Nawaz Ahmad
Details
● Managed and strengthened the organization's Vulnerability and Risk Assessment Program by conducting multiple types of (Operating Systems, Networks, Compliance, and Web-Application) scans. Provided technical guidance to various stakeholders for risk mitigation.
● Led and coordinated the Incident Response process, including identification, verification, and mitigation of security risks, threats, unauthorized access, and violations.
● Optimized Intrusion Detection and Prevention systems, enterprise anti-virus systems, Security Information and Event Management (SIEM) and other security tools to increase threat detection and
response capabilities.
● Improved compliance with industry standards by developing and implementing security policies, firewall rules, and procedures for data, software applications, hardware, and telecommunications.
● Drove an organizational culture focused on security awareness and best practices by partnering with technology departments to mature the infrastructure/network, enterprise applications, and data technology divisions. Support development of business-relevant metrics and key performance indicators.
● Developed, operated, and optimized intrusion detection and prevention systems, enterprise anti-virus systems, Security Information and Event Management (SIEM), firewalls, and various types of vulnerability scanners tailored toward the organization in order to provide best security posture.
● Established Standard Operating Procedures (SOPs), provided complex technical oversight, and enforce security directives, orders, policies, and procedures.
2019 : Present
Devis
Sec Ops Leader & Information Security SME, Department of State
Provided quality assurance, quality control, and satisfied deliverables per DHS ESOC statement of work requirements. Directed ongoing monitoring and analysis activities of security incidents affecting DHS's shared incident response tracking systems and activities performed by each Component SOC of DHS (CBP, TSA, FEMA).
● Led and managed a team of 50 analysts, SMEs, and engineers, supporting the resolution of cyber incidents, weekly project actions, and implementation of new technologies.
● Devised strategies to analyze highly complex cyber security and network events, leading to recommending action plans for SOC staff, including both contractor and government personnel.
● Primary responsibility included providing guidance, coordination, and direction for ongoing monitoring and analysis activities to security incidents that affect DHS’s shared incident response tracking systems and activities performed by each Component SOC of DHS (CBP, TSA, FEMA, etc.)
● Reduced overall risks and incidents by presenting findings and recommending remediations and updates regularly to government floor managers and watch officers.
● Increased contract renewal rates by maturing contract deliverables, providing KPIs, supporting 24/7 floor operation center scheduling, and leading project management of various implementations and assignments.
2018 : 2019
Leidos
Enterprise SOC Project Manager, DHS Enterprise SOC
Devised and led the information security risk assessment process, including reporting and oversight of security incidents, remediation efforts to address negative offenses, intrusions, and management of outside assessors.
● Directed and managed direct reports, focusing on establishing a high-performance culture by completing performance reviews, goal setting, & hiring activities.
● Strengthened the protection of corporate and federal assets by providing real-time decisions in response to information security incidents and implementing countermeasures to prevent further damage.
● Enabled informed decision-making at the executive level by providing regular updates and presentations to upper management on security events, KPI trends, vulnerability analysis counts, incident response resolutions, and lessons learned to mitigate the risk of future attacks.
● Optimized staffing levels and increased program efficiency by maturing staffing counts and projecting budget deficiencies for IBM's SOC program to hire additional security analysts to meet the demand for SOC services.
● Ensured Security tools, Standard Operating Procedures (SOPs), Policies, Procedures, and other documents were constantly tuned and maintained.
2016 : 2018
IBM
Security Operation Center Manager – IBM Cloud
Supported fundamental and mission-critical defense services and systems by working with the FBI to develop solutions for high-stakes national security missions.
● Installed, configured, and optimized security tools, including HP ArcSight Logger and ESM, AppDetective, DBprotect, McAfee Vulnerability Manager, Nessus, Hailstorm, and similar security tools.
● Delivered a significant reduction in security incidents by identifying and establishing action plans for associated alerts and malicious incidents to mitigate potential financial and reputational damage.
● Engineered, implemented, and optimized a comprehensive security operation that met all FISMA and NIST requirements, leading to an audit and compliance certification for the FBI.
● Served and collaborated on a multi-disciplinary team to ensure 99.9% availability of mission-critical applications to support the FBI's goals.
2016 : 2016
General Dynamics Mission Systems
Senior Security Systems Engineer, FBI, Guardian Contract
Served as vulnerability and risk management SME and senior consultant for U.S Census Bureau.
●Created, managed, and maintained POA&M items as per risk management framework and organization's security policies to meet dictated compliance.
● Mitigated and reduced critical and high risks and maintained a safe security posture by providing guidance and advice to various organization stakeholders.
● Deep dived into vulnerabilities to research and analyze root causes of risks to provide remediation.
2016 : 2016
Deloitte
Advisory Senior Consultant, Federal
About
Designing and leading comprehensive information security programs and strategies for F500 and Federal Government organizations is the hallmark of my 12-year career. As a forward-thinking strategist, I have built a proven track record for developing security policies, procedures, and guidelines that strengthen security postures, eliminate vulnerabilities, and optimize compliance. I have developed a passion for building high-performing security teams and partnering with executives and stakeholders across various departments to integrate security across the business. Regardless of the challenge, I remain committed to researching the latest threats and trends in the security landscape to position the company ahead of the competition.
I presently serve as the Sec Ops Leader & Info. Security SME, Department of State at Devis, guiding cross-functional teams at Refugee Processing Center. From 2018 to 2019, I was the Enterprise SOC Project Manager, DHS Enterprise SOC at Leidos, providing quality assurance, quality control, and satisfied deliverables per DHS ESOC statement of work requirements. I also previously worked as IBM’s SOC Manager, IBM Cloud, from 2016 to 2018. Other previous roles include Senior Security Systems Engineer for an FBI contract at General Dynamics Mission Systems and Advisory Senior Consultant for a Federal contract at Deloitte.
In addition to my professional achievements, I possess a Master of Science in Applied Information Technology – Cyber Security from George Mason University. Also, I hold several certifications, including CISSP, GCIA, CEH, and Sec+
Key Career Highlights:
⭐ Technical Leadership Expertise: Led a team of security analysts and engineers in a DevSecOps hybrid cloud environment to collaborate with cross-functional teams.
⭐ Cybersecurity Best Practices: Developed, implemented, and enforced security policies at the Department of State Refugee Processing Center.
⭐ Security Risk Identification & Mitigation: Managed various organizations/contracts i.e., the Department of State Refugee Processing Center, IBM Cloud, SRA International, Department of Commerce (Census Bureau)/Deloitte Contract, FBI/GDIT contract vulnerability management programs.
Core Competencies:
Information Security Strategy | Security Architect | Security Operations Center | Executive Management Team | App Security | IT Strategy | Cloud Security | Network Security | Incident Response | Business Stakeholder Management | Risk Assessment & Management | Cybersecurity Best Practices | Privacy & Data Protection | Change Management | Team Management | Metrics & KPIs
Profile Photo
