Brahim - Consultant cybersécurité CISSP

Expérience professionnelle

June 2019 - Currently - Senior Cyber Security Consultant - PointRD

Europcar: IT risk manager
Subject 1:
IT risk analysis: Cloud, infrastructure and web application.
Governance: Writing policies, procedures, and help teems to do their projects with
security best practices, security by design.
Compliance RGPD: Personal data protection with CNIL and GDPR rules.
Responsibilities :
Risk analysis: Security by design, AGILE method
Follow-up of action plans
Follow-up of derogations
Decision support
Technical security assistance
Preparation of security documents
Cloud Security: AWS, AZURE, GCP
Cyber security awareness.
Deliverables :
Risk analysis report on security cloud, infra and application environments.
Elaboration of a risk analysis model according to the AGILE method.
Technical report on use cases
Action Plan
Third party questionnaire
Security policies and standards
Technical and functional environment:
Standard ISO 27005, EBIOS, Local methodology.
AGILE, NIST, Excel, Standard, best practices, JIRA, Office 365
Subject 2:
SOC Project Manager.
Set up the poc of a SOC

Responsibilities :
Team management
Manage the actions to be carried out.
Manage the deadlines.
Architecture validation.
Reporting for management.
Resolution and success of the compatibility challenges of the different SIEM technologies.
Deliverables :
Meeting reports, Dashboard, Technical report on log analysis, Action Plan
Technical and functional environment:
Splunk, Qradar, AGIL, NIST,
Excel, Standards, best practices, Office 365, JIRA
December 2018 - April 2019 - Senior Cyber Security Consultant - DEVOTEAM
TOTAL: Team leader (IT risk manager)
Main goals :
Risk analysis for the benefit of TOTAL.
Responsibilities : Lead of risk analysis unit.
GAD: analyze the general architecture document
Risk analysis with all kind of projects (cloud, infrastructure, web, network, systems…)
Follow-up of action plans.
Follow-up of derogations.
Cyber security awareness
Deliverables :
Weekly and monthly reports to evaluate the security level in projects
Risk analysis report
Dashboard and KPI to follow the measures in place to mitigate risks impact
Technical and functional environment
Standard ISO 27005, EBIOS, Local Methodology, NIST, JIRA
Excel, Standard, best practices, Office 365

March 2013 - January 2018 - Senior Cyber Security Consultant - CNS
Subject:
Information system control and audit following ISO 27K standards
Responsibilities:
Audit team leader

Deliverables:
Gap analysis report and audit report (organizational and technical)
Technical and functional environment:
Excel, standards, norms, best practices, NIST, Nessus, Nmap, wireshark...
March 2010 - January 2013 - Head of Cybersecurity Department Ministry of Defense (Tunisia)

Project manager: Drafting of security policies and procedures
Awareness and training of ISOs on information security issues
Follow-up of maintenance in operational condition, drafting of dashboards and procedures,
technical audits (PENTEST and configuration audits) Security incident management.
Planning of internal audit missions.
Cyber project management in terms of resources, deadlines, execution and deliverables.
Management of supervision teams and administration of Security equipment.

Technical and functional environment:
Windows, Linux, Kali, Forensics tools, Microsoft Office, SharePoint,

February 2018 - Central Bank of Mauritania - Freelance (Pentester) Audit Office CNS Tunis
Subject 1:
Black box penetration testing on the perimeter of the Central Bank of Mauritania
Tasks:
Head of the penetration testing team
Deliverables:
Penetration test report on the external perimeter of the bank.
Technical and functional environment:
WEB Servers, Router, FWs, Mail server, Excel, PPT, Nessus, Metasploit, good practices, ISO
27001/27002

August 2013 to December 2016 - Freelance (Auditor) Audit Office CNS

Institute of Science - SONEDE - Ministry of the Environment
Subject:
Penetration testing on the perimeter: Black Box
Tasks:
Senior Consultant

Deliverables
Audit report gap analysis, Risk analysis, Penetration test.
Technical and functional environment
KALI, ACUNETIX, METASPLOIT, NESSUS
MEHARI, EBIOS, ISO 27001, ISO 27005

April - October 2016 - CYBER security mission at the French Ministry of the Armed Forces
Subject:
Cyber Watch - OSINT … Risk assessment
Responsibilities
Team leader on cyber watch
Deliverables :
Weekly and monthly report on the cyber-net, Risk analysis.
2016 - The Tunisian Stock Exchange - Penetration Test
Subject:
Internal and external penetration test and risk analysis, application risk analysis.
Tasks:
Audit Team Leader
Deliverables
Technical reports: penetration tests, application risk analysis report.
Technical and functional environment
Web, VLAN, FW, Excel, PPT, Nessus, Metasploit, good practices, ISO 27001/27002

2015 - The Central Bank of Tunisia - Penetration test - CNS
Subject
Internal penetration test between local networks as well as external penetration tests.
Responsibilities
Member of the audit team,
Deliverables
Technical report penetration test and gap analysis.
Technical and functional environment
Web, VLAN, FW, Router; Excel, PPT, Nessus, Metasploit, good practices, ISO 27001/27002
April 2013 - Audit - Cimenterie de Bizerte
Subject
Network equipment audit, risk analysis infrastructure projects.
Tasks
Audit Team Leader
Deliverables
Technical report on the FWs configuration audit
Technical and functional environment
FW: Cyberoam, FW: Palo alto, Cisco Switches, Excel, PPT, Nessus, Metasploit, good practices,
MEHARI, EBIOS, ISO 27001, ISO 27005.
January 2012 - Audit - Institute of Law and Political Science of Sousse
Subjects
Website audit.
Source code analysis.
Tasks
Audit Project Manager
Deliverables
Technical report on the audit of the web platform, Source code analysis report.
Technical and functional environment
Acunetix, Kali, Sqlmap, OWASP, Best practices,
January 2011 - Head of the Cyber Security Department at the Ministry of Defense
Tasks
Cyber warfare, Cyber security technical needs assessment, Cyber-watch, SOC.
Cyber security incidents handling and investigation, writing specifications. Cyber security training
and awareness.

June to December 2010 - Virtual University of Tunis UVT
Subject
Audit of 25 Websites, Source code analysis, Intrusion test, Vulnerabilities remediation. Operation
system security audit, Architecture audit, risk analysis.
Responsibilities
Audit team leader
Deliverables
Technical report on the audit of web platforms. Source code analysis report. Risk analysis report.
Technical and functional environment
Acunetix, Kali, Sqlmap, OWASP, good practices, ISOK MEHARI.
January 2008 January 2009 - Master in Cyber Security National School of Computer Science of Tunis.
January 2008 January 2009 - Master in Cryptography Tunis Institute of Sciences

March 2006 October 2007 - Transmission department (public establishment)
Responsibilities:
Head of the cryptographic service.
Study of cryptographic solutions. Securing backbones and infrastructures by crypto means. Study
of cryptography needs. Deal with encryption keys, deal with equipment installation and
maintenance. Manage team tasks, Training and awareness on cryptography field.

2005 - 2006 - Specific course on telecommunication

November 2001 June 2005 - Department of Communication (public institution)
Responsibilities:
Head telecommunications office
Development of radio-communication management solutions.
Set up of FH and communication network links.
Set up of Windows terminal messaging solutions on REDHAT servers.
Study and set up a computer network.
Management of computer equipment.
Study and drafting of technical specifications. Monitoring
of backbones and infrastructures.

June 2001 : Telecommunication engineer