Data Protection · SOC Operations · GRC · Penetration Testing
CEH | ISO 27001 Lead Auditor | CISSP (Expected Q4 2026)
Location: Riyadh, KSA | Iqama: Transferable | Experience: 5+ Years
------------------------------------------------------------
BY THE NUMBERS
------------------------------------------------------------
37+ CVEs disclosed — CERT-In Hall of Fame
96 Vulnerabilities discovered across 8 pentest engagements
40% Drop in data exfiltration incidents within 60 days
1,200+ Security alerts triaged monthly in SOC operations
------------------------------------------------------------
WHO I AM
------------------------------------------------------------
A cybersecurity professional with 5+ years across SOC operations,
enterprise DLP, SOC, and offensive security — with hands-on delivery
inside Saudi Arabia's regulatory landscape (SAMA CSF, NCA ECC, PDPL).
I don't just flag risks. I remediate them, build the governance
around them, and reduce noise so security teams focus on what matters.
Recognized by India's national cyber authority CERT-In for responsible
disclosure of critical vulnerabilities across major organizations.
------------------------------------------------------------
WHAT I'VE DELIVERED
------------------------------------------------------------
► Deployed enterprise DLP across 3,000+ endpoints at Zahf Technologies,
reducing data exfiltration incidents by 40% within 60 days of go-live
— fully aligned to SAMA CSF and ISO 27001 Annex A.
► Reduced DLP false positives by 35% by reengineering 40+ detection
rules using regex, keyword dictionaries, and document fingerprinting
— cutting SOC alert fatigue by half.
► Integrated DLP with Splunk and Microsoft Sentinel via custom
correlation rules, slashing DLP incident response time by 45%.
► Identified 14 critical logic flaws across 8 pentest engagements
— privilege escalation, broken access controls, insecure APIs —
that had evaded existing controls for an average of 18 months.
► Built an organizational risk register covering 20+ threat categories
with a heat-mapped treatment plan adopted for board-level quarterly
reporting (NIST SP 800-30 methodology, mapped to SAMA CSF & NCA ECC).
► Triaged 1,200+ monthly alerts at Fronesis Solutions, reducing
mean-time-to-detect from 6 hours to under 2 hours — and uncovered
6 previously undetected threat actors through proactive threat hunting.
► Automated 8 high-frequency SOC tasks using Python and PowerShell,
recovering 20% of analyst capacity monthly.
------------------------------------------------------------
RECOGNITION
------------------------------------------------------------
CERT-In Hall of Fame — India's National Cyber Authority
Responsibly disclosed 37+ critical vulnerabilities across:
• TATA Health (1MG) • L&T Metro (TSavaari)
• Shopclues • Lenskart
• TApp Folio • Multiple fintech platforms
Zero vulnerabilities exploited in the wild post-disclosure.
------------------------------------------------------------
CORE EXPERTISE
------------------------------------------------------------
Saudi Frameworks: SAMA CSF | NCA ECC | PDPL | CITC Regulations
Compliance: ISO 27001:2022 | NIST CSF | PCI-DSS v4.0 | GDPR
DLP & Protection: Policy Design | Data Classification | Fingerprinting
Security Ops: SIEM | SOAR | IDS/IPS | SOC Procedures | Playbooks
Threat Operations: MITRE ATT&CK | Threat Hunting | DFIR | Malware Analysis
GRC & Risk: Risk Register | BIA | TPRM | KPI/KRI | Audit Readiness
Vuln Management: Pentest | CVSS | OWASP Top 10 | SAST/DAST
Cloud & Endpoint: AWS GuardDuty | Azure Defender | CrowdStrike Falcon
SIEM Platforms: Splunk | Microsoft Sentinel | QRadar | Kibana
Network Security: Fortinet | Palo Alto | Cisco
Testing Tools: Burp Suite | Metasploit | Nmap | Nessus | Qualys
Automation: Python | PowerShell | Bash | Git
------------------------------------------------------------
CERTIFICATIONS
------------------------------------------------------------
[]✓] CEH — Certified Ethical Hacker
[]✓] ISO/IEC 27001:2022 Lead Auditor
[]✓] Fortinet Cybersecurity Associate
[]✓] Google Cybersecurity Analyst
[]✓] Cisco Ethical Hacker
[]✓] Palo Alto Networks Cybersecurity
[] ] CISSP — Expected Q4 2026
------------------------------------------------------------
OPEN TO ROLES IN RIYADH
------------------------------------------------------------
Information Security Specialist | SOC Analyst | GRC Analyst | DLP Engineer | Cyber Security Analyst | Information Security Consultant | Penetration Test Consultant | IT Security | and any IT, Network or security related roles.
Please reach out via:
Phone:+966-542926188
Portfolio: https://fahads.info
Email: [email protected]
LinkedIn: https://www.linkedin.com/in ...
============================================================