‪Yousef Hawari‬‏

Yousef Hawwari Cyber Security Specialist Ramallah, Palestine Seasoned and fully dependable Cyber Security Specialist with +4 years of experience and an exceptional record of competence and discretion. Adept at communicating with other engineers and clients in a clear and understandable manner. Able to maintain the highest standards of confidentiality in handling and protecting sensitive client information. - Core Competences:         Exceptional skills in Splunk Basic, Distributed and Clustering Deployment, Splunk Enterprise Security Investigations and Threat Hunting, Searching and Reporting , Splunk System and Data Administration, Troubleshooting. Incident Responder & Threat Hunter with a great experience in the Mitre Attack framework. Strong skills in the EDR solutions especially Crowdstrike. Strong skills in the XDR solutions especially Cortex XDR. Strong skills in the SOAR solutions especially xSOAR. Incident Responding and Threat Hunting skills. Building and managing the Security Operation Center (SOC). High skills in data analysis and network security threat identification.    Strong expertise in detecting intrusions via network scans. Great skills in Kali Linux tools (Nmap/Burp Suite/etc...) and Vulnerability Assesment tools (Nessus/OpenVAS). Outstanding skills in conveying complex technical information clearly and accessibly. - https://www.linkedin.com/in/ yousef-hawwari-1040b115b/ Arabic: Native English: Fluent DATE OF BIRTH May 28, 1996 Areas of Excellence in Technologies: Programming Languages C/C++ JAVA Python Bash PowerShell EDUCATION B.Sc. Computer Engineering- An-Najah National University Front/Back End Web Dev. HTML,CSS,Bootstrap JavaScript & JQuery PHP ,MySQL Database Cyber Security Firewalls WAF UTM SIEM (Splunk) SOC SOAR (Cortex xSOAR) EDR (Crowdstrike) Cortex XDR MISP (Threat Intelligence) TheHive (Ticketing System) CimTrack (FIM) OpenCTI WAZUH MITRE ATTACK Splunk • Deploying Splunk standalone, distributed and clustering deployment for some Banks in Palestine. • Configure Syslog for onboarding. • Splunk Integration with MITRE ATTACK Framework. • Servers and Systems Integration (Syslog, Splunk Universal Forwarder, Add-ons with API, etc...) • Deploying Splunk Apps and Add-ons • Creating Dashboards, Searching and Reporting. • Splunk Enterprise Security with investigations and incident handling, also Administering Splunk ES. • Deploying PCI Compliance, VMware and IT Service Intelligence Apps. • High skills with Splunk App for DB Connect. • Splunk Application Development: I developed a Splunk App for the Oracle and SQL Databases (App for Security and Performance Visualization), Active Directory Security Monitoring as well. • Splunk System Administration (Configuration files like props.conf, transforms.conf, etc... ). • RegEx for Splunk Field Extractions. • Troubleshooting skills in the SPL Searches, Reports and Dashboards, also in the Splunk Administration for Splunk Enterprise Deployments with warnings and error messages in the GUI and /var logs in the CLI, Monitoring Console for health check, Syslog Server and Administering Splunk Enterprise Security (ES). • Working on the Splunk Attack Range. IP Security • Monitoring and verifying that the network is properly protected from internal/external threats and continuously improve Network security controls. • Identifying security risks, threats and vulnerabilities of networks, systems, applications and new technology initiatives. • Implementing security projects according to plans. • Maintaining and developing the information security policies and procedures. • Performing internal audits to ensure adherence to Information Security policies and best practices. • Ensuring security requirements are being identified early in projects lifecycle. • Deep understanding of network attacks, DDoS, Phishing, email protection, encryption, authentication and log analysis. • Deep understanding of TCP/IP model and popular protocols. • Maintaining routers, switches and troubleshooting of complex Network related problems, Configure Cisco Devices and Server Upgradation. SOC (Security Operation Center) • Building SOC and I developed a specific Splunk App for it. • Working on Threat Intelligence Platforms like (MISP, OpenCTI) & integrate it with the SOC. • Deploying Ticketing System (TheHive) and integrate it with the SIEM (Splunk) in the SOC. • Maintaining various security tools to perform monitoring and analysis of security events to detect security risks and threats. • Maintaining the security information and event management solution (SIEM) in shift based (24/7/365). • Maintaining the ticketing system: tickets creation, escalation and follow up with related parties. • Escalating security alarms to senior security engineers and analysts when needed. • Investigating security incidents and alarms, suggest mitigations and preventive actions. • Documenting all actions taken during/after security incidents. • Working closely with team members and other teams to support the security incident handling process. • Providing reports for management and other teams about security events and incidents. • Maintaining and developing information security policies and procedures. • Keeping up with the latest information security threats and vulnerabilities. Linux • Develop and maintain cooperative and collaborative relationships with networking, storage, software development and project management teams. • Server Security, IP Tables, Firewalls and Crontab Tasks. • Monitor production systems, applications and network performance through the use of various Network Management and Application Monitoring Tools. • Develop tools/scripts to automate integration with other IT tools in support of accurate asset management, cyber reporting capabilities and to manage licenses. • Work with software developers and Quality Assurance to seamlessly migrate applications from development to QA and production. • Provides support to customers running RedHat Enterprise Linux on their workstations and simulation servers. • Identify and drive continual improvement program in UNIX environment and improve the service efficiency. • Working closely with other IT departments to help determine and develop systems that will be implemented. Wazuh • Installing and configuring Wazuh SIEM. • Installing the Wazuh agent on the Linux and Windows servers, then integrate it with Wazuh. • Integrating the Fortigate firewall with Wazuh SIEM. • Created custom security reports and use cases for the Fortigate firewall on Wazuh. • Configuring the email notifications to send email alerts from Wazuh for custom use cases. • Configuring the Vulnerability Detection and File Integrity Monitoring. Career Summary Information Security Engineer - Cystack Sep 2019 - Present, Palestine. I worked on the Splunk Basic, Distributed and Clustering Deployment, Splunk Support, and Splunk Application Development, SOC Architect, Threat Hunting, MISP (Threat intelligence), Network Penetration Testing, WAF (F5), File Integrity Management Solution (CimTrack), TrendMicro, Vulnerability Assessment (Nessus), CrowdStrike administration, incident responding & threat hunting. Splunk Deployments: • Bank of Palestine (Clustering Deployment) • Cairo Amman Bank (Distributed Deployment) Splunk Support: • Integrating the server and systems with Splunk. • Configure Syslog-ng Server. • Configure Apps & Add-ons like UNIX, Windows, PaloAlto, estreamer, Cisco Devices, etc... • Developed many dashboards and apps for Splunk (Splunk AD Insight). • Building Reports and Dashboards. • Configure PCI Compliance, Vmware, IT Service Intelligence Apps. • Building RegEx for the field extractions. • Troubleshooting Skills for SPL Searches, Splunk Enterprise Security, Apps/Add-ons and Deployments Configration. • A very good EDR experience with Crowdstrike (Administration, Investigation and Response). • Working on deploying File Integrity Management Solutions (CimTrak). • Working on Network Pentesting Projects. • Working on Web Application Security scanning tools like Acunetix. Cyber Security | Splunk | Linux Administrator – Upwork Freelancer Jan 2019 – Present. • Configure the Syslog Server and Installing Splunk Universal Forwarder to send the logs to Splunk. • Connect Kubernetes with Splunk (Events and Metrics Logs). • Splunk Implementation, developing apps and dashboards. • Connect PaloAlto Firewall with Splunk. • Generating Reports and Dashboards in the Splunk. • Crontab tasks (logs retention in the Syslog Server). • Linux Server Security and IP Tables Configuration. • Working with SOAR and XDR (Cortex), Solarwinds & Palo alto firewall. • Working on the VMware with creating new VMs, needed configuration, adding a new storage and troubleshooting skills. SOC Analyst Training – Green Circle Jun 2018 – Aug 2018, Jordan. Building Security Operations Center (SOC), SIEM Solution (Alien Vault) , penetration testing skills and Kali Linux tools like nmap. I learned about the security operation center (SOC), how it works scientifically and how to protect the network from the hackers using the security systems and monitor the vulnerabilities using the vulnerability assessment tools like Nessus. Additional Certificates • CompTIA Security + SY0-501 • Splunk Core Certified Power User • EC-Council Certified SOC Analyst • Crowdstrike Certified Falcon Responder • Crowdstrike Certified Falcon Hunter (2019) | Credential ID COMP- (2020) | Credential ID- (2021) | Credential ID ECC- (2022) | Credential ID- (2022) | Credential ID- Additional Qualifications/Courses • Cisco Certified Network Associate (CCNA) • Certified Ethical Hacking (CEH) • Splunk Fundamentals 1 • Splunk Fundamentals 2 • Using Splunk Enterprise Security • Administering Splunk Enterprise Security • Architecting Splunk Enterprise Deployments • Implementing Splunk IT Service Intelligence • Splunk Enterprise Data Administration • Splunk Enterprise System Administration