Work Experiences

2013

Super Enterprise Associates Ltd. – Supenta (Contract)
Information Technology and Security Consultant, Enterprise Network Infrastructure and Web Security Design based on COBIT 5 and ISO/IEC 27001:2005.

Recommended preventive, mitigating, and compensating controls to ensure the appropriate level of protection and adherence to the goals of the overall information security strategy. Conducted technical risk evaluation and penetration test of hardware, software, and installed systems and networks. Assisted in the development of access-controls, separation of duties, and roles. Assisted with testing of installed systems to ensure protection strategies are properly implemented and working as intended. Deployed incident response and recommended corrective actions. Communicated with personnel about potential threats to the work environment. Participated in development and maintenance of global information security policy. Security lead on new product design team. Consulted Business continuity planning. Mentored and trained technical group in information security.

2011-2012

Behi Home Appliances Ltd. (Contract)
Information Technology and Security Consultant, Enterprise IT Infrastructure and Security Design based on ITIL and ISO/IEC 27001:2005.
 
Responsible for enterprise IT infrastructure and security design based on ITIL and ISO/IEC 27001:2005 and project management of implementation of corporate information system and technology infrastructure. Evaluated system IT architecture efficiency and security solutions, developed security awareness, coordinated business continuity plan and incident response emergency plan. Trained and mentored employees in many job descriptions regarding security and system basics, best practices, etc. Documented exiting and in-development policies, procedures, and systems. Deployed distributed intrusion detection sensor network and Assessed  threats, risks, and vulnerabilities from emerging security issues. Publish Security Updates newsletter for technical groups. Developed enterprise security plan and guidelines for system configuration.

2008-2011

Yasa Data Processing and Communication Co.
CTO – ISO 27001 Lead Auditor

Responsible for technical leadership for corporate security and customer security services. Duties included management of the technical department, developing security principles/policy/ guidelines, coordinating business continuity planning, evaluating and designing security solutions, developing security awareness and  risk management process, leading penetration testing and developing incident response emergency plan. All security issues based on ISO27001:2005, COBIT 4.0/4.1 and SoX. Used previous experience in company to focus on securing information and systems. Trained and mentored employees in many job descriptions regarding security and system basics, best practices and standards. Security lead on new product design team. Audited ISMS projects based on ISO27001:2005 and BS7799:2003.

2003-2006

Yasa Data Processing and Communication Co.
Senior Information Security Consultant – BS7799 Lead Auditor

Provided technical consultant to the enterprise for the information and network security projects. Mentor and train others in information security group in addition to training for clients’ technical groups. Install and maintain security infrastructure, including IPS, IDS, log management, and security assessment systems. Assess threats, risks, and vulnerabilities from penetration testing and risk management process. Responsible in development of incident response and recommend corrective programs. Managed process and acted in the lead role for ISMS implementation team. Performed and created procedures for total ISMS establishment based on ISO 17799 and ISO 27001. Design and install backup systems.

2003-2005

Technitrust Ltd.
Information Security Consultant – Project Manager

Provided technical management and consultant to the enterprise for the information security projects. Responsible in projects for preventive, mitigating, and compensating security controls to ensure the appropriate level of protection and adherence to the goals of the overall information security strategy and programs specially based on COBIT 4  and BS7799.  Assisted in the development of access-controls, separation of duties, and roles. Conducted technical risk evaluation of hardware, software, and installed systems and networks. Assisted in development of  incident response and recommend corrective programs. Participated in development and maintenance of information security management system policy.

2001-2002

Ansari GmbH.
Network and Security Technical Manager – Core Systems Development

Responsibilities included network team management, documentation, and system design. Acted as senior network administrator for troubleshooting, maintenance, upgrades, new installations and support on the core networks consisting of Cisco routers, Switches, VPN Concentrators and Firewalls. Inter-connecting various client sites through VPNs and modernization of firewalls, and inbound e-mail security and robustness. Carrying out function- and performance tests. Configuration of multi-homed backup solutions.

2001-2002

Chavoosh Rayaneh Sepahan Co.
Network Administrator - Core Systems Development

Participated in creation of Systems Operations Centre for the company, which maintained an Internet service providing system and relevant applications. Responsibilities included administration and support for existing data network and security controls, as well as creation and implementation of new equipment and network services. Presented options to management for the enhancement of DNS, firewall, mail server, and web servers based on Cisco 2900/3600 series routers and Windows 2k.