15+ years across four continents — auditing hundreds of programs, training thousands of professionals. 300+ certifications. DBA · MBA · MSc · PMP · QSA · CISSP-SME · CCISO · Multi-Accredited Lead Auditor.
Officially designated CISO / Directeur de la Sécurité des Systèmes d'Information (DSSI) with a formally validated CISO Charter defining authority, independence, responsibilities, and executive positioning. Reports directly to the CEO, operating independently from IT operations to ensure proper separation between cybersecurity governance and operational IT execution. Leads information security governance, cybersecurity strategy, risk management, regulatory and normative compliance, ISO/IEC 27001-aligned ISMS supervision, security audits, SOC/CSIRT strategic oversight, executive reporting, and continuous improvement of UNIDEES' security posture. Defines and enforces security policies; supervises cyber risk assessments and treatment plans; ensures legal/regulatory compliance; oversees audits and corrective actions; validates security requirements for critical projects; delivers executive escalation on major risks and incidents.
Leads Advisory & CSIRT Business Units — Managed SOC, CSIRT operations, cyber advisory, auditing, training, certification, and strategic partnerships — with full P&L accountability. Governs Managed SOC service models, detection & response strategy, KPIs, SLAs, escalation, continuous improvement. Designed and leads the CSIRT: charter, operating model, playbooks, crisis management, full SOC–CSIRT integration from detection to recovery. Leads GRC, audit, and assurance programs (ISO 27001, 22301, 27701, NIST, PCI DSS, RNSI); manages PCI DSS and SWIFT CSP partnerships; oversees ISO/IEC 17021 franchise with accredited certification body.
Authorized for 50+ programs: C|CISO, ISO 27032 CSLCM, CLPTP, SOC 2 SLA, NIST CSC; ISO 27001 Master/SLA/SLI, ISO 27005 SRM, ISO 27035 SLIM; ISO 27701 SLI/SLA, ISO 42001 SLI/SLA; ISO 22301 Master/SLI/SLA, ISO 20000 LI/LA, EBIOS RM, CMSA, ISO 21502 SLPM, CLEH, CCTA, CIR, and many others. Also delivers training through: ISC2, ISACA, CSA, EC-Council, INE Security, OffSec, SANS, TRECCERT, PMI.
SME on the AfricaCERT 3CF (Cybersecurity Common Controls Framework): control catalogues, maturity models, assessment toolkits, national implementation guidance. Expert input on governance, SOC/CSIRT maturity, IR, cloud security, and digital resilience for African institutions.
Shapes C|CISO and C|PENT programs: curriculum development, technical reviews, real-world practice integration, and capacity-building advocacy across APAC and IMEA regions.
Third-party certification audits worldwide: ISO/IEC 27001:2022, ISO 22301:2019, CSA STAR Level 2. The only accredited auditor in Algeria (ISO 27001, CSA STAR, ISO 22301) and potentially the youngest worldwide as of 2024.
Strategic vCISO and expert consulting for SMBs, critical infrastructure, government, national cyber agencies, and global corporations. Pentesting & Red Teaming (PTES, MITRE ATT&CK, purple teaming), adversary simulation; SOC/CSIRT/CERT design and maturity (SIM3, SOC-CMM); IR & DFIR (ISO 27035/27037/27042/27043); GRC audits and gap assessments. Training: SOC & SIEM engineering, threat hunting, CISO-level governance, red/blue team, DFIR, ISO standards.
Founded Algeria's first official CSA Chapter: national awareness, CCM/CAIQ/STAR Program adoption, partnerships with industry, academia, and government.
Founded and led as Chapter Leader and Board Chair: application security, secure development practices, events, workshops, CTFs, and training programs.
Founded the first CAS International Chapter in Algeria (Michigan, Sep 2025) — hub for professionals in testing, inspection, certification, and accreditation.
Official programs: ISO 27001 LI/LA, ISO 22301 LI/LA, ISO 20000 (ITSM), Cybersecurity (CYSE).
Led launch and operations of Accurate ISO Maghreb; certification delivery under UAF-accredited standards (ISO 27001, 9001, 14001, 45001 — ISO 17021, 27006/7/8, 19011).
Co-led multinational cybersecurity & GRC firm: vCISO, DFIR, threat hunting, compliance consulting (ISO, NIST, RNSI, PCI DSS), red/purple teaming, certified audits (ISO 27001, CSA STAR, VAPT).
Led national InfoSec, cybersecurity, risk, and compliance strategy for Algeria's electronic payment ecosystem — internal governance plus sector-wide oversight of member banks, PSPs, and financial institutions. Redesigned the Security Framework: PCI DSS, SWIFT CSP, DORA, NIS2, ISO 27001, OWASP, CSA, CIS, NIST, aligned with RNSI and Law 18-07. Served as effective "CISO of CISOs" for Algeria's banking sector.
Editorial and educational SME for 2M+ professionals: expert commentary on offensive security, red teaming, threat emulation, and capability building.
SME for CC, CISSP, and the Unified Body of Knowledge (CC, SSCP, CSSLP, CGRC, CCSP, CISSP, ISSEP, ISSAP, ISSMP); global exam and curriculum development workshops.
Directed cybersecurity strategy for Africa-region clients and global SecOps: SOC oversight, assessment frameworks, risk assessments, and incident response.
Design, review, and validation of labs, CTF challenges, and interactive rooms across Red, Blue, and Purple tracks for a global cybersecurity learning community.
ISO 27001/27002/27005 ISMS governance; incident management with SIEM/EDR/DLP and Group CSIRT/CERT; DFIR, threat hunting, CTI; penetration testing and social engineering campaigns.
Cybersecurity strategy and risk advisory; policies, procedures, technical controls; offensive security services; incident investigation and remediation.
Led cybersecurity division (pentesting, VA, red teaming); defensive architectures; negotiated strategic Kaspersky Lab partnership for the Algerian market.
NOC cybersecurity initiatives; Lead Penetration Tester; datacenter security strategies; incident response plans and playbooks.
Advised government agencies; led audits, VA, and penetration testing to evaluate cybersecurity maturity.
Security assessments and penetration tests; internal security projects; company-wide security awareness training programs.
Education modules on pentesting, VA, and threat analysis; mentored university students; organized events and CTF competitions.
VAPT worldwide (OWASP, OSSTMM, PTES); ethical hacking and source code reviews; web development for clients globally.