🚀 Projects
Things I've built and contributed to, sorted by date.
OT/ICS Cybersecurity Governance Revamp Initiative
📅 Nov 2025Spearheaded the end-to-end redesign of the OT cybersecurity governance framework for a global leader in the oil & gas industry. Developed and implemented a holistic OT Cybersecurity Management System (CSMS), integrating requirements from IEC 62443, NIST CSF 2.0, Shell DEP, and ISO 27001/22301. Authored critical governance documents including Cybersecurity SoA, specifications, procedures, and guidelines. Implemented a continuous monitoring and assurance program with traceable KPIs/KRIs across three lines of defense. Closed all LoD2 findings and established a validated governance structure for Levels 0–3.5 infrastructure, ensuring audit readiness.
OT/ICS Cybersecurity Patch Management Framework – PCD Governance Enhancement
📅 Sep 2025Contributed to a cybersecurity governance enhancement initiative for a major oil & gas company's Process Control Domain (PCD). Redesigned patch management specification, procedure, and guideline to align with ISA/IEC 62443-2-3. Developed comprehensive lifecycle guidelines covering identification through deployment and verification. Established a risk-based patch prioritization framework and a formal Patch Management Committee. Implemented compensating controls for legacy systems and created measurable KPIs for patch management effectiveness.
Cybersecurity Compliance Assessment and Roadmap – Highspeed Railway
📅 May 2025Conducted a comprehensive assessment of Operational Technology Cybersecurity Controls (OTCC-1:2022) compliance for High-speed Railway critical infrastructure. Evaluated security measures against Saudi Arabia's NCA standards (ECC, OTCC, CSCC, TCC, OSMACC) and mapped controls to ISA/IEC 62443 and NIST. Identified gaps in network segmentation, vulnerability management, and incident response. Enhanced cybersecurity posture by ensuring adherence to OTCC governance, defense, and resilience domains.
Petrochemicals Facility Security Architecture Assessment for IT, ICS/OT
📅 Apr 2025Conducted a comprehensive security architecture assessment for a major global petrochemical facility including a Mixed Feed Cracker (MFC) and downstream polymer units. Reviewed deployed IT/ICS systems, physical security controls, and asset inventories. Assessed networks, software, and systems for compatibility, scalability, and lifecycle risk. Compared facility cybersecurity posture against Aramco standards (SACS, SAEP, SAES) to identify conflicts and gaps. Examined ERP/IT/OT readiness and Digital Strategy alignment with security requirements.
IT Cybersecurity Governance, Risk and Compliance Assessments
📅 Jan 2025Conducted a comprehensive cybersecurity GRC assessment to evaluate security program maturity, identify gaps, and ensure alignment with regulatory requirements. Performed gap analyses against NIST CSF, ISO 27001, and CIS Controls. Developed risk assessment methodologies to identify and evaluate threats to critical assets. Reviewed security policies, governance structures, and technical controls. Presented findings and strategic roadmaps to executive leadership.
Enterprise Risk Assessment using NIST CSF & ISO 27001
📅 Nov 2024Conducted an enterprise-wide risk assessment leveraging NIST Cybersecurity Framework and ISO 27001 to evaluate security posture, identify vulnerabilities, and develop a prioritized remediation roadmap.
Information Security Audit – Leading Trading Company in KSA (FY 2024)
📅 Nov 2024Conducted a full-scope information security audit for a leading trading company in Saudi Arabia, evaluating security controls, compliance posture, and risk exposure across IT infrastructure and business processes.
Information Security Review
📅 Feb 2024Conducted a comprehensive IT security audit and vulnerability assessment across web servers, ERP servers, database servers, IVR servers, email servers, VPN servers, and network devices (routers, switches, firewalls, access points). Performed hardware capacity review and evaluated BCP/DRP solutions.
IT Control Assurance and ISMS Readiness
📅 Feb 2024Led IT control assurance and ISMS readiness assessment to evaluate the design and operating effectiveness of security controls and prepare the organization for ISO 27001 certification.
ISMS Implementation – Leading Firm in KSA
📅 May 2023Led end-to-end implementation of an Information Security Management System (ISMS) aligned with ISO/IEC 27001:2022 for a leading firm in Saudi Arabia, covering policy development, risk treatment, and certification readiness.
Information Security Audits – Financial and Power Sectors
📅 Jan 2023Performed information security audits for multiple clients in the financial and power sectors, evaluating compliance, control effectiveness, and security maturity against industry standards.
Dockerize a Java Web Application using docker-compose
📅 Jan 2022Deployed a Java application stack (Nginx, Tomcat, MySQL) using docker-compose, containerizing the full web application for consistent and portable deployment across environments.
Deployed Java Application on AWS 3-Tier Architecture
📅 Dec 2021Deployed a scalable, highly available, and secured Java application on AWS using a 3-tier architecture, providing public internet access with proper network segmentation and security controls.
Lambda Function for Weekly EC2 AMI Backup
📅 Jul 2021Built an AWS Lambda function to create weekly EC2 AMI backups of all instances running in the US-east-1 region and automatically delete AMIs older than 30 days, reducing storage costs and ensuring recovery point availability.
Travel Booking Site – Containerization and CI/CD
📅 Apr 2021Containerized a travel booking website with Docker and Docker Compose. Wrote unit and integration tests with RSpec, Capybara, and Selenium. Deployed to AWS cloud with Terraform and authored a Jenkinsfile to build, test, and deploy the application automatically.
BMI Calculator – Kubernetes on Oracle Cloud
📅 Jan 2021Built a React Hooks BMI calculator app with 7-day LocalStorage persistence and containerized it for deployment on Oracle Cloud using Kubernetes. Used Jenkins for CI/CD to automate the build, test, and deploy pipeline.
Explore California – Kubernetes on AWS EKS
📅 May 2020Migrated the Explore California site from AWS VMs into containers via Kubernetes. Used Make to automate Docker startup and authored a Helm chart for local deployment with Kind. Deployed to AWS Elastic Kubernetes Service (EKS) using AWS Elastic Container Registry (ECR).
Impact Assessment – ILO Capacity Building Workshops
📅 Oct 2011Conducted an impact assessment of ILO Capacity Building Workshops for constituents and humanitarian community on Job-Centered Crises Recovery & Decent Work, for the International Labour Organization.
TAF Madrassah Baseline Study – The Asia Foundation
📅 Aug 2011Led baseline study for The Asia Foundation's TAF Madrassah project, designing data collection methodology, managing field research, and compiling findings for organizational reporting.
EoP Evaluation – Activating Media in Combating Child Labour (ILO)
📅 Aug 2011Conducted End-of-Project evaluation for the ILO initiative 'Activating Media in Combating Child Labour', assessing program effectiveness and documenting outcomes for the International Labour Organization.
Mid-Term Evaluation – Pakistan TB ACSM Interventions (Mercy Corps)
📅 Jun 2011Conducted training for data collection and mid-term evaluation of ACSM interventions across all provinces of Pakistan for Mercy Corps International and The Global Fund Consolidated Program TB component.
Effectiveness of SMS as a Marketing Tool (MBA Dissertation)
📅 Feb 2011MBA dissertation investigating the effectiveness of Short Message Service (SMS) as a marketing tool from a consumer perspective. Presented at the 3rd International Applied Business Research Conference, IIUI, Islamabad.
Relationship Marketing Plan – Digital Logic, Islamabad
📅 Jul 2010Developed a comprehensive relationship marketing plan for Digital Logic, Islamabad, outlining strategies to build long-term client relationships and improve customer retention.