Cyber Security Risk Management
Resume:
Malham Hamami
Email: ************@*****.***
Mobile phone: 774-***-****
Massachusetts, Zip 01827
Summary: An engineering leader with a diverse background in Cyber Security, Systems engineering, Systems Reliability, and Risk Management.
Employment Authorization, Security: US citizen, Secret Clearance last used in January 2022
Education
Northeastern University, Boston MA
Master's degree in Cyber Security (graduated Summa cum laude, GPA = 4.0).
University of Maryland, College Park MD
Master's degree in Reliability engineering.
Johnson & Wales University, Providence RI
Bachelor’s degree, Electronics engineering.
Certifications:
Currently preparing to obtain CCSP and AWS Certified Security - Specialty (SCS-C02)
IEEE Standards Association: technical contributor to several working groups authoring IEEE standards, currently leading a working group on threat modeling in clinical trials and medical devices.
Current Research Interests: Threat Modeling, Supply Chain Security (HW and SW), Fuzz Testing, security requirements and architecture, Hardware Security, Machine Learning Security.
Experience:
Senior Product Security Engineering Manager, Abiomed January 2024 - present
·Leading a small team of senior level cyber security engineers, accountability for the team performance, technical guidance and mentorship, this is a dual role as a people leader and an individual contributor.
·Internal Subject Matter Expert on medical device cyber security, formal security requirements specification, penetration testing tactics, cryptography, Physical security, TTEs.
·Working on cyber security assurance of embedded Linux platforms for heart recovery medical devices connected to the Cloud.
·Authoring various FDA required/recommended cyber security documents for regulatory submissions such as 510(k), PMA, IDE.
·Threat Modeling for security/privacy, STRIDE and Attack Trees, integration of threat modeling into a system engineering product development approach, requirements driven architectural decisions.
·Communicating with the FDA to resolve submission issues relevant to cyber security, remediation of submission deficiencies, supporting regulatory specialists on cyber security matters.
·Conceiving of metrics, collecting data, reporting on metrics relevant to regulatory submissions and engineering resource needs and usage, developing a dashboard for reporting on Cloud security state.
·Management of penetration testing, negotiations between product development teams and pen-testers, management of reporting on pen-tests.
·Advocating and providing guidance for Design for security, including adherence to an SPDF (secure development), secure coding, hardening systems.
·Management of post market cyber security assurance, including vulnerability monitoring and reporting, decisions on patching.
·Collaboration with and support of quality and regulatory teams during audits such as FDA, MDSAP.
Principal Cyber Security Consultant, CDRH at FDA July 2023 – January 2024
·Reviewing and authoring draft cyber security policies, guidance documents, and providing the FDA CDRH’s input into those documents prior to release to the public.
·Reviewing submissions by medical device manufacturers for cyber security risk management aspects, providing feedback to the manufacturers on their submissions.
·Working with CVSS v4.0, providing training to FDA staff.
·Contributed to medical device penetration testing guidance document.
·Provided training to the FDA on Cloud security, embedded medical device security.
·Not a government employee.
Principal Systems Engineer, Full Spectrum Software LLC January 2022 - April 2023
·Designated in-house Subject Matter Expert on cyber security in medical devices, supporting clients in 510(k) and De Novo submissions.
·Cybersecurity engineering within an NPI product development life cycle, cybersecurity risk management as an integral part of medical device risk management and 510(k) process.
·Cybersecurity requirements, Threat Analysis, Attack Trees, vulnerability scanning and management.
·Cyber Threat Modeling for security and privacy for a Cloud connected mobile class III medical device Pre-Market Approval (PMA).
·Work influenced by various cyber security guidance and standards from the FDA, AAMI, NIST, ANSI and other entities.
·Authoring and implementing the plan for assuring cyber security of a new product under development in support of a Pre-Market Approval (PMA) submission.
·Systems engineering and reliability/safety of surgical robotics at a surgical robotics startup in support of a De Novo submission.
·Performed V&V testing on Class III IVD device (wearable infusion pump) for a Pre-Market Approval (PMA) submission.
·ISO 13485, IEC 62304, 21 CFR 820, IEC 60601-1 / 60601-2, IEC 80601-2-77
Sr. Principal Network Design Engineer, General Dynamics October 2021 - December 2021
·Network engineering in a cryptography product development environment.
·Risk Management Framework (RMF), MIL-STD-1785.
·STIGs, Vulnerability Management, Nessus.
·Handling classified materials in SCIF rooms.
Systems Reliability Engineer (SME), United States Air Force March 2019 - October 2021
·SME in Reliability Engineering at AFLCMC at Hanscom AFB, reliability of networks and weapon systems serving over 800,000 global users, this encompasses the disciplines of systems engineering, reliability engineering, network engineering, Cyber Security.
·Evaluation of Reliability/Availability/Maintainability work products from vendors.
·Fault Tree Analysis, DFMEA on networks and weapon systems.
·Cloud metrics and KPI for PaaS, SaaS, IaaS, Cloud migration process assessments and analytics using DESMF (CMMI, ISO 15504-5), Cyber Vulnerability Management, Cloud security.
·Network performance monitoring: tools, requirements, strategy.
·Analysis of software Use Cases.
·Tools: Confluence, Jira, DOORS.
·Not a government employee.
Systems Engineer, Connected Sensing Startup Venture (Philips) April 2018 - March 2019
·Systems/requirements engineering for a Bluetooth wearable sensor 510(k) submission.
·Lead functional/nonfunctional requirements specification for the venture’s NPI products.
·Develop SRS documents for NPI product definition, verification, regulatory submissions.
·Risk Assessments per ISO 14971, authored Safety Risk Assessment documents for a pre-market 510(k) submission.
·Ownership of CAPA, Root Cause Analysis towards implementable Corrective Action Plans.
·Defect/Bug Tracking and analysis, HW DFMEA, SW DFMEA.
·Tools used: Jama, Jira, Confluence, Jama, Bitbucket, Visio.
Systems Reliability Subject Matter Expert, Philips Innovation Services April 2016 - April 2018
·Consultant to system architects/development engineers on requirements/systems engineering.
·Philips University instructor on functional/non-functional requirements, systems architecture, stakeholder management, system engineering data framework, INCOSE practices, DOORS.
·Provided training on Design for Reliability concepts and methods.
·Provided training and consultancy on risk assessment and management, DFMEA, UFMEA.
·Consultancy on systems and requirements engineering to business units engineering staff.
·Consultancy on battery engineering to various business units engineering staff.
·Writing Use Cases for several projects for various business units within Philips.
·Provided guidance and strategy on Root Cause Analysis to drive CAPAs to resolution/closure.
·Consultancy on APQP to assist business units with supplier quality management.
·Used Taguchi method to design experiments in support of process improvement efforts.
·Consultancy as an expert on medical device risk management methodology per ISO 14971 supporting 510(k) submissions.
·Various internal consulting engagements on 510(k) submissions, ISO 13485, IEC 62304, 21 CFR 820, IEC 60601-1 / 60601-2.
Principal Systems Reliability Engineer, Westell Technologies Inc. October 2015 - April 2016
·Planned the reliability engineering activities for the new in-building wireless NPI product.
·Calculated return rates per TL9000 and presented to executives.
·Analyzed field failures and returns data, advised executives on near- and long-term strategy.
·Created the reliability engineering strategy based on DfR best practices, efficient thermal management and system Prognostics and lead its implementation.
·Component engineering SME with a focus on derating and physics of failure (PoF).
·Designed various accelerated tests to fit unique products and schedules.
·Designed reliability-based screening tests for manufacturing, Gauge R&R with Minitab.
·Hands-on reliability testing of system modules using a Linux based interface.
·Implementation of FRACAS and FMEAs in design and manufacturing, implementation of a Reliability Demonstration Testing (RDT) based estimation of reliability.
Automotive Systems Functional Safety Engineer, Autoliv America June 2013 - October 2015
·ISO 26262: planning, requirements elicitation and management in DOORS, V&V plans, analysis, management of functional safety, reliability and qualification testing activities via MS Project, Safety Element out of Context (SEooC).
·Risk assessments, DFMEAs, FTA, Dependent failures analysis, Common Cause Failure.
·Reliability predictions: IEC 62380, MIL STD 217, Siemens SN 29500.
·Design for Reliability, embedded systems reliability, Design for Safety, IEC 61508.
·Software reliability using: FTA, FMEA, requirements analysis, and Accelerated Testing (QALT).
·Architecture of overall product development process and authoring of key process assets.
·Performed Weibull Analysis on returns data for delivery of recommendations to executives.
·CMMI (Capability Maturity Model Integration), A-SPICE, Agile methodology, AUTOSAR.
Systems Reliability Senior Technical Staff, General Dynamics October 2011 - June 2013
·Reliability, Availability, and Maintainability engineering for design of network systems, data storage systems, weapons systems, communications systems.
·Reliability predictions using RBD, ITEM, RELEX per MIL-STD-217, Telcordia, Prism, 217+.
·Leadership of safety engineering, SME on FMEA/MIL-STD-1629, Hazard Analysis, Probabilistic Risk Assessment, SHA, SSHA, SRCA, PHL/PHA, Fault Tree Analysis, MIL-STD-882E.
·Technical presentations to the Navy, audience between 150-250 military/civilian consultants.
·Consultancy on reliability planning, metrics and methodologies to various early stage engineering leaders including unmanned under water autonomous vehicle.
·Technical leadership/mentorship of a team of junior and mid-level engineers on FRACAS, DFMEA, accelerated testing, reliability budgeting, Materials science, and failure analysis.
·Technical leadership of a Failure Review Board for all life cycle phases on various products.
·Condition Based Maintenance (CBM), Reliability Based/Centered Maintenance (RCM).
·Technical leadership of a systems Health Management proposal to monitor networks and weapons systems, using sensors, prognostics methods and various metrics.
·Supported LORA and LCC analysis for various programs: LCS, SSBN, and JHSV.
·Received a promotion after 4 months of hire.
Senior Systems Reliability Manager (R&D), Shark Appliances March 2011 - September 2011
·Design for reliability and safety through analysis and facilitation of DfR tools: FMEA, FTA, QFD, DOE, component de-rating, and reliability growth analysis.
·Planned and executed testing: HALT, MEOST, HAST, DVT, testing per MIL-STD-810.
·Performed reliability predictions and provide MTTF and return rate estimates.
·Improved the FRACAS system, performed analysis of field returns for reliability growth.
·Supported design engineers on product requirements specification and KPI validation plans.
·Performed failure analysis on field returns and provide reports and feedback to drive corrective actions and product improvement initiatives.
·Provided senior executives with monthly reports on quality for various product models.
·Analysis of quality metrics and trends along with return rates and sales figures for prioritization of corrective actions and improvement projects.
·Monitored customer feedback and call center data for design improvement efforts.
·Supported manufacturing through audits, inspections (IPC 610), training, statistics, quality assurance and control and reliability methods, leading PFMEA, DFMEA and quality plans.
·Reviewed product assurance strategy and advised senior executives on risk management.
·Reviewed engineering builds and first articles for quality issues and design deficiencies.
·Created plans for DVT, managed testing, quality assurance and failure analysis.
·Battery engineering tasks, vendor qualification and management.
Senior Reliability Engineer (R&D), LoJack Corporation September 2007 - March 2011
·Created the strategy, planned and project managed the Accelerated Life Testing of products.
·Lead the battery vendor evaluation process on safety (UL 1642), performance and reliability, and performed primary Lithium battery component life analysis.
·Managed supplier quality (IPC 610), vendor development for Asian vendors to develop component sources, vendor qualification, corrective/preventative actions, root cause analysis.
·Developed accelerated tests to detect non-conforming product at Contract Manufacturer.
·Worked on an evaluation project of Asian contract manufacturer to transition from current CM.
·Specified reliability requirements, designed demonstration tests, represented reliability in design reviews, developed HALT tests, HASS and other stress screening tests.
·System safety engineering, hazard analysis of system, device and component using techniques like FTA, provided guidance in the area of risk assessment and management.
·Design Verification/Validation Tests (DVT), developed HW/SW for system qualification tests.
·Prepared reports for management and agencies on testing and reliability of new products.
·Documented, maintained quality systems, metrics, supplier quality programs.
·Provided guidance to product development and other functional groups in the areas of design for reliability, design controls, regulatory compliance, quality and reliability assurance.
Senior Reliability Engineer, MKS instruments January 2006 - September 2007
·Managed the HALT lab personnel, equipment maintenance, budget and scheduling.
·Developed and implemented testing methods for various MKS business units.
·Developed HASS screen profiles for new designs and improved existing HASS screen profiles.
·Designed and integrated test systems to meet contractual obligations within annual budget.
·Developed software for LabVIEW based data acquisition and control systems.
·Created and maintained set-up, test procedures, work instructions for test systems.
·Planned and performed test systems calibration, preventative maintenance, Semi-E10.
·Applied MIL-STD-217 to calculate MTBF for new systems, DfR input into design reviews.
·Performed root cause failure analysis at the system and component level.
From 1999 to 2006
·Systems reliability and test development.
Relevant Skills, Key Words: OWASP ZAP, Common Criteria for information Technology Security Evaluation (CCITSE), Python, Ghidra, Ida Pro, Reverse engineering, Fuzz test, Threat Modelling, Vulnerability management, Linux (Kali, Ubuntu, CentOS), Linux networking and administration, network design and architecting, Wireshark, configuration and management of IDS/IPS, IP-Tables and pfSense firewalls, Metasploit, Nmap, Docker and container technology, Bash scripting, PCAP file analysis, Buffer Overflow exploits, port scanning, SSH, encryption, Suricata/Snort IDS/IPS, Spiderfoot, Ettercap, Shodan, Maltego, recon-ng, p0f, Metagoofil, Burp Suite, FOCA, Assembly language, various NIST publications 800-53, IEEE publications, ISO 21434, Design goals, Requirements elicitation/decomposition/ management, Use Case Analysis, DOORS, Jama, technical requirements, FAST analysis, Stakeholder analysis, Traceability, Agile SW Dev methodology, Probabilistic Risk Assessment, Software FMEA, Fault Tree Analysis, Markov Analysis, Prognostics & Health Management of systems, Sneak Circuit Analysis, Monte Carlo Analysis, Neural Networks, Bayesian methods.
Contact this candidate