Hud Daannaa

Experience

• 

  First October Network Academy (Ghana)

  Jan 2012 - Mar 2014

  Systems/ Network Security Technician

  [+] Setting up and Configuring Microsoft Windows 2003/2008 servers, maintaining, patching, updating, and troubleshooting of operational systems. [+] Strong knowledge of the ICT infrastructure (operating systems, Networks, hardware, databases, etc.) used within own organization. Implementation and management of DHCP, DNS, Active Directory and Group Policies. [+] Working within a team to maintaining and administer perimeter security systems such as firewalls and intrusion detection systems.[+] Revision of the internal network protection, conduct device audit log review and perform network vulnerability scans. Show less

• 

  ADMINTELECOM ACADEMY

  Jun 2014 - Nov 2014

  Fiber Optic and Transmission Technician (Networking)

  [+] Excellent understanding of the Fibre Optics Technology and also attained hands-on training on Fibre Optics Splicing and Testing using OTDR and Fusion Splicer equipment.[+] Monitoring of construction activities, fiber splicing, and termination; Assembly of, installs, and /or tests transmission equipment channel banks, channel service units (CSU), digital service units (DSU), modems, routers, etc.[+] Fibre Optical transmission theory and basic concepts of light and light transmission through the optical fiber. System attenuation Microbending, temperature & alignment, Fresnel reflection, numerical aperture.[+] Fibre Optic Cable types & specification. And also fibre cables for specific applications, cable construction, OM1, OM2, OM3, OS1, specification & management.[+] Tooling & fiber preparation, Hand tools, microscopes, polishing tools, stripping & cleaningFibre connectors & termination.[+] ST, SC & S.F.F connectors, epoxy, pre-filled & anerobictermination, common usage, termination procedures. Show less

• 

  Ministry of Communications and Digitalisation

  Sept 2014 - Sept 2015

  Systems Support Engineer

  [+] Setting up operating systems, applications and ensuring that all jobs are properly scheduled on daily basis.[+] Installations, configurations and troubleshooting of computers, Cisco switches & routers, access points and bridges. [+] Providing both 1st and 2nd line IT technical support queries and maintaining a high degree of customer service.[+] Identifying and resolving IPS and IDS issues; ability to monitor and analyze Network Packets and Security Event Logs.[+] Strong knowledge of IT strategy development and effective IT operational delivery.[+] Able to work freely and provide own motivation, communicating skills and build a solid and effective senior staff relationship. Also brings the superiors up to speed on the information security threat landscape.[+] Participating in a multifunctional team by rendering technical Solutions that delivering operational functions on a broader scale. [+] Implementing a clear outline for identifying and communicating security incidents the takes place within the organization. Show less

• 

  First October Network Academy (Ghana)

  Sept 2015 - Aug 2016

  Systems/ Network Security Engineer/ Penetration Tester

  [+] Theoretical and practical knowledge of Well-known networking protocols (services), attacks, exploits and vulnerabilities.[+] Strong networking experience with switches, routers, protocols, services and network programming.[+] Experience in Unix/ Linux server administration (Fedora and Debian), package management, configurations, and maintenance of services such as SSH, SAMBA, IPTables, system logging, Access control lists etc. Also, familiar with a broad range of open-source software.[+] Experience in working with coding languages (scripting knowledge) and the ability to automate processes/ tasks (e.g. Python). Sound knowledge in encryption and Authentication technologies.Selection and implementation of security tools, policies, and procedures in combination with the security team.[+] Experience with Packet analysis and security tools like Nmap, Wireshark etc. to monitor for emerging threat patterns and vulnerabilities.[+] Establishing communication, presentations and the ability to build relationships with internal/external clients. By managing and handling customer and client situations, requests and questions over phone, e-mail in a timely and detail-oriented manner to resolve information security related situations. Show less

• 

  Independent Consultant/Professional

  Nov 2016 - now

  Cyber Security Researcher | Tool Developer & Penetration Tester

  SCOPE: Security Framework design| ASM (Vuln management & Pen-Testing) | SIEM | EDR (Threat hunting & detection) | CTI (Threat Intelligence Engineering & Analysis) [+] Projects sources: (A contributor to cyber security opensource & Capture the flag (CTF) committees)---[+] Sample projects available on: http://www.daannaa.space/porter.htm[+] Security projects available on GitHub: https://github.com/huddaannaa[+] CTF's Pen-Test walk-throughs at Vulnhub.com available on: www.huddaannaa.blogspot.com---NOTE: REVIEW LINKEDIN PROJECTS SECTION---Other services include:1. Researching, designing and the development of cyber security tools 2. Creating course content on the respective fields of expertise and training--- Show less

• 

  Business.daannaa.space

  Nov 2017 - Nov 2018

  Cyber Security Consultant / Penetration Tester

  [+] Free-lance/Contractor[+] Teaming up with developers as a security consultant to implement application security with respect to the OWASP and other security-related issues in the SDLC of given projects.[+] Carrying out penetration tests, drafting detailed reports and performing information security gap analysis, risk assessment reports on security weaknesses, outlining possible business risks, and drafting recommendations/ controls.[+] Working closely with course teams to deliver guest lectures in cybersecurity to support learning, teaching, and assessment of professionals and undergraduate level students. Show less

• 

  Maguire LLC

  Nov 2018 - now

  SCOPE: ASM (Vuln mangmnt & Pen-Testng) | SIEM (Security data-lake design & develpmnt) | EDR/XDR (Threat hunting & Detection) | CTI (Threat Intelligence Engineering & Analysis) | SOAR (Playbook design & development) etc.RaptorX - EDR|XDR|SIEM - Lead engineer for design, Implementation, development, operation & training Managing a team of resident engineers to deliver, highest security cleared projects for entities like:> Top Investment Firms(UAE)> National Cloud Providers(UAE)> Multiple (National) Data centers(UAE)> Government sectors (Ministries-UAE) Key responsibilities (Lead SOC Architect/Engineer - R&D):[+] Designing and implementing security architectures and strategies for the SOC. Leveraging areas that highlights strong understanding of security operations, CTI,SOAR,SIEM etc. to help meet an organization's needs.[+] Providing guidance and mentoring on day to day working activities. Preparing training modules and delivering knowledge transfer sessions for clients and team members[+] Development and the implementation of security policies and procedures to ensure that the SOC operates effectively and efficiently, and that all security incidents are handled appropriately.[+] Selecting and implementing security technologies and tools for the SOC or having to design, develop and build these tools from the ground up[+] Training and mentoring SOC staff, analysts, engineers, and administrators, to ensure that they have the necessary skills to operate the SOC effectively.[+] Managing SOC operations, by overseeing security events, analyzing security data, and responding to security incidents.[+] The Ability to stay up-to-date with the latest security trends and technologies to ensure that the SOC is using the most effective security tools and strategies.[+] Conduct thorough testing and validation of SIEM solutions, continuously improving their performance and effectiveness.VISIT PROJECTS FOR DETAILS Show less SIEM (Security data-lake design & development) | EDR/XDR (Threat hunting & detection) | CTI (Threat Intelligence Engineering & Analysis) | SOAR (Playbook design & development) etc.[+] Developed custom penetration testing tools and wrote custom Metasploit modules. resource scripts and auxiliaries. Also performed network and application testing with solutions like, Burp, App Spider, Metasploit pro, Tenable SC/IO, OWASP ZAP. etc.[+] Monitoring information security alerts though the use of a SIEM to triage, mitigate, and escalate issues as needed while capturing essential details and artifacts. Ability to utilize sensor data and correlated logs containing IDS/IPS, AV, Windows events, proxy, and similar data to establish context and to rule-out false positives.[+] Gathering and analyzing open-source intelligence (OSINT), deeply understanding threat actors, their tactics, and operations, to produce and refine intelligence reports, overseeing vendor relationships, and monitoring global threat initiatives.[+] Staying updated on advanced threats, actively seeking out potential risks, and ensuring proactive responses within the organization. [+] Collaborating to boost team intelligence efforts, recommending innovative solutions, and testing new security technologies.[+] Lead security projects as needed while maintaining and improving set incident management standards and documentation[+] Develop incident response playbooks and investigate and identify, authenticated violations from a data-lake or some given SIEM solution. Utilization of security tools, such as a SIEM, AV, scanners, proxies, WAF (policies rules, process and workflow), IDS or forensics tools.FIND BELOW AN ATTACHED LINK TO A SAMPLE TOOL DESINGED, DEVELOPED & IMPLEMENTED: Show less ASM (Vuln management & Pen-Testing) Responsibilities:[+] Conducting regular vulnerability assessments on systems, software, and networks.Identify, categorize, and prioritize vulnerabilities in our digital assets. Collaborate with IT teams to ensure timely patching and mitigation.[+] Planning and executing penetration tests on applications, networks, and systems.Emulate cyber-attack scenarios to identify potential weaknesses before malicious actors do. Document findings and provide actionable recommendations for mitigation.[+] Continuously monitor and map the organization's digital attack surface. Identify and mitigate risks stemming from exposed digital assets.Collaborate with development and IT teams to reduce unnecessary exposure.[+] Producing clear and concise reports on vulnerabilities, pen-testing outcomes, and attack surface assessments. Present findings to both technical and non-technical stakeholders, advocating for necessary changes.[+] Guide and mentor junior team members in best practices and methodologies. Stay updated with the latest cybersecurity trends, tools, and best practices, and impart knowledge to the team.Stakeholder Collaboration:[+] Collaborate with different departments to integrate security measures into all aspects of the business.Engage with external vendors and partners to ensure third-party solutions adhere to the organization's security standards. Show less

  • Manager - Cyber Security Architect | (SOC-BIGDATA) Specialist

    Nov 2020 - now

  • Snr.CybersecurityEng. | Lead (Sec. DataLake & Tool Integrator | Threat Detectn.&Intel Specialist)

    Nov 2019 - Nov 2020

  • Lead Cybersecurity Eng. (Vuln. Analysis & Pen Testing- ASM [Attack Surface Management])

    Nov 2018 - Nov 2019
• 

  Middlesex University Dubai

  Sept 2023 - now

  Lecturer

  Faculty Of Computer Engineering and Informatics - Cyber Security[+] Digital forensics |DFIR (Digital incident scene investigation)[+] Computer security & Ethical hacking