Nabigh

An expert certified security analyst with more than 7 years of experience and deep
understanding of Cybersecurity. With hands on in
improving Application, Network, System and Infrastructure Security according to the need

Nugdallah of the enterprise. Expert at detecting and analyzing threats in the various areas of
organization using variety of testing guides and standards. Good at analyzing incidents and
providing the proper mitigation and response using SANS PICERL. Excellent communication
Security Analyst and knowledge sharing skills, along with customer relationship and support to gain and
maintain customer's trust.

Contact
Work History
Address
Dunmanway, WestCork, P47xy63 2022-04 - Cybersecurity Vulnerability Assessor
Current
Phone Fidelity Investments, Dublin, Ireland
Overseeing reported vulnerabilities, assessing them and follow up
083-393-8990 with fixing process.
Issuing documentation for maintaining process.
E-mail Follow up with reported vulnerabilities via vulnerability disclosure
nabighnugdallah@[Link] partners and internally.
Communication with Fidelity clients for fraud cases, social
LinkedIn engineering attempts and security related issues with their
[Link] accounts.
Devoted special emphasis to punctuality and worked to maintain
Certifications
nabigh-nugdallah-147b1
outstanding attendance record.

2017-08 2021-03 - SOC Analyst

ECSA:Certified Security Analyst 2022-04
eSentire, Inc, Cork
Analyze incoming security signals in real time with both accuracy
20151
and speed using variety of forensic tools.
CEH:Certified Ethical Hacker
Apply investigative tools, techniques and procedures (TTPs) to
determine and execute relevant actions
Whitelisting/filtering FP signals to keep client focus on TPs.
Education
Alert clients for TP signals and escalate high priority alerts to
clients by phone.
2019-09 - 20200 Block malicious network traffic and isolate infected hosts on
Master of Science: Master customers networks.
of Cybersecurity (MSc) Performed basic-intermediate client support requests/queries and
Cork Institute of Technology (MTU) - worked directly with clients via email/phone.
Cork
2017-08 - Security Officer
2019-09
Sudatel Telecom Data Center (TUPE as per Bank of Khartoum),
Skills Khartoum, Khartoum
Established SDC environment of VA,PT and Application security .
Wireshark software Recommended IT security improvements to achieve system
confidentiality, integrity and availability for SDC internal system
Excellent
and client VPS.
Established Client VPN access mechanism.
Burp Suite Created and deployed secure SSH access mechanism to avoid
password brute-force attacks and unauthorized access.
Excellent
Reviewed violations of SDC Servers security procedures and
developed mitigation plans.
Application Security Planned and oversaw configuration changes for security
Very Good infrastructure platforms.
Validated and verified system security requirements definitions
and analyzed system security designs.
Penetration Testing Provided consultation and technical services on all aspects of
Excellent information security.
Client Technical Support
Conducted Internal and external vulnerability assessment and
Code Review
Conducted and participated in annual disaster recovery exercises.
Very Good
2016-11 - Application Security Engineer
Cryptography 2017-08
Bank of Khartoum, Khartoum, Khartoum
Good Participated in design for Bok mobile application (mbok) and
web-based services.
 Established BoK Vulnerability assessment and penetration testing environments.
Network Security
Introduced and enforced Bank of Khartoum to apply PCI-DSS and OWASP testing guide and
Excellent performed auditing.
Participated with clients in discussion meetings.
System Security Communicated technical risks and benefits to management and key stakeholders.
Established BoK Penetration testing and vulnerability assessment. UTM and SIEM (Fortinet
Very Good
solutions) administration
Revised and enforced secure network design and AD policies. Incident handling and response.
Malware Analysis
Pointed out critical business logic vulnerability in BoK mobile app and provided and
Excellent supervised remediation.
Investigated behavior of ransomware "wannacry" in an isolated virtual environment and
SOC Analysis based on behavior, recommended prevention and remediation before patches were released.
Afterwards, ensured the correct patching process.
Excellent
Created and designed security awareness course to Bok employees including presentation
slides with an exam for social engineering.
Java
2015-12 - Information Security Engineer
Excellent
2016-05 Usetek Co. Ltd., Khartoum, Khartoum
Responsible for travelling to client sites for deploying, configuring, and revising policies for
Python the client's UTMs (Fortinet, Gateprotect). Provided educational sessions about Information
Very Good Security basics and UTMs administration for customers.
Educated the team about the more advanced techniques for troubleshooting Gateprotect
Vulnerability Assessment UTM via the backend terminal. Outsourcing and providing technical support for customers
along with consultation and technical services on other aspects of information security.
Excellent Led teams of up to 3 in deploying UTMs and implementing policies to provide essential
security while maintaining client flow. Planned and oversaw downtimes for client's network
Researching systems upgrade and security devices deployment to ensure minimal service interruption.
Excellent Validated and verified system security requirements definitions and analyzed system
security designs.
Mentoring and Presentation Information Security Officer
Excellent 2015-07 Electronic Banking Services (TUPE as Central Bank of Sudan), Khartoum
Assessing systems/processes for IT environment and QA to ensure appropriate control are in

Accomplishments place.
Enforced PCI/DSS standards on the payment systems to be compliance with the payment
standard.
Presented a new approach in
exploiting insecure Issuing, implementing and enforcing security policies within the organization.
deserialization, which resulted in Perform code review, vulnerability assessment,penetration testing and audit to clients in order to
2014-07 -
performing further exploits like be certified from EBS to connect to CBOS national switch.
file reading, complex commands Prepare security awareness presentations and sessions to EBS employees from different
execution without receiving departments.
server response Developed plans to safeguard computer files against modification, destruction or disclosure.
[Link]
Researched and developed new computer forensic tools. Monitored use of data files and
/1DWIO5l6XgsLqiKJ_iqwgzVRdRdwa
regulated access to protect secure information.
_Nrf/view
Enhancing Network topology by adding and administrating new UTMs (Sophos and Stonegate).
Insecure Deserialization CorkSEC Deploying SIEM solution (AlienVault) on virtual Server.
Talk 88
[Link]
/wiki//[Link]?title=Past_CorkSec
_Talk_Materials 2012-11 - Information Security Officer
2014-05
Central Bank of Sudan, Khartoum, Khartoum
- Mobile Payment IEEE Sudan
Administrating CBOS internal network and firewalls
[Link]
Deploying PCI DSS
/Infosec
Information security awareness
Assists in developing specifications and recommending technology
systems related purchases to management.
Hardware support, software/application support
Diagnostic programs and tools
Hardware deployment
Networking and cabling