Portfolio

About me

Hi,
I am a Security Engineer and First Responder with over 2 years of experience supporting organizations in Saudi Arabia and the UK.
I specialize in enhancing security postures by designing tailored security architectures and implementing cutting-edge solutions that align with each organization’s structure and maintenance needs.

Skills

Strong understanding of networking and network protocols essential for securing infrastructures.
Solid knowledge of cybersecurity principles, common attacks, and effective detection methods.
Security Hardening: WordPress hardening, server hardening (Linux/Windows), and network hardening.
SOC & Monitoring: Experience with building and maintaining SOC infrastructure; proficient in log collection, analysis, and real-time alerting using Wazuh, Splunk, and Security Onion.
Network Security: Designing and optimizing firewall rules with pfSense; configuring and managing OpenVPN for secure remote access..
Cloud Security: Securing cloud environments and managing resources on AWS, including IAM, networking, and monitoring.
Cyber Threat Intelligence (CTI): Proficient with Threat Intelligence Platforms such as OpenCTI and MISP for gathering, analyzing, and sharing threat information. Skilled in creating and using YARA rules for threat detection.
Programming & Automation: Python and JavaScript for security automation and scripting.
Incident Response: Expert in rapid threat detection, analysis, and containment using digital forensics and SIEM tools to minimize business impact.
Communication: Strong ability to communicate technical concepts clearly and work effectively with cross-functional teams.
Advanced in English (C1).

Experience

security engineer | Cyberpedia

March 2023 – Present

At Cyberpedia, I was responsible for building and managing the security operation center to deliver SOC as a Service to various clients.
Also, I am responsible of improving the security of both internal systems and client infrastructures by leading hardening efforts across websites, servers, and networks.
During this process, I worked extensively with technologies like AWS for securing cloud environments, pfsense+OpenVPN+HAproxy to to design secure network architectures and implement precise access control and secure remote access.
setup and configure many security solutions Wazuh,Splunk,ELK SEIM for monitoring, log analysis, and threat detection.
I also performed WordPress hardening on multiple client sites, securing configurations and preventing common web-based attacks.
Additionally, I handled tasks related to securing Active Directory domains, and deploying Security Onion as part of SOC infrastructure.
These tools and others were integral to delivering effective and reliable cybersecurity services to a wide range of clients.

Certificates

Google Cybersecurity Certificate
Security engineer (TryHackMe)
SOC L1 (TryHackMe)
Certified Ethical Hacker (CEH)
Cyber Security Fundamentals (CYBER OPS)
Technical Support Fundamentals (Google)
Front-End Web Development (Presented by New Horizons)

Tools & technologies

Tools

security onion
Splunk+Wazuh+ELK
Wireshark
IDS/IPS (Snort)
Tenable Nessus

Technologies

AWS
cloudflare
pfSense
OpenVPN
HAproxy
OpenCTI
MISP

Contact me

Email: ramisharif@gmail.com

Phone: +963 994 288 642

LinkedIn: Rami Sharif

TryHackMe Badge

My Projects

install ModSecurity WAF on apache2 web server

installing ModSecurity WAF on apache2 web server and configuring it with OWASP 10 rules to block malicious traffic.

ModSecurity Apache2 Documentation

FIREWALL Simulation

built firewall simulation using python and scapy to block malicious traffic.

1-The IP address is extracted.

2-It is checked whether the address exists in the whitelist; if it does, the address is allowed.

3-If the address is in the blacklist, the packet is dropped, and a log is created using the log_event function.

4-The system then checks if the packet contains the Nimda worm pattern using the is_nimda_worm function; if it does, the packet is also dropped, and the event is logged.

5-The number of packets sent from the same address over a specified time period is calculated and compared with the THRESHOLD. If this number exceeds the threshold, the IP address is blocked and added to the blacklist to prevent DoS attacks. A log of the event is created afterward.

Python Scapy Code

Active diroctry project

Setting up a robust domain environment that aims to provide hands-on experience in IT administration, security, and threat detection.

Here's what I worked on:

1-Active Directory Setup: Configured a Windows Server 2022 as a domain controller, created user accounts, and managed group policies.

2-SIEM Implementation: Installed and configured Splunk on an Ubuntu Server to ingest and analyze security logs from Windows machines, with Splunk Forwarders installed on both Windows 10 and Windows Server.

3-Vulnerability Testing: Used Kali Linux to simulate attacks, such as conducting a brute force attack against a domain user, showcasing real-world attack scenarios.

4-Telemetry Analysis: Analyzed the telemetry data generated by my attack using Splunk to demonstrate my ability to detect and respond to security incidents.

5-Sysmon Configuration: Implemented Sysmon on both Windows 10 and Windows Server for enhanced logging.

6-Virtualization: Leveraged VirtualBox to create a safe and isolated lab environment for experimentation.

Why This Project Matters: This project is vital for my growth as a SOC Analyst. It has provided me with practical skills in setting up and managing an Active Directory environment and implementing a SIEM for security monitoring. By understanding attack vectors and analyzing security telemetry, I can better identify and respond to potential threats.

Key Takeaways:

-Gained hands-on experience with Active Directory administration and domain management.

-Learned how to set up a Splunk instance and ingest events from Windows servers.

-Developed red and blue team skills through practical application.

-Improved my troubleshooting abilities and confidence in technical skills.

Splunk Sysmon Active diroctry

Eye Mouse Control (Python)

A Python-based application that lets you control your computer’s mouse entirely with your eyes – no mouse, no touch, and no extra devices.

Python OpenCV MediaPipe PyAutoGUI Tkinter Code

Secure Network Infrastructure with DMZ Architecture

Designed and implemented a comprehensive network security solution for a large company using pfSense, HAProxy, and OpenVPN with DMZ architecture.

Project Overview:

Designed and implemented a comprehensive network security infrastructure for a large enterprise, focusing on secure access management and network segmentation. This project demonstrates my expertise in enterprise-level network security architecture.

Business Challenge:

The company required a secure network architecture that could handle two distinct types of services:

• Public-facing services (websites and user applications)

• Private internal systems (development environments, databases, admin dashboards)

Technical Solution:

Public Services (DMZ Architecture):

Implemented a secure DMZ where all public domains (app.example.com, blog.example.com, login.example.com) route through pfSense WAN interface. HAProxy performs SNI-based routing to distribute traffic to appropriate servers within the DMZ. This eliminates direct access to public servers - all traffic is controlled through pfSense firewall and reverse proxy.

Private Network (LAN):

Established a completely isolated internal network with no direct external access. Implemented role-based access control where developers and administrators connect via OpenVPN, then access resources based on their specific permissions defined in firewall rules. Developers have access only to development environments, while administrators maintain full system access.

Network Segmentation:

Created strict isolation between DMZ and LAN networks. When DMZ services require database access, specific firewall rules are implemented to allow only necessary traffic. All other cross-zone communication is blocked by default.

Security Benefits:

• Public services remain accessible while being protected through controlled access points

• Internal network is completely isolated from external threats

• Centralized monitoring and access control from a single management point

• Role-based access ensures users can only access authorized resources

pfSense HAProxy OpenVPN DMZ Network Security SNI Routing