Certifications
- eLearnSecurity Junior Penetration Tester (eJPT)
- CompTIA CySa+
- CompTIA Network+
- CompTIA A+
Trainings
- Splunk Fundamentals
- Immersive Labs (https://immersivelabs.online)
- Developed confidence and speed of incident response through real hands-on labs and cases in a gamified learning environment
- Performed detection, analysis, research, investigation and forensic activities for security events
- Investigated and remediated cyber attacks including DDoS, phishing, and malware infections
- Utilized full packet capture to re-create a security event, identify IOCs, and write custom IDS/IPS (SNORT) rules
- Cybrary - Become a SOC Analyst - Level 1 (81h 4m)
- Developed hands-on experience on topics such as threat intelligence, threat hunting, network monitoring, incident response
- Validated security controls by trying to break them (i.e. penetration testing)
- Developed skills in critical areas like log analysis and SOC Technologies including but not limited to: intrusion detection and protection devices, host based protection technologies, 0-day and APT technologies (sandboxing, behavioral monitoring, etc.), packet capture and meta data analytic systems, DLP technologies, email hygiene systems, etc.
- MITRE ATT&CK Training
- Course: “Using MITRE ATT&CK for Cyber Threat Intelligence”
- Course: “Using MITRE ATT&CK for Cyber Threat Intelligence”
- Pentester Academy
- Active member and student; perform training and hands-on lab exercises weekly that emulate real world scenarios to keep skills sharp and stay updated on new threats, TTPs, ATPs, and IOCs
- Active member and student; perform training and hands-on lab exercises weekly that emulate real world scenarios to keep skills sharp and stay updated on new threats, TTPs, ATPs, and IOCs
- INE: Penetration Testing Student
- Learned and practiced pen testing fundamentals including but not limited to: OSINT, Planning & Reconnaissance, Enumeration, Gaining Access/Exploitation, Post-Exploitation, Privilege Escalation, and Password Attacks. Regular labs + training
- Obtained and passed eJPT certification exam (August 2022)
- TryHackMe
- Reached top 5% of users within a few weeks
- Reached top 5% of users within a few weeks
Projects
Building a SIEM at Home: Cybersecurity Detection Lab with Security Onion IDS | 2022
- Developed vulnerable test environment for training and testing of various cyber capabilities
- Configured Security Onion in home lab as an all-in-one IDS, Security Monitoring and Log management solution
- Monitored network alerts/intrusion/detections/packets. Ran exploits between Kali & vulnerable VMs (Metasploitable, Raspberry Pi) to learn how protocols communicate with eachother, see what bad traffic looks like, and distinguish what's normal communication vs anomalies
- Performed analysis of network traffic using tools such as Wireshark to identify potential threats or anomalies within the environment
Attack Monitoring on Honeypot Virtual Machine Using Cloud-based Sentinel SIEM on Azure Cloud Platform | 2022
- Utilized custom PowerShell script to extract metadata from Event Viewer and parse to 3rd party API to obtain geolocation
- Initialized Log Analytics Workspace in Azure to receive custom logs composed of geographic information
- Setup Sentinel SIEM to view attacks originating globally on a graphical world map
Vulnerability Management with Nessus | 2022
- Installed and configured Nessus Essentials to perform credentialed vulnerability scans against Windows 10 hosts
- Implemented Vulnerability Management Function on sandbox networks:
- Discover, Prioritize, Assess, Report, Remediate, Verify
- Discover, Prioritize, Assess, Report, Remediate, Verify
- Conducted vulnerability assessments with Nessus; remediated vulnerabilities
- Developed an automated remediation process to preemptively deal with vulnerabilities stemming from Windows updates and third-party software.
Education
Bachelor of Science: Computer Networking and Security Technology | Herzing University | 2009-2013
- Course work includes educational theory with the technical skills required to meet information security needs across the enterprise with specific courses focusing on information security, network design and engineering, business continuity, and more.
- Configured and setup Enterprise Active Directory using Windows Server 2008. Performed WiFi deauth attacks using Backtrack, offline password cracking, and man-in-the-middle attacks. Setup and configured Cisco routers and switches using CLI and physical equipment.
#whoami
Ahmad Hakimi • IT Professional • Cybersecurity Specialist
Ahmad is actively seeking opportunities in Cybersecurity as a Junior Penetration Tester or Cybersecurity Analyst in a corporate environment. His interests include simulating cyber attacks, seeking flaws in corporate infrastructure, organizational security, and defensive measures. He is passionate about keeping corporate infrastructures secure and is always looking for new ways to improve security measures.
As a cybersecurity researcher, Ahmad has a proven track record of uncovering exploitable security vulnerabilities. He has completed the Penetration Testing Student course at INE and obtained the eJPT certification. His diligence, skills, and expertise have been put to the test with practical applications on the TryHackMe platform, where he ranked in the top 5% of users within a few weeks.
Ahmad spent more than 7 years serving public and private entities supporting their IT infrastructures, including the US Federal Government. He was hand selected by Colliers International’s CFO and National IT Service Desk Manager as Sr. Technical Support Specialist, during which he individually managed and supported 4 sites.
Ahmad is currently responsible for the development, implementation, operations and maintenance of systems working for Amazon. He actively supports cybersecurity compliance by monitoring machines and assets across 4 different sites, ensuring they are compliant and meet various controls to protect the confidentiality, integrity, and availability of data.
Ahmad is an active member and student of Pentester Academy, a world-renowned cybersecurity skills platform, where he sharpens his skills with hands-on lab exercises and training that allow him to face and conquer real world scenarios. He is currently enrolled in INE's Penetration Testing Professional course and on a path of becoming Offensive Security Certified Professional (OSCP) certified.