avatar

Abdirahman Mohamed

Cybersecurity Engineer

I am a Cybersecurity Engineer with demonstrated security engineering, consulting, and research experience working with organizations in the public and private sectors to implement, audit, and scale their information security programs.

I am primarily interested in the reliability and security of large-scale distributed software systems.

When not working, I enjoy playing soccer, discovering new mountain biking and hiking trails.

Areas of Expertise

|Cloud & Application Security

|DevSecOps

|Privacy Engineering

|Information Security Management Systems (ISMS) Implementation & Auditing based on ISO 27001

|Cybersecurity Solutions Implementation

|Offensive and Defensive Cyber Security Tools, Techniques, and Procedures (TTPs)

|Security assessments & penetration testing

|Social engineering assessments

|Red/blue teaming

|Systems Auditing

Experience

Senior Security Engineer

Cisco

June 2022 - Present

Security Researcher

CyLab Security & Privacy Institute @ Carnegie Mellon University

March 2021 - May 2022

Senior Security Consultant

Sentinel Africa Consulting

December 2018 - September 2021

Education

Master of Science - MS, Information Technology, Cyber Security

Carnegie Mellon University

2020 - 2022

Grade: Cum Laude

Bachelor of Science - Information Systems & Technology (Forensics Information Technology & Cybercrime)

United States International University - Africa

2015 - 2019

Grade: Magna Cum Laude

Tools of Trade

| Programming Languages: Python, PHP, Node JS, Shell

| Cloud: AWS, Terraform, Terraform Cloud

| Cloud Security Posture Management: wiz.io , Prowler

| Cloud Security Autoremediation: Cloud Custodian

| Supply Chain Security: Sigstore, Cosign

| CI/CD: CircleCI, GitLab, Github Actions

| Static Application Security Testing (SAST): Sonarqube, Snyk, Checkmarx

| Dynamic Application Security Testing (DAST): Rapid7 InsightAppsec, OWASP ZAP, Burp Suite, Stackhawk

| Policy-As-Code: Open Policy Agent (OPA), HashiCorp Sentinel

Ceritifications

| GIAC Cloud Security Automation (GCSA)

| AWS Certified Security – Specialty

| AWS Certified Solutions Architect – Associate

| HashiCorp Certified: Terraform Associate

| Certified Application Security Engineer (CASE) – JAVA

| Certified Information Privacy Technologist (CIPT)

| CCNA Routing & Switching

| CCNA Cyber Ops

| Certified Ethical Hacker (CEH)

| PECB Certified Lead Penetration Tester (CLPT)

| ISO 27001 Lead Implementor

Publications / Blogs

"State of Security and Privacy Practices of Top Websites in the East African Community (EAC)"

Proceedings of the Future Technologies Conference (FTC) 2022, Volume 2 · Oct 13, 2022

"Serverless Security Challenges and Countermeasures"

Towards AWS

"From Default Printer Credentials to Domain Admin"

Medium

"Hunting for low-hanging fruits in SAP Applications"

Medium

"Pwning Cisco Devices Using Smart Install Exploitation Tool (siet.py)"

Medium