Semeh - Consultant cybersécurité BASH
Ref : 110902A001-
1003 TUNIS (Tunisie)
-
Consultant, Ingénieur système, Consultant cybersécurité (37 ans)
-
Freelance
Dates Février 2010
Fonction Security Analyst / Consultant PCI DSS
Activités and responsabilités - Penetration Testing, Vulnerability Scanning , ASV Scanning., Data Discovery
- Audit IT (ISO 27001, ISO 27002 BP).
- Assessment and Reporting.
- PCI DSS Security Policies.
- PCI DSS Assessment , Consulting & Auditing :
PCI DSS Scoping.
Designing Business Processes diagrams (Processus Monétique).
Defining the Enterprise Architecture Framework ( Business , Applications , Information , Infrastructure )
CRSA (Control Risk Self-Assessment)
Risk Analysis & Risk Monitoring.
SAQ (Self-Assessment Questionnaire).
Security Policies.
PCI Mastering tests (PCI Testing Procedures) & Checklists.
PCI Gaps Analysis.
PCI Assessment Quality Assurance.
Operational Security Standards For PCI DSS
Requirements Measures : implement requirements into concrete measures
PCI Heat maps.
Designing & Assistance of the Remediation Plans.
Employeur IAP CEMEA
Société Monétique Tunisie (SMT) : PCI/DSS
CBAO (Attijariwafa bank Senegal) : PCI/DSS
Vodafone NL (Holland) : Pre-assessment PCI/DSS, Security Policies
UBCI (BNP PARIBAS Groupe) : PCI/DSS
Dates
Février 2009 – Février 2010
Fonction Technicien réseaux et systèmes et membre de l’équipe des projets transversaux de sécurité
Activitiés and responsabilitiés - Audit IT.
- Implémentation des solutions de sécurité et de hardening
- Configuration des équipements de sécurité (firewalls, IDS, antivirus, proxy ...)
- Monitoring et supervision de réseau et des serveurs.
Employeur Teleperformance Tunisia
Dates Septembre 2008 – Février 2009
Fonction Technicien réseaux et systèmes
Activitiés and responsabilitiés - Administration des serveurs, équipements réseaux.
- Administration de projet de virtualisation (Thin client, SAN, VMware ESX,)
Employeur Teleperformance Tunisia
Education
June 2005
Baccalauréat Sciences expérimentales
2005 – 2008
Technicien supérieur en télécommunications spécialité réseaux informatiques. (ISET’COM Tunisie )
Stages & Formations
Dates June- September 2007
Sujets Observation, participation and monitoring different tasks performed in the field of telecommunications.
Société Tunisie Telecom
Dates January 2008
Sujets Mini- Project: Implementation et exploitation d’un réseau informatique pour la téléformation (eLearning).
Société ISET’COM University
Dates Mars-April 2008
Sujets Implementation and configuration of StoneGate firewall & VPN
Certification SGFE: StoneGate Firewall Engineer.
Certification SGFA: StoneGate Firewall Architect.
Société StoneSoft North Africa
Dates Mars – June 2008
Principal subjects Project: Developing an eLearning web platform in a high security environment.
Compétences
Capacités Force de proposition et innovations, Sens de l’organisation, Gestion de stress.
Langues Français, Anglais, Arabe (langue maternelle)
Réseaux
ICMP, SNMP, Telnet, DHCP, DNS, TCP/IP, FTP, TFTP, SFTP, HTTP, HTTPS, IPv4, IPv6.
Routing & Switching (Cisco, Juniper, Extreme Networks, Avaya).
Programmation & DB C/C++, Assembly, VB & VBScript, PHP, JavaScript, Perl, Python, Ruby, Shell script.
MySQL, SQL Server, Oracle.
Systèmes & Virtualization Windows, UNIX/Linux, IBM AIX.
VMware ,VMwareESX , Thin Clients Sunray ( SUN Microsystems )
Supervision & Security Monitoring Nagios, Ntop, Zenoss, Syslog-NG.
Anti-Malwares Antivirus solutions ( Kaspersky , ClamAV ) , Anti rootkits solutions ( rkhunter , chkrootkit ) , Malware analysis .
System Hardening Grsecurity, RBAC, NIST System Security Standards, SANS System Security Standards.
Penetration Testing Enumeration, Fingerprinting, Footprinting ,Scanning, Session Hijacking , Steganography , Web applications Vulnerabilities , Network attacks , Applications Attacks , Wireless Attacks , Reverse Code Engineering.
Penetration Testing Tools Nmap , Netcat , Metasploit , Nessus , OpenVAS , Hping , Xprobe , Wireshark , Cain , Fasttrack , Nikto,Wikto ,Ngrep , p0f ,GFI Languard , Maltego , OllyDBG ,ImmunityDBG , PEiD , IDA Pro ,TCP Dump , W3af , Wapiti , Httprint , Acuentix , SSLDigger , Webshag.
Forensics & Investigations
Disk Imaging, Data Recovery, sleuthkit, autopsy..
Security OS Backtrack, Auditor, EnGarde, Ophcrack.
Information Security Standards & Compliances
Information Security
eBanking & Monetique
PCI DSS ( Payment Cards Industry Data Security Standards ) , ISO 27001 , ISO 27002 BP
OWASP, NIST security standard, SANS security standard, OSSTMM, Mehari.
- Business Continuity
- Information Security Policies : (Standards, Guidelines, Baselines, Procedures)
- Physical and environmental security
- Electronic Payment Systems
- Cardholder Data Security
- Business processes design in cardholder environment.
- Payment applications.
Formations
Formation SGFE (Stonegate Firewall Engineer).
Formation SGFA (Stone gate Firewall Architect).
Formation CCNA (Cisco).
Formation Juniper Networks (Associate).
Formation Sun Solaris 10 (TMI).
Formation VMware ESX (TMI)
Formation ECSA/LPT (Self-study).
Formation CEH (Self study).
Formation PCI/DSS (IAP CEMEA & E-Learning : Qualys)
Formation CISA (Self study).)