Mohamed Badawi, Developer in Dubai, United Arab Emirates
Mohamed is available for hire
Hire Mohamed

Mohamed Badawi

Verified Expert  in Engineering

Security Architect and Developer

Dubai, United Arab Emirates

Toptal member since September 27, 2022

Bio

Mohamed is a cybersecurity leader with an executive MBA degree and 20+ years of technology experience. He managed teams of 60+ members and built enterprise security solutions for 50+ organizations in the airline industry, military, public sector, and family businesses. Mohamed has solid technical knowledge in several cybersecurity domains, including cloud security architecture, governance risk and compliance, security leadership as the CISO, DevSecOps, digital forensics, and incident response.

Portfolio

Trusted Systems Consultancy
Information Security, Cloud Security, Risk Assessment, Digital Forensics...
Emirates Group
Security Architecture, Security by Design, Identity & Access Management (IAM)...
IBM
Cloud Security, Web Security, Identity & Access Management (IAM)...

Experience

  • Security Architecture - 14 years
  • GRC - 12 years
  • Incident Response - 11 years
  • ISO 27001 - 10 years
  • Cloud Security - 4 years
  • Security by Design - 4 years
  • Digital Forensics - 2 years

Availability

Full-time

Preferred Environment

Firewalls, Cloud, Identity & Access Management (IAM), Antivirus Software, Forensics, Incident Response, Cloud Security, Web Security, DevSecOps, GRC

The most amazing...

...thing I've built is the biggest cybersecurity transformation program in IBM's history, worth $75 million and with 20+ new and improved services for an airline.

Work Experience

CISO/vCISO

2020 - PRESENT
Trusted Systems Consultancy
  • Implemented ISO27001, PCI-DSS, CIS, and local compliance frameworks for clients and supported them during the implementation and certification lifecycle.
  • Advised 50+ clients on data leakage prevention, data recovery, incident response, digital forensics, and compliance.
  • Led an expert witness team in over 60 digital investigations to support client litigation efforts in hacking, social engineering, data leakage, and data destruction cases.
  • Established a cloud security capability within the company to help launch new services based on customer insights and needs.
Technologies: Information Security, Cloud Security, Risk Assessment, Digital Forensics, Architecture, PCI Compliance, ISO 27001, GRC, Cloud, Forensics, Security Architecture, CISO, IT Security, Security, Google Workspace, Web App Security, Cloudflare, Documentation, Business Continuity Planning (BCP)

Chief Security Architect

2018 - 2020
Emirates Group
  • Managed and rolled out 15+ new security controls in response to technical debt, audit findings, and privacy laws requirements (GDPR).
  • Designed and implemented a security-by-design framework that accomplished 80% early security adoption in projects and reduced risks arising from projects by 90% compared to previous engagements.
  • Built, trained, and coached a team of 50 architects on enterprise security architecture and reduced business application time to market by 50%.
  • Established strong relations with business stakeholders to gain executive buy-in on security decisions, which enhanced approval time by 40%.
Technologies: Security Architecture, Security by Design, Identity & Access Management (IAM), Cloud Security, Security Operations Centers (SOC), Data Privacy, GDPR, Cloud, GRC, CISO, IT Security, Security, Web App Security, Cloudflare, Documentation, Business Continuity Planning (BCP)

Lead Security Architect | DPE

2016 - 2018
IBM
  • Led a $75 million security transformation program for an airline, which resulted in 80% faster transformation and 70% resilience and allowed the client to focus on significant security risks.
  • Built 20 different security services that addressed 5-year-old audit findings and reduced major security incidents by 80%.
  • Coached and directly managed a team of 67 local and remote architects and engineers on technology and client management, improving client satisfaction to 90%.
  • Advised the client on new controls for risks, audit findings, and emerging technologies, which enhanced the client's risk management effort.
Technologies: Cloud Security, Web Security, Identity & Access Management (IAM), Security Architecture, Risk Assessment, Firewalls, Cloud, Incident Response, Email Security, GRC, CISO, IT Security, Security, Web App Security, Documentation, Business Continuity Planning (BCP)

Enterprise Security Architect and Head of Security

2010 - 2016
C4 Advanced Solutions
  • Managed a cybersecurity team that delivered ten security services covering technology and process, improving security posture and reducing client risk.
  • Achieved the ISO 27001 and ISO 20000 certifications for the client and ensured compliance for two consecutive certification cycles.
  • Consulted senior management on new security requirements, which helped achieve 40% security revenue for the account due to newly identified risks and findings.
  • Assessed the existing security architecture and defined a new reference architecture comprising 15 capabilities across various security domains.
Technologies: Network Security, Antivirus Software, ISO 27001, Enterprise Architecture, Firewalls, Incident Response, Security Architecture, GRC, CISO, IT Security, Security, Web App Security, Documentation, Business Continuity Planning (BCP)

Senior Security Specialist

2005 - 2007
Injazat Data Systems
  • Helped 20+ clients over three years to ensure secure business application roll-outs by managing network and system security controls.
  • Designed and implemented ten security services and created the necessary operational policies and procedures, improving service delivery performance by 80%.
  • Provided technical and architectural consultancy to Injazat clients and served as a technical authority for security matters.
  • Designed, built, and operated a new T4 data center that delivered seven new security services and managed a team of seven security specialists.
Technologies: Security Architecture, Network Security, Email Security, Intrusion Prevention Systems (IPS), Security Operations Centers (SOC), Incident Response, Firewalls, CISO, IT Security, Security, Documentation, Business Continuity Planning (BCP)

Network and Security Engineer

1999 - 2007
Zayed Higher Organization for People of Determination
  • Managed an environment of 300 endpoints and 15 network and security devices, which addressed the needs of six business applications and ensured 99.9% availability.
  • Monitored the network for suspicious traffic patterns and unauthorized usage, reducing major security incidents to less than two per year.
  • Managed ten servers and operating systems and supported an environment of 300 users across two branches, achieving 97% user satisfaction.
  • Provided end-user support to the 300 users on solving technical problems and addressed more than 2,000 tickets per year to help enhance user productivity.
Technologies: Firewalls, Cisco Routers, Network Switches, Antivirus Software, WAN, LAN, Active Directory (AD), Windows, Incident Response, Security Architecture, IT Security, Security, Documentation

Cybersecurity Transformation Program

A $75 million security transformation program for IBM's client, an airline that wanted to transform its cybersecurity capabilities, address overdue risks, and introduce new security controls. I was the lead security architect overseeing the operations during the implementation phase. The project was a huge success and resulted in 80% faster transformation and 70% improvement in the client's resilience, allowing the client to focus on significant security risks, and improve the overall security posture.
2018 - 2019

Executive Master's Degree in Business Administration

INSEAD - France, Singapore, UAE

2005 - 2007

Master's Degree in Cybersecurity

New York Institute of Technology - Abu Dhabi, UAE

1998 - 2004

Bachelor's Degree in Communication Engineering

Ajman University - Abu Dhabi, UAE

MARCH 2016 - PRESENT

Certified in the Governance of Enterprise IT (CGEIT)

ISACA

FEBRUARY 2016 - PRESENT

Certified Information Security Systems Professional (CISSP)

ISC2

JUNE 2013 - PRESENT

ISO 22301 Lead Auditor

RABQSA

JUNE 2012 - PRESENT

Certified in Risk and Information Systems Control (CRISC)

ISACA

JUNE 2012 - PRESENT

Certified Information Security Manager (CISM)

ISACA

JUNE 2010 - PRESENT

Certified Information Systems Auditor (CISA)

ISACA

APRIL 2010 - PRESENT

ISO 20000 Lead Auditor Training

RABQSA

APRIL 2010 - PRESENT

The Open Group Architecture Framework (TOGAF)

The Open Group

MARCH 2010 - PRESENT

ISO 27001 Lead Auditor Training

RABQSA

Tools

Google Workspace, Radar

Languages

HTML

Paradigms

DevSecOps

Platforms

Windows

Industry Expertise

Marketing, Accounting, Network Security, Cybersecurity

Storage

Database Security

Other

Firewalls, Antivirus Software, Incident Response, GRC, ISO 27001, Security Architecture, Security by Design, Email Security, CISO, CISSP, IT Security, Security, Documentation, Cloud, Identity & Access Management (IAM), Forensics, Cloud Security, Web App Security, Cloudflare, Business Continuity Planning (BCP), Web Security, Economics, Leadership, Finance, Financial Accounting, Statistics, Macroeconomics, Strategy, Operating System Security, Digital Forensics, Cyberlaw, Networks, Electronics, Laser Systems, Antenna Design, Information Security, Risk Assessment, Architecture, PCI Compliance, Security Operations Centers (SOC), Data Privacy, GDPR, Enterprise Architecture, Intrusion Prevention Systems (IPS), Cisco Routers, Network Switches, WAN, LAN, Active Directory (AD), IT Audits, Security Management, Risk Management, IT Governance, IT Service Management (ITSM), Business Continuity, Cloud Architecture, Certified Information Systems Auditor (CISA)

Collaboration That Works

How to Work with Toptal

Toptal matches you directly with global industry experts from our network in hours—not weeks or months.

1

Share your needs

Discuss your requirements and refine your scope in a call with a Toptal domain expert.
2

Choose your talent

Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.
3

Start your risk-free talent trial

Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.

Top talent is in high demand.

Start hiring