Husnain Suleman
Cyber Security Engineer
SD
Summary
In the role of Cyber Security Engineer at Al Nafi, responsibilities encompass safeguarding the network and cloud infrastructure, particularly on AWS, against diverse cyber threats. Collaboration with both the NOC and SOC teams is integral for regular network and application scanning, as well as conducting penetration tests on AWS services like EC2, S3, VPC, and Web Application Firewalls. The utilization of tools such as AlienVault, Wazuh, ESXI, Elastic Search, and Python is paramount to streamline security operations and provide comprehensive reports to senior management. Concurrently, engagement as a Cyber Security Consultant and Penetration Tester involves delivering high-quality assessments and reports to clients across various industries. Holding certifications from EC-Council, including Android Bug Bounty Hunting (ABBH) and Web Hacker's Toolbox (WHT), alongside a certification in Search Engine Optimization (SEO) from DigiSkills.pk, underscores a commitment to continuous learning. The focus remains on staying updated with the latest trends and best practices in cybersecurity, and thriving in collaboration with a diverse and talented team that shares the vision of creating a secure and reliable digital environment.
Overview
6
6
years of professional experience
2
2
years of post-secondary education
4
4
Certifications
2
2
Languages
Work History
Cyber Security Consultant
01.2018 - Current
- Exceled in bug bounty programs, pentesting, vulnerability assessments, and report writing. Utilized tools like Burp Suite, ZAP, SQLMap, and Linux to identify and
Cyber Security Engineer
Al Nafi
Markham, Canada
05.2022 - 10.2023
- Played pivotal role collaborating with NOC (Network Operations Center) and SOC (Security Operations Center) teams to maintain vigilant watch over network and cloud infrastructure, particularly on AWS. Responsibilities included regular network and application scanning, with strong focus on cloud security. Privileged to conduct penetration tests on AWS services like EC2, S3, VPC, and Web application Firewalls, ensuring cloud environment remains resilient against potential threats. Collaborated closely with NOC and SOC teams, successfully simulating attacks to validate security posture of applications and network, leaving no room for vulnerabilities. Contributed expertise to PCI DSS project, specializing as Pentester. Role centered on scanning and penetration testing AWS and applications. Applied skills to bolster cloud security, leveraging open-source tools like OWASP, WSTG, and MitreAttack. Experience allowed gaining in-depth insights into cloud security practices and honing penetration testing capabilities.
- Applied leading theories and concepts to development, maintenance and implementation of information security standards, procedures and guidelines
- Represented company's technical security interests to partners to provide bi-directional flow of technical information and best practices in information security
- Counseled senior-level management on current privacy and security trends and recommendations to mitigate risk
- Performed risk and vulnerability assessments and provided results and recommendations to senior management
- Provided consultation and technical services on all aspects of information security
Penetration Tester
Alnafi
Markham
05.2021 - 10.2023
- Demonstrated expertise in identifying vulnerabilities and enhancing cybersecurity defenses through targeted penetration tests. Conducted thorough penetration tests across diverse environments, specializing in Active Directory networks and web applications. Proficiently utilized tools, including ESXI, WAZUH, Elastic Search, and Python, contributing to more efficient and effective security operations framework. Delivered detailed reports to senior management, offering insights into identified threats and strategic recommendations for improved security measures. proactively safeguarding digital assets. Committed to continuous improvement, implementing targeted penetration testing methodologies to optimize security practices . Implemented targeted penetration testing methodologies, resulting in a 80% improvement in overall security posture.
- Analyzed security policies for usefulness and value to suggest security policy improvements
- Conducted IT audit assessments for systems or applications to recommend solutions to mitigate risks
- Designed tests and tools to break into security-protected applications and networks to probe for vulnerabilities
- Conducted risk analysis, system certifications, auditing, security documentation and security testing
- Recommended IT security improvements to achieve system confidentiality, integrity and availability
- Developed risk assessment reports to identify threats and vulnerabilities
- Recommended measures to protect systems from modification, disclosure, or destruction
- Used analysis from attack simulations to identify gaps in threat detection or response
- Conducted breach and attack simulation operations against systems
- Identified weaknesses and vulnerabilities in network systems
- Simulated attack scenarios using threat actors' tactics and techniques
- Documented entire penetration testing lifecycle during engagements for future review
Security Operations Lead
Alnafi
Markham
08.2021 - 05.2022
- Led high-performing team through comprehensive security operations, showcasing strong leadership, effective communication, and seamless teamwork. Oversaw key aspects of security, including training team in SIEM, networking, and executing controlled Pentesting activities in WSTG Labs. Demonstrated problem-solving skills by expertly employing tools such as VMWARE ESXI, WAZUH, Elastic Search, Python, and Linux. Established robust virtualized network of 150 machines with Active Directory using ESXI, implementing VPN for secure remote access. Proficiently deployed OpenVas, BurpSuite, and ZAP for penetration testing, contributing to enhanced security posture. Excelled in communicating complex technical concepts, fostering teamwork, and providing strategic leadership to navigate security challenges successfully.
- Completed vulnerability scans to identify at-risk systems and remediate issues
Education
High School Diploma -
GHSSD
Daur 01.2015 - 01.2017
Skills
Penetration Testing
Accomplishments
- Muhammad Husnain - page 1exploit vulnerabilities
- Additionally, I specialized in cloud security and provided clear and concise reportsthat empowered clients to address security gaps
- My expertise and continuous learning ensured that myassessments aligned with industry best practices
- Overall, I contributed to enhancing clients' securitypostures and resilience against cyber threats
- Penetration Tester
- Al Nafi
- May 2021 - Oct 2023 (2 years 6 months)
- Experienced Penetration Tester with a proven track record of uncovering vulnerabilities and fortifyingcybersecurity defenses
- Proficient in conducting penetration tests on various environments, including
- Active Directory networks and web applications
- Leveraging expertise in tools such as ESXI, WAZUH
- Elastic Search, and Python, I contribute to streamlined security operations
- Known for delivering comprehensive reports to senior management, detailing identified threats andrecommending strategic enhancements
- Additionally, I stay abreast of the latest threat intelligence,ensuring proactive measures to safeguard digital assets
- My commitment lies in continually improvingdigital defenses and implementing targeted penetration testing methodologies for optimal security
- Security Oprations Lead
- Al Nafi
- Aug 2021 - May 2022 (10 months)
- As a Security Operations Lead, I led a high-performing team through comprehensive securityoperations, demonstrating strong leadership, effective communication, and seamless teamwork
- Myrole involved overseeing key aspects of security, including training the team in SIEM, networking, andexecuting controlled pentesting activities in our WSTG Labs
- I showcased my problem-solving skills by expertly employing tools such as VMWARE ESXI, WAZUH
- Elastic Search, Python, and Linux
- Notably, I established a robust virtualized network of 150 machineswith Active Directory using ESXI, implementing VPN for secure remote access
- My proficiency extendedto deploying OpenVas, BurpSuite, and ZAP for penetration testing, contributing to our enhancedsecurity posture
- In this capacity, I excelled in communicating complex technical concepts, fostering teamwork, andproviding strategic leadership to navigate security challenges successfully
- Licenses & Certifications
- Android Bug Bounty Hunting (ABBH) - EC-Council
- Web Hacker’s Toolbox (WHT) - EC-Council
- Search Engine Optimization (SEO) - DigiSkills.pk, an online educational instituteUHHRYPQ
- Muhammad Husnain - page 2
- Computerized Accounting & Bookkeeping - Shaheed Zulfikar Ali Bhutto Institute of
- Science and Technology
- Leveraging ChatGPT for Smarter Cybersecurity - LinkedIn
- Skills
- Report Writing
- Active Directory
- Search Engine Optimization (SEO)
- Vulnerability
- Burp Suite
- Reporting
- Cyber-security
- Payment Card Industry Data Security Standard (PCI DSS)
- Vulnerability
- Management
- Ethical Hacking
- Muhammad Husnain - page 3
Certification
Computerized Accounting & Bookkeeping
Projects
Over the course of my career, I have actively contributed to several impactful projects, showcasing a diverse skill set in cybersecurity. Notably, I spearheaded the development of Metasploit Deep Dive Labs, creating a simulated hacking environment for comprehensive hands-on practice in vulnerability assessment, application security, and ethical hacking from May 2022 to July 2022. In parallel, I played a crucial role in Network Pentesting Labs Development with Al Nafi, honing skills in vulnerability assessment, application security, SIEM, problem-solving, and ethical hacking from February 2022 to June 2022. Additionally, I significantly contributed to the establishment of OWASP Web Security Testing Guide (WSTG) Labs, enhancing expertise in vulnerability assessment, application security, problem-solving, and ethical hacking from January 2022 to June 2022. Earlier on, I played a pivotal role in building a Security Information and Event Management (SIEM) system for Al Nafi, utilizing open-source solutions like Elasticsearch, Wazuh, and AlienVault, showcasing skills in application security, SIEM, problem-solving, management, ethical hacking, and cybersecurity from September 2021 to October 2021. Furthermore, I conducted security testing for Pakistan Government Entities, showcasing proficiency in vulnerability assessment, management, ethical hacking, and cybersecurity from August 2021 to September 2021. These projects underscore my expertise in creating secure environments, conducting robust testing, and implementing strategic solutions in the realm of cybersecurity.
Timeline
Android Bug Bounty Hunting (ABBH)
10-2023
Web Hacker’s Toolbox (WHT)
06-2023
Cyber Security Engineer
Al Nafi
05.2022 - 10.2023
Security Operations Lead
Alnafi
08.2021 - 05.2022
Penetration Tester
Alnafi
05.2021 - 10.2023
Search Engine Optimization (SEO)
07-2019
Computerized Accounting & Bookkeeping
05-2018
Cyber Security Consultant
01.2018 - Current
High School Diploma -
GHSSD
01.2015 - 01.2017
Similar Profiles
Maria UrsMaria Urs
Career Break for Child Care at NACareer Break for Child Care at NA
Anna KrutekAnna Krutek
Dolce Violin Ensemble at NADolce Violin Ensemble at NA
Megan SaucedoMegan Saucedo
Planned Career Break at NAPlanned Career Break at NA