Professional Documents
Culture Documents
Scada Ot Grc4
Scada Ot Grc4
IMTEYAZ AHMAD
Plot 105, Sangam nagar, ring road, Nagpur. MH , India-440013
Cell/whats app +91 8600038911 Email:imteyazahmad05@gmail.com Skype: imteyazbabu
Passport Validity: 2029; KSA DRIVING LICENSE: EXPIRED CAN BE RENEWED
PROFILE SUMMARY:
Highly motivated and results-oriented OT Sr. Cybersecurity Architect with 24 years of experience designing,
implementing, and maintaining robust security architectures for critical infrastructure. Proven ability to bridge the gap
between IT and OT environments, ensuring comprehensive cybersecurity posture across the organization. Possesses a
deep understanding of industrial control systems (ICS) protocols and OT security best practices. Passionate about
fostering a culture of security awareness and keeping abreast of emerging threats and technologies.
KEY ACHIEVEMENTS:
Designing Secure OT Architectures: Architected a segmented OT network and utilized RSA Archer to conduct
comprehensive risk assessments and manage identified vulnerabilities. This risk-based approach prioritized
critical vulnerabilities, resulting in a 60% reduction in the attack surface and prevented potential cyberattacks
that could have caused $4 million in damages and production downtime.
Strengthening Network Security: Spearheaded a network security overhaul utilizing firewalls, IDS/IPS, and TLS
encryption. This reduced suspicious network activity by 30%, significantly lowering the risk of successful cyber
intrusions. Additionally, implemented SIEM integration for real-time threat monitoring and incident response.
Proactive Vulnerability Management: Led a team in conducting bi-annual OT cybersecurity risk assessments
using RSA Archer. This proactive approach identified and remediated 90% of critical vulnerabilities within 48
hours, preventing potential exploits.
Risk Mitigation Strategies: Developed a risk-based vulnerability mitigation strategy utilizing RSA Archer for
prioritization. These prioritized critical vulnerabilities based on severity and potential impact, resulting in a 25%
reduction in remediation time and improved resource allocation.
Compliant Security Policies: Drafted and implemented OT-specific security policies and procedures aligned with
62443 and NCA standards. This achieved and maintained 100% compliance for three consecutive audits,
demonstrating a robust security posture. Utilized RSA Archer for policy management and compliance tracking.
Measurable Security Posture: Established a comprehensive OT security KPI framework using RSA Archer for
data collection and analysis. This included vulnerability patching time (reduced by 70%), incident response time
(reduced by 50%), and security awareness training completion (increased to 95%). This data-driven approach
enabled continuous security improvement and informed strategic decision-making.
Bridging the IT/OT Gap: Championed a collaborative effort with IT security teams. This resulted in a unified
cybersecurity strategy that reduced overall security incidents by 40% across the entire IT and OT infrastructure.
Comprehensive Documentation: Streamlined OT security documentation by implementing a centralized
repository within RSA Archer. This increased document accessibility by 80% for internal teams and auditors,
facilitating efficient information retrieval and streamlined security audits.
Secure Third-Party Vendor Integration: Developed a rigorous security evaluation process for third-party OT
vendors. This process identified and mitigated potential supply chain risks, preventing security breaches linked
to third-party vulnerabilities.
Cultivating Security Awareness: Created engaging and interactive OT cybersecurity training programs with a
focus on real-world scenarios. This training program increased employee security awareness by 45%, leading to
a 20% decrease in phishing attempts impacting the organization.
Travelled to Africa (Sudan), Middle East (Saudi Arabia, Qatar, Bahrain, Oman, UAE) Singapore, Malaysia, Brunei Darussalam, Mongolia, China, Nepal etc.
IMTEYAZ AHMAD
Championed the pilot implementation of an anomaly detection system using machine learning. This early
detection system identified a critical security threat within 2 hours, allowing for immediate mitigation and
preventing a potential cyberattack. Integrated the system with SIEM for real-time threat analysis and response.
AREAS OF EXPERTISE:
Risk Management Compliance Management Incident Response
Vulnerability Management RSA Archer Expertise SIEM Integration
Security Policy Development Network Security (Firewalls, OT Security Awareness
Threat Intelligence IDS/IPS, TLS) Training
Network Design Communication &
Collaboration
GRC TOOLS EXPOSURE:
OT/IT eGRC (SAI360), RSA Archer GRC, Lockheed Martin Agility GRC, MetricStream, IBM Security Guardium,
Onspring, ProcessUnity GRC, VirtusaPolaris GRC, Auditor, OneTrust GRC
CLOUD SECURITY:
Google Cloud Identity and Access Management (IAM), Google Cloud Security Command Center (Cloud SCC), Google Cloud
Armor, AWS Identity and Access Management (IAM), AWS CloudTrail, AWS Shield Azure Active Directory (Azure AD),
Azure Security Center, Azure DDoS Protection.
IDM/IAM/PAM
Centrify, CA identity suite, Saviynt, RadiantLogic
VDS,SiteMinder,Cyberark,Sailpoint,Okta,Ping,Forgerock,MIM, Azure AD,
HIGH AVAILABILITY TOOLS:
Cisco, Barracuda, Citrix, Radware, F5, Veritas, VCS, Sun Cluster, MS Cluster.
DRP/BCP/BACKUP TOOLS:
PlateSpin Forge, Symantec VERITAS Net backup/Backup Executive, Acronis, Doubletake, VMWare.
NETWORK MONITORING & MANAGEMENT:
HP OpenView, Cisco works, Cisco QPM, CISCO NAM, Dell OpenManage, Solarwinds, OP Manager, GFI LAN
Guard, NETPRO Change Auditor
Travelled to Africa (Sudan), Middle East (Saudi Arabia, Qatar, Bahrain, Oman, UAE) Singapore, Malaysia, Brunei Darussalam, Mongolia, China, Nepal etc.
IMTEYAZ AHMAD
ANTIVIRUS:
Macafee, Windows Defender ATP, Sophos, Symantec Norton Anti Virus, Trend Micro, AVG, Avast, Panda
Software etc.
ROUTERS & SWITCHES:
CISCO ROUTER 1800, 2600, 2800, 7200, 7600 ETC.
CISCO CATALYST CE500, 2900, 3500, 3700, 4500, 6500 ETC
SERVERS & STORAGE SOLUTIONS:
Dell , HP, IBM, Super Micro, SUN, Netapps
PROJECT MANAGEMENT:
MS PROJECT 2007/10/Oracle Primavera
NETWORKING:
Google Cloud Virtual Private Cloud (VPC), Google Load Balancing, Google Cloud DNS, Amazon Virtual Private Cloud (VPC), Amazon Elastic
Load Balancing (ELB), Amazon Route 53, Azure Virtual Network (VNet), Azure Load Balancer, Azure DNS
OPERATING SYSTEM:
Windows XX, Sun Solaris, Red Hat Linux.
Travelled to Africa (Sudan), Middle East (Saudi Arabia, Qatar, Bahrain, Oman, UAE) Singapore, Malaysia, Brunei Darussalam, Mongolia, China, Nepal etc.
IMTEYAZ AHMAD
Collaborated with cross-functional OT teams to design solutions for new infrastructure implementations, contributing to a
15% increase in overall system performance.
Applied advanced principles, theories, and concepts, resulting in a 20% reduction in vulnerabilities and software issues.
Applied expertise in IoT/IIoT devices and HES, contributing to a 25% enhancement in the Smart meter solutions.
Conducted gap assessments of OT systems across different business units, ensuring a 95% compliance rate with ISO-27001
framework and security controls.
Assisted internal teams in gaining and maintaining accreditation for relevant compliance frameworks, achieving a 90%
success rate.
Deployed OT security controls, including AV, WSUS, backup restore, and secure remote access, resulting in a 30%
improvement in overall system security.
Participated in FAT and SAT activities of new projects, ensuring a 100% success rate in implementing robust security
measures.
Exhibited excellent communication skills – both written and verbal – contributing to a 20% improvement in effective
reporting within the cybersecurity OT specialist team.
2018 TO 2020– ENTERPRISE ARCHITECT- IT INFRASTRUCTURE/SECURITY / GRC, QATARGAS,
QATAR
Developed and implemented a comprehensive cyber security strategy that resulted in improved security posture and
reduced risk for QATARGAS.
Successfully led the establishment and enhancement of the organization's cyber security capability as part of a 5 years
program.
Implemented effective security controls and vulnerability management measures, resulting in a significant decrease in the
number of successful cyber-attacks.
Led incident response planning and preparation, ensuring the organization was well-equipped to handle and mitigate cyber
incidents effectively.
Collaborated with cross-functional teams, including Application, Telecom/Network, and Infrastructure, to guide and support
their efforts in improving overall security.
Built and maintained strong customer relationships with organizational stakeholders and third-party vendors, resulting in
enhanced compliance with security standards.
Developed and delivered comprehensive cyber security training, education, and awareness programs that increased
employee awareness and adherence to security protocols.
Successfully assessed IT/OT environments, identified vulnerabilities, and implemented controls that improved the
organization's ability to resist, detect, respond, and contain attacks.
Prepared and presented high-quality reports and briefings on technical risks and issues to executive management, enabling
informed decision-making.
Played a key role in ensuring compliance with Qatar laws and regulations related to information security, contributing to a
robust and legally compliant security program.
Actively participated in industry certifications and maintained up-to-date knowledge of emerging technologies, trends, and
best practices in IT and OT security.
Streamlined security processes and procedures, resulting in increased efficiency and effectiveness in threat and
vulnerability management.
Received recognition for exceptional leadership and contribution to the organization's overall security posture.
Successfully managed multiple inquiries and projects simultaneously, demonstrating strong multitasking and prioritization
skills.
Received positive feedback from colleagues, stakeholders, and management for excellent communication, collaboration,
and problem-solving abilities.
2010 TO 2017- SR. CONSULTANT (ICS / PCD CYBER SECURITY &BCP) INDIAN
CONSULTANCY SERVICES LTD. (MIDDLE EAST& AFRICA)
Travelled to Africa (Sudan), Middle East (Saudi Arabia, Qatar, Bahrain, Oman, UAE) Singapore, Malaysia, Brunei Darussalam, Mongolia, China, Nepal etc.
IMTEYAZ AHMAD
Designed and implemented a risk-based security architecture for a new biorefinery project, ensuring compliance with
industry regulations and minimizing operational risks.
Led the evaluation and integration of advanced threat detection and response solutions, reducing average incident
response time by 20%.
Conducted regular security assessments of IT/OT infrastructure, identifying and remediating vulnerabilities to improve
security posture.
Developed and delivered security awareness training programs for personnel involved in Eni Sustainable Mobility's
operations.
Supported the development of cross-cutting security requirements for new multi-energy and multi-service points of sale.
Led detailed investigations of cyber security incidents targeting industrial control systems, identifying vulnerabilities and
implementing mitigating controls.
Designed and implemented a secure SCADA network architecture for a new water treatment plant, ensuring compliance
with IEC 62351 and local regulations.
Developed and trained personnel on secure engineering practices for SCADA systems, fostering a culture of cyber security
awareness.
Monitored and analyzed SCADA network activity for suspicious behavior and anomalies, preventing potential cyberattacks.
Improved operational efficiency by implementing data analysis tools to optimize wastewater treatment processes.
Conducted thorough risk assessments of operational technology environments to identify cybersecurity threats,
vulnerabilities, and potential consequences to critical infrastructure and industrial processes.
Monitored and analyzed OT-specific cyber threats, vulnerabilities, and attack techniques through various threat intelligence
sources and industry-specific information sharing platforms.
Evaluated the security posture of OT assets, such as ICS devices and SCADA systems, to identify weaknesses and potential
entry points for cyber attackers.
Developed and recommended risk mitigation strategies and countermeasures to address identified vulnerabilities and
potential cyber threats in OT systems.
Ensured compliance with relevant cybersecurity standards and regulations specific to operational technology environments,
incorporating standards such as NIST SP 800-82 and IEC 62443.
Collaborated with incident response teams to develop and test incident response plans tailored to OT environments,
ensuring effective response to cybersecurity incidents.
Provided specialized cybersecurity training and awareness programs for OT personnel to enhance their understanding of
cybersecurity risks and best practices.
Evaluated the security design of OT systems and participated in the review of new OT projects to incorporate security
controls from the outset.
Assessed the cybersecurity posture of OT vendors and third-party partners, ensuring alignment with the organization's
security requirements.
Developed and presented regular cybersecurity risk reports to management and relevant stakeholders, providing insights
into the organization's OT security posture and risk exposure.
Defined, implemented, and monitored enterprise information security and risk management program.
Owned, developed, and delivered a risk-based plan and roadmap for threat and vulnerability management services across
corporate infrastructures, following a defense-in-depth strategy.
Developed strategy, goals, and objectives for a comprehensive cybersecurity training, education, and awareness program,
adapting to emerging technologies and risks.
Assessed cyber security controls for IT/OT environments, evolved architectures to enhance defensibility, and improved
resilience against attacks.
2008-2010 –SR. SOLUTION ARCHITECT (MANAGED SECURITY & IDC) BHARTI AIRTEL
ENTERPRISE SERVICES LTD
Planning, designing and implementation of secure, reliable, scalable and efficient IT infrastructure.
Infrastructure and application architecture assessment, design and implementation for high availability, scalability,
performance and security.
Network, Storage and Server consolidation feasibility study, application suitability assessment, planning and
implementation.
Travelled to Africa (Sudan), Middle East (Saudi Arabia, Qatar, Bahrain, Oman, UAE) Singapore, Malaysia, Brunei Darussalam, Mongolia, China, Nepal etc.
IMTEYAZ AHMAD
Building Partnership with Vendors & Industry Leaders to supply highest quality solutions.
Providing the best-fit (built to suit) DC& DR solution that is aligned with the current and future needs of the Company at
affordable price.
Data center capacity planning, architecture, implementation, Consolidation, optimization Virtualization and migration.
Data center setup and Operational Capabilities Assessment.
Costing all phases of projects and Preparing BOM/BOQ
Conducting training for Presales and Sales team on DRP and other critical challenges of enterprise customers.
Travelled to Africa (Sudan), Middle East (Saudi Arabia, Qatar, Bahrain, Oman, UAE) Singapore, Malaysia, Brunei Darussalam, Mongolia, China, Nepal etc.
IMTEYAZ AHMAD
Information Security Operations liaison for IT initiativesSystems Architect for security project.
Travelled to Africa (Sudan), Middle East (Saudi Arabia, Qatar, Bahrain, Oman, UAE) Singapore, Malaysia, Brunei Darussalam, Mongolia, China, Nepal etc.