Beratung | Partners in IT and ICS/OT Security | Penetration Testing

Beratung | Partners in IT and ICS/OT Security | Security Operation Center | Vulnerability Mgmt. | ISO 27001  | Penetration Testing | IEC 62443 OT

Professional skills

1. Networks LAN, WAN (IP MPLS), Routing and switching, the configuration of Cisco routers et switches.
2. Protocols: TCP/IP, MPLS, HTTP, FTP, DNS, SMTP, Telnet, SNMP,RIP, OSPF, TR-069.
3. GSM, GPRS, UMTS. Simulation: Packet tracer, Gns3.

Systems & Databases

1. Systems Administration Linux and Windows Server
2. Databases: SQL Server, Oracle 10g, MySQL, Postgresql, MS Access ,MariaDB, DataBases design.
3. Virtualization: VirtualBox, VMware, VSphere client.

Programming & Scripting

1. ShellUnix, C/C++/C#, Java, Pascal/Delphi, SQL/PLSQL,Python, Groovy.
2. Web: HTML5/CSS3, XML, Java Script, PHP.
3. IDE: Visual Studio, Eclipse, Netbeans, Borland Delphi.
4. Design & conception: UML, 2TUP.
5. Frameworks: JEE: JSF, Facelets, Primefaces, Richfaces, Vert.x.
6. Servers: wamp, Tomcat, nginx, apache.

Testing
Spock FrameWork, Groovy unit test

IT Security

1. OWASP, Web applications pentesting, Audit, Network security and Analysis, Firewalls, Linux
2. systems security. Tools: Wireshark, Kali Linux Tools, Mod_Security.

Office automation

1. Libre Office, Microsoft Word , Power Point, Prezi

ISO 27001 und IEC 62443 OT Implementation 

Penetration Testing: Web, Hardware and Software

Overview: Penetration testing, network security, compliance management, hardening, real-time monitoring,
vulnerability & patch management, project leading and coordination.
Jul 2020 - Now
Oct 2016 – Jun
2020

Apr – Sep 2016

Nov 2014- Apr
2016

Operational Security Engineer – Brainloop
Vulnerability management, Compliance management, Penetration Testing, Infrastructure
security, Antimalware, Privileged Access Management, Firewalls, Identity access
Management, ISO27001, Cloud computing Security, Kubernetes.
Server Security Specialist - UniCredit Integrated Business Solutions Germany
Team : Cyber Infrastructure Security
Patch Management Project Leader: The principal focal point of patch management in
UniCredit group. Process and Plans writing, controlling the patching activities running
by IBM and all other provides in the group. Reporting and KPIs for the top
management. Initiatives taker for the patching workflow enhancement. Coordination
between different patching teams. Launching Fast Tracks against critical vulnerabilities
like WannaCry and Mellte down and Spectre. Change and incident management.
Hardening technical responsible: Design and implementation of Hardening guides in
IBM Bigix Environment using Unix Schell, IBM Relevance Language and XML.
Reporting, Automation and KPIs. IBM BigFix infrastructure designing, upgrading and
configuration. Installation of thousands of Servers and managing an environment
containing more than 100 thousands machines. Bigfix network infrastructure
upgrading. Hardening of Operating systems: Windows, Linux, Solaris, HP-UX and AIX.
Tools development: developing automation tools for the team using Java, shell and
IBM relevance language.
Network & Security developer engineer
EvoConnect, Munich
Development of Single Sign On HTTP Proxy : groovy/java, spock framework,vert.x
Implement secure storage solution: python, docker, mariaDB, modsecurity.
Studienseminar in "German Actuality" (from 1 Nov to 11 Nov) in Ludwigsburg.
System and security engineer
SOFRECOM Tunisia: Orange Labs Products and Services.
Orange Zebra payment platform: Security of system and network architecture.
Migration from physical network architecture to a new one based on Cloud Computing
(OpenStack - CloudWatt -OpenWatt) : Study and design of the new architecture.
Development of security audit solutions.

Oct 2014 –Nov
2014

Orange Money: Mobile payment security.
Hardening OS Redhat and Applications bases (Apache, Zend, MySQL, Oracle, PHP...).
Ensuring connectivity with Orange's Partners.
Setup, configure, debug VPN (PFSense, IPSEC), Proxy (SQUID) and Reverse Proxy (Apache),
SSL...Setting up a Log Management Project: Pentesting and Ethical Hacking (OWASP) of an
M-Payment Solution. Reports and useful documents redaction.
Integration, installation and configuration of: Apache, MySQL, Tomcat, Squid, Nginx,
Kannel, Elk (elascticsearch logstash and kibana), syslog-ng, pfsense.
Software development engineer (JEE – TR-069)
IT SERV – Telecoms department.
Implementation of TR-069 protocol
Participation in the design of a new ACS based on Openacs (Auto Configuration Server).

Feb – Jun 2014 Hardware Design Verification Engineering

ST MICROELECTRONICS – Micro-Controller Division (MCD)
Proposition of a new functional verification technique based on SystemVerilog Assertions.

Sep - Juin 2012 System and network Administration.

Francophone Digital Campus of Tunis « campus numérique francophone de Tunis » (AUF &
IFIC). Mission: Administrated two IT park networks (LS, ADSL and LAN, Polycom HDX, MAC –
Linux operating systems).

July - Aug 2012

Feb 2011 – Jun
2011
IT Security developer
SagemCom Software and Technology.
Development of a vulnerability scan web application (in JAVA) in order to test the adequacy
of the configuration interfaces of Gateway Sagem with the OWASP standard.
Java/JEE Developer
Study and implementation of an auto-configuration ACS server using the TR-069 protocol.

Academic Backgrounds

Partner 1: Dr. Aymen Gatri PhD Communications Engineering MBA and BSc Electrical Engineering 14+ Erfahrungen
Author https://www.lehmanns.de/shop/recht-steuern/53846694-9783961382071-global-cyber-defense-agile-strategy
https://www.langer-blomqvist.de/next-generation-optical-wireless-communication-systems-a-systems-approach-gatri-aymen-9783959354998.html

Partner 2: Diplom-Ingenieurin (Uni) Informationstechnik  Hamza ben Ammar Cybersecurity "Certified Ethical hacker" Dipl Ingenieur 10+ Cybersecurity Erfahrung