Security Leadership & Strategic Vision

With an Executive MBA and 12+ years of experience, I specialize in aligning security initiatives with organizational objectives, reducing risk exposure, and building resilient frameworks that support growth and innovation.

Seasoned Security Leader with Proven Track Record

CISSP-certified Information Security Officer with 13 major certifications, Executive MBA, and extensive international experience across Europe and the Middle East. Expert in security strategy, SOC operations, DevSecOps, and regulatory compliance (PCI DSS, GDPR). Fluent in English and Arabic.

Technical Excellence Meets Strategic Vision

From threat hunting and incident response to cloud security architecture and DevSecOps implementation—I have hands-on expertise across the security spectrum. GIAC-certified in multiple domains with experience leading teams to build robust defenses while maintaining operational agility.

Collaborative Security Approach

I believe in collaboration and knowledge sharing in the security community. With experience implementing enterprise solutions and managing cross-functional stakeholder engagement, I value a collaborative approach to security.

CISSP Certified

Executive MBA Graduate

12+ Years Experience

Get in Touch View Credentials

QUALIFICATIONS

Certifications & Education

Professional Certifications

Certified Information Security Manager

ISACA certification for experienced security professionals who manage, design, oversee, and assess an enterprise's information security. Focuses on information risk management, program development, governance, incident management, and compliance.

Certified Information Systems Security Professional

Premier ISC² certification proving deep knowledge across eight security domains: security and risk management, asset security, security architecture, communication and network security, identity and access management, security assessment, security operations, and software development security.

GIAC Defensible Security Architecture

Validates skills in designing and implementing secure network architectures. Covers defensive security architecture principles, network segmentation, monitoring strategies, and building systems that can detect and respond to threats effectively.

GIAC Certified Detection Analyst

Certifies professionals in detecting and analyzing security threats using SIEM platforms. Covers log analysis, detection engineering, threat hunting techniques, alert triage, and implementing effective security monitoring strategies.

GIAC Public Cloud Security

Validates expertise in securing cloud environments across AWS, Azure, and GCP. Covers cloud security architecture, identity and access management, data protection, compliance, incident response, and cloud-native security services.

GIAC Defending Advanced Threats

Demonstrates ability to detect, respond to, and defeat advanced persistent threats (APTs). Covers threat intelligence, adversary tactics, malware analysis, network forensics, and advanced defense techniques against sophisticated attackers.

Certified DevSecOps Professional

Validates expertise in integrating security practices into DevOps workflows. Covers secure CI/CD pipelines, container security, infrastructure as code security, automated security testing, and implementing security controls throughout the development lifecycle.

GIAC Exploit Researcher and Advanced Penetration Tester

Advanced certification for expert penetration testers. Covers exploit development, reverse engineering, advanced exploitation techniques, vulnerability research, and sophisticated attack methodologies for identifying critical security weaknesses.

GIAC Penetration Tester

Certifies skills in conducting penetration tests and vulnerability assessments. Covers reconnaissance, scanning, exploitation, post-exploitation, and reporting. Validates ability to identify and ethically exploit security vulnerabilities in networks and systems.

GIAC Web Application Penetration Tester

Validates ability to test web applications for security vulnerabilities. Covers OWASP Top 10, SQL injection, XSS, authentication flaws, session management issues, and modern web application security testing methodologies and tools.

Offensive Security Certified Professional (OSCP)

Highly respected hands-on penetration testing certification requiring candidates to successfully attack and penetrate various live machines in a controlled environment. Validates practical offensive security skills.

CREST Registered Tester (CRT)

International certification for penetration testers demonstrating technical competency in vulnerability assessment and penetration testing. Recognized by governments and organizations worldwide.

HP ArcSight ESM 6.5 Security Administrator and Analyst

Certification for HP ArcSight Enterprise Security Manager platform administration and security analysis. Covers SIEM deployment, configuration, correlation rules, and security event analysis.

Academic Credentials

Central European University

Executive Master of Business Administration (MBA) · Business Administration, Management and Operations

A dual-accredited EMBA program recognized in both the United States and the European Union. CEU is a U.S.-chartered university (New York State) and an accredited institution in Austria, offering a globally recognized Executive MBA. AMBA-accredited and designed for experienced professionals, the program combines U.S.-style academic rigor with a European focus on leadership, strategy, and navigating complexity in global markets.

Arab Academy for Science, Technology and Maritime Transport

Bachelor of Science in Computer Engineering

ABET-accredited, ISO 9001-certified program with international academic alignment through a dual-degree partnership with the University of Northampton (UK). The curriculum focused on advanced system design, embedded computing, and digital technologies, combining hands-on lab experience with theoretical rigor. Trained to solve real-world problems under multidisciplinary and global constraints.

TECHNOLOGY

Technical Expertise & Tools

SIEM & Security Analytics

Splunk Enterprise Security Elastic Stack (ELK) IBM QRadar ArcSight

Cloud Security

AWS Security Hub AWS GuardDuty Azure Security Center GCP Security Command Center

Network Security

Palo Alto Networks Cisco Firepower Fortinet Cloudflare Zeek (Bro) TippingPoint

Vulnerability Management

Qualys Tenable Nessus Rapid7 InsightVM Burp Suite

DevSecOps & IaC

GitLab CI/CD Terraform Docker Kubernetes SonarQube

Programming & Scripting

Python PowerShell Bash C/C++ Java SQL

Frameworks & Standards

NIST Cybersecurity Framework ISO 27001 PCI DSS MITRE ATT&CK CIS Controls

INSIGHTS

Latest from the Blog

December 2, 2025

When AI Meets Emotional Manipulation: A Modern Social Engineering Case Study

A disturbing case study in modern social engineering: how AI-powered romance scams exploit emotional vulnerability. Why cybersecurity is fundamentally about people, not technology, and what we can learn from these attacks.

November 16, 2025

There ARE Stupid Questions (And Why That's Actually Good)

Why acknowledging that stupid questions exist creates better psychological safety than pretending all questions are equal. Practical insights on building question culture and creating environments where inquiry thrives.

August 20, 2025

Offline Media Transcription with Whisper OpenAI

Transform lengthy videos into searchable, editable text using OpenAI's Whisper ASR. A practical guide to local transcription covering installation, model selection, and GPU acceleration on Windows.

LET'S CONNECT

Get in Touch

✉ Email Me Github in LinkedIn

Based in Vienna, Austria