Post on 07-Apr-2018
8/4/2019 Mahmoud Yassin Ali Moustafa
http://slidepdf.com/reader/full/mahmoud-yassin-ali-moustafa 1/31
Mahmoud Yassin Ali Moustafa
CISA, CISSP, CRISC, MCSE, COBIT, ITIL, PMP
Mobile +971-50-8116825
Myassin75@gmail.com
Myassin66@hotmail.com
Mahmoud.Yassin@nbad.com
Career objective
To purse a successful career in the IS field based on both mytechnical and business experience in various ITS Security &infrastructure projects.
Professional Snapshot
Professional with more than 15 years of experience in IT Operations with focusedexposure in Banking & ISP Information Security. IT Infrastructure Management,Project Management, Network Management, Business Continuity Planning, NewTechnology Implementation, Process Improvement and Team Management. A keenplanner, strategist & implementer with demonstrated abilities in IT operationsmanagement and new technology implementation for streamlining IT relatedoperations. Expertise in spearheading numerous IT projects; ensuring delivery of projects compliant to the quality, time and cost parameters. Proven skills in managingteams to work in sync with the set parameters & motivating them for achievingbusiness and individual goals. An effective communicator with excellent relationshipbuilding & interpersonal skills. Strong analytical, problem solving and organizational
abilities. Possess a flexible and detail oriented attitude.
8/4/2019 Mahmoud Yassin Ali Moustafa
http://slidepdf.com/reader/full/mahmoud-yassin-ali-moustafa 2/31
Proficiency Forte
Area of expertise
• Project Planning & Management
• IT Operations Management
• Risk assessment and risk management skills.
• Auditing skills.
• Process design and architect and re-architect.
• Business banking infrastructure architect and implementation skills.
• End user training and security awareness sessions.
• Network administration & operation of Different platforms Unix (SCO – SunSolaris) – (windows NT-windows 2000- windows 2003 – windows 2008).
• Web hosting Infrastructure Solution design and implantation of secureenvironment.
• Financial transaction and worldwide stock markets protocols like FIX &
financial transaction security 3D security implementations.
• Technical Support
• Infrastructure Management
• Technology Implementation
• Network Management
• Liaising & Coordination
• Deliverables Management
• Team Management Information Security & Operations support
Technical Summary
• Accurately scope, design, implement and support product based balanced security on
Gateway & perimeter firewalls. IPS, NIDs, Gateway level AV’s, end point security, data
leakage control products and provide daily process based support reporting of the samefor Banking & ISP environment
• Single headedly managing Organization IT Vulnerability Management
• Support for Design and implement centralized log feeding based on leading SIM’s
• Information security Risk assessments and Threat Modeling
• IS Auditing
• Monitoring / tracking projects with respect to budgeted cost, demand forecasts, time
over-runs to ensure timely execution of projects. Designing and implementation of LAN /
WAN system involving design of network layouts and their configuration.
• Suggesting IT measures and safeguarding the information resources of the enterprise
to maintain integrity, confidentiality and availability of data / application specific to
Financial and ISP segments
• LAN & WAN Support & Monitoring - Financial & ISP Business Verticals.
• Windows Server: Administration & support for Web & Mail, Aix 4.1. Mac.• Incident analysis and recommendation for remediation – Process based Support
8/4/2019 Mahmoud Yassin Ali Moustafa
http://slidepdf.com/reader/full/mahmoud-yassin-ali-moustafa 3/31
• Malware Reverse Engineering.
• Remote Users Enforcement Point Connection Compliance – Cyber Gate Keeper.
Juniper SSL
• Information Security Compliance Auditing based on various IT frame works.
• Comprehensive support to protect against DDOS, Phishing, Malware attacks, Spam’s
and IP Abuse. Cyber Security fraud detection. Forensic analysis, and identifying risk
channels(vectors)• Supporting ISO & SIRT Teams in end to end Info Sec requirements.
• Enterprise Vulnerability \ Security Patch Management and Scanning for Windows
clients and Servers -
• Managing IT Compliance requirements in enterprise environment(PCI-DSS,SOX)
• Intrusion Prevention Systems (Both Reactive & Proactive): IPS, NIDS, HIDS
• Pen Testing: For Servers, Database, Clients, Gateway and Perimeter Components.
• Moderate Knowledge in HTML, Perl script, VB Script, SQL Server Administration and
SQL Query.
• Engage with Info Sec Product Vendors (TAM)
• POP for end to Info Sec products.
• Suggesting IT measures and safeguarding the information resources of the enterprise
to maintain integrity, confidentiality and availability of data / application specific toFinancial and ISP segments
• Ensuring provision of technical consultancy to clients for various IT projects /
operations.
• Monitoring & supervising the development of long-term partnerships with suppliers &
vendors; managing day-to-day supplier performance to ensure meeting of service, cost,
delivery and quality norms.
• Comprehensive understanding of end to end data flow architecture for Financial and
ISP organization.
• Recommending recovery strategies and options, and assisting with the
implementation of recovery solutions, coordinate business continuity plan exercises.
• People Management
• Leading, mentoring & monitoring the performance of team members to ensure
efficiency in process operations and meeting of individual & group targets.
• Creating and sustaining a dynamic environment that fosters development
opportunities and motivates high performance amongst team members.
• Product Working Knowledge: Microsoft Servers and Client, Aix, Messaging, Proxy,
Web, Enterprise Server & Client Management, Symantec (SSC). McAfee EPO, Postini,
Confidence Online, CGK, Iron Port, Web Sense, Blue Coat, Found Stone, ISS, Secure
Computing, Tipping Point, Checkpoint, Pix, Moderate exposure in SIM-NFX. Arch sight.
• Log Management Solution (ARCHSIGHT) Implementation & project lead
• Encryption Mechanism for Email & Folder Encryption )
8/4/2019 Mahmoud Yassin Ali Moustafa
http://slidepdf.com/reader/full/mahmoud-yassin-ali-moustafa 4/31
Organizational Experience
National Bank of Abu Dhabi (Abu Dhabi United Arab Emirates) April 2007 tillpresent
Lead Security & systems Eng- NOC. & SOC. teams lead. April 2007 till present
• Managing & building of the SOC & NOC Monitoring and Operationsteam and taking care of new tasks deliverables
• Monitoring NetIQ SM & Arch sight SIM. Doing correlation analysis of NBAD internal and external Data and voice traffic validating the traffic basedon correlation, identifying any service degradation or outage andrecommending applicable action to operation support
• Managing a Threat Management specific to NBAD ISPsegment(ETISLAT ,DU) configured and managing Symantec threatManagement console
• Closing working with SIRT team to identify risks, and mitigation
• Coming up with Policy procedure based on information securityrequirement
• Vulnerability Management specific NBAD IT production environment.
• Providing daily weekly and Monthly SIEM reports
• Interacting with internal clients for day to day operations support
• Assisting IT auditing and Penetration testing
My responsibility for maintaining the integrity and security of enterprise's servers
and Systems which support the various operating units of the enterprise.
Conducting system analysis and Infrastructure Architect, with limited support anddirection from professional staff, to keep our systems current with changingtechnologies.
Key technical resources for other Senior Staff, providing advice, training andTechnical support for various projects. In addition, technical staff in the ITmanagement team in evaluating current systems and making decisions on futureUpgrades.
I am Managing team of 8 persons for System Monitoring and first Level Support
We monitor the network of 105 remote branches office support 7 countries(London – Paris – Washington – Egypt- Sudan – Kuwait – Oman – Bahrain)
My Team mange AD with 5000+ users
ATMs 670 ATM and Deposit machine
8/4/2019 Mahmoud Yassin Ali Moustafa
http://slidepdf.com/reader/full/mahmoud-yassin-ali-moustafa 5/31
Notable Attainments:
• Part of NBAD Global Security Team - one of the premier groups of
o Oversaw a basketful of tasks and led.
o Security Operations Capabilityo Cyber Intelligence and Response Program
o Cyber Security Business Intelligence Program
o Vulnerability Management for 5000+ Windows Servers & UNIX
o Abuse Monitoring and response on enterprise level
o SMTP Spam email administration on enterprise level (iron port)
o Found stone Scan – Corporate Administrator - Subject matter expert
o Corporate Virus defense team – Subject matter expert on enterprise
level
o Trend Micro EPO & trend Micro HIPS administration - on enterprise
level
o Supporting ISO team to implement ISO 27001 & Auditing - on
enterprise level
o Tipping Point – Administration for enterprise level
o Supporting global regional team for day to day in Security Operation
support.
o Initiating new Information Security programs on regional levels
o Defining security policy for end point client based on security
compliance policy
• Cyber Global Governance (Cyber Gate Keeper – CGK and AV)
• Maintained Internal Vulnerability Management Program to ensure full
coverage from a system and scanning perspective; External Vulnerability
Management Program to ensure full coverage and timely remediation.
• Patch Management in enterprise environment - for Windows Clients
and Servers.
• Creating Patch Management Policy for NBAD Data Center –Staff workstation – Portable devices
• Implemented multiple layers of controls to protect NBAD networks against
malware.
• Extended support to ISO Team on IT security compliance requirement,
policies, and auditing.
• Took numerous initiative on global on advance threat management and
remediation
• Implemented numerous process on global operation support level
• RSA Secure login for AD and Imprivata Single Sign-On
Projects
Arch-Sight implementation (SOC Team)
• Product evaluation & selection
• Product Requirements preparation (RFP selection Criteria &evaluation Matrix)
• System implementation
•
Design the monitoring channels
• Define access profiles
8/4/2019 Mahmoud Yassin Ali Moustafa
http://slidepdf.com/reader/full/mahmoud-yassin-ali-moustafa 6/31
• Design Monitoring Policy and Procedure
• Define Escalation Paths based on application Criticality
8/4/2019 Mahmoud Yassin Ali Moustafa
http://slidepdf.com/reader/full/mahmoud-yassin-ali-moustafa 7/31
EMC IONIX implementation (NOC team)
• Product evaluation & selection
• Product Requirements preparation (RFP selection Criteria &evaluation Matrix)
• System implementation
• Design the monitoring channels
• Define access profiles
• Design Monitoring Policy and Procedure
•
Define Escalation Paths based on application Criticality
• Prepare Service Maps & application Redundancy groups
NETIQ APPMANAGER implementation (NOC team)
• Product evaluation & selection
• Product Requirements preparation
• System implementation
• Design the monitoring channels
• Service map Design
• Define access profiles
• Design Monitoring Policy and Procedure
• Define Escalation Paths based on application Criticality
• Prepare Service Maps & application Redundancy groups
Data Center ALTIRIS operation & Patch Management
• Product evaluation & selection
• Product Requirements preparation (RFP selection Criteria &evaluation Matrix)
• System implementation
• Design the Patching Test environment
• Integration with Change control system
• Define patching polices and procedure per systems ,application , OS
• Define access profiles
8/4/2019 Mahmoud Yassin Ali Moustafa
http://slidepdf.com/reader/full/mahmoud-yassin-ali-moustafa 8/31
• Define Approval & Escalation Paths based on applicationCriticality
Data Center Polices & Procedure
• Commission Policies
• Decommission Policies
• Access Control policies
• Server maintains procedure
Data Center Physical Security
• Surveillance System
•
Mantrap Door
• Finger Print Biometric Access
8/4/2019 Mahmoud Yassin Ali Moustafa
http://slidepdf.com/reader/full/mahmoud-yassin-ali-moustafa 9/31
Managed File Transfer
• A new Managed Transferee platform from CFI proj-net to beCompliant with PCI-DSS data in transit Requirements
• An data encryption
Email Encryption
• An IRON-PORT Email Encryption Gateway implementation andintegration PCI-DSS, SOX compliance.
• A NETIQ Security Configuration Manager for Checking the PCI-DSScompliance and Deviations reports to be tracked.
• Working with Deloitte & Touché to meet the PCI-DSS bank wideimplementation and VISA and Master Compliance requirements.
Active Directory
• Design Active Directory Security & Group Policy
• Design & documentation of AD DR Recovery Plan and superviseTesting of the Plans
• Maintain Access shields depend on security Clearance of the Objectsand subjects
• Maintain Group Policy Shield from NetIQ to simulate group policydesign and workflow(designer-publisher-approver) before role out inactual environment
• Design Event to be monitored like (high level security groups –objects – domain admin accounts )
• Design an access policy for keeping Critical account access inpassword Vault (striping system admin from domain admin accounts )
Exchange
• Manage Exchange Security & server Security Policy
• Email spam filtering with ironport mail gateway
• Design client to server email encryption
Ad & exchange auditing
8/4/2019 Mahmoud Yassin Ali Moustafa
http://slidepdf.com/reader/full/mahmoud-yassin-ali-moustafa 10/31
• Audit All AD events in Security Management and Generate Alerts onCertain Event that violate or Breaches Security Policy
• Implementing NETIQ SM AD audit module for auditing critical eventsin AD
• Implementing NetIQ SM exchange auditing for auditing critical eventsin exchange servers including backend – CAS – HUP
• Audit all Exchange events and user access including on behalf mail boxaccess
Email Encryption
• Design PKI system for 4000 plus Email user
• Including Managing Auto Enrollment
• Managing Revocation
• KEYS Management
Dealing Room
• Build & Design the Most up to data Dealing room with user furnishing Enough Network Points and IP telephony and Singleprocessing unit manage 4 Screens.
• Including central connectivity for Dealer to powerful processing unit
and 4 screens per each dealing position.
• FIX Encrypted traffic for Dealers.
• Reuter Service Architect and Design and Integrate internally acrossNBAD Network can be accessed from any Remote Branch theinfrastructure includes (third-party fire wall FortiGate) RMDS servers,DACS Servers , Satellite Feeders
• Reuters Dealing System implementation
• Reuters EIKON upgrade for 3000 Extra dealing systemimplementation and security Design
• Bloomberg Service architect and design and integrate the serviceinternally across NBAD networks
Data Base Activity Monitoring (IBM GARDIUM)
• Build & Design the Database activity monitoring which one of PCI-DSS requirement for (Microsoft SQL servers ,Oracle 9 I, 10 G , 11 Gservers ,Sybase servers.) the project have the following activities:-
1. Database discovery.
2. Databases logging policy design and implementation.
8/4/2019 Mahmoud Yassin Ali Moustafa
http://slidepdf.com/reader/full/mahmoud-yassin-ali-moustafa 11/31
3. Databases user's activity logging.
4. Database Administrators activity logging.
Forensic Investigation
• Design and build incident handling polices & procedure for Nationalbank of Abu Dhabi
• Define Tools and Steps of any forensic Investigation tomitigate Security Risks
• We test some tools like Case but we are followingmanual Procedure
8/4/2019 Mahmoud Yassin Ali Moustafa
http://slidepdf.com/reader/full/mahmoud-yassin-ali-moustafa 12/31
DMZ Security’s Password Auto Repository (PAR)
• Design and build access control & password polices & procedure for National bank of Abu Dhabi
• Design Remote Session Video Recording System EGP
• Security Enhancement
1. No Console and/or Console Access.2. Only access is via associated “role3. Based” secure web interface(s).4. Embedded Hardware Firewall5. Encryption for Stored Passwords6. Full Hard Drive Encryption7. Secure Communication8. Database Security
9. Application Security
VAL IT COBIT implementation IT Infrastructure Team
• Adaptation and implementation of VAL IT concept In It infrastructure
• Follow Cobit Risk evaluation matrix
INNOKAT (innovation knowledge & advanced technology) Dec 2004 tillmarch-2007
Senior Infra Structure and Security Consultant
• Infrastructure architect &Security architect
• Data center building & design
• Risk Assessment for E-government AJMAN Government
• Risk assessment of Abu Dhabi Ministry of Finance Payment Systems
• Stock market interfaces (Abu Dhabi stock market – Dubai stockmarket) with Alsafwa Finance company and Full System penetrationtesting
• Preparing Feeders connectivity & infrastructure (Reuter –Bloomberg ) and Secure third party infrastructure within Abu DhabiIslamic bank
• FIT Trading platform & infrastructure security assments andpenetration testing
• Dubai Stock Market Security assessment and enhancements
• Etisalat Web Hosting platform Architecture Review and assessmentfor C-panel control Panel security Functionality
• Managed several "full cycle" infrastructure projects. Devolve projectplans, wrote RFP, lead design session and coordinated testing, trainingand implementation.
8/4/2019 Mahmoud Yassin Ali Moustafa
http://slidepdf.com/reader/full/mahmoud-yassin-ali-moustafa 13/31
• Facilitate process improvement sessions to close gaps betweenexisting and proposed business processes and system architecture.
• Lead infrastructure architect & design, implementation projects of windows 2003 active directory, SMS 2005, exchange 2003 , ISA server and migration to exchange 2007 , web application hosting solutions .
• Architect and design network infrastructure for web hosting platform
including security measurements, risk mitigation, availability and 24/7
SLA requirements of the said environment.
• Security Architect Handled the following functions :
o Consolidation of Internet Gateway & Security Gateways.
o Implementation of Content Filter and Proxy Filtering; Trend
Micro Anti Virus Gateway Solution; Pix firewall (Rule base and
LAN zoning).
o Drafting of Policy for Content Filter & Spam Filter.
o Drafted, designed and implemented end to IT security
infrastructure along with the team (Firewall, Anti Virus, Spam,
IPS/IDS, etc.) based on GSD311.
o Presentation of detailed IT security implementation
architecture.
o Managed the project applying PMI (first time).
o Proxy gate way consolidation – Reduction of administrative
time, cost and dependency
o Supporting ISO team to implement ISO 27001 & Auditing -
on enterprise level
o Tipping Point – Administration for enterprise level
o Supporting global regional team for day to day in Security
Operation support.
o Initiating new Information Security programmes on regional
levels
o Defining security policy for end point client based on securitycompliance policy
o Cyber Global Governance (Cyber Gate Keeper – CGK and
AV)
o Maintained Internal Vulnerability Management Program to
ensure full coverage from a system and scanning perspective;
External Vulnerability Management Program to ensure full
coverage and timely remediation.
o
• Design scripts to automate repetitive tasks automate applicationdeployments and streamline OS migrations.
• Implementation of Altiris automation and imaging
• Research new technologies and helped developed comprehensivesolutions for clients requirements.
• Developed operation & security policies and procedure, standardizeddocumentation and designed business continuity solutions.
8/4/2019 Mahmoud Yassin Ali Moustafa
http://slidepdf.com/reader/full/mahmoud-yassin-ali-moustafa 14/31
• Leading Security penetration test to many enterprise
Summary of projects with INNOKAT
Aus (American university SHARGAH)
Architected and design and implementation of a BDD 2.0 (business desktopdeployment using SMS 2005 SP2, desktop imaging and scripting.
Dubai British School (5 branches Dubai )
• Analyzed business needs and designed technical solutions to meetthe gathered requirements using Microsoft and third party solutions.
• Design Data Center Architecture and infrastructure requirements.
• Hp Blade Bl20 selection and deployment as infrastructure.
• This include AD directory design & exchange 2003 Design andimplementation.
• HP San storage capacity of 2 TB as central storage repository for allschool information
• Implementing services like DHCP, DNS, WINS.
• Implementing SMS 2005 for software distribution and batchmanagement.
• Design communication & Network & security Requirements.
• Online system for student enrollment and knowledge baseinfrastructure deployment including web based design and security.
• Online exam system deployment and security deployment for thesaid solution.
Americana head quarter
• Analyzed business needs and designed technical solutions to meetthe gathered requirements using Microsoft and third party solutions.
• Database replication, DFS, SAN storage solutions, load balancing,and clustering.
• Architected and Implemented DNS, WINS, DHCP, Windows 2003Active Directory,
• Exchange 2003, MOM 2005 and SMS 2003. Migrated - in parallel -from NT 4.0
8/4/2019 Mahmoud Yassin Ali Moustafa
http://slidepdf.com/reader/full/mahmoud-yassin-ali-moustafa 15/31
• Domain and Exchange 5.5 to Windows 2003 AD and Exchange 2003
• Designed an application hosting solution for the Restaurant networkwebsite. This is an internationally accessed website with a 24X7 uptimerequirement.
•Design Full Security for point of sale communication to Head office in
Sharja
• Design Security Access mechanism for All AD users and apply RSAtokens for Cashers and supervisor logins
• The architecture was based on a highly available and highly securerequirement that included designing a hardened installation of Windows 2003server, IPSec, firewall port configuration for a pix front end and a checkpointbackend, clustering database servers, and load balancing web servers usingF5 load balancer.
INNOKAT Data Center
• Analyzed business needs and designed technical solutions to meetthe gathered
• Requirements using Microsoft and third party solutions. This includedhardware
• Firewall, File replication, Database replication, DFS, SAN storagesolutions, network
• Structure, load balancing, and clustering. Architected andImplemented DNS, WINS,
• DHCP, Windows 2003 Active Directory, Exchange 2003, MOM 2005and SMS 2003.
•
And Exchange 2003
• Design solution for VPN connection between INNOKAT data center and its branches
Ajman E-government Data Center
• Design, Architected and implemented a solution to migrate user datafrom a standalone SQL to consolidated SQL server FARM
• Design Database Security include Data encryption
• Database to active directory and provided a web front end for
account provisioning and password resets.
8/4/2019 Mahmoud Yassin Ali Moustafa
http://slidepdf.com/reader/full/mahmoud-yassin-ali-moustafa 16/31
• Analyzed business needs and designed technical solutions to meetthe gathered
• Requirements using Microsoft and third party solutions. This includedhardware
•Firewall, File replication, Database replication, DFS, SAN storage
solutions, network
• Structure, load balancing, and clustering. Architected andImplemented DNS, WINS,
• Full Security and Risk Assessment for the whole E-governmentprogram including review of the payments interfaces with Ajman Bank
• DHCP, Windows 2003 Active Directory, Exchange 2003, MOM 2005and SMS 2003.
• And Exchange 2003
8/4/2019 Mahmoud Yassin Ali Moustafa
http://slidepdf.com/reader/full/mahmoud-yassin-ali-moustafa 17/31
Dec 2004 till Dec 2005 ETISALAT E-company web hostingsolution design and proposing manager.
• Design the technical solution built on Microsoft WEB HOSTING 3.5platform
• Designed an application hosting solution for the Company to allowEtisalat users to
• Dynamically Host their applications website. This is an internationallyaccessed website with a 24X7 Uptime requirement. The architecture wasbased on a highly available and highly secure requirement that includeddesigning a hardened installation of Windows 2003 Server, IPSEC, firewallport configuration for a pix front end and a checkpoint backend, Clusteringdatabase servers, and load balancing web servers and san access.
Security assessment of C-Panel Control panel of the web hosting and SecurityAccess mechanism for the C-Panel
• Manage customer presentation and demo
• Participating in writing the RFP
• Lead the implementation team
• Lead solution acceptance from customer
• Lead Internal and external security penetration in white-box and
black-box mode using SAINT penetration tools
• Draft the legal agreement for the Web hosting users highlighted theEtisalat responsibility and customer responsibilities in term of security
• Prepare and introduce implementation team
Ajman E-government portal design project manager
• Design the customer requirements document
•
Participating writing the RFP
• Lead solution acceptance from customer
• Lead deployment project for first phase of Ajman free market portal
National bank of Oman Security as service assessment and lead RFP process project
• Define customer requirement from implementing the Google securitysolution
• Leading the integration team to integrate the core banking DB to
Encrypted traffic thru all application layers.
8/4/2019 Mahmoud Yassin Ali Moustafa
http://slidepdf.com/reader/full/mahmoud-yassin-ali-moustafa 18/31
• Applying Data Classification and writes management with MicrosoftRMS
• Lead solutions acceptance from customer
Jan-2005 till DATE Senior technology consultant (Abu Dhabi department of
finance (DOF)
• E-government project Migrate DOF Active directory with Customdepartment in one forest using federation services
• Define E-government GPO's participating with /ADS IC
• Supervise and manage implementation project
E-government project Exchange server 2005 mail system(DOF& Custom department)
• Define the current mail system
• Define the scope of the E-government initiative for mail system
• writing the RFP for vendors to apply
• Choose best vendor
• Supervise and manage implementation project
• National E-Payment gateway consultation project
• Prepare the RFP for vendors to apply highlight the securityrequirements from payments solution
• Supervise the proposing phase on behave of DOF
• Choose best vendor
• Supervise and manage implementation project
• Study the change management process & reengineering to deploynew value added payments services with NBAD
MTC ATHEER at Iraq Infrastructure
• Prepare the technology platform for the ISP
• Design Company security Policy and procedure
• Design the Data Center Hardware and Physical Security
•
Lead the security testing across all layers
8/4/2019 Mahmoud Yassin Ali Moustafa
http://slidepdf.com/reader/full/mahmoud-yassin-ali-moustafa 19/31
• Lead the security Program certification from Regulation authority inIRAQ
• Design the full Physical Security in the company and design logicalaccess control
•Risk Assessment and Manage internal Controls to mitigate risks
8/4/2019 Mahmoud Yassin Ali Moustafa
http://slidepdf.com/reader/full/mahmoud-yassin-ali-moustafa 20/31
Microsoft
Dec 2002 Nov 2004
Microsoft Security consultant ( Online Services Division )Internal division for Microsoft Data Center
Online Services Division
Microsoft Online Services Security and Compliance (OSSC) is Department that leadand manage all logical & physical security design, survey, audit, and related securityconsulting services Microsoft worldwide critical infrastructure including data centers,leased collocations, and other types of facilities. My Role as Security Consultinginclude working directly with other internal teams as well as provides direction to adedicated vendor team in such areas as security system design, projectmanagement, risk analysis, and Infrastructure surveys. My role is also responsiblefor working directly with numerous external security vendors as well as other vendor organizations like architects, engineers, and construction / project managers toensure accurate and timely delivery of services.
Notable Attainments:
•
Part of the SOC Monitoring and Operations team and taking care of new tasks deliverables
• Monitoring nfx & SCOM SIM. Doing correlation analysis of Microsoftinternal and external Data and voice traffic validating the traffic based oncorrelation, identifying any service degradation or outage and recommendingapplicable action to operation support
• Managing a Threat Management specific to Datacenter segment,configured and managing Symantec threat Management console.
• Closing working with SIRT team to identify risks, and mitigation
• Coming up with Policy procedure based on information securityrequirement
• Responsible for the coordination, installation, upgrade andconversion or servicing of alarm systems, access controls, video cameras,burglary, radio systems and all other types of physical security equipment.
• Approve/modify all security contractor designs.
• Oversee all projects to ensure they are delivered in accordance withestablished requirements and deadlines and within budget.
• Provide system solutions of specific security concerns identifiedthrough contract, legal, regulatory or industry requirements.
8/4/2019 Mahmoud Yassin Ali Moustafa
http://slidepdf.com/reader/full/mahmoud-yassin-ali-moustafa 21/31
• Develop, manage, and maintain security related processes,procedures, system baselines, training, and improvement plans.
• Document and improve work processes in order to make workflowmore efficient and productive.
•Collaborate across groups such as Data Center Operations, Data
Center Development, Security Operations, Global Security Operations Center (GSOC) and other Security Consulting groups to overcome challenges anddeliver results.
• Lead a team of vendor Security Consultants/Project Managers todesign security systems, manage projects, and conduct risk assessment or site surveys while maintaining currency with industry best practices and stateof the art design guidelines utilized by the Security program.
• Direct external relationships to ensure the viability of all securitysystems, legacy and new, with the goal of minimal business disruptions asthe result of failed or improperly configured or installed systems.
• Implement technology solutions aligned with Microsoft securitystrategy and budget guidelines.
• Research and recommend appropriate technical security physicalsystems (CCTV, access control, alarm, etc.) and design and/or engineer such systems for specific applications to achieve security program goals.
• Ensure state-of-the-art physical security programs, methods andequipment by conducting research through benchmarking and evaluation of vendor-provided products and services.
• Develop and administer processes for internal and external security
system audits and serve as primary contact for such audits when required.Represent the security capabilities and operations procedures to internal andexternal auditors and be accountable for ensuring those capabilities aredesigned in conformance with audit requirements.
• Act as primary contact for security system emergency issues.
• Participate in OSSC Security budgeting process as well as contributeto others budgeting processes for security system needs in other groups.
Projects
Microsoft Dubai Data Center
Data Center Physical Security Project Evaluation
1- CCTV
2- Access card system
3- Access procedures and control
Staff login and access Rights thru VPN
1- VPN Access use policy
8/4/2019 Mahmoud Yassin Ali Moustafa
http://slidepdf.com/reader/full/mahmoud-yassin-ali-moustafa 22/31
2- VPN security measure
3- Use Smart Card access
4- Quick and Efficient mechanism for Access
MS Data Center Dubai Join the EMEA private Cloud
1- Define the requirements
2- Define security gaps
3- Define access rights policy
Password management appliance
1- Enterprise Password Vault
2- Remote Access firewall for external parties’
Local Forensic Team
1- Act as local forensic team in cases of MS staff violation
2- Include Redmond Forensic Team in any case need to beescalated.
8/4/2019 Mahmoud Yassin Ali Moustafa
http://slidepdf.com/reader/full/mahmoud-yassin-ali-moustafa 23/31
Fujitsu (Egypt-UK-USA)
Jan 2001 – 30 Nov 2002 Senior Infrastructure &
security Consultant
• Total Project manager for Infrastructure ,security of the core bankingsystem
• Implementing security during SDLC of the core banking system fromold system UNIX & Oracle to windows & Oracle using PowerBuilder interface(the project implemented at agriculture & development bank of Egypt firstphase 200 branch delivered 100 branches up till now.
• Manage the Internet banking security platform for the bank.
Job Accountabilities:
• Building and managing the infrastructure & security team
• Actively involved throughout the qualification process; takes a leadrole in the Assessment of the commitment of the company (including 3rdparties) and the Customer and the associated risk prepare and validate theproject plan.
• Acquires, assesses, assigns and manages the resources required(the company and/or 3rd parties/suppliers) for the project.
• Plans, monitors and controls project. Decides and appliesmethodology. Build and
• Maintain project plan using project planning tools (prince 2) andtechniques. Implement project review, change control and acceptanceprocedures that conform the chosen project methodology.
• Identifies issues and assesses risk pre-bid throughout the project life.Identifies and executes a course of actions designed to minimize or avoidrisk. Develop risk models.
• Take accountabilities for the project financials. Produce and maintain
the project P&L. produces revenue, profit, cash flow actual, and forecasts.Ensure and authorize
• Revenue-earning deliverables to be processed for payment.
• Defines the quality management system and overall Quality Plan.This plan will contain and identify Quality control responsibilities for allaspects of the project, including the audit process.
• Provides input to the contract negotiations between the company andthe customer and 3rd parties. Defining the key milestones / attributes /deliverables / planning / reporting and review process.
• Manages conformance to the contract and delivery of commitments.
8/4/2019 Mahmoud Yassin Ali Moustafa
http://slidepdf.com/reader/full/mahmoud-yassin-ali-moustafa 24/31
• Defines and agrees with the client needs for ongoing supportservices.
• Define and adheres to a regular reporting process both internally andconfirming to the corporate requirements.
8/4/2019 Mahmoud Yassin Ali Moustafa
http://slidepdf.com/reader/full/mahmoud-yassin-ali-moustafa 25/31
Technical Responsibility Highlights
• Maintain Secure High Availability CITRIX farm to over 1800
Concurrent Connections for Bank employees with NFUSE, XML and CSGservices in an ASP environment.
• Implement and Manage Microsoft Cluster servers for File/Printservices and SQL servers.
• Provide team leadership and management skills on software andhardware
• Implementations.
• Work with security internal systems to provide intrusion detection,audit capabilities, a secure environment.
• Design, implement, and administer Patch Deployment plan usingBigFix.
• Implement SOL 2000 Reporting services to provide custom reportsfor internal services as well as end users.
• Provide Application Design guidelines for new custom applications inan ASP environment.
• Manage multiple environments for application testing during variousstages from alpha release to production.
• Work with management to create deployment processes andprocedures to create a stable production environment.
• Troubleshoot and document new application implementations in aCitrix environment.
• Manage deployment of new servers to allow for growth of Citrixenvironment.
• Create Document Standards for all team documentation.
• Manage Central Storage point of all documents created by asp teamusing Microsoft SharePoint 2003 services.
• Create disaster recovery plan for quarterly testing all enterprisesystems within Provide high level troubleshooting skills for resolving complexhardware and application.
• Issues within a multiple team conflict resolution CAT.
• Work with network operations to manage 4 terabyte SAN provide titleplant image services and SOL 2000 database storage.
• Manage and verify SOL 2000 backups and redundancy on MicrosoftCluster Servers.
• Create custom SOL scripts for data migration and data manipulation.
8/4/2019 Mahmoud Yassin Ali Moustafa
http://slidepdf.com/reader/full/mahmoud-yassin-ali-moustafa 26/31
• Create and manage custom reports using SOL 2000 reportingservices for internal services
• Work with WAN team to implement firewall updates for new softwareimplementations and troubleshoot connectivity issues.
•
• Provided management of assigned projects that allowed on timeenvironment and application rollouts.
• Lead software-design sessions from design recommendations toproduction requirements.
• Designed, created, and managed complete parallel test environmentfor alpha testing new software application implementation.
• Evaluate and review new software applications and Hardware for enterprise implementations
• Implement and manage Web Trends reporting for multiple enterpriseweb site trend analysis
8/4/2019 Mahmoud Yassin Ali Moustafa
http://slidepdf.com/reader/full/mahmoud-yassin-ali-moustafa 27/31
System Engineer (Fujitsu Egypt)
• Part of Project team for implementation 8. customization of Core
Banking system for Bank Of Alexandria Implementing, and customizing thepackage for core banking system Unix & Informix (the project implemented atbank of Alexandria 90 branches all over Egypt).
• Sharing in implementation, Data Conversion 8.. Staff supervision inBank of Alexandria Project Phase 1.
• Introduce technical consulting in Cairo Far East bank Project.
• Technical Project Manager for RAFDAIN Bank in Abu-Dhabi, and
• Introduce technical consultant to ICL-Emirates.
•
Sharing in Pre-sales activities for ARA-Bank Applications (Proposalsand presentation).
- Feb,1998- Jan2001 (Technical project Manager international computer limited (I.C.L) Egypt,
• Analysis, design, development, training and support of the Automaticswitch System for the ATM system Cairo Bank of Egypt, the main objective of this project is to enhance the performance of the implemented SLM-SOFTATM network allover Egypt.
•
Participating at design & analysis for I.C.L banking switch andmanage development team.
• Analysis and development was done for both member nodes and thecentral node.
• Analysis, design, development, training and support of the credit &ATM Card Issuance System for maintaining the personal of Cairo bank'scardholders. The application generates cards and PIN numbers for each newclient.
• Pre-sales support for both of the above systems.
• During my last working year in the company I took over themanagement of the Automatic Teller machine.
• Visual Basic 6.0, and Visual C++, as well as MS-SQL Server 7, andAccess 97 &
• Informix as database engines were used in the previous two
systems.
- Feb,1996- March 1998 (InformationSystem Specialist Al-AHRAM News Paper Management and computer Center (A.M.A.C)
8/4/2019 Mahmoud Yassin Ali Moustafa
http://slidepdf.com/reader/full/mahmoud-yassin-ali-moustafa 28/31
• One of the largest software house for commercial computer servicesenterprises.
• Analysis, design, development, training and support of the billingsystem for electric company of Egypt which deals with data over 30,000,000records per month the system implanted on IBM 9000 mainframe with
language COBOL & db2 database.
• Analysis, design, development, training and support of thedistribution System for maintaining the distribution of AL-AHRAM newspaper presses at Egypt and outside Egypt.
• Analysis, design, development, training and support of theAdvertising System for maintaining the advertising accounting at AL-AHRAM.
• During my last working year in the company I took over themanagement of the electric billing system.
• COBOL, Visual Basic 6.0, and Visual C++, as well as MS-SQL
Server 7, and Access 97 & 082 for mainframe as database engines wereused in developing the previous three systems.
Free Lancer consultant:
- General Company for telecommunication
o Oracle DBA performance & tuning on HP UNIX servers
- Prima soft (Egypt)
o Design Data Warehousing system for ERP System(Heat)
- Arab contractors (Osman Ahmed Osman)
o Design & Development for Enterprise web site
o Design & Development for human resource system
- General Motors Egypt
o Inventory control for spare parts
- GAZEL ELMAHLA (textiles &weaving)(graduationproject)
o analysis, design, development & implementing online
internet
o Retail system for hyper markets (multi branches).
Education
- B.Sc. in Of Business Administration (ManagementInformation System)Cairo University 1996 – English section
Certification Status
8/4/2019 Mahmoud Yassin Ali Moustafa
http://slidepdf.com/reader/full/mahmoud-yassin-ali-moustafa 29/31
Title Date Achieved
Oracle Certified DBA VER 8 Oct 31, 2002
Microsoft Certified Professional Dec 24, 2000
Microsoft Certified Systems Engine Feb 28, 2001
HP blade infra structure certification 2002
Certified Sun Solaris Administrator version 7 June .2003Certified CISSP 2004
Certified ITIL VER 1 2005
Certified PMP 2005
Certified COBIT 2009Renew Certification CISSP 2010CISA Certification 2011Certified for CIRSC 2011Applied for ISO 27001 Lead auditor in process 2011
Training (management & planning courses)
- Project Planning.
- Practical Project Management.
- Business Report Writing Skills.
- Effective Presentation Skills.
- Project Management.
- Practical Business Risk Management.
- Effective Management Skills.
- Effective Time Management.
Technical courses
- Windows 95. (MCP CERT[FIED)
- MS-SOL Server 7.0 Course, Microsoft Egypt, September1999.
- Implementing and Supporting NT Server 4.0. (MCP)
- Implementing And Supporting NT 4.0 Workstation.(MCP)
- SOL Server 7.0 Administrating. (MCP)
- SOL Server 7.0 Implementing. (MCP)
- UNIX courses I.C.L Egypt
- Oracle administrating courses 3t version 7
- Informix administrating & development
8/4/2019 Mahmoud Yassin Ali Moustafa
http://slidepdf.com/reader/full/mahmoud-yassin-ali-moustafa 30/31
- Security courses for Racal[ system at banking
- TCP/IP course (MCP)
Banking technical courses
Payment institute (Organized By! NACHA –National automated Clearing house Associations): Washington University –Seattle
- Check Technologies
- Online Retail Payments.
- Cross Border Payments. Wire Transfer Systems.
- Risk Management.
- Electronic Data Interchanges (EDI).
- Swift operations & technologies.
Courses related to IBM mainframe operatingsystem:
• VSE/ESA OS
• COBOL mainframe
• Assembler mainframe
• CICS (online programming for application
• DB2
•Nonstop operating system
• Nonstop S.Q.L
Personal Information:
• Nationality: Egyptian
8/4/2019 Mahmoud Yassin Ali Moustafa
http://slidepdf.com/reader/full/mahmoud-yassin-ali-moustafa 31/31
• Visa status: resident
• Dale of birth : 14/05/1975
• Marital Status: Married
• Personal e-mail: myassin75@gmail.com
o Myassin66@hotmail.com
o Myassin2004@yahoo.com
• Work-mail: Mahmod.yassin@nbad.com
• Mobile No.: 0508116825 -0556776977
• Languages
o Arabic Native Speaker English – Excellent Deutsch: fair
French : beginner