Brahim - Consultant cybersécurité CISSP
Ref : 200505A001-
95100 ARGENTEUIL
-
Consultant cybersécurité (47 ans)
-
Totalement mobile
-
En portage salarial
Expérience professionnelle
June 2019 - Currently - Senior Cyber Security Consultant - PointRD
Europcar: IT risk manager
Subject 1:
IT risk analysis: Cloud, infrastructure and web application.
Governance: Writing policies, procedures, and help teems to do their projects with
security best practices, security by design.
Compliance RGPD: Personal data protection with CNIL and GDPR rules.
Responsibilities :
Risk analysis: Security by design, AGILE method
Follow-up of action plans
Follow-up of derogations
Decision support
Technical security assistance
Preparation of security documents
Cloud Security: AWS, AZURE, GCP
Cyber security awareness.
Deliverables :
Risk analysis report on security cloud, infra and application environments.
Elaboration of a risk analysis model according to the AGILE method.
Technical report on use cases
Action Plan
Third party questionnaire
Security policies and standards
Technical and functional environment:
Standard ISO 27005, EBIOS, Local methodology.
AGILE, NIST, Excel, Standard, best practices, JIRA, Office 365
Subject 2:
SOC Project Manager.
Set up the poc of a SOC
Responsibilities :
Team management
Manage the actions to be carried out.
Manage the deadlines.
Architecture validation.
Reporting for management.
Resolution and success of the compatibility challenges of the different SIEM technologies.
Deliverables :
Meeting reports, Dashboard, Technical report on log analysis, Action Plan
Technical and functional environment:
Splunk, Qradar, AGIL, NIST,
Excel, Standards, best practices, Office 365, JIRA
December 2018 - April 2019 - Senior Cyber Security Consultant - DEVOTEAM
TOTAL: Team leader (IT risk manager)
Main goals :
Risk analysis for the benefit of TOTAL.
Responsibilities : Lead of risk analysis unit.
GAD: analyze the general architecture document
Risk analysis with all kind of projects (cloud, infrastructure, web, network, systems…)
Follow-up of action plans.
Follow-up of derogations.
Cyber security awareness
Deliverables :
Weekly and monthly reports to evaluate the security level in projects
Risk analysis report
Dashboard and KPI to follow the measures in place to mitigate risks impact
Technical and functional environment
Standard ISO 27005, EBIOS, Local Methodology, NIST, JIRA
Excel, Standard, best practices, Office 365
March 2013 - January 2018 - Senior Cyber Security Consultant - CNS
Subject:
Information system control and audit following ISO 27K standards
Responsibilities:
Audit team leader
Deliverables:
Gap analysis report and audit report (organizational and technical)
Technical and functional environment:
Excel, standards, norms, best practices, NIST, Nessus, Nmap, wireshark...
March 2010 - January 2013 - Head of Cybersecurity Department Ministry of Defense (Tunisia)
Project manager: Drafting of security policies and procedures
Awareness and training of ISOs on information security issues
Follow-up of maintenance in operational condition, drafting of dashboards and procedures,
technical audits (PENTEST and configuration audits) Security incident management.
Planning of internal audit missions.
Cyber project management in terms of resources, deadlines, execution and deliverables.
Management of supervision teams and administration of Security equipment.
Technical and functional environment:
Windows, Linux, Kali, Forensics tools, Microsoft Office, SharePoint,
February 2018 - Central Bank of Mauritania - Freelance (Pentester) Audit Office CNS Tunis
Subject 1:
Black box penetration testing on the perimeter of the Central Bank of Mauritania
Tasks:
Head of the penetration testing team
Deliverables:
Penetration test report on the external perimeter of the bank.
Technical and functional environment:
WEB Servers, Router, FWs, Mail server, Excel, PPT, Nessus, Metasploit, good practices, ISO
27001/27002
August 2013 to December 2016 - Freelance (Auditor) Audit Office CNS
Institute of Science - SONEDE - Ministry of the Environment
Subject:
Penetration testing on the perimeter: Black Box
Tasks:
Senior Consultant
Deliverables
Audit report gap analysis, Risk analysis, Penetration test.
Technical and functional environment
KALI, ACUNETIX, METASPLOIT, NESSUS
MEHARI, EBIOS, ISO 27001, ISO 27005
April - October 2016 - CYBER security mission at the French Ministry of the Armed Forces
Subject:
Cyber Watch - OSINT … Risk assessment
Responsibilities
Team leader on cyber watch
Deliverables :
Weekly and monthly report on the cyber-net, Risk analysis.
2016 - The Tunisian Stock Exchange - Penetration Test
Subject:
Internal and external penetration test and risk analysis, application risk analysis.
Tasks:
Audit Team Leader
Deliverables
Technical reports: penetration tests, application risk analysis report.
Technical and functional environment
Web, VLAN, FW, Excel, PPT, Nessus, Metasploit, good practices, ISO 27001/27002
2015 - The Central Bank of Tunisia - Penetration test - CNS
Subject
Internal penetration test between local networks as well as external penetration tests.
Responsibilities
Member of the audit team,
Deliverables
Technical report penetration test and gap analysis.
Technical and functional environment
Web, VLAN, FW, Router; Excel, PPT, Nessus, Metasploit, good practices, ISO 27001/27002
April 2013 - Audit - Cimenterie de Bizerte
Subject
Network equipment audit, risk analysis infrastructure projects.
Tasks
Audit Team Leader
Deliverables
Technical report on the FWs configuration audit
Technical and functional environment
FW: Cyberoam, FW: Palo alto, Cisco Switches, Excel, PPT, Nessus, Metasploit, good practices,
MEHARI, EBIOS, ISO 27001, ISO 27005.
January 2012 - Audit - Institute of Law and Political Science of Sousse
Subjects
Website audit.
Source code analysis.
Tasks
Audit Project Manager
Deliverables
Technical report on the audit of the web platform, Source code analysis report.
Technical and functional environment
Acunetix, Kali, Sqlmap, OWASP, Best practices,
January 2011 - Head of the Cyber Security Department at the Ministry of Defense
Tasks
Cyber warfare, Cyber security technical needs assessment, Cyber-watch, SOC.
Cyber security incidents handling and investigation, writing specifications. Cyber security training
and awareness.
June to December 2010 - Virtual University of Tunis UVT
Subject
Audit of 25 Websites, Source code analysis, Intrusion test, Vulnerabilities remediation. Operation
system security audit, Architecture audit, risk analysis.
Responsibilities
Audit team leader
Deliverables
Technical report on the audit of web platforms. Source code analysis report. Risk analysis report.
Technical and functional environment
Acunetix, Kali, Sqlmap, OWASP, good practices, ISOK MEHARI.
January 2008 January 2009 - Master in Cyber Security National School of Computer Science of Tunis.
January 2008 January 2009 - Master in Cryptography Tunis Institute of Sciences
March 2006 October 2007 - Transmission department (public establishment)
Responsibilities:
Head of the cryptographic service.
Study of cryptographic solutions. Securing backbones and infrastructures by crypto means. Study
of cryptography needs. Deal with encryption keys, deal with equipment installation and
maintenance. Manage team tasks, Training and awareness on cryptography field.
2005 - 2006 - Specific course on telecommunication
November 2001 June 2005 - Department of Communication (public institution)
Responsibilities:
Head telecommunications office
Development of radio-communication management solutions.
Set up of FH and communication network links.
Set up of Windows terminal messaging solutions on REDHAT servers.
Study and set up a computer network.
Management of computer equipment.
Study and drafting of technical specifications. Monitoring
of backbones and infrastructures.
June 2001 : Telecommunication engineer
COMPÉTENCES :
Sécurité Réseau : Sécurité des Applications ; Gouvernance
Cryptographie : Gestion des clés de chiffrement, certificats, cycle de vie.
Test de Pénétration : Cyber défense ; Protection des infrastructures critiques
Cyber Investigation : Forensics, analyse des logs, chain custody.
Audit : ISO 27K ; Appliance; Audit code source
Cyber terrorisme : Veille technologique sur les réseaux deep web
Sécurité Cloud : SAAS, PAAS, IAAS
IAM : SSO, SAML, oauth 2.0 openid connect
Sécurité développement : SQL, XSS,CSRF, flux XML,..
Analyse de risques : Mehari, Ebios, AGILE, model ROAM, ISO 27005
Domaine : Subdomains
System : Linux Debian, Ubuntu, Fedora, Windows Server
Services : Webmin, ntop, nfs, dns, dhcp, bootp, samba, PAM smtp, ppp (PAP,CHAP),
snmpd, snmptrap (nets-snmp), web server (Apache/IIS), Wireless-tools..
Réseau : infrastructure : Vlan, Routing, ACL, NAT, DMZ, Cloud
Protocoles IP : IPSEC,…
Sécurité : Firewall (Cisco PIX/ASA,IPTables, Pfsense, stonegate..), Proxy (Squid),
SIEM : Ossim, splunk, Araknos…
IP Packet Analysis (Tcpdump, wireshark, Webscarab),
Intrusion Detection (Snort/ACID), Vulture, ModSecurity,HIDS(Tripwire, Aide),
Penetration Testing (Acunetix, Nmap, yasca, Nessus, havij, sqlmap, Kali,metasploit)
Test de performance (spirent, LOIC), cryptographie (GPG, Openssl, True crypt, openvpn),
Programmation : C, perl, bash, python, PHP, Design: UML
Base de données : Postgres, MySQL, Oracle
Cyber : CISSP, ISO 27K, NIST, OWASP
Domaine : Subdomains
Gestion de groupe : 20 personnes (ingénieurs et techniciens)
Gestion de projet : Echéance, Livrable, Déroulement, Suivi
CERTIFICATION :
CISSP: ISC2
PECB : PECB trainer
Risk manager (PECB) : ISO/IEC 27005 : Risk manager
Lead Implementer 27001 (PECB) : ISO/IEC 27001:2013 Lead Implementer: Information Security Management
Systems (ISMS)
Lead Auditor 27001 (IRCA) : ISO/IEC 27001:2005 Lead Auditor: Information Security Management Systems
(ISMS)
EC-Council :
CEH: Certified Ethical Hacker (CEHv7)
CHFI: Certified Ethical Forensic Investigation (CHFI-V8)
SGSMCA: StoneGate Management Center Administrator
SGFWA: StoneGate Firewall/ VPN Architect (Stonesoft)
SGIPS/SGIDS: StoneGate IPS/IDS (Stonesoft)
IoM : Project management 101
Udemy : Ethical Hacking and Penetration testing
Africom Germany : Cyber Investigation
George C. Marshall Center - European Center for Security Studies: diplôme en cyber security studies
Ministère des armées français: Médaille de Bronze dans la cyberdéfense
FORMATIONS :
Risk Management : Mehari and Ebios
Star training : Web application security
THALES Paris : Cryptographie
HP NICE France : Administration Linux Redhat
Cours Cryptographie
CISSP
Workshop :
Zambia (Lusaka) : Africa Endeavor Exercice (télécommunication et cyberattack)
Allemagne : Marshal Centre for security studies : Program for Cyber Security Studies
DIPLÔMES :
2008 -2010 : Master en Sécurité d’information
ENSI : Ecole Nationale des Sciences Informatique
1996 -2001 : Ingénieur Télécommunication