- Working closely with technology and business teams to ensure that security requirements are defined and implemented in accordance with applicable governance and requirements;- Leading the training of people in Cybersecurity (Monitoring & Intrusion detection, Pentest, Incident response & Forensics);- Supervising students internships in IT and cybersecurity;- Advising customers and project teams on information security threat and risk in cloud (Azure, AWS, Google, etc.) and on-premises;- Developing Risk Management Strategy and Process based on ITSG-33 Standards from Canadian Federal Government- Performing Web application and network penetration testing activities for some customers;- Coordinating some cyber security and information security innovation projects;- Work with internal and external developers, systems engineers, and commercial product vendors in the design and evaluation of systems, network, and database products;- Performing risk assessment and recommend relevant solutions for mitigation;- Supporting customers to achieve their PCI-DSS compliance;- Helping customers to comply with other certifications such as SOC 2, ISO, etc.- Reviewing the installation and configuration of some security solutions (Ex. Nessus Cloud, Qualys, etc.);- Analyzing the vulnerabilities scan reports (OpenVAS, Nessus, Joval, etc.) and making recommendations;- Leading the building of a Security Operations Center (SOC) with AlienVault USM solutions and other opensource security tools.

- Evaluate the security of information in business and technology services (eg Staffing, Mobility, etc.);- Determine, in collaboration with service managers, the security assessment scope;- Identify and analyze gaps between current practices into the services and best practices from ISO/IEC 27002-2013;- Identify and analyze issues, threats and vulnerabilities of information assets;- Contribute to the exercise of categorization of information assets;- Improve templates (questionnaires, reports, etc.) and other working tools;- Analyze and assess security risks (according to ISO/IEC 27005) arising from service gaps;- Evaluate the compliance of services against the ISO/IEC 27001-2 standard, and according to the targeted maturity level;- Perform information security awareness for stakeholders (custodians, pilots, IT staff, etc.);- Update the risk registers;- Analyze vulnerability scanning and intrusion testing reports on technology infrastructures;- Propose mitigation measures (mitigating) risks;- Develop mitigation action plans;- Write reports of evaluating the security of services;- Participate in weekly team meetings;- Ensure the quality of certain deliverables;- Communicate and collaborate with service's owners and respondents;- Plan and facilitate meetings (follow-up, interviews, presentations, etc.) with stakeholders.

- Evaluate the security of information in business and technology services (eg Staffing, Mobility, etc.);- Determine, in collaboration with service managers, the security assessment scope;- Identify and analyze gaps between current practices into the services and best practices from ISO/IEC 27002-2013;- Identify and analyze issues, threats and vulnerabilities of information assets; - Contribute to the exercise of categorization of information assets;- Improve templates (questionnaires, reports, etc.) and other working tools;- Analyze and assess security risks (according to ISO/IEC 27005) arising from service gaps;- Evaluate the compliance of services against the ISO/IEC 27001-2 standard, and according to the targeted maturity level;- Perform information security awareness for stakeholders (custodians, pilots, IT staff, etc.);- Update the risk registers; - Analyze vulnerability scanning and intrusion testing reports on technology infrastructures;- Propose mitigation measures (mitigating) risks;- Develop mitigation action plans;- Write reports of evaluating the security of services;- Participate in weekly team meetings;- Ensure the quality of certain deliverables;- Communicate and collaborate with service's owners and respondents;- Plan and facilitate meetings (follow-up, interviews, presentations, etc.) with stakeholders.

- Acting as the liaison agent between security and business units including product owners and IT teams- Performing risk assessment (asset, threat, vulnerability, impact), and risk analysis (qualitative vs quantitative)- Categorizing information and information assets- Identifying and recommending the security controls to protect assets and mitigate risks- Identifying, analyze and report security risks to management- Contributing to maintain and update the SAAQ's security and privacy policies- Contributing to develop and implement a Mobility Strategy- Developing, documenting and promoting an architectural vision of information security- Participating in improving of security posture- Assisting business owners, project teams, compliance and legal departments- Validating and approving deliverables- Writing security advisories- Designing and developing information security dashboard- Evaluating the solutions proposed by cloud software, hardware and services providers in order to issue recommendations;- Conducting vendor security assessments on new products and solutions- Coordinating Web applications penetration testing by defining the scope, planning the activities, sharing the uncovered vulnerabilities, and ensuring that the remediation action plan is implemented- Assisting the project of upgrading the network infrastructure and security with next-generation security gateways (Checkpoint)- Assisting the project of implementation of a virtual desktop infrastructure (VDI) based on VxRail, vHorizon, vCenter, vSAN, vMotion, etc.

- Leveraged and tuned IDS solutions to quickly detect and react to threats and security incidents- Analyzed the security events and logs generated by critical components (Network sensors, Firewall, Servers, etc.)- Monitored advanced threats and vulnerabilities, and notifying stakeholders (from vendors' website and other relevant sources)- Evaluated the security bulletins from different vendors (Microsoft, Cisco, Oracle, IBM, Adobe, etc.), by using CVSS standards and other tools (NVD, CVE, etc.)- Maintained and updated the security components and devices (IPS, IDS, Firewall, rules, signatures, policies, etc.) - Troubleshoot the security devices and solutions, in collaborating with IT teams (network, systems, applications, vendors) - Identified, analyzed and reported security risks to management- Identified and tracked the vulnerabilities on IT infrastructure- Participated in and collaborated with other stakeholders to security incidents response- Designed, developed and implemented the tools required to better perform my job (forms, scripts, metrics, etc.)- Performed the audit and penetration testing on critical IT assets- Performed the malware, domain name, URL, and IP reputation analysis and forensics, by using sandbox and other tools (Virustotal, McAfee SiteAdvisor, etc.)- Contributed to design and implementation of security solutions- Assessed the vulnerabilities of security controls- Recommended the mitigation security controls to protect assets and mitigate risks- Review and document operational cyber security policies, standards, processes, and procedures- Supported business owners, project teams, compliance, and architects- Wrote the security advisories

I have been involved in many projects for different companies (private and public sector). My key activities performed include, but not limited to:- Developed and implemented the security policies, standards, guidelines and procedures- Managed the security risks - Managed the security Incidents- Assessed the vulnerabilities- Audited the Information Systems- Monitored the security events and detected the intrusion- Performed the network and application penetration testing- Manage operational access control- Designed the network security architecture- Supported the IT projects with security's perspective- Network and Endpoint protection- Developed and implemented the information security awareness's program- Wrote the information security's advisories- Coordinated the different vulnerability assessment meetings (weekly monthly) with other stakeholders

My key activities or projects performed include, but not limited to:- Developed and implemented a centralized accounts management system;- Identified the risks of operational servers relocation and coordinating web servers relocation;- Implemented a new messaging service based on Zimbra solution, and migrating all users email accounts from the old server to the new one;- Managed the security patches on virtual and physical servers, and developing procedures and guidelines to strengthen the security of those servers;- Designed, implemented and maintained a network edge protection system of the building B LAN, relying on Pfsense free software solution (a security oriented Linux);- Designed and implemented a remote access Virtual Private Network (based on OpenVPN software solution) to allow users to securely access resources in the local network of the laboratory so from outside (home, abroad, etc.);- Etc.

My key activities or projects performed include, but not limited to:- Received the requests from project managers and others stakeholders; - Sorted and redistributed the requests among team members; - Analyzed the compliance with security policy and security requirements; - Advised the project managers on possible options in case of rejection of their requests; - Attended the weekly team meetings; - Proposed the improvements of management process of applications; - Validated the requests that comply with policy and security requirements; - Generated the statistics on the number of daily and weekly requests resolved.

My key activities performed include, but not limited to:- Hardened the security of gateways (disabling services and default accounts, password protection access the BIOS and boot loaders, etc.); - Installed and configured a VPN solution with OpenSwan on Linux OS; - Troubleshoot and analyzed network issues;- Configured and maintained the routing infrastructure; - Configured and maintained the switches infrastructure; - Wrote a manual on how to do when a malware attack occurs;- Etc.

My key activities or projects performed include, but not limited to:- Developed a corpus including guides, network best practices;- Configured and maintained the mail service (Postfix, SquirrelMail);- Configured and maintained the Web services (Apache and Internet Information Server);- Applied the security patches and updates on servers and services;- Managed the Active Directory domain and other resources;- Managed the access rights and permissions and other resources (shared folders , network printers , workstations);- Organized and attended the meetings focusing on infrastructure;- Installed, configured and maintained a hosting platform portal of the university, based on the LAMP architecture (Linux - Apache - MySQL - PHP);- Installed, configured and maintained a platform for centralizing and analyzing log files based on Logcheck and Syslog solutions;- Provided the support to end users and developing manuals of procedures;- Applied the security policy on all servers (Windows and Linux);- Checked and analyzed the servers and services log files.