Profilo
A trained professional with great familiarity and hands-on experience in planning, coordination, and maintenance of an organization’s information security. Diplomatic and tactful with professional and non-professionals at all levels.
Demonstrated history of being compliant with organization
guidelines. Flexible and versatile- able to maintain a sense of umor under pressure. Poised and confident with the ability to transcend cultural differences. Excellent team building skills while thriving in deadline-driven environments. Able to install security software and network monitoring essential for advanced cyber-attacks scenario which it has dramatically increased and became more sophisticated.

Accomplishments
 Worked with company systems and solved many cyber Security cases and diligently completed all assigned tasks, working overtime as needed.
 Delightfully honored to defend the infrastructure from any cyber-attack in 4 years.
 Certified in Fraud and anti-money laundering and counterterrorism financing act.
 Designed and Implemented ArcSight Express with EPS=750 on S.E.A IT Company.
 Designed and Implemented ArcSight Express, Logger, ArcMC with EPS=2500 based on best practices and ArcSight hierarchy Topology on Private bank with over 560 branches.
 Designed and Implemented Tripwire Enterprise in private bank with over 200 nodes and S.E.A IT Company.
 Designed and Implemented the HIVE Project, Cyphon and  Scot for Security Incident handling and Response.
 Normalized all logs from various devices
 Wrote Incident handling and Incident Respond Procedure
 Wrote SOC Procedure to handle and Respond Security Events

Work Experience

Cyber Security Operation Center (CSOC) Manager, S.E.A,
March 21, 2017- July 12, 2019
o Coach, manage and develop staff by establishing clear goals, expectations and strategies for employee performance and career development.
o Works with International Cyber Security protection alliance Team to anticipate, identify and evaluate global risks that carry a significant risk to the enterprise.
o Manage relationship with external security vendors such as MSSPs to ensure service delivery meets SLAs and work closely to improve their efficiency.
o Develop and manage a robust documentation lifecycle.
o Experienced with the selection, implementation, and management of enterprise security technologies, including SIEM, anti-virus, anti-malware, DLP, IDS/ IPS, vulnerability scanners, configuration management, and encryption.
o Develops, documents and manages identification, containment and remediation strategies.
o Provides recommended courses of action to mitigate the risk associated with network intrusion attempts.
o Develops researches and maintains proficiency in tools, techniques, countermeasures and trends in computer and network security vulnerabilities.
o Determines the source and tools used in the course of network intrusion analysis.
o Guides recruiting, hiring, training, development, and retention of highly qualified employees to ensure the effective operation of the CSOC. Regularly communicates updates from the CSOC on incidents, emerging risks, and other issues that may impact the corporation's business operations, employees, or vendors. In a crisis, leads the CSOC's enterprise response.
o Daily collection of global, national and local intelligence utilizing various intelligence sources to produce a written daily/incident specific analytical report(s).
o Providing a centralized location for management, co-ordination and knowledge base contact, in particular for severe and critical incidents
o Perform supervisory/managerial responsibilities.
o As part of a cutting-edge security team the role will include broader security related responsibilities including projects and continuous improvements.
o Oversee implementation of new technologies within SOC and lead automation of monitoring administrative tools.

Cyber Security Incident Response Manager, S.E.A, August 23, 2017 – July 12, 2019
o Incident response and crisis management team management of logical and physical corporate incident lead team investigation incidents ranging from regulatory disclosure ,malicious software, lost PCs and abuse of corporate Company policies.
o Work with all levels of senior management, human resources, legal and technical staff to address incidents.
o Investigate fraud reports, policy violation activity.
o Audit review and response work with internal and external auditors to review audit concerns and respond

Senior Cyber Security Specialist, S.E.A, July 14, 2015- March 21, 2017

o Ensure security scanning and monitoring compliance
o Independently leads computer incident investigations, determining the cause of the security incident and preserving evidence for potential legal action
o Conducts research of emerging security threats
o Recommend enterprise information security standards – including management, operational, and technical security controls
o Analyze general information assurance-related technical problems and provide basic engineering and technical support to resolve these problems
o SCADA and IoT security strategy and planning
o Security review of encryption policies, sensor policies for IDS/IPS, Firewalls, web security gateway, logging
o Performed comprehensive investigations of cyber security breaches

SOC Project Consultant, S.E.A, 2015-2019

 Designing SOC structure for:
o Private credit institution (Main, backup and DR Site)
o Sanat o Madan bank
o Tejarat bank
o Parsian bank
o Khavarmianeh bank
o Iran-Europe bank
o Islamic Republic of Iran Broadcasting
o Telecommunication Infrastructure Company
o Mobile Telecommunication Company of Iran
o RighTel Communications

Cyber Security and Penetration Testing Trainer, 2010 – 2019
o Training and educating People in cyber Security, Information Security,
Security awareness for around 9 years in various organizations.

SIEM Engineer, S.E.A, August 23, 2015- July 12, 2019
o Formulated and configured Logger appliances and analyzed system
anomalies.
o Designed and developed ArcSight architecture components and
related upgrades.
o Prepared system plans and executed ArcSight architecture
modifications.
o Managed, upgraded and maintained operational data flows and
ArcSight platforms.
o Prepared and customized report templates and reviewed dynamic
content, rules, trends and Dashboard.
o Formulated security content data such as filters, reports, signature
and mapping.
o Analyzed ArcSight and related tools and resolved IT security
failures.
o Implemented and managed ArcSight ESM and Connectors at
multiple locations.
o Performs all administration, management, configuration, testing,
and integration tasks related to the Splunk, BigData/Hadoop,
ArcSight ESM and associated platforms to include content creation,
maintenance, and administration tasks
o Executed database tuning and troubleshooting processes and
updated configuration files.
o Coordinating and conducting event collection, log management,
event management, compliance automation, and identity monitoring
activities using the ArcSight ESM
o particularly security and networking devices (such as firewalls,
routers, anti-virus products, proxies, and operating systems)
o Develop, implement, and execute standard procedures for the
administration, content management, change management,
version/patch management, and lifecycle management of the
SIEM/Log Management platforms
o Support day to day event parsing and repairing of events that have
missing or incorrect information, create log source extensions, and
flow management

Cyber Security Analyst, Department Of Cyber Crimes,Latech ,
June 13, 2013- April 20, 2015
o Coordinated review of logs and user access data availability and
programs for both regular and privileged users.
o Assisted in the development and implementation of information
security policies, laws, standards, and processes for corporate
governance.
o Drafted and edited prevailing internal regulatory compliance laws on
email and network security.
o Recommended hardware and software upgrades and purchase
approvals to help secure the company’s valuable information and
prevent Distributed Denial of Service (DDoS) attacks.
o Educated the employees on the procedures to be followed should
they be faced with such individual attacks.

 Cyber Security Specialist, Iranian Red crescent organization,
May 13, 2011-April 29, 2012
o Provide cybersecurity and risk management expertise for
various initiatives and programs

Assistant Cyber Security Officer, Arta Network Company,
May 13, 2011-April 29, 2012
o Conducted initial reviews of audit logs pertaining to critical
information systems encompassing review of weeklygenerated reports and identification suspicious activities.
o Coordinated and delegated security assurance activities to
subordinates; main tasks involved identification and
gathering of evidences to verify compliance to approved
security baselines for various operating systems and internal
server databases.

English Translator, Islamic Azad University-Science and Research Branch-Tehran, 2006-2010

EDUCATION

Azad University, Science and Research Branch-Tehran-Iran
o Bachelor’s Degree Program in Physics (full time)
o Admitted in October 2006,Date of Graduation: February 2011
Shahid Beheshti University – Researcher In Econophysics , 2009 -2010

IPM – Institute for Research in Fundamental Sciences, 2010
o Quantum cryptography

Courses I Successfully Passed
o ArcSight ESM Security Analyst-AESA (ELearning-HPE Software University)
o Arcsight Security Solutions-ATP (Virtual Class-HPE Software University)
o ArcSight ESM 6.0 Administration (ELearning-HPE Software University)
o ArcSight SmartConnector Foundations & Tool Kit (ELearning-HPE Software University)
o ArcSight Building Active Rules in ESM (Virtual Class-HPE Software University)
o ArcSight Logger 6.0 Administration and Operations (ELearning-HPE Software University)
o Fortinet-Fortianalyzer Administration (ELearning)
o Tripwaire Enterprise Foundation Student Track (Virtual ClassTripWire Learning Center)
o Tripwaire Enterprise Foundation Administration Track (Virtual Class- TripWire Learning Center)
o Tripwaire Enterprise Foundation Security Track (TripWire Learning Center)
o CISSP (Certified Information Systems Security Professional)
o Fraud and anti-money laundering and counter-terrorism financing act
o SOC (Security Operation Center) (Sans 503,511)
o CEH V8.0 (Certified Ethical Hacker)
o ITIL Foundation V3.0
o CCNA-CCNP (Routing&Switching)
o Penetration Testing With Kali
o Vast knowledge and experience in handling IT processes
and functions, industry frameworks and compliance
regulations such as , ISO 270001, ISO 27002, ISO 27035,… .
o Great interpersonal, analytical and communication skills.
o Intermediate skills associated in computer programming, software, and applications.
o Security Information and Event Management (SIEM) like ArcSight Security Platform,Splunk ,TripWire Enterprise.
o Familiar with EnCase , SolarWinds NPM, Fortinet FortiAnalyzer, Carbon black
o PCI
o ITIL Certification
o Cyber Crime
o PMP MSP
o CISSP

REFERENCES
‘Ridiculously efficient’ is the phrase that comes to mind when I think about Behnam.” It was fantastic to work with Behnam who was an exceptional person. His hands-on approach to career coaching, motivational speaking and consulting and powerful personality won him the respect of the staff. Loyal,
insightful and independent .very positive attitudes towards work. As a team member or a leader, Behnam earns my highest recommendation.

S. Alireza Nikzad, Information Security Specialist, CISSP

Behnam is motivated, forward thinking and intelligent person who has lots of knowledge in Cyber Security field. His exceptional work flow, skills and ability to handle projects are known very well in company. It is an amazing that I am still his friend and had this opportunity to work with Behnam for 2 years. Arash Ramez, Software Security Specialist