engage across all levels/cultures

Outstanding communication and presentation skills Professionalism, diplomacy and integrity at all times INTERESTS & REFERENCES

Interests: Technology, Sports & Reading

References available on request

Contact this candidate