Overview
IT security/threat remains a growing source of concern and financial loss for companies, organizations and businesses.
In today's increasingly interconnected and information-driven business world, organizations that are involved must deal with routine threats that have ramped up and become more mature in approach.
These threats include cyber criminals and hackers who consistently and pervasively launch attacks to find new ways to penetrate business /company information infrastructures to use resources without authorization, deface Web sites and steal proprietary information, IDs and passwords or even obtain personal information like national identification number or credit card information, to viruses that infect countless machines requiring not only extensive time in both troubleshooting and cleaning the infected systems, but also in lost employee productivity, and equally worms that propagate through corporate networks bringing legitimate network traffic to a halt. Aside from the need to “keep these bad guys out” compliance with government and industry regulations is also playing active role in IT security.
Organizations therefore need to understand and reduce their security exposure by addressing risks completely and cost-effectively, in ways that can amplify business value, detect and prevent fraud while protecting their data, Internet-based systems, applications and physical environments as well as respond to security exposures and intrusion attempts quickly without adversely affecting operational efficiencies, business relationships or overall regulatory compliance posture.
Facilitator Profile
Drawing on a deep understanding of today’s security risks and tomorrow’s threats, and backed by more than 12 years of experience of leadership in the IT industry, The trainer is a principal information security consultant, auditor and trainer with more than 1000 hours training per year in the various subjects in the information technology and information technology management such as:
-
Cyber forensic (CHFI)
-
Ethical hacking (CEH)
-
CompTIA Security+, Network+,CTT+
-
Computer Networking (CCNA,CCNP,CCSP)
-
Wi-Fi Security
-
Windows server 2003 security and audits, MCSE:Security, MCSA:Security
-
Internet Security and Acceleration (ISA) Server
-
Information security management
-
Business continuity
-
Networking and systems integration
-
Physical security
As an IT Security expert, he has acted and is acting as a consultant in the following areas:
-
IT security consultancy in various domains such as network security, web application, wireless security, domain trust and information security management.
-
Business continuity planning and implementation including but not limited to impact analysis, threat analysis, definition of impact scenarios, recovery requirement documentation and solution design.
-
Information security audit and vulnerability assessment according to COBIT framework.
-
Penetration test according to OSSTM standard and other PentTest methodologies.
-
Designing and implementing incident response procedure.
-
ISMS / ISO27001: 2005 Gap analysis.
-
ISMS / ISO27001: 2005 Risk assessment.
-
ISMS / IS027001: 2005 Internal audit.
-
ISMS / ISO27001: 2005 Implementation
-
Cyber forensic investigation
Some of his client’s and projects include but not limited to:
-
British Standard Institute – Middle East Branch – External Resource in ISMS/IS027001: 2005- audit and consultancy
-
Emirates Telecommunication Company, Dubai – Penetration test and vulnerability assessment
-
International Bank – Kuwait – Business continuity implementation.
-
Ministry of Education – Dubai – Website security and server performance
-
Ministry of Telecommunications – Middle East – Audit
-
Telecommunication company – Middle East – Design security process and procedures
-
International Credit Card Company – Turkey – Audit/ Certification
-
Law enforcement personnel – UAE – Technical training in Cyber Forensic and Ethical Hacking
-
Government of Ras Al Kheimah – Dubai – Consultancy
He has many certifications as well as registered and pending patents in cyber forensic and information security. Some of his certifications include but not limited to:
-
Certified EC-Council Instructor
-
Certified Hacking Forensic Investigator
-
Certified Ethical Hacker
-
Certified ISMS Lead Auditor
-
CIW Security Analyst
-
CompTIA Security + Certified Professional (Security+)
-
Cisco Certified Internetwork Security Expert
-
D-Link NetDefend Enterprise Firewalls & Backbone Switches
-
D-Link Broadband, Wireless, Switching and Network Security
And he has pending patents in the U.S, Patent and Trade Mark Office, 2007 as well as a pending patent in the U.K., 2007.
He has doctorate in science in information technology management from England and has been engaged in research and development in leading R&D security laboratory on researches such as:
-
Web base port scanning and new port scanning methodology – 2008 to present
-
Information security management systems standards – 2005 to present
-
Physical security and data center safety – 2005 to present
-
Web server vulnerability assessment and methodology – 2005 to present
-
Web application penetration test techniques. 2005 – present
-
Cyber forensic tools and equipments. 2005 to present
-
Wireless networking and wireless network security. 2004 to present
-
Web application and database security –2000 – 2002
-
File system and data recovery. 2003 to present
The trainer has authored several publications on IT security and conducted and facilitated numerous international and regional seminars and workshops, and has presented in several conferences on IT security.
Some of his presentations include:
-
“Flash Disk & Memory Stick Forensic” - Black Hat Conference, Holland - 2007
-
“Reconnaissance & Information Gathering Techniques” - RSA® Conference, London - 2008
-
“System Hacking” - Hacker Halted Conference, - Dubai 2008
-
“Wi-Fi- Hijacking” - Hacker Halted Conference, - Dubai 2006
-
“Cyber Forensic Investigation” - Hacker Halted Conference, - Dubai 2005
He is a professional member of the British Computer Society, Institute of Electrical and Electronic Engineers (IEEE), Information Systems Audit and Control Association (ISACA) and has been fully accredited as IRCA registered auditor for ISMS / ISO27001:2005 in 2007 and EC-Council certified instructor
Key Benefits
-
Identify the procedures, strengths and limitations of your current IT security practices.
-
Understand how to prioritize threats and what threat faces the greatest risk to your business or company
-
Discover how you can stay ahead of the myriad of threats you face today as well as those you will be fending off tomorrow
-
Enhance your knowledge of the state-of-the-art strategies and tactics you need to stay successful and secure your IT environment.
-
Develop a practical methodology and time frame to assist you in conducting occasional periodic security assessments
-
Design a framework aimed at strengthening standards and risk management
-
Network and discuss with colleagues in the same field to exchange ideas and information with a holistic coverage of issues critical to business and operations.
-
Gain knowledge of generally accepted best practices.
-
Turbo-charge your career in IT Security
-
Create a security benchmark for your organization/business.
Who Should Attend
CIOs | CSOs | CISOs | CTOs | IT managers | IT vice presidents and directors | Network Security managers and Officer | Network Administrator | System Operator, Officer and Manager | Risk managers | IT Consultant and Analyst | Auditors | Senior business executives | Executives involved in enterprise-wide security and critical infrastructure protection
