[var] => content
[type] => preview
[var] => cut_url
DATABASE AUDIT &
Is to obtain challenging
position with your organization where my security services experience
which is almost years will have valuable application and utilization
of my opportunity for advancement.
Kuwait Finance House March
Information Security Management System
Project ISMS in KFH
Outsource from Universe Co.
Based on ISO: /
Database Audit & Security Analyst
Role: Audit Activities
Reviewing SOX, Basel II, DISA, Base Line
Audit, and Best Practices for Federal Government and
PCI Data Security Standard compliances
for database and application audit plan,
Taxonomy of database and application
CVEs based on Common Vulnerability and Exposures
cve.mitre.org Security focus and U.S. National Institute of Standard and
Review CVE correction plan feasibility
due to financial services security standard and business impact.
Create inventory of all database systems
and use classifications. Include production and test data. Upto date,
Classify data risk within the database
systems. Monitor prioritized for high, medium, and low risk data.
Implement an access request process that
required database owners to authorize the "roles" granted
to database accounts. Roles as in Role Based Access not native database
Monitor data changes and modifications
to the database structure, permission and user changes, and data viewing
Monitoring appliances instead of native
database audit trails and when DB audit trail is not enabled,
Analyze access authority. Users with
higher degrees of access permission should be under higher scrutiny,
and any account for which access has been suspended should be monitored
to ensure access is denied and attempts are identified,
Archive, analyze, review, and report
audit information. Reports must communicate relevant audit information,
which can be analyzed and reviewed to determine if corrective action
Ability to retrieve relevant data when
Comply privacy, security assessment reports
which based on assess data access, Define/Build
Audit processes for database scheduled
tasks and data privacy policies, Tracking policy violation, exceptions,
data access, and rogue connections, Change control configuration,
Realtime Research for new database hacking
techniques advanced SQL injection, Buffer over follow and Oracle listener
Design database consolidation architecture
by Maximum Availability and High Availability solutions Oracle RAC,
Data Guard, ASM, Secure Backup, and Partitioning,
Design for database consolidation SQL
Manage critical jointoproduction planning
in zero downtime for all database and applications.
Managing database user access policies,
Design databaseinnetwork location DMZ,
Design card holder database using PCIDSS,
Manage Security Technical Implementation
Guide STIG and Security Reading Review SRR,
Data integrity and quality processing
Logs correlation, archiving and studding
Enterprise database auditing and realtime
Database Audit using Guardium inspectioncore
and STAP appliances,
Use AppDetective for database security
assessment and Exploring database vulnerabilities without tools,
Executing database assessment test before
Implement database security patches and
Build and Implement security policies
and procedures for DBAs activity monitoring, Application support, application
development and Facility Management, Applying Database penetration tests.
Middleware: Oracle Application Server
G, Bea Weblogic, SOA Suite
Web Services: Apache and MS IIS security
Database: Oracle, SYBASE, SQL Server
and MY SQL.
Environment: SUN Solaris &, Windows
Servers, Linux Red Hat & and Ubuntu.
Database audit and realtime protection:
Oracle Database Vault, Oracle Audit Vault, Oracle Identity Management,
data masking, Guardium, AppDetective, FortiDB, SQL Sphere by Imperva,
using many open source tools and scripts.
Have good experience in banking infrastructure.
systems, Kuwait March –
ERP Projects Manager
APPS: Cost, Specs and Design, Achievement, Documentation, Developing,
Testing and project lifecycle, Managing and driving master resource
management plan, involving financial justification for crossover /migration
in terms of man hours and overheads using Oracle EBusiness suite application
administrator CRM Application.
Saudi Arabia –
ERP specialist, plan
for smart building, RFID and Access control systems, Plan company policies
security, Interactive website, Applications, Email and web services,
Good communication skills, Studding new IT projects, developing, and
new ideas, Coordination among all company branches and departments
Training, Managing and troubleshooting all the ERP products, System
analysis and Designer for new application modules, / onsite and online
support, Study and plan the customer case and requirements, Oracle,
Sybase and SQL Server Administration, Database Replication, , Analyze,
Design and suggest new features for the new upgrade of the systems and
the new systems, Closing the Account Activities at the end of the year,
Backup and Recovery for all Databases.
Egyptian Armed Forces,
Analyze, Design, Develop
Special Systems for Presidential Guards, Develop Inventory Systems,
Develop Special ERP Systems for Armed Forces
Projects & Achievements
KUWAIT FINANCE HOUSE MARCH – PRESENT
ISMS, ISO: :
Database Audit and Security Analyst
Database audit and realtime
Security Assessment for new
Banking system projects, Security hardening for current banking
Databases Oracle, MS SQL
Server and SYBASE and most of applications.
Created policies and procedures
governing corporate security, Applications usage, access control, and
Adept at developing effective
security policies and procedures, project documentation and Milestones,
and technical/business specifications.
Business Continuity Plan with
DR or NOT.
SALSABEL INFORMATION SYETEMS MARCH –
Oracle i DBA on Linux Red
Hat: Managing and Administration, Daily DBA Activities, Backup
Policies for cold and hot backups,
RMAN Incremental backup and recovery, Cloning Database and APPS., Solve
connection Problem, Generating shell scripts for Backup, Startup and
Shutdown Database, Checking invalid objects, Tuning Oracle instance,
Managing archivelog Interfacing with and training all levels of end
users and data analysts, to prototype possible approaches to problems
and translate raw data into informative information for management.
cost, effort performance parameters and implementing improvements based
data collated. Supporting process
Staying up dated on the technological
progress in relevant field.
Project Capacity plan resources,
cost and milestones,
Define project scope, goals
Prepare fulldetail project
Manage resources and cost,
Manage and mitigate risk factors
and disaster reservations,
Develop process reports and
Managing project scope change,
Planning budget estimation,
Periodically reviewing project
milestone with estimated plan and analyzing project lifecycle.
Fast response troubleshooter
during project phases.
Follow up team and resources.
Managing relations with vendors,
third parties and outsoures
Friendly teamwork leader
of Computer Science Faculty OF Science, Egypt , Grade Good
i Database administration, , Cairo Egypt
Information System Auditing
and Control Association ISACA membership
Nov. / ISACA
Risk and Compliance Audit
Fatigue, Sep. / ISACA
PCI Compliance: A Holistic
View, July / ISACA
Data Protection Planning:
How and Why?, August / ISACA
CISA Exam, Dec. , result:
of security groups and database security groups.
Security Consultant with notable success directing a broad range of
corporate IT initiatives while participating in planning and implementation
of informationsecurity solutions in direct support of business objectives.
Track record of increasing
responsibility in secure Database, systems analysis and development,
and full lifecycle project management.
Demonstrated capacity to implement
innovative security programs that drive awareness, decrease exposure,
and strengthen organizations.
Handson experience leading
all stages of system development efforts, including requirements definition,
design, architecture, testing, and support.
Outstanding leadership abilities;
able to coordinate and direct all phases of projectbased efforts while
managing, motivating, and leading project teams.
Improving IT infrastructure Security, Classifying Applications and Database
Managing IT Assets security,
Risk Assessment for Database and Applications., Risk Analysis; Business
Impact Analysis; Regulatory Adherence; Data Integrity/Recovery; Disaster
Recovery Planning; Contingency Planning; Research & Development;
Cost Benefits Analysis
Platforms: UNIX Solaris, HPUX, Microsoft Windows® operating
systems, Linux Red Hat, Sun SPARC.
TCP/IP, SMS/SQL, Ethernet, Token Ring, VPN, SSH, PKI, HIPPA.
UNIX Shell Scripting, C++, Visual Basic, SQL, PL/SQL.
Guardium, SIMM, Pen. Test tools, Back track, McAfee/Norton Virus Protection
Utilities, Oracle Tools, SQL Enterprise Studio, Snort, Microsoft Office
System and Microsoft Project
Name: Mohamed T.
Marital Status: Single
GCC Drive License: Yes
Own Car: Yes
Address: Salmiya, Kuwait