CV MEHARI : Sélectionnez rapidement les profils qui vous intéressent

Aperçu d'expériences de Brahim,
freelance MEHARI résidant dans le Val-d'Oise (95)

• Senior Cyber Security Consultant - PointRD

  Currently
  Jan 2019 - aujourd'hui

  Europcar: IT risk manager
  Subject 1:
  IT risk analysis: Cloud, infrastructure and web application.
  Governance: Writing policies, procedures, and help teems to do their projects with
  security best practices, security by design.
  Compliance RGPD: Personal data protection with CNIL and GDPR rules.
  Responsibilities :
  Risk analysis: Security by design, AGILE method
  Follow-up of action plans
  Follow-up of derogations
  Decision support
  Technical security assistance
  Preparation of security documents
  Cloud Security: AWS, AZURE, GCP
  Cyber security awareness.
  Deliverables :
  Risk analysis report on security cloud, infra and application environments.
  Elaboration of a risk analysis model according to the AGILE method.
  Technical report on use cases
  Action Plan
  Third party questionnaire
  Security policies and standards
  Technical and functional environment:
  Standard ISO 27005, EBIOS, Local methodology.
  AGILE, NIST, Excel, Standard, best practices, JIRA, Office 365
  Subject 2:
  SOC Project Manager.
  Set up the poc of a SOC
  
  Responsibilities :
  Team management
  Manage the actions to be carried out.
  Manage the deadlines.
  Architecture validation.
  Reporting for management.
  Resolution and success of the compatibility challenges of the different SIEM technologies.
  Deliverables :
  Meeting reports, Dashboard, Technical report on log analysis, Action Plan
  Technical and functional environment:
  Splunk, Qradar, AGIL, NIST,
  Excel, Standards, best practices, Office 365, JIRA
  December 2018 - April 2019 - Senior Cyber Security Consultant - DEVOTEAM
  TOTAL: Team leader (IT risk manager)
  Main goals :
  Risk analysis for the benefit of TOTAL.
  Responsibilities : Lead of risk analysis unit.
  GAD: analyze the general architecture document
  Risk analysis with all kind of projects (cloud, infrastructure, web, network, systems…)
  Follow-up of action plans.
  Follow-up of derogations.
  Cyber security awareness
  Deliverables :
  Weekly and monthly reports to evaluate the security level in projects
  Risk analysis report
  Dashboard and KPI to follow the measures in place to mitigate risks impact

  Technical and functional environment Standard ISO 27005, EBIOS, Local Methodology, NIST, JIRA Excel, Standard, best practices, Office 365

• Central Bank of Mauritania - Freelance (Pentester) Audit Office CNS Tunis
  Jan 2018 - aujourd'hui

  Subject 1:
  Black box penetration testing on the perimeter of the Central Bank of Mauritania
  Tasks:
  Head of the penetration testing team
  Deliverables:
  Penetration test report on the external perimeter of the bank.

  Technical and functional environment: WEB Servers, Router, FWs, Mail server, Excel, PPT, Nessus, Metasploit, good practices, ISO 27001/27002

• CYBER security mission at the French Ministry of the Armed Forces
  Jan 2016 - Jan 2016

  Subject:
  Cyber Watch - OSINT … Risk assessment
  Responsibilities
  Team leader on cyber watch
  Deliverables :
  Weekly and monthly report on the cyber-net, Risk analysis.

• The Tunisian Stock Exchange - Penetration Test
  2016 - aujourd'hui

  Subject:
  Internal and external penetration test and risk analysis, application risk analysis.
  Tasks:
  Audit Team Leader
  Deliverables
  Technical reports: penetration tests, application risk analysis report.

  Technical and functional environment Web, VLAN, FW, Excel, PPT, Nessus, Metasploit, good practices, ISO 27001/27002

• The Central Bank of Tunisia - Penetration test - CNS
  2015 - aujourd'hui

  Subject
  Internal penetration test between local networks as well as external penetration tests.
  Responsibilities
  Member of the audit team,
  Deliverables
  Technical report penetration test and gap analysis.

  Technical and functional environment Web, VLAN, FW, Router; Excel, PPT, Nessus, Metasploit, good practices, ISO 27001/27002

• Freelance (Auditor) Audit Office CNS
  Jan 2013 - Jan 2016

  Institute of Science - SONEDE - Ministry of the Environment
  Subject:
  Penetration testing on the perimeter: Black Box
  Tasks:
  Senior Consultant
  
  Deliverables
  Audit report gap analysis, Risk analysis, Penetration test.

  Technical and functional environment KALI, ACUNETIX, METASPLOIT, NESSUS MEHARI, EBIOS, ISO 27001, ISO 27005

• Audit - Cimenterie de Bizerte
  Jan 2013 - aujourd'hui

  Subject
  Network equipment audit, risk analysis infrastructure projects.
  Tasks
  Audit Team Leader
  Deliverables
  Technical report on the FWs configuration audit
  Technical and functional environment
  FW: Cyberoam, FW: Palo alto, Cisco Switches, Excel, PPT, Nessus, Metasploit, good practices,
  MEHARI, EBIOS, ISO 27001, ISO 27005.

• Senior Cyber Security Consultant

  CNS
  Jan 2013 - Jan 2018

  Subject:
  Information system control and audit following ISO 27K standards
  Responsibilities:
  Audit team leader
  
  Deliverables:
  Gap analysis report and audit report (organizational and technical)

  Technical and functional environment: Excel, standards, norms, best practices, NIST, Nessus, Nmap, wireshark...

• Project manager: Drafting of security policies and procedures

  Head of Cybersecurity Department Ministry of Defense (Tunisia)
  Jan 2011 - Jan 2013

  Awareness and training of ISOs on information security issues
  Follow-up of maintenance in operational condition, drafting of dashboards and procedures,
  technical audits (PENTEST and configuration audits) Security incident management.
  Planning of internal audit missions.
  Cyber project management in terms of resources, deadlines, execution and deliverables.
  Management of supervision teams and administration of Security equipment.

• aujourd'hui

  Technical and functional environment:
  Windows, Linux, Kali, Forensics tools, Microsoft Office, SharePoint,