Azhar Ghafoor

Manager Cybersecurity

gov.pk • Full time

Dec 2024 - Present • 1 yr 6 mos

Engineered and deployed a one‑click document sanitation system that converts malicious files into protected formats—solely planned, designed, and executed by me—resulting in organization‑wide accreditation for enhancing user and asset security. Architected and implemented a locally hosted generative AI platform offering a fully secure, private environment; enabled multi‑user interactions across departments without internet dependency and integrated Retrieval‑Augmented Generation (RAG) for context‑aware policy guidance. Directed R&D for cutting‑edge cybersecurity initiatives, delivering strategic roadmaps, innovative prototypes, and actionable recommendations to bolster the Government’s security posture

Lecturer Cyber Security

Air University • Full time

Jun 2023 - Dec 2024 • 1 yr 6 mos

Instructed cybersecurity courses on Penetration Testing, Computer Networks, Secure Software Development, Information Security, Network Forensics, and ICT, including conducting hands-on labs. Supervised undergraduate projects: Oversaw a Bachelor’s Final Year Projects and currently supervising two cybersecurity projects, focusing on an Innovative Cyber Deception Solution and AI-based MITRE ATT&CK mapping of vulnerabilities. Delivered comprehensive OSINT training: Conducted a week-long training session for NACTA Pakistan employees, enhancing their skills in Data Intelligence and analyst mentoring. Led university penetration testing team: Directed efforts to strengthen network and web portal security against cyber threats, identifying and reporting various vulnerabilities.

Cyber Security Analyst

cytomate • Full time

Dec 2021 - Jun 2023 • 1 yr 6 mos

Initiated the development and promotion of a revolutionary Compliance Assessment Tool tailored for SMEs in Qatar, aligning with NIA Policy 2.0 and NIA Standard 2.1 Qatar. Collaborating with QDB, the tool marked an 80% increase in compliance rates among SMEs. Led the innovation and presentation of state-of-the-art decoys within Project SARAB, redefining cyber deception paradigms. By customizing existing decoys and creating new ones, our team ensured robust protection of real assets against cyber threats, resulting in a remarkable 70% decrease in successful attacks on client networks. Championed Project SnipeX, pushing the boundaries of WAF resilience with advanced payload generation techniques. The project showcased our expertise in Breach and Attack Simulation (BAS), enhancing cyber defense capabilities against evolving threats. Key contributor to the implementation of NextGen-ASM, a strategic Attack Surface Management initiative. This cutting-edge solution provided real-time insights into digital ecosystems, empowering organizations to proactively detect and prevent threats across multiple client networks. Promoted cybersecurity awareness through the FIFA Qatar World Cup 2022 assessment, meticulously analyzing applications like the Qatar Railway app to ensure the delivery of safe and secure services to users. Led compromised assessment efforts leveraging advanced machine learning models to conduct comprehensive evaluations of IT infrastructure. This involved analyzing data collected from systems and networks to identify and prioritize potential security threats. By uncovering hidden threats and vulnerabilities, we fortified overall security posture, reducing attack detection time by 70%. Led a phishing awareness project, devising various exploits to simulate email theft and account hijacking. Developed a machine learning-based tool that reduced password harvesting attacks by over 80% compared to previous statistics.