Hamza is a Cloud Security Engineer at a Global Technology company. Prior to his current role, Hamza has also worked as a Senior Consultant at KPMG and a member of the Cyber Security team specializing in Cyber Defense and Incident Response. Hamza has more than 3.5 years of experience in the field of information & cyber security, network security, multi-cloud security (M365, Azure and AWS), threat hunting, vulnerability management (on-prem and CSPM), risk and threat assessments. Having previously worked at a Global SOC as both a Senior Analyst and Engineer, Hamza is able to bring a unique lens by having a robust and in-depth defensive / blue team background accompanied with a strong foundation in offensive / red team knowledge as well as practical experience to help fight cyber risk.

Hamza has a wide range of experience across several verticals and segments ranging from highly sensitive Government Agencies, Fortune-100 companies, large banks and hospitals, auto-mobiles, schools / universities, etc. Hamza has been responsible for providing world-class monitoring and immediate response to highly critical Priority 1 (P1) and Priority 2 (P2) incidents, forensic incident triage, conducting external and internal vulnerability assessments, security posture in-depth reviews such as cyber threat hunts, Active Directory Security Assessments (ADSA), gap analysis, and providing security recommendations to a wide range of audiences from executives to technical and non-technical department managers for public and private sectors.

In addition, Hamza has led several IR efforts for critical zero-days including (but not limited to) the SolarWinds and Kaseya VSA supply chain data breach, HAFNIUM Cyber Attack, Exchange ProxyShell, etc., hunting for IOCs and IOAs to determine if there is indication of breach, malware, suspicious artifacts, and other threats via data gathered from sensors.

1. Leading Nephrology Medical Health Provider – Highly Sophisticated Infection in AzureAD tenant: Led a major IR effort from start to finish for a total span of 7 days to mitigate two highly advanced and distinct active cyber-attacks in the clients AzureAD environment nailing down the obfuscated source as well as providing full remediation steps part of the Incident Response Report. This resulted in direct client satisfaction and further growth opportunities with client-partner relationship.
   

2. Construction Conglomerate Business Unit – Discovery of DNS Tunnelling via Threat Hunt: Performed a comprehensive threat hunt on a large enterprise network and discovered a major finding involving presence of covert DNS tunnelling at play by examining falsified NULL and TXT records, as well as DGAs in DNS responses to Command-and Control (C2) server. Presented the findings to the client’s HQ senior leadership team with detailed log analysis summary and remediation steps as well as a road map to achieve target cyber security posture with short, medium and long term strategies.
   

3. External and Internal Vulnerability Assessments: Performed routine monthly External Vulnerability Assessments (eVAs) – carefully reviewed client reports and criticality of discovered external vulnerabilities and public network services (such as potentially dangerous open ports, inbound/outbound traffic, traffic to/from interesting countries, account takeover risks) before sharing the report results. This also included Internal Vulnerability Assessments (iVAs) as well as various cloud sources review such as Azure, O365, Cisco Umbrella, DUO, Salesforce, AWS, G Suite, Okta weekly security review reports.
   

4. Architecture Review: Provided comprehensive log source analysis across the client network by making sure there are no blind spots and gaps in the security telemetry, as well as provided consultation on security controls to improve the security posture of client environment by having a core understanding of the network, security systems and/or cloud infrastructure.

Security Operations, Incident Response, Threat Hunting, Penetration Testing, Incident Triage, Cloud Computing, Risk Assessment, Vulnerability Management, Security Standards (NIST, ISO, CIS Benchmarks, OWASP), Privacy Legislation (PHIPA, PIPEDA, FIPPA, GDPR), Quality Improvement, Systems Integration, Project Management

1. Certified Red Team Professional (CRTP)

2. AWS Certified Solutions Architect

3. AWS Certified Cloud Practitioner

4. Microsoft Azure Fundamentals (AZ-900)

5. Microsoft M365 Security Administrator Associate (MS-500)

6. eLearnSecurity Junior Penetration Tester (eJPT)

7. CompTIA PenTest+

8. CompTIA Security+

9. CompTIA Network+

10. CompTIA Network Vulnerability Assessment Professional