Muhammad Arsalan C)ISSO | C)ISMS-LA | C)VA | C|HFI's Personal Website on Strikingly

MUHAMMAD ARSALAN
C|EH | C)ISSO | C)ISMS-LA | C)VA | C|HFI

Senior Consultant - IT Audit at
BDO AG Wirtschaftsprüfungsgesellschaft (German)
MY MOTTO
To be the Top Professional in the Contribution of Information security Governance Risk Compliance & Audit
SUMMARY
A result-driven IT/IS Professional with extensive experience in the Information Technology, Information Security and Audit
Track record for diagnosing complex problems and consistently delivering effective solutions
High energy, positive team player with excellent work ethnic; flexibility and dependable
Proven ability to lead and motivate project team to ensure success
Passion for working with people; proven commitments to provide superior service
Able to quick learn and clearly communicate regulatory guidelines

SPECIALITIES
IT Audit, IT Security, Management of Information Security, IT Asset Management, Software Asset Management, Business Intelligence, Business Continuity Management, ISO27001, ISO22301, ISO24762, SIEM (Security Information & Event Management), Logs Management, Vulnerabilities Assessment, Password Cracking, Image File Forensics, Cyber Crime & Forensics Investigation, Digital Evidence, Email Crimes, Files Recovery & Forensics, Staganalysis, Cyber Security / Information protection, Firewall Management, Intrusion Detection/Prevention System - IDS/IPS, Information Security and Network Management, Information and Security, Threats and Risks, Approach and organization, Measures, Legislation and Regulations, Data Leakage Prevention – DLP, PKI, C4ISR, GRC, Content Monitoring and Filtering, focused on ISMS management, IT security best practices.
WORK HISTORY

BDO AG Wirtschaftsprüfungsgesellschaft (Germany)
Senior Information Technology Audit Consultant
April 2023 – Present

Bank Alfalah Limited
Assistant Vice President - Bank Alfalah Limited
June 2022 – March 2023

NATIONAL BANK OF pAKISTAN
Unit Head - Cards Security (Digital Channels - Information Security )
June 2020 – Present

Sindh Bank Limited
Information System (IS) Auditor (Manager)
July 2018 – June 2020

Telenor Microfinance Bank limited
Manager IS Audit
Feb 2017– July 2018

JS Bank limited pakistan
Internal Auditor - IT / IS
Nov 2015 – Feb 2017

Burj Bank limited pakistan
Manager IT/IS - Internal Audit
Jun 2014 – Nov 2015

Samba Bank Ltd. (B.C.I Computing PVt. ltd.)
Technology Support Unit (T.S.U)
May 2013 – Jun 2014

UJ Consultant & Solution Provider
Network & Information Security Analyst
Jun 2010 – Mar 2013
EDUCATION

N.E.D University of Engineering & Technology
Masters in Science - Information Security
(MS-IS) 2015 - 2016

Karachi Institute of economics & technology (PAf-kiet)
Bachelors in Science - Telecommunication & Networks
(BS-TN) 2006 - 2012

Defence Authority Sheikh Khalifa Bin Zayed College (D.H.A)
Intermediate (Pre - Engineering)

Happy Home School
Matriculation - Computer Science
CERTIFICATIONS

Certified in cyber security

(ISC)2®, License Number 1077945
Certified ETHICAL HACKER - C|EH
EC-Council®, License Number ECC-9460573812
CyberArk Certifed Trustee
CyberArk®, License Number 1036121
Information Security Incident Handling
Charles Sturt University®
Autopsy Basics and Hands - Digital Forensics
Basis Technology Inc.®
Certified Network Security Specialist - CNSS
ICSI® (International Cyber Security Institute), UK
License Number 17720776
Cyber Warfare and Terrorism
Charles Sturt University®
Cyber Security Management
Charles Sturt University®
Digital Forensics
Charles Sturt University®
Splunk 7.x Fundamentals
Splunk Inc.®
CYber Security Consequences For Industrial Control Systems
U.S Department of Homeland Security
Network Security Associate NSE - 1
Fortinet Inc.®
Network Security Associate NSE - 2
Fortinet Inc.®
Computer Hacking Forensics Investigator - C|HFI
EC-Council®, License Number ECC-29159842
Certified Information Security Management System - Lead Auditor (ISMS - LA)
Mile2®, License Number 222900
Certified Information Systems Security Officer - C)ISSO
Mile2®, License Number 228200
Certified Vulnerability Assessor - C)VA
Mile2®, License Number 180800
ITIL® V3 - IT Service Management
EXIN®, License Number 4530554.1100769
Information Security Foundation Based on ISO/IEC 27002
EXIN®, License Number 4530554.1103815
CCNA ( Training & Local Academy Certified)
Cisco Inc.®
PROFESSIONAL SKILLS

Information Security Risk & Gap Analysis
Business Continuity Planning & Disaster Recovery
IT/IS Risk based Audit & Assessment
Vulnerability Assessment & Penetration Testing (VAPT)
Information Security & Controls Evaluation
Digital & Computer Forensics
PROFESSIONAL TRAININGS

Hands-on Penetration Testing Labs 4.0
(Udemy®)
AWS Security Fundamentals
(Amazon Web Services, Inc.®)
IT Auditing
Institute of Bankers of Pakistan - IBP®
Certified Chief Information Security Officer – C|CISO
Wemyt® Pvt. Ltd.
Mobile Application Security Assessment
Virtual Security (Pakistan)
Certified Vulnerability Assessor – C)VA
Mile2®
Certified Security Sentinel – C)SS
(Mile2®)
PROFESSIONAL PROJECTS

INFORMATION TECHNOLOGY AUDIT - JS BANK Limited
Project Description:
Technologies: - Mantis System, Active Directory, Lotus mail, Network & Infrastructure, Information Security, IT Service Management, Data center, Database, Intranet, Website.
Company Description: JS Bank Limited was formed in 2006 by the merger of Jahangir Siddiqui Investment Bank (Ltd) and the commercial banking operations of American Express Bank (Pakistan) Ltd. JS Bank is one of the fastest growing banks in Pakistan, with a vast online network of 238 branches in 122 cities in all provinces.
Major Responsibilities: Examination of management controls within an Information technology (IT) infrastructure. Evaluation of system's internal control design and effectiveness. This includes, but is not limited to, efficiency and security protocols, development processes, and IT governance or oversight.
Team Member: 02 Members
CREDIT CARD SYSTEM AUDIT - JS BANK Limited
Project Description:
Technologies: - Linux (Cent OS), Web Traffic Analysis Tool
Company Description: JS Bank Limited was formed in 2006 by the merger of Jahangir Siddiqui Investment Bank (Ltd) and the commercial banking operations of American Express Bank (Pakistan) Ltd. JS Bank is one of the fastest growing banks in Pakistan, with a vast online network of 238 branches in 122 cities in all provinces.
Major Responsibilities: IT/IS controls validation of Payment System Application - Cardpro.
Team Member: 03 Members
IT CHANGE MANAGEMENT AUDIT - BURJ BANK Limited
Project Description
Technologies: Core Banking Application (iMAL), Treasury Application (iSTS)
Company Description: Burj Bank Limited, formerly known as Dawood Islamic Bank Limited (DIBL), is Pakistan’s sixth full-fledged Islamic commercial bank. The bank received its license from the State Bank of Pakistan in May 2006.
Major Responsibilities: Identify flaws in controls, Policy, Procedure/Manual, IT General controls, Application Controls in the Core Banking Application, use best practices including ITIL, SANS, COBIT. UAT Testing and validation of results identify the vulnerabilities and making them patched, Identify Input validations, release notes validation, identification of issues and incidents regarding business applications, Information Security related control validation.
Team Member: 02 Members
MOBILE BANKING AUDIT & ASSESSMENT - BURJ BANK Limited
Project Description
Technologies: Nessus, Core Impact, Firefox Plug-in, Nmap, OWSAP ZAP, Accunetix
Company Description: Burj Bank Limited, formerly known as Dawood Islamic Bank Limited (DIBL), is Pakistan’s sixth full-fledged Islamic commercial bank. The bank received its license from the State Bank of Pakistan in May 2006.
Major Responsibilities: Identify XSS, XSRF, SQL Injections in the current Application, Identify the vulnerabilities and making them patched, Identify Input validations, Error Handling, HTTP Response method validation, Data Tempering (Validation of Session, Account No), Validation of Session Tokenization, Identify the validation of SSL / Digital Certificates, Validation of Password controls.
Team Member: 02 Members
INTERNET BANKING Pen testing - BURJ BANK limited
Project Description
Technologies: Nessus, Core Impact, Firefox Plug-in, Nmap, OWSAP ZAP, Accunetix
Burj Bank Limited, formerly known as Dawood Islamic Bank Limited (DIBL), is Pakistan’s sixth full-fledged Islamic commercial bank. The bank received its license from the State Bank of Pakistan in May 2006.
Major Responsibilities: Identify XSS, XSRF, SQL Injections in the current Application, Identify the vulnerabilities and making them patched, Identify Input validations, Error Handling, HTTP Response method validation, Data Tempering (Validation of Session, Account No), Validation of Session Tokenization, Identify the validation of SSL/Digital Certificates, Validation of Password controls.
Team Member: 3 Members
WEB SECURITY IMPLEMENTATION & MONITORING ( MHZ GLOBAL)
Project Description
Technologies: - Linux (Cent OS), Web Traffic Analysis Tool
Company Description: Live Monitoring of Web Server using public IP Addresses, Monitoring Includes port 80 Traffic, port 23 Files information, port 443
Major Responsibilities: Tool must be successfully working.
Team Member: 3 Members
NETWORK PENETRATION TESTING (TRANSWORLD Pvt. ltd.)
Project Description
Technologies: Linux Distro 2.6x, Nmap, Wireshark, Anti-ARP Spoofing
Company Description: Transworld is a joint venture of Orascom Telecom Holding, Saif Group and Omzest Group of Oman and is Pakistan’s premier Internet and international connectivity provider. A Two days Penetration Testing Conducted in Karachi Region and Patches have been made successfully.
Major Responsibilities: Being a Team Leader the Major Responsibility is to perform the Penetration testing on a Live Network Environment without intercepting the Other Host and public IP Addressing.
Team Members: 6 Members
NETWORK PENETRATION TESTING ( AFROZE TEXTILE )
Project Description
Technologies: Linux Distro 2.6x, Zen map, Etheral
Company Description: Afroze Textile Industries, the name of quality and wide variety of home textile established in 1973. Textile ennobling company, involved in bleaching, mercerizing, dyeing and rotary printing of textile fabrics for towels, bedding and garments.
Major Responsibilities: Being a Team Leader the Major responsibility is to perform the Penetration testing on a Live Network Environment without intercepting the other Host and public IP Addressing.
Team Members: 8 Members
INTRUSION DETECTION AND PREVENTION SYSTEM DEPLOYMENT ( PAF - KIET )
Project Description
Technologies: Linux Distro 2.6x
P.A.F-Karachi Institute of Economics and Technology (KIET) was established in 1997 with the aim of providing quality of education at affordable cost. Its academic programs are designed to prepare the students to meet the challenges of the nation and industry. KIET received the recognition by the Higher Education Commission.
Major Responsibilities: Check the activities made on a network by the user, Identify the vulnerabilities and making them patched, Identify the tools and techniques used by the Intruders.
Team Member: 5 Members
WEB APPLICATION PENETRATION TESTING ( UBL INSURERS )
Project Description
Technologies: Nessus, Core Impact
UBL Insurers Limited is an associated company of UNITED BANK Ltd. It is jointly owned by United Bank Limited (UBL) and the Bank's sponsors, the Abu Dhabi Group and Bestway Group.
Major Responsibilities: Identify XSS, XSRF, SQL Injections in the current Application, Identify the vulnerabilities and making them patched, Identify Input validations, Error Handling, HTTP Response method validation.
Team Member: 6 Members
NETWORK PENETRATION TESTING ( KAPCO )
Project Description
Technologies: Nessus, Core Impact, Nmap.
Kot Addu Power Company Limited ("KAPCO") was incorporated in 1996 with the purpose to contribute economical power to the national grid. KAPCO has shown exceptional results in the area of plant maintenance, availability, quality standards and financial performance.
Major Responsibilities: Identify Enumerations (NETBIOS, Active Directory), Identify the vulnerabilities in operating system & applications and making them patched, Performing Brute force attack in different server likes (SQUID, Apache, Email).
Team Member: 10 Members
WEB SECURITY IMPLEMENTATION & MONITORING (J & J BUILDERS AND DEVELOPERS)
Project Description
Technologies: Linux (Cent OS), Web Traffic Analysis Tool
Company Description: Live Monitoring of Web Server using public IP Addresses, Monitoring Includes port 80 Traffic, port 21 Files information, port 443.
Major Responsibilities: Tool must be successfully working.
Team Member: 3 Members
REFERENCES

Sitwat Rasool Qadri
Senior Vice President & Chief Internal Auditor at Samba Bank Ltd.
Arsalan is a dedecated IT resource and has knack of accepting challenges. He is detail oriented and keen learner. In short it is good to have such a resource in IT team.
Adeel Jawed
Head of Information Security & Quality Assurance at Samba Bank Limited
Arsalan is open and willing to learn new things. I assure you that he is always an assits to any establishment
Jalaluddin Omer
Information Security Trainer at Uj consultant
Muhammad Arsalan is very detailed-oriented and produced great results for the company. He is very talented. I appreciate all this efforts in information security.
Ovais ul Haque
Software Engineer at Hamdard University
Arsalan is dedicated, honest, hardworking and very down-to-earth person... I have known him as a friend and colleague and have seen his working and other research (Information Security) at Samba Bank and will endorse him for any appropriate professional career...
Zain Ahmed Siddiqui
Sr. Software Engineer at Sistech Systems
Hard-working,motivated,aimed and dedicated guy.He do all work with full of sincerity.
Riaz Hussain
Support Engineer at Samba Bank Ltd.
Arsalan was an amazing guy to have in your. I think I have never seen anyone with as much gifted smartness as in him. He was always ready to chip in with suggestions and improvements and was never afraid to express his disagreement with a given solution.

He was always the go-to guy for me whenever I needed consultation in solving a complex issue or scenario.

I wish him all the very best for his future assignments too.
LET'S TALK
CONTACT HERE!
Please feel free to contact or You can also drop me a message here.
Name

Email

Phone Number with Code

Your Message

Comment

MUHAMMAD ARSALANC|EH | C)ISSO | C)ISMS-LA | C)VA | C|HFI

Senior Consultant - IT Audit at

BDO AG Wirtschaftsprüfungsgesellschaft (German)

MY MOTTO

To be the Top Professional in the Contribution of Information security Governance Risk Compliance & Audit

WORK HISTORY

BDO AG Wirtschaftsprüfungsgesellschaft (Germany)

Bank Alfalah Limited

NATIONAL BANK OF pAKISTAN

Sindh Bank Limited

Telenor Microfinance Bank limited

JS Bank limited pakistan

Burj Bank limited pakistan

Samba Bank Ltd. (B.C.I Computing PVt. ltd.)

UJ Consultant & Solution Provider

EDUCATION

N.E.D University of Engineering & Technology

Karachi Institute of economics & technology (PAf-kiet)

Defence Authority Sheikh Khalifa Bin Zayed College (D.H.A)

Happy Home School

CERTIFICATIONS

Certified in cyber security

Certified ETHICAL HACKER - C|EH

CyberArk Certifed Trustee

Information Security Incident Handling

Autopsy Basics and Hands - Digital Forensics

Certified Network Security Specialist - CNSS

Cyber Warfare and Terrorism

Cyber Security Management

Digital Forensics

Splunk 7.x Fundamentals

CYber Security Consequences For Industrial Control Systems

Network Security Associate NSE - 1

Network Security Associate NSE - 2

Computer Hacking Forensics Investigator - C|HFI

Certified Information Security Management System - Lead Auditor (ISMS - LA)

Certified Information Systems Security Officer - C)ISSO

Certified Vulnerability Assessor - C)VA

ITIL® V3 - IT Service Management

Information Security Foundation Based on ISO/IEC 27002

CCNA ( Training & Local Academy Certified)

PROFESSIONAL SKILLS

Information Security Risk & Gap Analysis

Business Continuity Planning & Disaster Recovery

IT/IS Risk based Audit & Assessment

Vulnerability Assessment & Penetration Testing (VAPT)

Information Security & Controls Evaluation

Digital & Computer Forensics

PROFESSIONAL TRAININGS

Hands-on Penetration Testing Labs 4.0

AWS Security Fundamentals

IT Auditing

Certified Chief Information Security Officer – C|CISO

Mobile Application Security Assessment

Certified Vulnerability Assessor – C)VA

Certified Security Sentinel – C)SS

PROFESSIONAL PROJECTS

INFORMATION TECHNOLOGY AUDIT - JS BANK Limited

CREDIT CARD SYSTEM AUDIT - JS BANK Limited

IT CHANGE MANAGEMENT AUDIT - BURJ BANK Limited

MOBILE BANKING AUDIT & ASSESSMENT - BURJ BANK Limited

INTERNET BANKING Pen testing - BURJ BANK limited

WEB SECURITY IMPLEMENTATION & MONITORING ( MHZ GLOBAL)

NETWORK PENETRATION TESTING (TRANSWORLD Pvt. ltd.)

NETWORK PENETRATION TESTING ( AFROZE TEXTILE )

INTRUSION DETECTION AND PREVENTION SYSTEM DEPLOYMENT ( PAF - KIET )

WEB APPLICATION PENETRATION TESTING ( UBL INSURERS )

NETWORK PENETRATION TESTING ( KAPCO )

WEB SECURITY IMPLEMENTATION & MONITORING (J & J BUILDERS AND DEVELOPERS)

REFERENCES

Sitwat Rasool QadriSenior Vice President & Chief Internal Auditor at Samba Bank Ltd.

Adeel JawedHead of Information Security & Quality Assurance at Samba Bank Limited

Jalaluddin OmerInformation Security Trainer at Uj consultant

Ovais ul HaqueSoftware Engineer at Hamdard University

Zain Ahmed SiddiquiSr. Software Engineer at Sistech Systems

Riaz HussainSupport Engineer at Samba Bank Ltd.

LET'S TALK

CONTACT HERE!

Please feel free to contact or You can also drop me a message here.

MUHAMMAD ARSALAN
C|EH | C)ISSO | C)ISMS-LA | C)VA | C|HFI

Sitwat Rasool Qadri
Senior Vice President & Chief Internal Auditor at Samba Bank Ltd.

Adeel Jawed
Head of Information Security & Quality Assurance at Samba Bank Limited

Jalaluddin Omer
Information Security Trainer at Uj consultant

Ovais ul Haque
Software Engineer at Hamdard University

Zain Ahmed Siddiqui
Sr. Software Engineer at Sistech Systems

Riaz Hussain
Support Engineer at Samba Bank Ltd.