ASHRAF KARAYMEH

Cyber Resilience Strategy Development:

• Develop and implement comprehensive cybersecurity operation centers' strategies tailored to clients' strategic business requirements.
• Assess and analyze cyber risks, vulnerabilities, and threats to organizations.
• Provide expert advice on cybersecurity policies, procedures, and best practices

Client Engagement:

• Build and maintain strong client relationships, serving as a trusted advisor on cybersecurity matters.
• Conduct client workshops, assessments, and gap analyses to identify cybersecurity needs.
• Deliver presentations and reports to clients, effectively communicating complex technical information.
• Leading three managed services projects that include building and operating managed services models for clients in the aviation and financial sectors.

Leadership and Team Management:

• Lead a team of cybersecurity professionals, providing mentorship and guidance and fostering a collaborative work environment.
• Develop a training plan for the Accenture cybersecurity operation team that enables elevating the maturity level of the cybersecurity center against CREST.
• Conduct performance evaluations and support professional development.

• Strategic Planning: Skilled in maintaining organization's effectiveness by defining, delivering, and supporting strategic plans for cyber security management
• Proficient in developing gap-analysis, risk assessment, and security roadmaps
• Cyber Security Management: Proven exposure in leadership, strategic direction, and Cyber Security management
• Ability to develop a strategy design to include plans for developing and implementing the plan and creating a sustainable security compliance program
• Risk Assessments Management: Expert in conducting audits and handling assessments in large organizations, tracking, and interpreting laws, developing, and implementing information and cybersecurity measures, incident response & maintaining compliance
• Cybersecurity Advisory: Skillful in providing Cybersecurity Advisory
• Services such as Maturity Assessment, cybersecurity strategy development, cybersecurity awareness trainings development and delivery, Security Program Development,
• Merger & Acquisition Security Assessment,
• Incident Response & Penetration Testing Services
• SPHERE OF
• EXPOSURE
• Profile Highlights Published "Enhancing Data Protection Provided by VPN Connections over Open Wi-Fi networks" ICTCS Conference, 2019 Actively involved in the building and establishment of national CSOC in Jordan, and the design and development of two Sectoral SOCs in KSA Delivered Multiple Cybersecurity Awareness Trainings in KSA and Jordan Established the national cybersecurity strategy and policies in Jordan and developed cybersecurity strategies in KSA at ministries and corporate levels
• Established and presented training to law enforcement agencies nationwide
• Developed boardroom & courtroom multimedia presentations such as video & text- synced depositions for enhanced understanding Instrumentally provided technical assistance to investigators and first responders in military units
• Articulated and built Jordan's National CERT, 2018
• Efficaciously developed the national cybersecurity policies in 2018
• Built the cybersecurity office of Saudi Royal Aviation 2021
• Played a key role and enhanced the cybercrimes law 2017
• Effectively developed the national encryption standard in Jordan, 2010
• Mentored members to enable them to perform effectively
• Assisted technically in training and coach technical staff
• Played a key role and acquired the strategic telecommunication network royal Jordanian Air Force RJAF 2007
• Instrumentally developed cybersecurity awareness and foundation courses for military students
• Built Jordanians Judges Cyber Security Capacity Program 2017
• Accountable for designing, developing, driving, and implementing strategy and roadmap for the organization
• Establishing cybersecurity advisory practice in KPMG Saudi and building the cybersecurity lab; policies and systems to support the implementation of strategies set by top management
• Providing deep subject matter expertise in the cybersecurity defense and response areas, while leading multiple and concurrent projects with the multiple clients among different areas of cybersecurity solution (strategy & governance, transformation, defense and response, and cybersecurity audits) Developed Cybersecurity strategies for multiple clients for ministries and cooperates along with initiatives and roadmaps to achieve the strategic goals
• Developed and delivered cybersecurity awareness training to various clients in the governmental and semi-governmental sectors
• Designed two sectoral SOCs for two of the main ministries in KSA, along with developing use cases and service catalogs
• Managed multiple venerability assessments and penetrations testing engagements in KSA and recommendations to close the vulnerabilities findings as per the OWASP 10 framework
• Prepared the Infrastructure needed for the red teaming exercises and compromise assessments and managed multiple engagements in these areas Leading the Aviation and transportation sector cyber security services along with specific clients in the public sectors related to drones and IoT devices Employing technical expertise with solid business acumen and operational understanding, ensuring all technical strategies and activities align with corporate goals
• Conducting a network architecture review to harden their network, find and close vulnerabilities, and check the network segregation to SAMA requirements
• Pivotal in building the cybersecurity office for the Saudi Royal Aviation
• Including a Unified Control Framework on which all the policies, processes, risk framework, and compliance controls are developed, then review the implementation and effectiveness of the GRC controls
• Scheduling and designing the
• ICT Sectoral SOC in Saudi
• Emerging sectoral Incident response policies and workflows, service catalogs, sectoral use cases, and implementation plans
• Carrying out a cybersecurity audit against the National Cybersecurity Authority Essential and critical systems audits
• Instrumentally carrying out the major technical assessment project with STC specialized in conducting network architecture secure design on IT, Tetra, and 4G core networks
• Pivotal in planning and managing a three-year penetration testing project with Saudi Air Navigation Services (SANS) to conduct multiple penetration testing exercises on both applications and Infrastructure
• Carrying out the vulnerability assessment and penetration testing exercise on Infrastructure & applications and PTT application security testing; delivering secure configuration review, endpoint security assessment, and review of the ITGC process controls
• Handling a significant project with NASCO to conduct IT infrastructure review, network vulnerability scan, active directory, and exchange server assessment
• And SAMA cybersecurity maturity assessment
• Advise clients in defining security governance and target operating model positioning within the organization
• Supporting many clients (SRA,Ministry of environment, water and agriculture) in developing cybersecurity strategies (organizational and sectoral) and multi-year implementation and remediation programs based on business priorities and risks
• Addressing the underlying security challenges raised by the digital transformation journey (Mobile technologies, Cloud computing, IoT, Digital trust, etc.) by helping clients
• Steering and motivating a team of professionals with diverse skills and backgrounds.

• Successfully managed and the leadership role accountable to senior stakeholders responsible for planning, designing, and executing a National Cyber programplan and piloting Cyber Security projects
• Delivered valuable outcomes through different governmental projects designed to improve the cyber-securityposture of the National base
• Liaised with other departments, determining and addressing their needs and requirements
• Functioned with various industry, government, and academic stakeholders to help launch and lead the newly announced National Center for Cyber Securityin Jordan
• Spearheaded more than 20 security officers for educational institutions, public facilities, and private businesses
• Established and implemented training procedures for all newly hired personnel
• Shouldered with the overall accountability of developing and updating National Cyber Security Policies
• Conducted several presentations on Increasing Cyber-Security
• Awareness on the national level and managed incident response planning
• Directorate of Telecommunication & IT/, of Network Security & Maintenance

• Of National Cyber Security Program Development Branch, Efficaciously developed information security plans and policies
• Implemented and executed security protection controls
• Conducted network testing for vulnerabilities and network monitoring for security breaches
• Investigated security breaches; implemented video surveillance,motion detection, and closed-circuit television systems to monitor the premises
• Assessed networks based on ISO 27001 and NIST Framework
• Validated schematic designs work alongside hardware engineers, supporting Chief Operating
• Officer with daily operational functions
• Liaison office for implementing Link-16 within the Airforce telecommunication directorate, including the air defensesystem, Electronic warfare, Radar, Ground-Air Communication, and air-air Communication.

• Developed installing and maintaining Fax Encryptors network; delivered technical assistance to investigators and first responders in a military unit
• Apply the NATO encryptions standards within the Airforce critical infrastructure and establish the key management office
• Developed reports & submitted them for review and diligently worked with prosecutors to help secure convictions
• Maintained all the encryption units (voice & data)
• Designed and planned for a Secure Communication Network based on fiber optics and microwave andverified data integrity and accuracy.