Syed Ghazanfar Abbas - Information Security Consultant

Q: Where is Syed Ghazanfar based?

Syed Ghazanfar is based in Brussels, Belgium .

Q: What languages does Syed Ghazanfar speak?

Syed Ghazanfar speaks the following languages: English (Advanced), French (Elementary), Dutch (Elementary) .

Q: How many years of experience does Syed Ghazanfar have?

Syed Ghazanfar has at least 13 years of experience. During this time, Syed Ghazanfar has worked in at least 7 different roles and for 7 different companies . The average length of individual experience is 2 years and 10 months . Note that Syed Ghazanfar may not have shared all experience and actually has more experience.

Q: What is Syed Ghazanfar's latest experience?

Syed Ghazanfar's most recent position is Information Security Consultant at AGP Glass .

Q: What companies has Syed Ghazanfar worked for in recent years?

In recent years, Syed Ghazanfar has worked for AGP Glass , Extra United Electronics , and Pakistan Telecommunication Authority .

Q: Which industries is Syed Ghazanfar most experienced in?

Syed Ghazanfar is most experienced in industries like Information Technology (IT) , Telecommunication , and Banking and Finance . Syed Ghazanfar also has some experience in Manufacturing and Professional Services .

Q: Which business areas is Syed Ghazanfar most experienced in?

Syed Ghazanfar is most experienced in business areas like Information Technology (IT) , Product Development , and Operations . Syed Ghazanfar also has some experience in Quality Assurance (QA) .

Q: Which industries has Syed Ghazanfar worked in recently?

Syed Ghazanfar has recently worked in industries like Telecommunication , Manufacturing , and Information Technology (IT) .

Q: Which business areas has Syed Ghazanfar worked in recently?

Syed Ghazanfar has recently worked in business areas like Information Technology (IT) and Operations .

Recommended expert

Brussels, Belgium

Experience

Aug 2024 - Jun 2025

11 months

Information Security Consultant

AGP Glass

Developed and updated security and privacy policies, standards, guidelines, and procedures across the organization.
Prepared amendments to the security framework in alignment with changing threats and evolving compliance standards such as TISAX, ISO 27001, NIS 2, DORA, and IATF.
Led collaboration with CSIRT and technical teams to define functional security requirements for ongoing IT initiatives.
Assessed and mitigated vulnerabilities within the network, cloud, and application layers.
Communicated cyber risks and posture improvements to senior management and executive leadership.
Ensured regulatory compliance and participated actively in internal and external audit cycles.

May 2023 - Feb 2024

10 months

Cyber Security Consultant and Vulnerability Management Specialist

Extra United Electronics

Lead Red Team operations to identify and address security vulnerabilities.
Conduct comprehensive vulnerability assessments across various systems.
Perform application security testing for both mobile and web applications, aligning with OWASP Top 10 principles.
Perform security testing and source code review of applications developed on .NET, Java, PHP, Python, JavaScript, Spring, and AngularJS.
Establish and implement black box and white box penetration testing methodologies for a thorough security evaluation.
Execute quarterly risk assessments of the infrastructure to proactively identify and mitigate vulnerabilities.
Specialize in cloud security assessments, focusing on Azure and software as a service (SaaS) cloud environments.
Contribute to the organization's risk management strategy by identifying potential security threats and recommending proactive measures.
Collaborate with the team to achieve desired outcomes and contribute to the team's success.

Nov 2019 - May 2023

3 years 7 months

Pakistan

Cyber Security Specialist

Pakistan Telecommunication Authority

Vulnerability assessment of OS, network, DBMS, cloud infrastructure, applications, and end-users.
Established National Telecom Security Operation Center (nTSOC).
Worked as CSIRT analyst.
Developed security guidelines in accordance with national telecom regulation (CTDISR).
Conducted security audit of telecom licensees of Pakistan according to Critical Telecom Data Infrastructure Regulation (CTDISR).
Coordinated and collaborated with cellular mobile operators on cybersecurity issues and activities.
Developed customized reports on software vulnerability assessment operations for IT teams and relevant stakeholders.
Deployed and assessed Fortinet FortiGate web application firewall (WAF) and investigated potential escalations regarding various attack types.
Assisted with patching recommendations and generated workarounds for zero-day threats.
Coordinated with senior management regarding improvement of the organization’s security posture.
Collaborated with other teams to build a secure national telecom ecosystem, including voice technologies (VoIP and SS7) and network elements.
Maintained strong knowledge of wireless technologies and wireless network security.

Mar 2018 - Nov 2019

1 year 9 months

Pakistan

Vulnerability Management & SOC Specialist

State Bank of Pakistan

Conducted software vulnerability assessment operations of the bank’s critical IT infrastructure, including SWIFT applications and servers.
Worked on security monitoring and log solutions daily, reporting and presenting findings to senior management.
Deployed, operated, and maintained security incident monitoring and log solutions using standard SIEM technology, integrating with existing IT infrastructure components.
Reviewed and managed IT incident reports and followed up with IT operations to fix identified security and procedural issues.
Coordinated and collaborated with IT operations on security monitoring issues and activities.
Disseminated IT security alerts and advisories to IT operation teams after analysis.
Undertook and completed other tasks and assignments as assigned by the supervisor.

Nov 2017 - Mar 2018

5 months

Cyber Security Consultant

Ernst & Young

Coordinated with clients on projects related to penetration testing, social engineering, and ISO 27001.
Conducted security awareness sessions for multiple clients.
Developed and implemented security frameworks based on NIST, CIS, OWASP, and ISO 27001 guidelines.
Researched security updates and coordinated with the senior team.
Performed network configuration audits and security reviews, and implemented relevant project processes.

Sep 2016 - Sep 2017

1 year 1 month

Pakistan

Application Security Analyst

Habib Bank Limited

Performed information systems security review and risk assessment of critical IT assets.
Conducted vulnerability assessment and management.
Carried out source code review and analysis.
Ensured IT infrastructure was developed and operated in full compliance with information security policies.
Prepared reports on vulnerability assessment of network devices (switches, routers, IDS, firewall) and configuration assessment of domestic and international network devices.
Performed manual and automated hardening of databases (SQL Server 2008, 2012) and operating systems (Windows Server 2003, 2008, 2012) on AIX servers.
Conducted PCI hardening assessments and vulnerability assessments from UAT to live environments.
Provided information assurance and risk assessment support using established security and risk management solutions.
Carried out risk assessments for various applications and systems.
Monitored WAF events covering critical web applications.
Executed web application black box and white box security tests using automated tools and manual exploration.
Maintained understanding of Android and iOS security landscapes and operating system internals.
Understood mobile application security concepts (e.g., OWASP and SANS).

Oct 2011 - Aug 2016

4 years 11 months

Pakistan

System Administrator and Developer

XORSAT (Pvt) Ltd

Configured and installed VMware vSphere.
Installed and configured server-side applications, including Apache, MySQL, LAMP, FTP, and SMTP.
Performed network configuration and network security tasks.
Conducted penetration testing.
Worked as a backend developer for PHP/MySQL and web services JSON parsing.
Gained knowledge of front-end development using HTML, CSS, JavaScript, and AJAX.

Industries Experience

See where this freelancer has spent most of their professional time. Longer bars indicate deeper hands-on experience, while shorter ones reflect targeted or project-based work.

Experienced in Information Technology (5.5 years), Telecommunication (3.5 years), Banking and Finance (2.5 years), Manufacturing (1 year), and Professional Services (0.5 years).

Information Technology

Telecommunication

Banking and Finance

Manufacturing

Professional Services

Business Areas Experience

The graph below provides a cumulative view of the freelancer's experience across multiple business areas, calculated from completed and active engagements. It highlights the areas where the freelancer has most frequently contributed to planning, execution, and delivery of business outcomes.

Experienced in Information Technology (13 years), Product Development (5 years), Operations (3.5 years), and Quality Assurance (1 year).

Information Technology

Product Development

Operations

Quality Assurance

Summary

Dedicated and highly skilled Cyber Security Engineer with over 10 years of experience safeguarding digital assets and holding renowned certifications including CISM , CISA and many others. Expertise in data confidentiality, integrity, and availability, vulnerability management, and penetration testing. Rich background in Banking, Telecom, and Government Regulatory domains. Proficient in developing and maintaining robust security infrastructures.

Skills

My Expertise Encompasses Ci/cd Devsecops Continuous Integration, Continuous Deployment, And Continuous Monitoring. Proficient In Tools For Configuration Management And Infrastructure Automation, I Advocate For The Integration Of Security Throughout The Development Lifecycle.
I Bring A Robust Skill Set In Cloud Security Assessment, Demonstrated Through Conducting Risk Assessments For Projects Utilizing Saas, Iaas, And Paas Cloud Services In Hybrid Contexts.
Vulnerability Management: Proficient In Tenable Nessus, Rapid 7 Insightvm, And Qualys.
Penetration Testing: Extensive Experience In Ethical Hacking And Penetration Testing Using Metasploit, Kali Linux.
Security Tools And Programming Languages: Proficient In Working With Security Tools And Programming Languages, Including But Not Limited To Metasploit, Nessus, Nexpose, Splunk, Qradar, Burp Suite, Python Scripting, Power Shell , .Net, Java, Php, Javascript, Spring, Angularjs And Various Antivirus Solutions.
Compliance And Auditing: Extensive Experience Ensuring Compliance With Industry Standards (E.g., Iso 27001, Nis 2 , Dora, Nist, Gdpr, Tisax) And Conducting Security Audits To Maintain Regulatory Requirements.

Languages

English

Advanced

French

Elementary

Dutch

Elementary

Education

Oct 2014 - Jun 2016

NED University of Engineering and Technology

Master of Science, Computer Science and Information Technology · Computer Science and Information Technology · Karachi, Pakistan

Oct 2006 - Jun 2010

National University of Computer and Emerging Sciences

Bachelor of Science, Telecommunication · Telecommunication · Pakistan

Certifications & licenses

Advanced Web Application Penetration Testing (eWPTX)

INE Security

Certified Azure Red Team Professional (CARTP)

Altered Security

ISO/IEC 27001 Information Security Associate

SkillFront

AWS Certified Solutions Architect – Associate

Amazon Web Services (AWS)

Certified Appsec Practitioner (CAP) SecOps

Certified In Cyber Security (CC)

ISC2

Certified Information Security Auditor (CISA)

ISACA

Certified Information Security Manager (CISM)

ISACA

Certified Ethical Hacker V 9.0 (C|EH)

EC-Council

Certified Devsecops Professional (CDP)

Practical Devsecops

Profile

Created

November 2025

Need a freelancer? Find your match in seconds.

Try FRATCH GPT

Frequently asked questions

Do you have questions? Here you can find further information.

Where is Syed Ghazanfar based?

Syed Ghazanfar is based in Brussels, Belgium.

What languages does Syed Ghazanfar speak?

Syed Ghazanfar speaks the following languages: English (Advanced), French (Elementary), Dutch (Elementary).

How many years of experience does Syed Ghazanfar have?

Syed Ghazanfar has at least 13 years of experience. During this time, Syed Ghazanfar has worked in at least 7 different roles and for 7 different companies. The average length of individual experience is 2 years and 10 months. Note that Syed Ghazanfar may not have shared all experience and actually has more experience.

What roles would Syed Ghazanfar be best suited for?

Based on recent experience, Syed Ghazanfar would be well-suited for roles such as: Information Security Consultant, Cyber Security Consultant and Vulnerability Management Specialist, Cyber Security Specialist.

What is Syed Ghazanfar's latest experience?

Syed Ghazanfar's most recent position is Information Security Consultant at AGP Glass.

What companies has Syed Ghazanfar worked for in recent years?

In recent years, Syed Ghazanfar has worked for AGP Glass, Extra United Electronics, and Pakistan Telecommunication Authority.

Which industries is Syed Ghazanfar most experienced in?

Syed Ghazanfar is most experienced in industries like Information Technology (IT), Telecommunication, and Banking and Finance. Syed Ghazanfar also has some experience in Manufacturing and Professional Services.

Which business areas is Syed Ghazanfar most experienced in?

Syed Ghazanfar is most experienced in business areas like Information Technology (IT), Product Development, and Operations. Syed Ghazanfar also has some experience in Quality Assurance (QA).

Which industries has Syed Ghazanfar worked in recently?

Syed Ghazanfar has recently worked in industries like Telecommunication, Manufacturing, and Information Technology (IT).

Which business areas has Syed Ghazanfar worked in recently?

Syed Ghazanfar has recently worked in business areas like Information Technology (IT) and Operations.

What is Syed Ghazanfar's education?

Syed Ghazanfar holds a Master in Computer Science and Information Technology from NED University of Engineering and Technology and a Bachelor in Telecommunication from National University of Computer and Emerging Sciences.

Does Syed Ghazanfar have any certificates?

Syed Ghazanfar has 10 certificates. Among them, these include: Advanced Web Application Penetration Testing (eWPTX), Certified Azure Red Team Professional (CARTP), and ISO/IEC 27001 Information Security Associate.

What is the availability of Syed Ghazanfar?

Syed Ghazanfar is immediately available full-time for suitable projects.

What is the rate of Syed Ghazanfar?

Syed Ghazanfar's rate depends on the specific project requirements. Please use the Meet button on the profile to schedule a meeting and discuss the details.