Osama Faheem

Company Overview: Boart Longyear is a global leader in drilling services, equipment, and performance tooling for mining and drilling companies. Operating in over 40 countries, it places strong emphasis on secure digital operations and risk mitigation.

• Built KRIs and a monthly cyber risk dashboard for the Risk Committee. Highlighted residual risk trends, enabling budget reallocation to the top 5 control gaps.
• Established a third-party risk process using standard questionnaires and evidence reviews.
• Authored and maintained incident response playbooks aligned with ISM, NIST CSF, and the ASD Essential Eight, ensuring alignment with government cybersecurity standards.
• Improved SOC capability by designing and implementing automated enrichment workflows and SOAR integrations, accelerating incident triage and ensuring consistent, high-quality incident response.
• Optimised email security resilience by fine-tuning Proofpoint configurations and integrating real-time threat intelligence, enhancing organisational awareness and defence against phishing attacks.
• Strengthened cloud security posture for AWS and Azure environments by implementing security controls via Netskope CASB and Microsoft Defender for Cloud, working closely with CloudOps to ensure the integration of secure-by-design principles.
• Contributed to compliance and risk management by applying industry standards and frameworks, enhancing the security management environment for cloud and on-premise systems.
• Promoted cybersecurity capability uplift by documenting and standardising detection tuning procedures, which directly supported knowledge transfer within the SOC team, improving the efficiency of new analyst onboarding.
• Provided cybersecurity awareness training to internal teams, enhancing their understanding of phishing tactics and best practices for mitigating email-based threats.
• Promoted enterprise-level risk management practices and helped instill strong culture focused on protective policies and procedures.

Company Overview: The Department of Primary Industries and Regions (PIRSA) promotes sustainable and profitable agriculture, fisheries, and forestry sectors in South Australia, driving economic growth and development.

• Led risk assessments for 40+ systems and third parties, reducing high and critical risks by 35 percent through targeted treatment plans aligned to ISO 31000 and NIST RMF.
• Delivered strategic security advisory services aligned with key frameworks such as ISM, PSPF, NIST Cybersecurity Framework, and ISO 27001, supporting governance, risk, and compliance objectives across multiple departments and ensuring alignment with cybersecurity policy.
• Provided technical and policy advice to executive teams, guiding decision-making processes to enhance the organisation’s security posture and mitigate risks.
• Developed and implemented an enterprise-wide Vulnerability Management Plan, achieving a 30% reduction in critical security exposures and streamlining remediation workflows across IT and security teams, improving overall security management.
• Led cyber risk assessments and threat modelling exercises, significantly improving incident response planning and reducing average containment times by 25%, supporting a culture of continuous improvement in operational readiness.
• Investigated and documented over 100 security incidents, utilising digital forensics techniques and threat intelligence to produce actionable insights for executive reporting, post-incident analysis, and process improvements.
• Played a pivotal role in aligning incident response procedures with ISM and NIST CSF, ensuring compliance with government cybersecurity standards and driving improvements in security incident handling.
• Refined and tuned detection logic across hybrid environments (on-premise and Microsoft Azure), collaborating with SOC analysts and IT stakeholders to improve alert fidelity, reduce false positives, and enhance overall security operations.
• Contributed to the Cyber Security team’s ability to proactively identify and respond to emerging threats, improving the organisation’s overall security posture.
• Designed and delivered enterprise-wide cyber security awareness training, leading to a measurable reduction in phishing click rates and an uplift in baseline cyber literacy across the workforce.
• Supported the development and delivery of training materials to enhance employee understanding of cybersecurity best practices, contributing to a stronger security culture within the organisation.

Company Overview: Accenture is a global professional services firm specialising in digital, cloud, and security, with over 674,000 employees across 120 countries. It offers Strategy and Consulting, Interactive, Technology, and Operations services in 40 sectors. Accenture Security was ranked first in the HFS Top 10: Cybersecurity Service Providers in 2022 and has 5,000 employees in Australia with offices in major cities.

• Led the development and ongoing refinement of cybersecurity policies, procedures, and standards, ensuring alignment with frameworks such as ISM, PSPF, ASD Essential Eight, and ISO 27001, supporting governance, risk, and compliance objectives.
• Delivered cybersecurity advice and technical consultation to senior leadership and cross-functional teams, promoting cyber risk awareness and fostering informed decision-making across the organisation.
• Assisted with vulnerability scanning and verification using Qualys and Nessus. Reduced false positives by 40 percent through better asset scoping.
• Contributed to incident post-incident reviews and control improvements that lowered repeat incidents by 20 percent.
• Implemented and maintained layered defence mechanisms (including firewalls, IDS/IPS, and endpoint protection) to safeguard hybrid environments and ensure continuous protection against evolving threats.
• Coordinated security monitoring and alert management by SLAs, ensuring rapid incident triage and minimising operational disruptions.
• Led cross-functional collaboration on security initiatives, embedding secure-by-design principles across projects and ensuring stakeholder alignment throughout the development lifecycle.
• Produced in-depth security reports and risk briefings tailored for executive audiences, translating complex technical data into actionable business risk insights to guide strategic decision-making.
• Delivered strategic consultancy on cyber resilience, providing intelligence-driven insights into defence planning, risk management, and incident preparedness.
• Managed relationships with third-party vendors to uphold security requirements, ensuring contractual obligations and service levels were consistently met.
• Supported internal and external audit processes, tracking remediation actions and ensuring compliance with internal controls, policies, and relevant legislation.
• Developed and delivered internal cybersecurity training programs to uplift cyber literacy across the workforce, ensuring improved organisational understanding of emerging threats and best practices.
• Maintained and updated compliance resources, contributing to the overall capability uplift of the organisation’s cybersecurity posture.

Company Overview: Apple is a California-based company and the largest in the world by market capitalisation. One of the Big Five American IT corporations, it became the first publicly listed US business to reach valuations of over $1 trillion in August 2018, $2 trillion in August 2020, and $3 trillion in January 2022.

• Provided technical leadership for deploying and managing critical security measures, ensuring the protection of Apple’s global infrastructure.
• Led investigations into security breaches and provided strategic recommendations to mitigate future incidents.
• Delivered cybersecurity training to technical teams across APAC and the Americas, increasing awareness of emerging threats and incident response protocols.
• Collaborated cross-functionally to improve macOS and iOS security controls, helping shape Apple’s internal secure practices.

Company Overview: OTR, a convenience retailer owned by South Australians, is the state’s largest local employer with over 170 petrol and convenience stores. It provides jobs to more than 3,100 South Australians and is part of the Peregrine Corporation.

• Enhanced customer satisfaction by promptly addressing and resolving inquiries and concerns.
• Ensured strict compliance with company policies, occupational health, and safety procedures, reinforcing a security culture and protocol adherence.
• Collaborated with team members to share best practices and improve overall service quality.
• Conducted detailed audits and maintained accurate documentation of inventory and financial transactions, highlighting strong process documentation skills.
• Managed cash handling and shift reconciliations accurately, demonstrating meticulous attention to detail.
• Resolved customer issues promptly, showcasing practical problem-solving abilities and incident management.
• Trained new team members on operational procedures and compliance standards, reflecting strong communication and leadership skills.
• Monitored and updated promotional activities and inventory systems, indicating adaptability and proficiency in managing system updates.

Company Overview: Al Habtoor Leighton LLC is a contracting company that builds and develops roads, buildings, rail systems, oil and gas, and mining projects. It works with private and public clients throughout the United Arab Emirates and the surrounding area.

• Spearheaded a Vulnerability Management Plan (VMP), identifying and remediating critical network exposures and reducing risk by 25%.
• Optimized software performance through regular updates, patches, and maintenance tasks to ensure seamless user experience.
• Deployed anti-malware solutions, IDS, and security monitoring to proactively defend against cyber threats in a high-availability enterprise environment.
• Conducted comprehensive risk assessments using industry-leading tools and methodologies, ensuring continuous monitoring and proactive mitigation of potential cybersecurity threats.
• Led the incident response team in handling critical security incidents, focusing on breach detection, containment, and recovery, reducing incident response time and minimising business disruption.
• Collaborated with internal stakeholders to refine vulnerability management processes, ensuring alignment with industry-standard frameworks such as ISO 27001, NIST, and CIS Controls.
• Documented vulnerability management activities, providing stakeholders with clear, actionable recommendations to improve security policies and ensure continual compliance with industry standards.
• Designed and implemented a robust Information Security Policy, strengthening the organisation's security posture and reducing the risk of cybersecurity incidents through effective policy enforcement.
• Engaged with cross-functional teams to conduct penetration testing and vulnerability assessments, delivering detailed reports with prioritised remediation actions, reducing system vulnerabilities by 20%.

Company Overview: The Aga Khan University Hospitals in Nairobi, Kenya, and Karachi, Pakistan, are private, nonprofit hospitals offering top-notch medical treatment. The University’s medical colleges and Schools of Nursing and Midwifery in Pakistan and East Africa primarily receive their clinical training at the Main Hospitals. The first hospital in those areas to receive accreditation from Joint Commission International was an AKU facility.

• Implemented enterprise-wide vulnerability and patch management program, reducing system-level exposures by 30%.
• Responded to and mitigated a wide range of cybersecurity incidents, improving incident response efficiency by 20%.
• Conducted detailed risk assessments and implemented risk mitigation strategies, ensuring the security of critical healthcare information systems while maintaining compliance with NIST and ISO 27001 standards.
• Collaborated with external vendors and internal teams to integrate advanced security technologies, including SIEM and endpoint protection solutions, significantly improving the hospital’s ability to detect and respond to potential threats.
• Managed to deploy intrusion detection systems (IDS) and anti-malware tools, improving the organisation's threat detection and mitigation capabilities by 40%.
• Documented vulnerability management and incident response processes, providing senior management with actionable recommendations to enhance the organisation’s overall cybersecurity framework.
• Played a critical role in conducting penetration tests and forensic analysis to detect and resolve system vulnerabilities, safeguarding essential data of healthcare and ensuring compliance with industry standards.
• Designed and implemented a comprehensive disaster recovery plan that minimised system downtime and ensured the continuity of critical services during security incidents.