Always energetic, eager to learn new skills
I have BSC degree in computer science and 6-year experience in cyber security analysis and cyber monitoring. I am professional with more than five years of experience responding to various cybersecurity incidents. Demonstrated knowledge in analyzing and detecting APT attacks, malware, ransomware, phishing attacks, and other threats. Expertise in various security tools like XSOAR, Wireshark, IBM QRadar SIEM, Imperva (WAF-DAM), BigIp(F5), tenable Nussess, FortiGate firewall, etc. Excellent communication, analytical, and problem-solving skills. Passionate about protecting and safeguarding the company’s sensitive data. I am also interested in software development. I am able to handle multiple tasks on a daily basis, always energetic, eager to learn new skills, and have experience working as part of a team and individually
Work experience
01/10/2025-now: Senior Cyber Security Officer at Ethswitch
Responsibilities
Ensure encryption, endpoint security, and network security measures are effective..
Develop, implement, and oversee the organization’s cybersecurity strategy, policies, and procedures.
Lead risk assessments, vulnerability management, and threat intelligence initiatives.
Ensure security controls are in place to protect data, systems, and networks.
Advise senior management on cybersecurity risks and mitigation strategies.
Ensure compliance with relevant laws, regulations, and standards (e.g., PCI-DSS, ISO 27001, pci pin).
Conduct internal audits and coordinate external audits with regulators and third-party assessors.
Maintain documentation for compliance certifications and reports.
Monitor changes in cybersecurity laws and update policies accordingly.
Perform risk assessments and security gap analyses to identify vulnerabilities.
Implement risk mitigation strategies and track remediation efforts.
Establish and enforce security governance frameworks.
Manage third-party vendor security assessments and due diligence.
Evaluate and recommend security tools (e.g., SIEM, DLP, IDS/IPS, EDR, firewalls).
Oversee identity and access management (IAM) policies.
19/1/2024-05/10/2024: Information Technology Risk officer at Zemen Bank S.C
Responsibilities
Emerging Technologies: Stay up to date with the latest advancements in technology and evaluate their potential impact on the organization’s IT risk landscape. Assess risks associated with new technologies and provide input during the decision-making process.
Risk Management: Develop, implement, and maintain the IT risk management framework, policies, and procedures. Identify and assess risks to the organization’s IT infrastructure, systems, and data. Evaluate potential vulnerabilities and threats and develop strategies to mitigate those risks.
Compliance: Ensure compliance with various laws, regulations, and industry standards relating to IT infrastructure and data security. Keep abreast of legal and regulatory changes and assess their impact on the organization’s IT risk posture.
Risk Assessments: Conduct ongoing risk assessments across all aspects of the IT landscape to identify vulnerabilities, threats, and emerging risks. This may involve assessing the security controls, processes, and technologies in place.
Incident Response: Develop an incident response plan and coordinate the response to cybersecurity incidents or breaches. This includes investigating security incidents, mitigating their impact, and implementing lessons learned to prevent similar incidents in the future.
Security Awareness: Promote a culture of security awareness within the organization. Educate employees about IT risks, best practices, and cybersecurity policies. Provide training sessions to help employees understand their roles in protecting sensitive data and maintaining a secure IT environment.
Vendor Risk Management: Assess the security risks associated with third-party vendors or service providers to ensure they meet the organization’s standards. Monitor vendor performance regularly and evaluate their ability to manage cybersecurity risks effectively.
Business Continuity Planning: Collaborate with business units to develop IT disaster recovery plans, ensuring critical systems can be restored in the event of a disruption. Test and update these plans periodically to maintain their effectiveness.
Security Governance: Partner with stakeholders across the organization to establish and enforce IT governance processes that align with business objectives and risk appetite.
Prepare risk reports for management highlighting the organization’s IT risk profile, vulnerabilities, and mitigation strategies. Present findings and recommendations to relevant committees.
29/12/2022-11/1/2024: Cyber Security Incident Response officer at Dashen Bank S.C
Report each security incidents and findings to the appropriate parties.
Performed real-time monitoring of security events using SIEM tools like IBM QRadar.
Handling of security incidents timely and effectively.
Making security incident response plan
Investigate suspected breach or incidents
Taking action to limit the exposure of sensitive or payment card data and to reduce the risks that may be associated with any incidents.
Analyzed and investigated malware analysis reports and provided recommendations for remediation.
Conducted digital forensics analysis and data recovery from various digital devices.
Developed and maintained SIEM rules and alerts to ensure the continuous improvement of the Security Operations Center (SOC).
Prepared and presented incident reports and recommended remediation steps to management.
EDUCATION
04/09/2013 – 06/07/2016 – BSC DEGREE COMPUTER SCIENCE, IN ADAMA SCIENCE AND TECHNOLOGY UNIVERSITY ETHIOPIA
12/03/2018–29/12/2022 at INSA
Develop, implement and maintain policies, procedures, and associated training plans for incident handler
For one year as trainee
For 3 year and 9 months as malware analyst
Monitor attacks, intrusions, and unusual, unauthorized, or illegal activity on the network and end user.
Investigate security alerts and provide incident response. configure tools like IDS and SIEM
Provided technical assistance for development and maintenance of malware analysis laboratory and related procedures.
Suggested appropriate procedures, hardware and software components for investigation of malware incidents.
Assisted in development and maintenance of information security systems across multiple networks.
Resolved issues about malware security and risks by technical discussion in meetings and working groups.
Implemented processes for effective malware program in collaboration with internal personnel and external vendors.
Conducted investigation of malicious code for determination of damages and data infiltration.
Communicated to management about effective processes to purchase of hardware and software devices.
Performed assessments and reporting to understand threats and related vulnerabilities