My Rèsume
Meghdad Shamsaei
- Netherlands
- 4th, July 1981
SUMMARY
I have over 14 years’ experience in Information Security. I am a security enthusiast and my primary role is leading cybersecurity architecture and security management.
Regular Hands-on Experience with:
- Solid Security Operation Center (SOC) / SIEM tools skills
- Risk Assessment and Risk Management (Procedures, Technology, . . .)
- Pen testing suites/tools (Kali, Metasploit, Burpsuite, Nmap, Sqlmap, Web App Scanners, etc.)
- Debugging / Reversing / Binary Analysis (Olly, Immunity, WinDbg, IDA Pro, JPEXS, etc.)
- Vulnerability Assessment and Patch Management
- Programming / Scripting languages (C/C++, Assembly, Python and a little Perl)
- Web / Database Platforms (IIS, Apache, MS-SQL, MySQL, Oracle etc.)
- Firewalling / Intrusion prevention / VPNs / SIEM / Centralized monitoring / QoS
- Strong Linux and open source skills
- Network Security Architecture
- Knowledge about Telecom Devices (Huawei, Ericsson etc.)
- Virtualization VMware, Virtual Box, Hyper-V etc.
- Other: Vulnerability Scanners, DLP, Network analysis, etc.
- Ability to quickly grasp how new technologies work
EXPERIENCE
- May 2016 – Aug 2018: Cyber Security Architect at Ayandeh Bank
- Security Operation Center Project Director
- Infrastructure and Datacenter Security Architecture to run a new data center
- Director of Network Penetration Projects
- Director of Web Services and Application Security Projects
- Bank`s Corporate Division Information Security Director
- E-Banking Procedure Review to optimize and debugging the procedure
- Social Engineering
- Mobile Application Security Test
- Services Security Design
- Fraud Detection
- Public Key Infrastructure (PKI) service technical leader
- Privileged Access Management (PAM) and Contextual Security Intelligence (CSI) project leader
- June 2017 – Oct 2017: Information Security Consultant (part-time) at Petro Farayand Pars (pfp-co.com)
- Checklist ISO 27002 in general principle as :
- Policy
- Procedure
- Plan and Documentation
- Records
- Audit and Review
- Preparing the company to get ISMS (ISO 27001) standard
- Internal and External procedure security
- Risk management and assessment
- Services and information security design
- Checklist ISO 27002 in general principle as :
- December 2014 – June 2016: SOC Manager / Senior Information Security Analyst at MCI(Mobile Telecommunication Company of Iran
- SOC (Security Operation Center):
- Managing initial design and implementation of the core services.
- Execute security operations processes, identify and measure critical security operations metrics and continually improve the efficiency and effectiveness of all core services.
- Manage and develop SOC team members, including mentoring and capability/skill development.
- Provide a framework for team members to be successful in achieving the team and individual performance objectives.
- Provide security expertise to the SOC team leveraging industry-leading practices.
- Provide Incident Handling / Management process and people,
- Security Incidents and Events Correlation Analysis
- Director of Software Security Projects
- Penetration Testing
- Security Audit
- SOC (Security Operation Center):
- March 2011 – Present: Senior Security Advisor at RASA Ware
- Core banking software security architecture (Process and Functionality)
- Web services security architect
- Application Security
- December 2011 – December 2014: Senior Information Security Manager at Fanava Satellite (Biggest Satellite Operator of IRAN)
- Software security
- Web App Security (OWASP)
- Network Security
- Penetration testing
- Security audit
- Computer forensics
- Cryptography
- January 2008 – December 2011: Senior Security Engineer / Analyst at ADOC Communications Network
- Web Application and Desktop Application Security
- Network Security Architecture and Design
- Operating System Security and Hardening
- Control Room and the associated electronic security and safety systems such as CCTV, Access Control, and Fire Detection
- Data Center Security Solution (Physical Security)
- Core banking software security testing and Binary Reverse Engineering
- Code Review ( ATM drivers and software developed with KALIGNITE)
- ATM Dongle Design (Software, Driver, and Cryptography algorithm implementation) – in POST Bank`s ATMs
- August 2010 – August 2011: Senior Information Security Consultant at Mehr TV (First Cable TV Operator in IRAN)
- Software security, binary code reverse, and malware analysis
- Web App Security (OWASP)
- Network Security
- Penetration testing
- Network traffic analysis
- Embedded system security ( For Setup Boxes)
- January 2006 – January 2008: Junior Security Engineer at Fanava MOJ
- Penetration testing (Pen Test Group Leader – 4 Persons)
- Network security (Firewalling with Cisco, Huawei and Linux Iptable, Network Segmentation, IDS/IDP, NSM(Net Security Monitor) . . .)
- Web Application security testing
- Tripwire and Security-Enhanced Linux (SE Linux)
- Linux services
- October 2003 – January 2006: Security Junior Assistant at NedaNet
- Penetration testing
- Network Security
- Web Application security testing with automated scanner
- Linux administration and security
- Linux services
Key Skills
- Provide leadership, vision, and direction on information security to the information security staff, across the central IT division, and enterprise-wide
- .
- Collaborate with application owners to understand and address the risk position around key business applications.
- Deep understanding of the enterprise information security architecture discipline, processes, and concepts.
- Knowledge of technological trends and developments in the area of information security and risk management.
- Knowledge of firewalls, anti-virus, intrusion detection/intrusion prevention systems, virtual private networks, remote access systems, centralized monitoring, and application scanning.
- Ability to quickly grasp how new technologies work and how they might be applied to achieve business goals.
- Demonstrated an ability to work effectively with a team, delivering high performance and customer satisfaction.
- Strong facilitation skills and a clear ability to build strong relationships with business stakeholders at all levels, including executive managers and vendors.
- Clean Ability to manage Security Operations Center (SOC) systems and all level human`s task management and dispatch, across the enterprise.
- Acceptable Ability to ITIL and knowledge to ISO 27k/ISMS.
- Acceptable ability to Risk management
- Cyber Security strategy management.
- Understanding of OWASP
- RCE (Reverse Code Engineering)
- Code Optimization, Binary Audit, Code Audit, and Review.
- Software Debugging (OllyDbg, IDA Pro, Immunity Debugger)
- Network Traffic Analysis, Packet Sniffing and QoS (Quality of Service)
- *nix Security Administration (Red Hat, Fedora, Centos, UBUNTU, FreeBSD)
- Physical Security Solution (Fire Alarms, Fire Control, IP Cam and CCTV, . . .)
- Cryptography & Cryptanalysis
- Acceptable knowledge about Payment Card/Payment App Security (PCI-DSS/PA-DSS)
- . . . .
EDUCATION
Software Engineering – Tehran Azad University (South Branch)
Other Skills
- OS: Linux(Centos, Fedora, Redhat, Ubuntu), BSD Unix, Windows
- Networking: VPNs, VLAN, Firewalling, IDS/IDPs, HIDS, NIDS, IPSec
- System/Network Monitoring: Syslog-NG, PRTG, Tripwire, Solar Winds, IpAudit, . . .
- Programming : C/C++ , Python,
- Virtualization: VMware, Virtual Box, Hyper-V . . .
- Database : MySQL , MsSQL
- Software: MS-Office (Word, Excel, PowerPoint, Outlook)
- Hobbies: Swimming, Badminton, Video Games “prefer to PS4 ”
A Selection of Prominent Work Records and Projects
- MCI SOC`s Knowledgebase creation and development team manager.
- TCI Security log Service System for all Network Devices (Design to Run) manager.
- MehrTV Network Penetration Test and Software Code Audit team manager.
- Fanava Satellite Network Security Study, Develop and Implement team leader.
- Fanava Group Penetration Test for Networks, Databases and Web Applications.
- Post Bank of IRAN Research, Design and Implement a Secure Pin Pad to make Secure Financial Transfer.
- Design and Make a Hard Lock Dongle for Ravis Co`s ATMs.
- And many project about Information Security . . .
Certification
- I am preparing myself for CISSP
- Informal CEH Certification:(IRAN) – 2007
- Risk Management Workshop http://www.shamsaei.com/RM.jpg
- Self-Assessment Workshop based on EFQM http://www.shamsaei.com/EFQM.jpg
Seminars and Speaks
- CEH (Certified Ethical Hackers) Course for TCI Technical Team
- CEH Course for Fanava Security Team
- Web Application Fuzzing Course in ADOC
- Rootkits & Trojan Attack Systems Article in Azad University Tehran Branch Seminar about ICT Security Systems
- Linux Security Administration for Fanava Technical Team
If you Like my resume, You can CONTACT me