Entreprises, SSII, DSI
Trouvez rapidement les meilleurs intervenants pour tous vos projets informatiques
Photo de Semeh, Consultant cybersécurité BASH

Semeh Consultant cybersécurité BASH

CV n°110902A001
Compétences techniques
SOX
SSO
Études et formations

Education
June 2005
Baccalauréat Sciences expérimentales

2005 – 2008
Technicien supérieur en télécommunications spécialité réseaux informatiques. (ISET’COM Tunisie )

Stages & Formations
Dates June- September 2007
Sujets Observation, participation and monitoring different tasks performed in the field of telecommunications.
Société Tunisie Telecom

Dates January 2008
Sujets Mini- Project: Implementation et exploitation d’un réseau informatique pour la téléformation (eLearning).
Société ISET’COM University

Dates Mars-April 2008
Sujets Implementation and configuration of StoneGate firewall & VPN
Certification SGFE: StoneGate Firewall Engineer.
Certification SGFA: StoneGate Firewall Architect.
Société StoneSoft North Africa

Dates Mars – June 2008
Principal subjects Project: Developing an eLearning web platform in a high security environment.

Compétences
Capacités Force de proposition et innovations, Sens de l’organisation, Gestion de stress.

Langues Français, Anglais, Arabe (langue maternelle)

Réseaux
ICMP, SNMP, Telnet, DHCP, DNS, TCP/IP, FTP, TFTP, SFTP, HTTP, HTTPS, IPv4, IPv6.
Routing & Switching (Cisco, Juniper, Extreme Networks, Avaya).

Programmation & DB C/C++, Assembly, VB & VBScript, PHP, JavaScript, Perl, Python, Ruby, Shell script.
MySQL, SQL Server, Oracle.

Systèmes & Virtualization Windows, UNIX/Linux, IBM AIX.
VMware ,VMwareESX , Thin Clients Sunray ( SUN Microsystems )

Supervision & Security Monitoring Nagios, Ntop, Zenoss, Syslog-NG.

Anti-Malwares Antivirus solutions ( Kaspersky , ClamAV ) , Anti rootkits solutions ( rkhunter , chkrootkit ) , Malware analysis .

System Hardening Grsecurity, RBAC, NIST System Security Standards, SANS System Security Standards.

Penetration Testing Enumeration, Fingerprinting, Footprinting ,Scanning, Session Hijacking , Steganography , Web applications Vulnerabilities , Network attacks , Applications Attacks , Wireless Attacks , Reverse Code Engineering.

Penetration Testing Tools Nmap , Netcat , Metasploit , Nessus , OpenVAS , Hping , Xprobe , Wireshark , Cain , Fasttrack , Nikto,Wikto ,Ngrep , p0f ,GFI Languard , Maltego , OllyDBG ,ImmunityDBG , PEiD , IDA Pro ,TCP Dump , W3af , Wapiti , Httprint , Acuentix , SSLDigger , Webshag.

Forensics & Investigations
Disk Imaging, Data Recovery, sleuthkit, autopsy..
Security OS Backtrack, Auditor, EnGarde, Ophcrack.

Information Security Standards & Compliances

Information Security
eBanking & Monetique
PCI DSS ( Payment Cards Industry Data Security Standards ) , ISO 27001 , ISO 27002 BP
OWASP, NIST security standard, SANS security standard, OSSTMM, Mehari.

- Business Continuity
- Information Security Policies : (Standards, Guidelines, Baselines, Procedures)
- Physical and environmental security

- Electronic Payment Systems
- Cardholder Data Security
- Business processes design in cardholder environment.
- Payment applications.

Formations
Formation SGFE (Stonegate Firewall Engineer).
Formation SGFA (Stone gate Firewall Architect).
Formation CCNA (Cisco).
Formation Juniper Networks (Associate).
Formation Sun Solaris 10 (TMI).
Formation VMware ESX (TMI)
Formation ECSA/LPT (Self-study).
Formation CEH (Self study).
Formation PCI/DSS (IAP CEMEA & E-Learning : Qualys)
Formation CISA (Self study).)

Expériences professionnelles

Dates Février 2010
Fonction Security Analyst / Consultant PCI DSS
Activités and responsabilités - Penetration Testing, Vulnerability Scanning , ASV Scanning., Data Discovery
- Audit IT (ISO 27001, ISO 27002 BP).
- Assessment and Reporting.
- PCI DSS Security Policies.
- PCI DSS Assessment , Consulting & Auditing :
 PCI DSS Scoping.
 Designing Business Processes diagrams (Processus Monétique).
 Defining the Enterprise Architecture Framework ( Business , Applications , Information , Infrastructure )
 CRSA (Control Risk Self-Assessment)
 Risk Analysis & Risk Monitoring.
 SAQ (Self-Assessment Questionnaire).
 Security Policies.
 PCI Mastering tests (PCI Testing Procedures) & Checklists.
 PCI Gaps Analysis.
 PCI Assessment Quality Assurance.
 Operational Security Standards For PCI DSS
 Requirements Measures : implement requirements into concrete measures
 PCI Heat maps.
 Designing & Assistance of the Remediation Plans.
Employeur IAP CEMEA

Société Monétique Tunisie (SMT) : PCI/DSS
CBAO (Attijariwafa bank Senegal) : PCI/DSS
Vodafone NL (Holland) : Pre-assessment PCI/DSS, Security Policies
UBCI (BNP PARIBAS Groupe) : PCI/DSS

Dates
Février 2009 – Février 2010
Fonction Technicien réseaux et systèmes et membre de l’équipe des projets transversaux de sécurité
Activitiés and responsabilitiés - Audit IT.
- Implémentation des solutions de sécurité et de hardening
- Configuration des équipements de sécurité (firewalls, IDS, antivirus, proxy ...)
- Monitoring et supervision de réseau et des serveurs.
Employeur Teleperformance Tunisia

Dates Septembre 2008 – Février 2009
Fonction Technicien réseaux et systèmes
Activitiés and responsabilitiés - Administration des serveurs, équipements réseaux.
- Administration de projet de virtualisation (Thin client, SAN, VMware ESX,)
Employeur Teleperformance Tunisia