Data Protection · SOC Operations · GRC · Penetration Testing
CEH ISO 27001 Lead Auditor CISSP (Expected Q4 2026)
Location: Riyadh, KSA Iqama: Transferable Experience: 5+ Years
------------------------------------------------------------
BY THE NUMBERS
------------------------------------------------------------
37+ CVEs disclosed — CERT-In Hall of Fame
96 Vulnerabilities discovered across 8 pentest engagements
40% Drop in data exfiltration incidents within 60 days
1,200+ Security alerts are triaged monthly in SOC operations
------------------------------------------------------------
WHO I AM
------------------------------------------------------------
A cybersecurity professional with 5+ years across SOC operations,
enterprise DLP, SOC, and offensive security — with hands-on delivery
Inside Saudi Arabia's regulatory landscape (SAMA CSF, NCA ECC, PDPL).
I don't just flag risks. I remediate them, build the governance
around them, and reduce noise so security teams focus on what matters.
Recognized by India's national cyber authority CERT-In for responsible
disclosure of critical vulnerabilities across major organizations.
------------------------------------------------------------
WHAT I'VE DELIVERED
------------------------------------------------------------
► Deployed enterprise DLP across 3,000+ endpoints at Zahf Technologies,
reducing data exfiltration incidents by 40% within 60 days of go-live
— fully aligned to SAMA CSF and ISO 27001 Annex A.
► Reduced DLP false positives by 35% by reengineering 40+ detections
rules using regex, keyword dictionaries, and document fingerprinting
— cutting SOC alert fatigue by half.
► Integrated DLP with Splunk and Microsoft Sentinel via custom
correlation rules, slashing DLP incident response time by 45%.
► Identified 14 critical logic flaws across 8 pentest engagements
— privilege escalation, broken access controls, insecure APIs —
That had evaded existing controls for an average of 18 months.
► Built an organizational risk register covering 20+ threat categories
with a heat-mapped treatment plan adopted for board-level quarterly
reporting (NIST SP 800-30 methodology, mapped to SAMA CSF & NCA ECC).
► Triaged 1,200+ monthly alerts at Fronesis Solutions, reducing
mean-time-to-detect from 6 hours to under 2 hours — and uncovered
6 previously undetected threat actors through proactive threat hunting.
► Automated 8 high-frequency SOC tasks using Python and PowerShell,
Recovering 20% of analyst capacity monthly.
------------------------------------------------------------
RECOGNITION
------------------------------------------------------------
CERT-In Hall of Fame — India's National Cyber Authority
Responsibly disclosed 37+ critical vulnerabilities across:
• TATA Health (1MG) • L&T Metro (TSavaari)
• Shopclues • Lenskart
• TApp Folio • Multiple fintech platforms
Zero vulnerabilities exploited in the wild post-disclosure.
------------------------------------------------------------
CORE EXPERTISE
------------------------------------------------------------
Saudi Frameworks: SAMA CSF NCA ECC PDPL CITC Regulations
Compliance: ISO 27001:2022 NIST CSF PCI-DSS v4.0 GDPR
DLP & Protection: Policy Design Data Classification Fingerprinting
Security Ops: SIEM SOAR IDS/IPS SOC Procedures Playbooks
Threat Operations: MITRE ATT&CK Threat Hunting DFIR Malware Analysis
GRC & Risk: Risk Register BIA TPRM KPI/KRI Audit Readiness
Vuln Management: Pentest CVSS OWASP Top 10 SAST/DAST
Cloud & Endpoint: AWS GuardDuty Azure Defender CrowdStrike Falcon
SIEM Platforms: Splunk Microsoft Sentinel QRadar Kibana
Network Security: Fortinet Palo Alto Cisco
Testing Tools: Burp Suite Metasploit Nmap Nessus Qualys
Automation: Python PowerShell Bash Git
------------------------------------------------------------
CERTIFICATIONS
------------------------------------------------------------
[]✓] CEH — Certified Ethical Hacker
[]✓] ISO/IEC 27001:2022 Lead Auditor
[]✓] Fortinet Cybersecurity Associate
[]✓] Google Cybersecurity Analyst
[]✓] Cisco Ethical Hacker
[]✓] Palo Alto Networks Cybersecurity
[] ] CISSP — Expected Q4 2026
------------------------------------------------------------
OPEN TO ROLES IN RIYADH
------------------------------------------------------------
Information Security Specialist SOC Analyst GRC Analyst DLP Engineer Cyber Security Analyst Information Security Consultant Penetration Test Consultant IT Security and any IT, Network, or security-related roles.
Please reach out via:
Phone:+966-542926188
Portfolio: https://fahads.info
============================================================