Malik Mohammad Fiaz

PROFILE

Currently I am working as a Senior IT Security Consultant in Department of Finance (DOF) Abu Dhabi.
I have more than 15 Years of Experience in IT Security Operations, Incident Response Management (SIRT & SOC), IT
Security Projects Management, SOC Operations Management, and Management of IT Security Appliances. I have also
very good experience and command on ISO Standards (ISO 27001, ADSIC), System Administration, and Trouble
Shooting etc.
Currently in Department of Finance few of my Major Responsibilities are Security Operation Center (SOC) Project
Management, SOC Operation Center Management, Leading Security Incident Response team (SIRT), IT Security
Appliances Management (Firewalls, IPS, SIEM, ATD, Proxies, EPO, DLP, E-mail Gateways, Central End Point Protection
etc.

CAREER OBJECTIVE
 To become one of the best asset of the Organization
 To broaden my experience in a role, nationally and internationally
 To continue developing my leadership and technical skills

TECHNICAL EXPERTIES

Operating Systems: Windows Servers: Windows 2012, 2008 R2 Server, Windows 2008, Windows 7, And Windows XP
Professional etc.

Linux Servers: (Red Hat Enterprise 3, 4, 5, 6 and 7) Fedora, Cent OS, Ubuntu, SUSI etc.

Security Appliances & EPO, DLP, NDLP, Web (Proxies) Gateway, Web Reporter, Email Gateways, Quarantine Manager,
Management: Firewalls (Perimeter and Core Level), Centralized End Points, IPS Solutions, SIEM Solutions, Advance
Threat Defense (ATD) Solutions, Vulnerability Scanners, Analytic & Forensic Tools, Mobile Security, DNS
Security Solutions, Double Authentication Solutions, CCTV Servers and Cameras Management etc.

Virtualization: Hyper Visor, EXSI Server, V-Sphere, V-Center, Oracle Virtual Box, XEN Hypervisor, XCP, VMware Work
Station etc.

Server’s Management: Windows Based: Microsof Exchange Servers, ISA / Threat Management Gateways (TMG), Visual
Source Safe (VSS) Database and Server Administration, Active Directory, DNS and DHCP Servers, FTP
Servers, LDAP Servers, Microsof Project Server, VPN Servers, Central Management of Windows and
Anti-Virus Servers, CCTV Server, etc.

Linux Based: Mail servers (Send mail, Q mail, Kerio Connect), Web server (Apache), Proxy Servers, FTP
Servers, LDAP Server, DNS Servers, DHCP Servers, Samba Servers etc.

SIRT & IT Security Blue Coat Security Analytic Tool, Last Line (Zero Day Attack and DNS Logs), McAfee Ace Analytic Tool,
Operational Tools: Vulnerability Scanners, Fire-Mon Firewalls and Network Devices Configuration Monitoring and
Compliance, Dell Double Authentication with Session Recording (TPAM), Info-Blox (DNS, DHCP, IPAM
and Net MRI) Management, Ideal Administration, Retina Security Analyzer, GFI Land Guard, Nagios,
Elastic Search, Cuckoo Sandboxing (Open Source), Fire Eye ATD, McAfee ATD, Trend Micro ATD, Cyphort
ATD and Symantec ATD Solutions, Red Line, Taxi, Mandiant (Fire Eye Analytic tools for Incident Analysis
and investigation), Central Manage Symantec, McAfee, Trend Micro, Endgame and Sophos End Point
Solutions, Kasper Sky Removal tool, Trend Micro USB Scanner, Up Time Monitoring Sofware, Solar
Wind Products etc.
ISO Standards: ISO27001 Audit Training from MOODY International, ADSIC standard

PROFESSIONAL WORK EXPERIENCE

Department of Finance (DOF), Abu Dhabi, UAE Jan 2013 to till

Senior IT Security Specialist / Consultant
 Management of Web Proxies and Email Gateways with Web Reporter and Email Quarantine Manager, EPO Servers,
Firewalls (Perimeter and Core level), Network Security Manager (IPS), SIEM for Real Time Events Monitoring, Advance
Threat Defense, DLP and NDLP.
 Management of Central Anti-Virus Server and Clients
 Management of Active Directory, Domain and DHCP Servers
 Managing Security Operation Center (SOC 24x7) in DOF (Project Manager and Operations)
 Leading Security Incident Response Team (SIRT).
 As SIRT Team Scanning Desktop PCs and Servers and mitigation the Risks by using different tools.
 Managing Vulnerability Solutions, scanning, reporting, follow-up etc.
 Formulating security architecture with recommendations and design security services.
 Researching emerging technologies to enhancement IT security and development efforts
 Conducting risk assessments, penetration tests and diagnoses internet/extranet security, intrusion attempts, and cyber-
crime response.
 Managing and performing daily based incidents, investigation and mitigation Plans using Forensic and Analytic Tools
 Developing and delivering training materials and perform general security awareness and specific security technology
training
 Monitoring real time worldwide information security events (virus’s activations, Hacking activities) and informing Top
Management for protect DOF network.
 Part of the Information Security Management team at Department of Finance. My role is of an Information Security
specialist-compliance and my responsibilities includes
 Design and implement Information security policies, procedures and standards based on ISO 27001
 Performing end to end information security risk assessments, Mitigating the Risks identified by deploying controls in line
with ISO 27001 and ADSIC V2
 Firewall rule base risk analysis prior to implementation.
 Firewall rule base review, Rogue Wi-Fi scanning and reporting, Database Access Monitoring report review and action
 Coordinate security management across corporate IT, security, legal and ERM business unit
 Work with vendors for POCs, RFPs and evaluation of solutions/products to ensure that it meets security architecture
requirements. i.e. required security controls etc.

Digital Processing Systems, Islamabad, Pakistan Feb 2004 to 2013

Manager IT Security and Systems
 Designed and developed the entire Network of DIGITAL PROCESSING SYSTEMS Inc. Islamabad, Rawalpindi and Karachi
Offices.
 Maintenances LAN/WAN infrastructure, Network devices, and telecommunication services for the operation of the
Company. Plans, analyzes, installations and supports the Company LAN / MAN / WAN system.
 Remote Configuration, Management, Security and connectivity between all LAN and WAN based Centralized Servers, i.e.
(Email, Web, Database, FTP, LDAP, Proxy, Centralized Windows Update and Ant-Virus, Domain and ADC.
 Remote Configuration, Management, Security and connectivity between all LAN and WAN based Routers, Firewalls,
Switches and Telephonic System of DPS.
 Remote Management of Backup & Recovery of All Servers (Windows & Linux) via Acronis Server
 Installation, Configuration and Management of Virtual Server’s Using (Hyper Visor, Exsi Server, V-Sphere, V-Center, Oracle
Virtual Box, XEN Hypervisor, XCP, VMware Work Station etc.)
 Remote Configuration and Management of Visual Source Safe (VSS) Data Base
 Remote Configuration and Management of Share Point Server Administration.
 Remote Managing Daily Data Sync on LAN / MAN / WAN.
 Remote Managing Script & Utility Based Daily Backup of Employee’s data kept on servers and ensuring Virus free
network/systems
 Remote Management and Configuration of Asterisks (Trix Box VOIP) Server
 Management of Hardware Purchase and Technical Dialog with Vendor’s
 Managing Inventory system of Computer Related all Equipments
  Managing IP Address Distribution and Management
 Installation of OS/application sofware, troubleshooting of computer systems for all users in DPS
 Security and performance tuning of Network and computer system
 Physical setup and Monitoring of Telephone Network (Alti gen Phone System) in Pakistan and USA office’s
 Customer Support of DPS Employees in Different Offices of DPS (Islamabad, Rawalpindi, Karachi, Abu Dhabi, Kuwait, USA).
 Configure and Managing Video Live Conferencing Setup between US, Kuwait, Iraq, Bahrain and Pakistan.
 Evaluates and develops options in infrastructure planning to support new applications and technologies. Evaluates new
network technologies in conjunction with the Management. Identifies areas of the network operation needing upgraded
equipment. Monitors systems performance and performs capacity-planning activities. Analyzes test data and
recommends hardware or sofware for purchase.
 Documents all optional activities and creates training/user guides for systems and network applications. Develops and
writes procedures for installations, use and solving problems of communications hardware and sofware. Participates in
the development of policies and procedures for use of network facilities and then ensures implementation.
 Manage compliance with information security policies and standards.
 Manage collection of information security metrics.
 Manage information security awareness program
 Manage and assess information security risks.
 Manage preparation for information security audits.
 Manage approval of logical authentication and access controls.

Industrial Machinery Est., Saudi Arabia June 2002 to May 2003

IT Specialist
 Design, Implement and Managed Complete Network Infrastructure of IME
 Configured and Managed Windows based Exchange Server, ISA Server, FTP Server and Domain Servers
 Developed and Managed Web Site of IME www.indme.com
 Trouble Shooting of Hardware and Sofware’s
 Managed Database in Access & Backup of Daily Based Data via Windows Utility, Third Party Tools and Scripts
 Designed Company Required Graphics (Visiting Cards, Web Site Design, Letter Pad’s, Mono Gram etc.

Petroman Computer Institute, Islamabad Feb 2000 to June 2002

Network Administrator & Instructor
 Design, Implement Entire Labs Network
 Management of Windows Based Domain Server, ADC Server, File Servers,
 Management of Linux Based Mail, Squid (Internet) and Web Server
 Instructor of PGD Professional, Bachelor’s of Computer Sciences & Short Course Students for Following Subjects:
1. Web Development using HTML, DHTML, JS, Macromedia Dream Weaver, Front Page, Fire
Work, Free Hand
2. Fundamentals of Computer,
3. Operating System (OS),
4. Data Communication,
5. Data Base Management System (DBMS)
6. Data Structure
7. MS Office

TRAININGS:
McAfee Appliances On-Site Training by McAfee Experts for (EPO, NDLP, HDLP, NSP (IPS), Firewall, Web Gateway,
Email Gateway, Nitro SIEM

CCNA (Cisco Certified Network Associate Training) from Ciscom Institute RWP. (Training)

RHCE Training on Enterprise Linux 5 from Ciscom Institute RWP, (Training)

PROJECTS COMPLETED:
Organization: Embassy of Eretria, F-7/1, Islamabad.
Wireless Networking, Configuration and Sharing etc

Organization: Media Soft Tech. & Shaheen Foundation, Islamabad.

More than 15 Computer Based Animated Training CD’s (CBT) for
 Pakistan Air Force, F-7 P, Mirage V, A-V Air Crafs CBT’s .

ACADEMIC EDUCATION
 Master’s in Business Administration (MBA) Allama Iqbal Open University in 2014
 Bachelors in Computer Sciences (BCS) Allama Iqbal Open University in 2001
 Diploma in Computer Applications (DCA) Petroman Computer Training Institute 1997

PERSONAL INFORMATION:

Malik Mohammad Fiaz S/O Malik Mohammad Riaz

DOB: 15th Oct 1976, Married
PP #BZ8912882, Mobile # 00971-55-5526205
Email Address: fiaz_sani@hotmail.com