Resume

My Rèsume

Meghdad Shamsaei

  • Netherlands
  • 4th, July 1981

SUMMARY

I have over 14 years’ experience in Information Security. I am a security enthusiast and my primary role is leading cybersecurity architecture and security management.

Regular Hands-on Experience with:

  • Solid Security Operation Center (SOC) / SIEM tools skills
  • Risk Assessment and Risk Management (Procedures, Technology, . . .)
  • Pen testing suites/tools (Kali, Metasploit, Burpsuite, Nmap, Sqlmap, Web App Scanners, etc.)
  • Debugging / Reversing / Binary Analysis (Olly, Immunity, WinDbg, IDA Pro, JPEXS, etc.)
  • Vulnerability Assessment and Patch Management
  • Programming / Scripting languages (C/C++, Assembly, Python and a little Perl)
  • Web / Database Platforms (IIS, Apache, MS-SQL, MySQL, Oracle etc.)
  • Firewalling / Intrusion prevention / VPNs / SIEM / Centralized monitoring / QoS
  • Strong Linux and open source skills
  • Network Security Architecture
  • Knowledge about Telecom Devices (Huawei, Ericsson etc.)
  • Virtualization VMware, Virtual Box, Hyper-V etc.
  • Other: Vulnerability Scanners, DLP, Network analysis, etc.
  • Ability to quickly grasp how new technologies work

EXPERIENCE

  • May 2016 – Aug 2018: Cyber Security Architect at Ayandeh Bank
    • Security Operation Center Project Director
    • Infrastructure and Datacenter Security Architecture to run a new data center
    • Director of Network Penetration Projects
    • Director of Web Services and Application Security Projects
    • Bank`s Corporate Division Information Security Director
    • E-Banking Procedure Review to optimize and debugging the procedure
    • Social Engineering
    • Mobile Application Security Test
    • Services Security Design
    • Fraud Detection
    • Public Key Infrastructure (PKI) service technical leader
    • Privileged Access Management (PAM) and Contextual Security Intelligence (CSI) project leader

  • June 2017 – Oct 2017: Information Security Consultant (part-time) at Petro Farayand Pars (pfp-co.com)
    • Checklist ISO 27002 in general principle as :
      • Policy
      • Procedure
      • Plan and Documentation
      • Records
      • Audit and Review
    • Preparing the company to get ISMS (ISO 27001) standard
    • Internal and External procedure security
    • Risk management and assessment
    • Services and information security design

  • December 2014 – June 2016: SOC Manager / Senior Information Security Analyst at MCI(Mobile Telecommunication Company of Iran
    • SOC (Security Operation Center):
      • Managing initial design and implementation of the core services.
      • Execute security operations processes, identify and measure critical security operations metrics and continually improve the efficiency and effectiveness of all core services.
      • Manage and develop SOC team members, including mentoring and capability/skill development.
      • Provide a framework for team members to be successful in achieving the team and individual performance objectives.
    • Provide security expertise to the SOC team leveraging industry-leading practices.
    • Provide Incident Handling / Management process and people,
    • Security Incidents and Events Correlation Analysis
    • Director of Software Security Projects
    • Penetration Testing
    • Security Audit

  • March 2011 – Present: Senior Security Advisor at RASA Ware
    • Core banking software security architecture (Process and Functionality)
    • Web services security architect
    • Application Security

  • December 2011 – December 2014: Senior Information Security Manager at Fanava Satellite (Biggest Satellite Operator of IRAN)
    • Software security
    • Web App Security (OWASP)
    • Network Security
    • Penetration testing
    • Security audit
    • Computer forensics
    • Cryptography

  • January 2008 – December 2011: Senior Security Engineer / Analyst at ADOC Communications Network
    • Web Application and Desktop Application Security
    • Network Security Architecture and Design
    • Operating System Security and Hardening
    • Control Room and the associated electronic security and safety systems such as CCTV, Access Control, and Fire Detection
    • Data Center Security Solution (Physical Security)
    • Core banking software security testing and Binary Reverse Engineering
    • Code Review ( ATM drivers and software developed with KALIGNITE)
    • ATM Dongle Design (Software, Driver, and Cryptography algorithm implementation) – in POST Bank`s ATMs

  • August 2010 – August 2011: Senior Information Security Consultant at Mehr TV (First Cable TV Operator in IRAN)
    • Software security, binary code reverse, and malware analysis
    • Web App Security (OWASP)
    • Network Security
    • Penetration testing
    • Network traffic analysis
    • Embedded system security ( For Setup Boxes)

  • January 2006 – January 2008: Junior Security Engineer at Fanava MOJ
    • Penetration testing (Pen Test Group Leader – 4 Persons)
    • Network security (Firewalling with Cisco, Huawei and Linux Iptable, Network Segmentation, IDS/IDP, NSM(Net Security Monitor) . . .)
    • Web Application security testing
    • Tripwire and Security-Enhanced Linux (SE Linux)
    • Linux services

  • October 2003 – January 2006: Security Junior Assistant at NedaNet
    • Penetration testing 
    • Network Security 
    • Web Application security testing with automated scanner 
    • Linux administration and security 
    • Linux services

Key Skills

  • Provide leadership, vision, and direction on information security to the information security staff, across the central IT division, and enterprise-wide
  • .
  • Collaborate with application owners to understand and address the risk position around key business applications.
  • Deep understanding of the enterprise information security architecture discipline, processes, and concepts.
  • Knowledge of technological trends and developments in the area of information security and risk management.
  • Knowledge of firewallsanti-virusintrusion detection/intrusion prevention systemsvirtual private networksremote access systemscentralized monitoring, and application scanning.
  • Ability to quickly grasp how new technologies work and how they might be applied to achieve business goals.
  • Demonstrated an ability to work effectively with a team, delivering high performance and customer satisfaction.
  • Strong facilitation skills and a clear ability to build strong relationships with business stakeholders at all levels, including executive managers and vendors.
  • Clean Ability to manage Security Operations Center (SOC) systems and all level human`s task management and dispatch, across the enterprise.
  • Acceptable Ability to ITIL and knowledge to ISO 27k/ISMS.
  • Acceptable ability to Risk management
  • Cyber Security strategy management.
  • Understanding of OWASP
  • RCE (Reverse Code Engineering)
  • Code Optimization, Binary Audit, Code Audit, and Review.
  • Software Debugging (OllyDbg, IDA Pro, Immunity Debugger)
  • Network Traffic Analysis, Packet Sniffing and QoS (Quality of Service)
  • *nix Security Administration (Red Hat, Fedora, Centos, UBUNTU, FreeBSD)
  • Physical Security Solution (Fire Alarms, Fire Control, IP Cam and CCTV, . . .)
  • Cryptography & Cryptanalysis
  • Acceptable knowledge about Payment Card/Payment App Security (PCI-DSS/PA-DSS)
  • . . . .

 EDUCATION

Software Engineering – Tehran Azad University (South Branch)

 Other Skills

  • OS: Linux(Centos, Fedora, Redhat, Ubuntu), BSD UnixWindows
  • Networking: VPNs, VLAN, Firewalling, IDS/IDPs, HIDS, NIDS, IPSec
  • System/Network Monitoring: Syslog-NG, PRTG, Tripwire, Solar Winds, IpAudit, . . .
  • Programming : C/C++ , Python,
  • Virtualization: VMware, Virtual Box, Hyper-V . . .
  • Database : MySQL , MsSQL
  • Software: MS-Office (Word, Excel, PowerPoint, Outlook)
  • Hobbies: Swimming, Badminton, Video Games “prefer to PS4  ”

A Selection of Prominent Work Records and Projects

  • MCI SOC`s Knowledgebase creation and development team manager.
  • TCI Security log Service System for all Network Devices (Design to Run) manager.
  • MehrTV Network Penetration Test and Software Code Audit team manager.
  • Fanava Satellite Network Security Study, Develop and Implement team leader.
  • Fanava Group Penetration Test for Networks, Databases and Web Applications.
  • Post Bank of IRAN Research, Design and Implement a Secure Pin Pad to make Secure Financial Transfer.
  • Design and Make a Hard Lock Dongle for Ravis Co`s ATMs.
  • And many project about Information Security . . .

 Certification

Seminars and Speaks

  •  CEH (Certified Ethical Hackers) Course for TCI Technical Team
  • CEH Course for Fanava Security Team
  • Web Application Fuzzing Course in ADOC
  • Rootkits & Trojan Attack Systems Article in Azad University Tehran Branch Seminar about ICT Security Systems
  • Linux Security Administration for Fanava Technical Team

If you Like my resume, You can CONTACT me