Summary
Overview
Work history
Education
Skills
Certification
Accomplishments
CYBERSECURITY PROJECT DEPLOYMENTS
AWARDS & RECOGNITION
PROFESSIONAL TRAININGS & SEMINARS ATTENDED
Character References
Timeline
Generic
Marvin Butac

Marvin Butac

Al Khobar,Kingdom of Saudi Arabia

Summary

Operational Technology Cybersecurity Engineer with over 15 years of experience in systems and network security. Expertise in designing and implementing advanced cybersecurity solutions for critical industrial control systems, including DCS, SCADA, and ESD systems. Currently responsible for maintaining secure network zones in Saudi Aramco's gas oil separation and compression plants, ensuring compliance with corporate engineering standards. Proven track record in enhancing operational safety and security in high-stakes environments.

Overview

15
15
years of professional experience
5
5
years of post-secondary education
1
1
Certification

Work history

Lead OT Cybersecurity Engineer

Saudi Arabian Oil Company (Saudi Aramco)
Dhahran, Eastern Province
2022.12 - Current
  • Lead cybersecurity hardening across URPD industrial control systems, including DCS, SCADA, DMZ, ESD, VMS, and CCS.
  • Deliver telecommunications scope implementation, including Process CCTV and VoIP across gas wells, pipelines, SIB, GCPs.
  • Maintain URPD Plant Network and Systems database with system documentation, configurations, patches, and access tracking.
  • Monitor Saudi Aramco security standards changes and coordinate compliance awareness sessions for plan partners and employees.
  • Implement Windows Server Active Directory services, Group Policies, and DNS for URPD ICS integration.
  • Administer URPD PAN centrally by managing users, groups, roles, and access permissions.
  • Configure McAfee Endpoint Protection with application control for central unauthorised application blocking.
  • Set removable-device endpoint policies using McAfee Device Loss Prevention.
  • Configure Windows Server Update Services for central Microsoft security patch management.
  • Deploy network monitoring for servers, clients, network devices, and control systems oversight.
  • Coordinate plant compliance plans by approving hardening standards and reviewing sample documentation consistency.
  • Support corporate B.I. projects by engineering new SCADA DMZ networks for BI-10-10010 and BI-10-00436.
  • Coordinate Industrial Control Systems security baseline hardening for Windows and network devices across vendor platforms.
  • Implement plant disaster recovery plans covering network and security-related system events.
  • Monitor security controls through Tripwire CCM Manager to maintain automated cyber-security compliance.
  • Implement automated cyber-security compliance monitoring using Tripwire CCM Manager and Vulnerability Solution IP360 across plant environments

Cybersecurity Engineer

Hamriyah Free Zone Authority
Sharjah, United Arab Emirates
2022.03 - 2022.12
  • Develop complete understanding of company technology and information systems daily.
  • Design, build, implement, and support enterprise-class security systems.
  • Align security strategy and infrastructure with business and technology priorities.
  • Identify and communicate current and emerging security threats consistently.
  • Design security architecture elements to mitigate threats.
  • Plan research and design robust security architectures for every IT project.
  • Perform and supervise vulnerability testing, risk analyses, and security assessments regularly.
  • Create solutions balancing business requirements with information and cybersecurity needs.
  • Identify security design gaps within existing and proposed architectures.
  • Recommend changes and enhancements to close security architecture gaps effectively.
  • Review and approve firewall, VPN, routers, IDS scanning, and server installation.
  • Test security systems to confirm expected behaviour before release.
  • Supervise and guide security team members during daily operations.
  • Define, implement, and maintain corporate security policies and procedures.
  • Train users on system implementation and conversion steps.
  • Respond immediately to security incidents with remedial solutions and analysis.
  • Communicate vital information security needs and priorities to upper management regularly.
  • Updated company's disaster recovery plan, resulting in improved resiliency against potential threats.
  • Examined server logs regularly identifying irregularities or suspicious activities promptly.
  • Enhanced threat detection systems leading to early identification and mitigation of risks.
  • Collaborated with IT team to ensure proper deployment of new software, boosting system security.
  • Coordinated with vendors during acquisition of new security tools optimising cost-effectiveness and efficiency.
  • Developed cybersecurity policies that significantly reduced risk of internal threats.
  • Managed development of comprehensive cyber security projects to strengthen system defences.
  • Reviewed firewall configurations, enhancing system's resistance against intrusions.
  • Conducted regular security audits in compliance with regulatory standards for improved business reputation.
  • Improved overall network safety by conducting routine vulnerability testing and risk analyses.
  • Promoted and increased level of security awareness throughout company.
  • Provided input into security strategies and future planning.
  • Aligned cyber security strategy with company priorities to facilitate system objectives.
  • Led root cause analysis and incident management, communicating outcomes to non-technical teams.
  • Carried out analysis on security alerts, identifying and recommending actions on high risks.
  • Reviewed security standards and identified areas for improvement.

ICS Cybersecurity Engineer

Saudi Aramco Company (Al-Hoty Co. Ltd. Sponsorship)
Abqaiq, Saudi Arabia
2016.02 - 2022.02
  • Implemented cybersecurity hardening for North Ghawar industrial control systems including DCS, SCADA, DMZ, ESD, VMS, and CCS.
  • Developed and directed a process closing SAOO plant network non-compliance items.
  • Maintained North Ghawar PN&S database and configuration patch, antivirus, incident, inventory records.
  • Monitored changes against Saudi Aramco security standards and ran compliance awareness sessions.
  • Implemented Windows Server Active Directory services, GPO, and DNS for NGPD integration.
  • Administered users, groups, roles, and access permissions for NGPD PAN engineers and operators.
  • Installed and configured McAfee endpoint protection with application control central management.
  • Configured removable device policies using McAfee device loss prevention (DLP).
  • Configured WSUS for central management of Microsoft security patches.
  • Deployed network monitoring for servers, clients, network devices, and control systems.
  • Coordinated plant compliance plans covering hardening approvals, sample reviews, documentation consistency.
  • Coordinated B.I. engineering support for BI-10-10010 (VSAT) and BI-10-00436 (DMM Field) DMZ design.
  • Coordinated NGPD ICS security baseline hardening for windows and network devices.
  • Implemented disaster recovery planning for plant network and system security events.
  • Monitored security controls using Tripwire CM Manager for automated compliance tracking.
  • Coordinated ICS vendors on DMZ upgrades, endpoint security, and system hardware replacements.
  • Coordinated with Saudi Aramco P&CSD, ISD, IPD, and TSD to apply security standards on NGPD Industrial Control Systems and Network.

Business System Analyst

Saudi Aramco Company (Al-Yamama Co. Sponsorship)
Dhahran, Saudi Arabia
2012.10 - 2015.12
  • Generate cost avoidance report analysis for all office modifications in North Park office complex.
  • Produce detailed charts and graphs while organising data for management reports.
  • Update office space occupancy surveys for North Park office complex.
  • Lead space planners to handle job requests professionally and promptly.
  • Maintain master architectural layouts aligned with Saudi Aramco standards.
  • Monitor project progress regularly, resolving bottlenecks and scheduling conflicts early.
  • Prepare and maintain package work plans to meet on-time delivery.
  • Collect, analyse, and interpret business process information for problem scope.
  • Document process workflows and write project documentation with resources, timeframes.
  • Oversee task progression to keep timelines on track.
  • Communicate with systems users as first point of contact for problems.
  • Support systems users by troubleshooting issues and documenting requests.
  • Perform routine system testing and recommend solutions based on findings.
  • Analyse and troubleshoot routine system problems, then document recommendations.
  • Update and maintain data in systems, including user access and security.
  • Assist system testing and coordinate software patch and feature updates.

Production Assistant Supervisor

Mandaue Foam Industries Incorporated, Philippines
Cagayan de Oro, Philippines
2011.08 - 2012.10
  • Supervise planning, directing, allocating work, coordinating, and evaluating department activities.
  • Study production schedules and estimate labour hours for job completion.
  • Recommend production-method, equipment-performance, and product-quality improvement measures.
  • Coordinate with operations manager and supervisors for unit operational support.
  • Act as liaison between departments to resolve daily operational issues.
  • Answer telephones and assist visitors while handling administrative enquiries.
  • Suggest changes in working conditions and equipment use to raise efficiency.
  • Supervise CCTV camera installation and maintain PC-based camera systems.
  • Oversee network connection installation and maintain LAN switching and routing hardware.

Education

Bachelor of Science - Computer Engineering

University of Science and Technology of Southern Philippines
Phillipines
2006.01 - 2011.04

Skills

  • Network Administration
  • CISCO Network Devices (Firewall, IPS, Router, Switch, ISE)
  • Juniper Network Devices (Firewall, Router, Switch)
  • Network Time Protocol (NTP) Server
  • Wired & Wireless Network Installation & Maintenance
  • Configuration of Remote Surveillance & Security System
  • Plant Automated Cybersecurity Compliance and SIEM Solutions
  • Automated Compliance Monitoring Solution – Tripwire
  • Security Information and Event Management (SIEM) Solutions – ArcSight & Splunk
  • Cybersecurity Endpoint Security Solutions
  • McAfee ePO Administrator (DLP, Application Whitelisting)
  • Windows Server Update Services (WSUS) Administrator
  • Network Monitoring Systems (WhatsUp Gold)
  • Dell Storage Area Network (SAN)
  • Fujitsu Network Attached Storage (NAS)
  • Veritas NetBackup
  • VMWare ESXi Servers, Windows Hyper-V
  • Others
  • SAP (CRM System & Planner Survey System)
  • MicroStation V8i Series 2/3 and AutoCADD

Certification

  • ISA/IEC 62443 Cybersecurity Risk Assessment Specialist
  • ISA/IEC 62443 Cybersecurity Fundamentals Specialist
  • Project Management Professional (PMP)
  • OPSWAT OT Security Expert (OOSE)
  • OPSWAT Endpoint Compliance Associate (OECA)
  • OPSWAT Network Security Associate (ONSA)
  • Juniper Networks Certified Associate, Junos (JNCIA-Junos)
  • Juniper Networks Certified Associate, Security (JNCIA-SEC)
  • Juniper Networks Certified Specialist Security (JNCIS-SEC)
  • EC-Council Certified Incident Handler (v1) (License: ECC5491780263)
  • EC-Council Certified Ethical Hacker (CEH) v10 (Cert#: ECC49126368559)
  • CompTIA Cybersecurity Analyst (CySa+) (Ongoing Certification)
  • CompTIA Security+ Certified (COMP00121374398)
  • CompTIA A+ Certified (7CZP2XYG6LRQ1R54)
  • Splunk Core Certified User (Cert-276657)
  • Splunk Core Certified Power User (Cert-278031)
  • Splunk Enterprise Certified Admin (Cert-297204)
  • COBIT 5 Foundation Certified
  • ITIL 4 Foundation Certified
  • Tripwire Enterprise Certified (IP360, SIH, and CCM)
  • Microsoft Certified Solutions Expert (MCSE):Core Infrastructure
  • Microsoft Certified Solutions Associate (MCSA):Windows Server 2012
  • Microsoft Certified Professional (MCP): (G872-8174)

Accomplishments

  • Group Leader of three (3) specialized group including Cybersecurity, Data Management and Telecommunication in Unconventional Resources Producing Department (URPD).
  • Outstanding communication skills, strong critical thinking and analytical skills.
  • Project and team-building skills, including the ability to lead teams and drive initiatives in multiple departments.
  • Demonstrated ability to identify risks associated with business processes, operations, technology projects and information security programs.
  • Ability to function as an enterprise security subject matter expert who can explain complex topics to those without a technical background.
  • Main team coordinator for the departments’ Plant Network and Systems (PN&S) Non-Compliance Items Monitoring and Closure, Telecommunication systems for all critical areas including Process CCTV’s, Process Access Control Systems and PAGA Systems.
  • Closure of Saudi Aramco Corporate Cybersecurity Maturity Assessment for 2025 and 2026 and for 2018, 2019 & 2020 placing the department first in Southern Area Oil Operations Admin Area in 2018.
  • Recognized for the successful completion of Saudi Aramco Plant Cybersecurity Monitoring Project in NGPD.
  • Recognized for the successful implementation of “Centralized Password Management Deployment”.
  • Top Five (5) Performers Saudi Aramco corporate-wide in 2019 CybeRanger Competition, amongst 1000+ participants.
  • Second Place winner Saudi Aramco corporate-wide in 2020 CybeRanger Competition, amongst 2100+ participants.
  • Recognized for interconnecting Ain Dar GOSP-6 to the central De-Militarized Zone (DMZ) via ADGOSP-4, realizing a cost avoidance of $1,650,000.00.
  • Recognized for completing the control system time synchronization in all NGPD Gas Oil Separation Plant (GOSP) utilizing Network Time Protocol (NTP) server from ABGOSP-5 DMZ instead of installing dedicated antennas and separate NTP servers, realizing a cost avoidance of $453,400.00
  • Recognized for the successful completion of the tripwire compliance solution and the Pilot implementation of the OpShield Industrial Firewall on SCADA Systems.

CYBERSECURITY PROJECT DEPLOYMENTS

Jafurah Phase I (PKG 4) Network Security Solutions Implementation for SCADA Systems

Project Objectives:

  • To implement centralized cybersecurity solutions for Jafurah Gas Compression Plants (GCP’s) dedicated for SCADA Systems.,
  • Integration of all endpoints under PKG-4 SCADA Systems to the centralized cybersecurity and telecommunication solutions.
  • Installation and configuration of all centralized solutions which includes Active Directory Domain Services (ADDS), Trellix ePO, Acronis Backup & Recovery Solution, Network Monitoring System (Whatsup Gold and Moxa), SIEM Solution (Splunk), Tripwire CCM and Vulnerability solutions, WSUS Patch Management and Identity Services Engine (ISE).
  • Endpoint configuration of all systems and network devices.
  • Endpoint security solutions configurations to send essential logs to the DMZ SIEM Solution and through the corporate including McAfee ePO, VMWare, WhatsApp Gold, WSUS etc.
  • Network configuration to allow traffic from the firewall, IPS and Data Diode.

Saudi Aramco Plant Cybersecurity Monitoring Project

Project Objectives:

  • Plant Security Monitoring is one of the key controls to mitigate Top Corporate Risk #3 – Plant Insider Threat., Implement a state of the art end to end cyber security monitoring solution for all Saudi Aramco’s Plants to address the above-mentioned risk.

Project Scope:

  • Enable 24/7 Security Logs on Critical Industrial Control Systems and Network Devices., Develop Specialized Threat Cases to reflect each plant’s own environment.
  • Develop sustainable incident response plan including SLAs/OLAs and Roles and Responsibilities., Specific Responsibilities:
  • Installation of ArcSight and Splunk Servers to collect endpoints’ critical security logs., Endpoint configuration of all 300+ systems and network devices.

Saudi Aramco Automated Cybersecurity Compliance Monitoring Solution

Project Scope and Motivation:

  • Centralized and provide real-time customized compliance monitoring solution.
  • Proactively detect systems and network security issues.
  • Minimizing corporate PN&S non-compliance items.
  • Minimizing cybersecurity risks while increasing uptime by ensuring NGPD ICS configured in adherence with the corporate engineering standards for Industrial Control Systems Security.

Project Benefit and Individual Responsibilities:

  • Centralized compliance monitoring in accordance to the corporate engineering standards., Vulnerability management for all critical ICS.
  • Endpoint configuration of all 300+ systems and network devices., Network configuration to allow secure ports and traffic from the firewall, IPS and Data Diode.
  • Provision of Accurate Time Syncronization for Industrial Control Systems

Project Objective:

  • Centralized Time syncronization of all 300+ critical Industrial Control Systems and Network devices in 14 Gas Oil Separation Plants (GOSP’s).
  • Challenging vendors proposal to install individual Network Time Protocol (NTP) server in all facilities.
  • Compliance with Saudi Aramco Corporate Engineering Standards., Innovative Solution:, Configuration of all critical ICS to utilized the Network Time Protocol Server located in one Facility which distributes an accurate time in all Facilities instead of installing separate servers in each plant facility.

Project Outcome:

  • In-House implementation which led to a cost avoidance of $453,400.00., Accurate and syncronized time for all 300+ critical ICS.
  • Enhancement of Cybersecurity audit trails monitored by IT Security Operations Center.

Deployment of Remote Authentication Dial-In User Service (RADIUS) Server

Project Objective:

  • To provide a centralized user management and security access control of all Industrial Control Network devices in all 14 Gas Oil Separation Plant (GOSP) Facilities.

Project Benefit(s):

  • Eliminates driving long distances to remote facilities enhancing manpower utilization.
  • Centralized user access management.
  • Centralized tracking of security activities and secure recording of resources access by user.
  • Deployment and enforcement of security access control policies on demand.

AWARDS & RECOGNITION

  • Second Place winner amongst 2100+ participants in Saudi Aramco corporate-wide 2020 CybeRanger Competition.
  • Recognized as one of the Top Five (5) Performers amongst 1000+ participants in Saudi Aramco corporate-wide 2019 CybeRanger Competition.
  • Recognized for interconnecting Ain Dar GOSP-6 to the central De-Militarized Zone (DMZ) via ADGOSP-4, realizing a cost avoidance of $1,650,000.00.
  • Recognized for his significant contribution in completing the control system time synchronization in all NGPD Gas Oil Separation Plant (GOSP) utilizing Network Time Protocol (NTP) server from ABGOSP-5 DMZ instead of installing dedicated antennas and separate NTP servers, realizing a cost avoidance of $453,400.00.
  • Recognized for the successful completion of Saudi Aramco Plant Cybersecurity Monitoring Project in NGPD.
  • Recognized for the successful completion of the Tripwire Compliance Solution and OpShield Firewall Trial.
  • Special recognition for centralized password management deployment.
  • Best in Thesis Award: “Soccer Robot Behavior Implementation through Takagi-Sugeno Fuzzy Logic”

PROFESSIONAL TRAININGS & SEMINARS ATTENDED

  • International Society of Automation (ISA)
  • ISA/IEC 62443 Cybersecurity Fundamentals Specialist
  • SANS Institute
  • ICS515: ICS Visibility, Detection, and Response (GRID)
  • ICS410: ICS/SCADA Security Essentials (GICSP)
  • SEC 511 Continuous Monitoring and Security Operations (GMON)
  • SEC 566 Implementing and Auditing the Critical Security Controls-In-Depth (GCCC)
  • ISACA Foundation
  • COBIT 5 Foundation
  • Microsoft Official Courses
  • (20412D) Configuring Advanced Windows Server 2012 Services
  • Configuring & Administering Hyper-V in Win Server 2012
  • Installing & Configuring Windows 7 Client
  • (20411D) Administering Windows Server 2012
  • (20740C) Install, Storage, & Compute with Windows Server 2016
  • (20410D) Installing and Configuring Windows Server 2012
  • Cisco:
  • Interconnecting CISCO Network Devices (ICND 1 & 2)
  • Cisco Certified Network Associate (CCNA) Academy
  • Juniper Networks:
  • Introduction to Juniper Networks (IJOS)
  • Junos Security (JSEC)
  • EC-Council:
  • Certified Incident Handler (EC|CIH)
  • Certified Ethical Hacker (EC|CEH)
  • Splunk:
  • Splunk Fundamentals 7.3 Part 1 (Splunk Core User)
  • Splunk Fundamentals 7.3 Part 2 (Splunk Core Power User)
  • Splunk Enterprise 7.3 System and Data Administration
  • CompTIA CySa+ (CS0-002), Security+ (SY0-501) and A+
  • McAfee ePolicy Orchestrator (ePO) Administration (5.9)
  • Tripwire Enterprise Training (IP360, SIH, and CCM)
  • Plant Automated Cyber Security Compliance Security for PAN Administrator
  • Enterprise Risk Management (Six-Step Risk Management Process)

Character References

Available Upon Request

Timeline

Lead OT Cybersecurity Engineer

Saudi Arabian Oil Company (Saudi Aramco)
2022.12 - Current

Cybersecurity Engineer

Hamriyah Free Zone Authority
2022.03 - 2022.12

ICS Cybersecurity Engineer

Saudi Aramco Company (Al-Hoty Co. Ltd. Sponsorship)
2016.02 - 2022.02

Business System Analyst

Saudi Aramco Company (Al-Yamama Co. Sponsorship)
2012.10 - 2015.12

Production Assistant Supervisor

Mandaue Foam Industries Incorporated, Philippines
2011.08 - 2012.10

Bachelor of Science - Computer Engineering

University of Science and Technology of Southern Philippines
2006.01 - 2011.04
Marvin Butac