Munir Yahaya
Mississauga,ON
Summary
Information Security Specialist with passion for aligning security architecture plans and processes with security standards and business goals. Extensive experience developing and testing security framework for cloud-based software. Versed in robust network defense strategies.
Overview
7
7
years of professional experience
1
1
Certification
Work History
Senior Information Security Analyst
Sterling Bank NG. (Remote)
01.2023 - 03.2024
- Dynamic and strategic leader with a proven track record in information security, adept at navigating fast-paced, agile project environments
- Demonstrated expertise in developing comprehensive security policies, conducting regular assessments, and leading security audits
- Developed and administered comprehensive security policies and procedures, conducted regular security assessments, and led security audits to ensure compliance with security policies and regulatory requirements
- Provide expertise on cloud infrastructure and security architecture to other IT and business teams
- Demonstrated expertise in utilizing Cisco AnyConnect as a Zero Trust solution and Azure Information Protect for data classification and protection
- Examine new data, simplify it into user-friendly documents for different roles, and fully adapt to a fast-paced, agile project environment
- Led the design and implementation of secure architecture for critical applications, ensuring data integrity and confidentiality
- Managed third-party bug bounty program, effectively triaging issues, responding to researchers, and tracking reported vulnerabilities
- Investigated information security events for potential security incidents
- Provide support of information security and privacy incidents which may have potential impact to the organization
- Responsible for leading and managing the SOC team and activities
- Audit internal IT controls to make sure internal controls are sufficient to detect or prevent risks of material misstatements
- Conducted Proof of Concepts amongst multiple vendors in order to acquire and implement a DAST and SAST solution on the infrastructure
- Key member of the Change Approval Board (CAB)
Lead Cybersecurity Forensic Auditor
United Bank of Africa, Lagos, Nigeria
08.2022 - 12.2022
- As the Lead Cybersecurity Forensic Auditor at UBA, I conducted in-depth security and privacy investigations, addressing data security matters including breaches and fraud
- I executed technology controls testing, ensuring compliance with industry standards such as ISO, GDPR, and PCI DSS
- Conduct security and privacy investigations in response to data security matters, which may include ongoing breaches and fraud
- Executed assigned technology controls testing using general methodology in accordance with established procedures to perform, analyze, document and report results of all assigned engagements
- Ensured compliance with industry standards and regulations, including ISO, GDPR and PCI DSS
- Prepare, submit, and discuss control testing reports with my manager
- Aggregate and monitor testing results for trends and escalate concerns to the appropriate levels of leadership
- Validate that control weaknesses identified through testing are tracked, evaluated, prioritized based on risk, responded to, and closed
- Contribute data for audits (internal and external) and offer support as needed.
Application Security Analyst
First City Monument Bank, Lagos, Nigeria
07.2020 - 07.2022
- As an Application Security Analyst at First City Monument Bank, I conducted penetration testing on over 500 applications, performed security tests on various platforms, and probed for vulnerabilities
- I utilized various testing methods to identify potential exploits in security systems and conducted comprehensive network and system security audits
- I also carried out physical assessments of servers, systems, and network devices to ensure robust security
- Conducted application security penetration testing on 500+ applications
- Perform security tests on the network, web-based/mobile applications, and computer systems using different techniques and tools to try to break into security-protected applications and networks to probe for vulnerabilities
- Use testing methods to pinpoint ways that attackers could exploit weaknesses in security systems by conducting network and system security audits, which evaluate how well the organization’s system conforms to a set of established criteria
- Conduct physical assessments of servers, systems, and network devices security
- Delivered security training to board members and employees using Knowbe4
- Implemented an Imperva WAF (Web Application Firewall) as the IDS/IPS solution to monitor network traffic, prevent cyber-attacks, and protect web applications from common web exploits.
Security Incident Monitoring Analyst
Union Bank of Nigeria, Lagos, Nigeria
01.2017 - 06.2022
- In my role as the SOC team member, I worked with skilled team of professionals, including Tier 1 and Tier 2 SOC Analysts, Incident Handlers, Security Engineers, and Infrastructure Security experts
- We are collectively responsible for securing over 10,000 digital assets across 19 subsidiaries
- My duties include tracking and managing vulnerability remediation, ensuring comprehensive protection, and swift response to emerging security threats
- Monitored network and system security, analyzed logs, and identified cyber threats, leading to the rapid containment of security incidents
- Investigated and reported attempts to circumvent security protocols and conducted forensic investigations as necessary
- Investigate security incidents and fraud to determine root cause and recommend measures for mitigation
- Responsible for comprehensive management of cybersecurity awareness data analytics, including the administration of a phishing results dashboard
- Vulnerability Remediation Tracking: Oversaw the tracking and remediation of identified vulnerabilities across the organization using Qualys Guard and InsightVM
- Risk Assessment & Information Classification: Managed risk assessments and information classification using Azure Information Protect
- Executive Reporting: Prepared and presented detailed executive summary and technical reports
- Vendor Engagement: Conducted vendor engagement and proof of concept testing for security solutions
- Security Advisory and Threat Intelligence: Provided security advisories and engaged in cyber threat intelligence using MITRE and OTX frameworks.
Education
Electrical & Electronics Engineering -
Federal University of Technology, Yola, Adamawa State
01.2014
Skills
- Strategic Leadership: Demonstrated ability to lead and inspire teams towards achieving security and business goals
- Team Management: Proficient in managing diverse teams, fostering collaboration and skill development
- Decision-Making Under Pressure: Capable of making informed decisions quickly in high-pressure situations
- Advanced Problem-Solving Skills: Exceptional ability to analyze complex security issues and develop effective solutions
- Effective Communication: Skilled in articulating technical concepts to non-technical stakeholders
- Adaptability: Agile in adapting to new technologies and changing security landscapes
Certification
- ISACA: Certified Information Security Auditor (CISA)
- ISC2: Certified Cybersecurity (CC)
- EC-Council: Certified Ethical Hacker (CEH)
- Certified AppSec Practitioner (CAP)
- ITIL Foundation Certificate
- QRadar SIEM Advanced Training
- ISO 27001 Lead Implementer Training (Training)
- AWS Security Architect (Training)
- Data Privacy & Data Impact Assessment (Training)
- Azure 900 (Certification)
Languages
English (Native or Bilingual Proficiency)
English
Native or Bilingual
Additional Competencies
- SAST and DAST testing: effectively implemented these testing strategies throughout various stages of the software development lifecycle.
- ISO 27001: comprehensive experience in implementing and maintaining ISO 27001 standards.
- Agile Environment: Proficient in working in Agile environments, adept at integrating cybersecurity considerations into CI/CD Pipelines.
- Cyber Security Leadership: Leadership in security team management and strategic security program development.
- Software Composition Analysis (SCA): effectively tracking and analyzing open-source components in projects.
- Strategic Security Planning: Proficiency in creating and implementing comprehensive security strategies.
- Penetration Testing: Extensive experience in vulnerability assessment and system hardening.
- Incident Analysis & Response: Effective management of security incidents with rapid response capabilities.
- Web Application Security: Expertise in securing web applications against diverse cyber threats.
- Vulnerability Management: In-depth knowledge in identifying, evaluating, and mitigating system vulnerabilities.
- Antivirus: Proficient in managing antivirus software, specifically Cortex XDR and CrowdStrike, to ensure robust endpoint security.
- Security Operations Centre Engineering: Experience in designing, implementing, and managing SOC environments.
- Zero Trust Technology: use zero trust principles to plan industrial and enterprise infrastructure and workflows such as Cisco AnyConnect.
- Firewall: Skilled in firewall management and conducting comprehensive security reviews to safeguard network infrastructure.
- Advanced Security Technologies: Keeping abreast with the latest in AI-based security solutions and cloud security.
- Data Protection: Azure Information Protection (AIP) for data classification and protection.
- Tools: BurpSuite, Acunetix, Metaspoilt, Nessus, Wireshark, Control Testing, AWS, Azure, Truffle Hog.
- Technical Writing: Write for a variety of audiences, from non-technical end-users to developers, system administrators and integrators.
Personal Information
Title: Senior Information Security Officer
References
Available upon request.
Projects
ISMS Gap Assessment for ISO 27001 and PCI-DSS (2023): Led a comprehensive assessment, identifying key areas for improvement in information security management. Deployment SAST & DAST solutions for testing (2022): Successfully deployed and configured a SAST and DAST solution for DevSecOps processes. Threat Analysis and Risk Assessment for ATM Network (2022): Led a comprehensive threat analysis and risk assessment for the bank-wide ATM network, identifying potential vulnerabilities and implementing mitigation strategies to ensure the security and reliability of the network. Implementation of Azure Information Protection for data classification and protection within the organization (2022) Vulnerability Assessment and Threat Modeling for Fintech Apps (2020-2024): Conducted vulnerability assessments and threat modeling for over 500 fintech apps, identifying potential security risks and implementing robust security measures to protect sensitive financial data. Security Assessment for Credit Card Production (2021): Led a security assessment for the bank’s card manufacturing equipment, identifying potential threats and implementing security measures to ensure the integrity of the bank’s card production process. Cyber Security Strategy Review Project (2020) - Team Lead: Directed the strategic overhaul of cyber security practices, aligning them with current industry standards. ISO 27001 Recertification Project (2019) - ISMS Team Member: Contributed significantly to achieving recertification, ensuring compliance with information security standards. Data Privacy and Protection Project (NDPR) (2018) - Data Protection Trainer: Played a key role in enhancing data privacy and protection measures.
Timeline
Senior Information Security Analyst
Sterling Bank NG. (Remote)
01.2023 - 03.2024
Lead Cybersecurity Forensic Auditor
United Bank of Africa, Lagos, Nigeria
08.2022 - 12.2022
Application Security Analyst
First City Monument Bank, Lagos, Nigeria
07.2020 - 07.2022
Security Incident Monitoring Analyst
Union Bank of Nigeria, Lagos, Nigeria
01.2017 - 06.2022
Electrical & Electronics Engineering -
Federal University of Technology, Yola, Adamawa State