Profiles search
Ehab Badawi
Security Consultant, PCI QSA, CISSP, CCSP, CRISC, CISM, CISA, GRCA, GRCP, PCIP
Chicago, IL, United States
Details
Education:
Master's degree
Information Systems Security and Digital Criminology
Princess Sumaya University for Technology
2015 : 2018
Bachelor's degree
Computer Science
University of Jordan
2009 : 2013
Information Systems Security and Digital Criminology
Princess Sumaya University for Technology
2015 : 2018
Bachelor's degree
Computer Science
University of Jordan
2009 : 2013
Experience:
- Conducts comprehensive security assessments to identify vulnerabilities and potential threats.
- Collaborates with clients to understand their specific security needs and business goals.
- Develop and document security policies, procedures, and best practices tailored to the client's environment.
- Provide guidance on compliance with industry regulations and standards.
- Performs security audits and architecture review.
- Participates in pre-sales activities by presenting security solutions to potential clients. Explain the benefits of implementing robust security measures and how they align with clients' needs.
- Generates detailed reports outlining findings from assessments, audits, and testing.
- Assesses and enhance the security of networks, systems, and applications, including reviewing configurations, identifying vulnerabilities, and recommending security improvements.
- Provide expertise in securing cloud environments, including evaluating the security of cloud services, configuring access controls, and ensuring compliance with cloud security best practices.
- Performs on-site compliance validation
- Evaluation of Compensating Controls
- Mentors junior team members, providing guidance and sharing your expertise to help them grow in their roles.
2021 : Present
VikingCloud
Information Security Consultant
- Perform Information Security Risk Management roles within the GRC function
- Lead the Cloud Security Infrastructure Design and Architecture
- Track Identified risks, ensure identified risks are implemented with mitigation controls
- SOC 2 compliance readiness assessments
- Developed, conducted, and maintained risk assessment program based on NIST Risk management Framework
- Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation.
- Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cybersecurity and risk requirements Network and security monitoring and configuration review for the network infrastructure and security systems.
- Responsible of Information Security Awareness program
- Leading the vulnerability management program
- Manage and support the 3rd Party Security Vendor Risk Management program
- Permanent member of Change Advisory Board
- Responsible for conducting security site reviews, writing audit/review reports, reviewing findings, and making recommendations.
- Responsible for planning, developing and implementing security plans, security programs such as Emergency Response, Physical Security, Information Protection, Incident Management and/or Investigation.
- Maintains knowledge of complex industry trends, current security issues and security technology and update management on risk and threat that could impact company business.
- Monitors the internal control systems to ensure that appropriate access levels are maintained and followed.
- Coordinate with CIO and BCP team for preparing the disaster recovery plan and update it on yearly basis.
- Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner.
2018 : 2021
SAC Wireless
Information Security Analyst
- Developed, maintained, and enforced information security policies, procedures, and standards within all operational areas of the company.
- Developed, conducted, and maintained risk assessment program.
- Evaluated project design requirements to identify any potential impact to the Information security.
- Worked with business units to identify their perceived threats to the integrity, availability, and confidentiality of their information assets.
- Maintained, managed and implemented multiple security projects. Prepared and managed multiple PCI DSS compliance assessments.
- Prepared and managed multiple PCI-PIN and PCI Card Production compliance assessments.
- Prepare, manage, and lead remediation process for Internal and External Audits, follow-ups with related parties
- Gathering and validating evidences for the audits
- Implementing and managing vulnerability scanning, in addition to the ability to evaluate threats, vulnerabilities and risks
- Network and security monitoring and configuration review for network devices and security systems.
- Management of Intrusion Detection/Prevention System to protect the company from known attacks and abnormal activities.
- Administration and management of Web Application Firewall and Load balancing systems. Administration, management and monitoring of Security Information and Event Management system (SIEM) and proposing the needed correlations events.
- Monitoring and managing privileged users’ access across network and systems
- Managed the advanced malware protection system at both endpoint and network layers.
- Managed to protect enterprise emails by administrating a messaging gateway and adding the needed policies to protect against spam and phishing campaigns.
- Implementing the 2-factor authentication system and enforcing it at several check points such as remote desktop and VPN connections
- Checking file integrity monitoring events for suspicious activities and abnormal file creation, modification and deletion.
2015 : 2018
Network International
Senior Information Security and Compliance Officer
- Configure, test, and maintain network and security equipment and related services.
- Identify, diagnose, and resolve network problems.
- Create and maintain comprehensive documentation for all implemented networks.
- Provide pre-sales and post-sales technical support.
- Assist in preparation of proposals and solution presentations.
- Maintain and support company’s LAN/WAN environment.
- Windows and Linux systems, business applications, anti-virus protection, email, and authentication administration.
- Daily maintenance and problem resolution, operating system patches and software upgrades, and routine hardware configuration.
- Participate in 24x7 on-call rotation.
- Obtain and maintain required certifications for partnership with key vendors.
- Design, plan, configure and implement new security technologies into current operating environment
- Documents network and security problems and resolution for future reference.
- Securing DNS,SMTP,NTP,VOIP Services
- Perform advanced monitoring and reporting related to network and security systems.
- Configure, implement, and troubleshoot a variety hardware/Software Products, including : VPN, Firewalls, IPS, •IDS,Routers, Switches, email gateway, internet proxy and endpoint security solutions
- Implementing and managing vulnerability scanning, in addition to the ability to evaluate threats, vulnerabilities and risks
- Security Configuration review of servers,routers,firewalls,etc.
- Managing and maintaining the network, as well as network performance monitoring
2014 : 2015
Blink Networks (Jordan)
Core Network and Security Engineer
- Support of Service Desk Express (SDE) product from BMC Company : implementation, installation, customization and integrate with other solutions or products.
- Integration of Information Technology Infrastructure Library (ITIL) best practice process within IT processes, Incident management and problem management.
- Managed the integration of Help Desk system with Active directory.
- High level of troubleshooting on minor/major issues, handling further escalations and applying the required actions/changes .
- Creating and troubleshooting of various Microsoft windows servers platforms.
2013 : 2014
Fourth Dimension Systems
Technical Support Engineer (ITSM)
- Collaborates with clients to understand their specific security needs and business goals.
- Develop and document security policies, procedures, and best practices tailored to the client's environment.
- Provide guidance on compliance with industry regulations and standards.
- Performs security audits and architecture review.
- Participates in pre-sales activities by presenting security solutions to potential clients. Explain the benefits of implementing robust security measures and how they align with clients' needs.
- Generates detailed reports outlining findings from assessments, audits, and testing.
- Assesses and enhance the security of networks, systems, and applications, including reviewing configurations, identifying vulnerabilities, and recommending security improvements.
- Provide expertise in securing cloud environments, including evaluating the security of cloud services, configuring access controls, and ensuring compliance with cloud security best practices.
- Performs on-site compliance validation
- Evaluation of Compensating Controls
- Mentors junior team members, providing guidance and sharing your expertise to help them grow in their roles.
2021 : Present
VikingCloud
Information Security Consultant
- Perform Information Security Risk Management roles within the GRC function
- Lead the Cloud Security Infrastructure Design and Architecture
- Track Identified risks, ensure identified risks are implemented with mitigation controls
- SOC 2 compliance readiness assessments
- Developed, conducted, and maintained risk assessment program based on NIST Risk management Framework
- Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation.
- Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cybersecurity and risk requirements Network and security monitoring and configuration review for the network infrastructure and security systems.
- Responsible of Information Security Awareness program
- Leading the vulnerability management program
- Manage and support the 3rd Party Security Vendor Risk Management program
- Permanent member of Change Advisory Board
- Responsible for conducting security site reviews, writing audit/review reports, reviewing findings, and making recommendations.
- Responsible for planning, developing and implementing security plans, security programs such as Emergency Response, Physical Security, Information Protection, Incident Management and/or Investigation.
- Maintains knowledge of complex industry trends, current security issues and security technology and update management on risk and threat that could impact company business.
- Monitors the internal control systems to ensure that appropriate access levels are maintained and followed.
- Coordinate with CIO and BCP team for preparing the disaster recovery plan and update it on yearly basis.
- Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner.
2018 : 2021
SAC Wireless
Information Security Analyst
- Developed, maintained, and enforced information security policies, procedures, and standards within all operational areas of the company.
- Developed, conducted, and maintained risk assessment program.
- Evaluated project design requirements to identify any potential impact to the Information security.
- Worked with business units to identify their perceived threats to the integrity, availability, and confidentiality of their information assets.
- Maintained, managed and implemented multiple security projects. Prepared and managed multiple PCI DSS compliance assessments.
- Prepared and managed multiple PCI-PIN and PCI Card Production compliance assessments.
- Prepare, manage, and lead remediation process for Internal and External Audits, follow-ups with related parties
- Gathering and validating evidences for the audits
- Implementing and managing vulnerability scanning, in addition to the ability to evaluate threats, vulnerabilities and risks
- Network and security monitoring and configuration review for network devices and security systems.
- Management of Intrusion Detection/Prevention System to protect the company from known attacks and abnormal activities.
- Administration and management of Web Application Firewall and Load balancing systems. Administration, management and monitoring of Security Information and Event Management system (SIEM) and proposing the needed correlations events.
- Monitoring and managing privileged users’ access across network and systems
- Managed the advanced malware protection system at both endpoint and network layers.
- Managed to protect enterprise emails by administrating a messaging gateway and adding the needed policies to protect against spam and phishing campaigns.
- Implementing the 2-factor authentication system and enforcing it at several check points such as remote desktop and VPN connections
- Checking file integrity monitoring events for suspicious activities and abnormal file creation, modification and deletion.
2015 : 2018
Network International
Senior Information Security and Compliance Officer
- Configure, test, and maintain network and security equipment and related services.
- Identify, diagnose, and resolve network problems.
- Create and maintain comprehensive documentation for all implemented networks.
- Provide pre-sales and post-sales technical support.
- Assist in preparation of proposals and solution presentations.
- Maintain and support company’s LAN/WAN environment.
- Windows and Linux systems, business applications, anti-virus protection, email, and authentication administration.
- Daily maintenance and problem resolution, operating system patches and software upgrades, and routine hardware configuration.
- Participate in 24x7 on-call rotation.
- Obtain and maintain required certifications for partnership with key vendors.
- Design, plan, configure and implement new security technologies into current operating environment
- Documents network and security problems and resolution for future reference.
- Securing DNS,SMTP,NTP,VOIP Services
- Perform advanced monitoring and reporting related to network and security systems.
- Configure, implement, and troubleshoot a variety hardware/Software Products, including : VPN, Firewalls, IPS, •IDS,Routers, Switches, email gateway, internet proxy and endpoint security solutions
- Implementing and managing vulnerability scanning, in addition to the ability to evaluate threats, vulnerabilities and risks
- Security Configuration review of servers,routers,firewalls,etc.
- Managing and maintaining the network, as well as network performance monitoring
2014 : 2015
Blink Networks (Jordan)
Core Network and Security Engineer
- Support of Service Desk Express (SDE) product from BMC Company : implementation, installation, customization and integrate with other solutions or products.
- Integration of Information Technology Infrastructure Library (ITIL) best practice process within IT processes, Incident management and problem management.
- Managed the integration of Help Desk system with Active directory.
- High level of troubleshooting on minor/major issues, handling further escalations and applying the required actions/changes .
- Creating and troubleshooting of various Microsoft windows servers platforms.
2013 : 2014
Fourth Dimension Systems
Technical Support Engineer (ITSM)
Company:
VikingCloud
Years of Experience:
12
Spoken Language:
Arabic, English
Skills
Business Continuity, CCNA, CEH, CISA, Cisco Technologies, CMDB, Computer Security, Consulting, Disaster Recovery, DLP, Firewalls, Idenity access management, Incident Management, Information Security, Infrastructure, Internal audit, IPS, ISO 27001, ISO Standards, IT Audit, ITIL, IT Management, IT Service Management, ITSM, Leadership, Linux, Microsoft Excel, Microsoft Office, Microsoft Word, Nessus, Networking, Network Security, NIST, NIST 800-53, PCI DSS, Project Management, QRadar, Red Hat Linux, Reporting, Risk Assessment, Security, Security Compliance, Service Desk Express, SIEM, System Administration, TCP/IP, Teamwork, Vulnerability Assessment, Windows Server, Wireless Networking
About
Information Security Consultant
Profile Photo
