Profileimage by Indra Dhaon Cyber Security Advisor - Threat Intelligence, Incident Response, SOC & Forensics from

Indra Dhaon


Last update: 28.04.2019

Cyber Security Advisor - Threat Intelligence, Incident Response, SOC & Forensics

Company: ID Services Ltd
Graduation: BSc Hons Forensic Computing
Hourly-/Daily rates: show
Languages: Arabic (Elementary) | English (Full Professional) | Greek (Elementary) | Hindi (Full Professional)


Indra Dhaon - CV April 2019.pdf
University of Wales Newport.JPG
University of Wales Newport.JPG
ID - Cover Letter - May 2019.doc


Indra has 10 years of experience working with organisations such as DarkMatter, Symantec, Deloitte and EY leading Threat Intelligence, Incident Response, Digital Forensics and SOC services.

Project history

Manager, Threat Intelligence Center (TIC) at DarkMatter – Abu Dhabi (UAE)              - Nov'18 to Apr'19
Manage and Lead the Threat Intelligence Center (TIC) Team in providing intelligence and cyber security  strategies to clients.
Managing threat intelligence collection, analysis, dissemination and correlation of IoCs 
Prepare and review threat intelligence reporting on APT threat actor(s) activity for Senior Management
Proposing, Evaluating and Selecting vendors for Threat Intelligence Platform (TIP) - Anomali  and Threat Intelligence Commercial Feeds such as Digital Shadows, Recorded Future etc.
Manage vendor relationships and attend conferences to build and maintain relationships.
Provide vision to the team to research, monitor and report intelligence on APTs and threats targeting UAE and Middle East: Critical Infrastructure (Energy: Oil & Gas); Manufacturing (Pharmaceutical, Food & Automobile); Financial (Banking); Aviation; Telecommunication and Smart Government - IoT etc
Prepared Intel Advisories on activity of threat actors and campaigns such as Muddywater, Triton (ICS), APT39, Bitter, MoleRats, Gaza Cybergang activity to safeguard clients from cyber attacks.   
Develop technical expertise on threat actors, attack trends, and attack tactics, techniques, and procedures (TTPs).
Maintain current knowledge of tools and best-practices in safeguarding from advanced persistent threats (APT) and TTPs of threat actors;
In collaboration with other members on the team, identify and hunt for related TTPs and Indicators of Compromise (IOCs) across all internal/external repositories
Review SOC Rules with SIEM Admin (Splunk) to reduce false positives and also to add new rules to detect APT activity and threats targeting the Middle East especially UAE.
Ensure high confidence IOC collection and management using Threat Intelligence Platform (TIP): Anomali - ThreatStream and Enterprise; On Prem Appliance along with MISP and its integration with SIEM (Splunk), Ticketing (IBM Resilient) and EDR (Carbon Black Response) solutions
Keep up to date on the latest security threats and feed them into the TIP and disseminate to SOC to ensure IoCs are pro-actively detected and mitigated from client(s) network.
Collaborate with SOC, CND, OPSEC Teams to provide feedback on intelligence that can be utilised to uncover APT or threats hiding in the networks of clients. 
Review and prepare Intelligence Advisories, Special Intelligence Reports and Daily Threat Bulletins.
Review SLAs, Playbooks, Process Manuals and Reports for clients

Manager – Cyber Intelligence Center at Deloitte – Gurgaon (India) 
        - Jul'18 to Oct'18
Manage and Lead the Cyber Intelligence Center Team (15 people) to provide intelligence and handle critical cyber incidents of six clients.
Prepared and presented Proposals (along with Technical Presentations) as per RFI requested by clients
Managed Crown Jewel Client to build and deploy Security Operation Center to monitor and detect activity in their ICS - OT & IT environment.
Scheduled meetings with stakeholders of client to understand actual requirements and proposed project plan covering solutions, architecture and timelines for deliverables accordingly.
Reviewed SLAs, Playbooks, Process Manuals and Reports for clients related to SOC (QRadar); OT (Indegy for ICS/SCADA) & IT (Qualys: Vulnerability Management); CASB (Symantec: Cloud Access Security Broker); Incident Response (Carbon Black Defense) and Threat Intelligence (OSINT)
Successfully completed the project before the Go-live date of the client and was appreciated for the work.
Project Management: Ensuring the team adheres to the deliverable timelines and coordinate with Client’s spokesperson for any requirements. 
Reviewed SIEM Rules with SIEM Admin to reduce false positives and also to add new rules to detect lateral movement and other suspicious activity.

Cyber Threat Intelligence & Incident Response Lead at Symantec (STC) - Riyadh (Saudi Arabia) 
       - Feb'17 to Jun'18
Threat Intelligence
Manage Threat Team (4 people) to provide intelligence (IoC); TTP(s) and update SOC Team on latest attacks, threats, vulnerabilities, APT campaigns that may have an impact on the organization using various Threat Intelligence sources - Crowdstrike, EyeSight (FireEye); DeepSight (Symantec) and Open Source Intelligence using Social Media Monitoring to extract intelligence relevant to the organization, sector and country.
Working on Recorded Future and Anomali - Threat Stream for intelligence and integrating with ArcSight, Archer (GRC) and Qualys (Vulnerability Assessment) 
Coordinate with Antivirus Vendors to update the signatures for latest hashes published.
Manage Incidents/Forensic investigation using EnCase, Netwitness, FireEye HX/NX (Network Packet Analysis) and Open Source Forensic Tools in the case of critical incidents - Identify, collect, and seize documentary or physical evidence, to include digital media and logs associated with cyber intrusion, incidents, investigations, and operations

Incident Response 
Manage and Lead the Cyber Incident Response Team (5 people) to handle critical cyber incidents.
Reduced the incident management time by reviewing the Incident Management Playbook and held meetings with the various department managers - Risk Team, Desktop Support, Office Automation, Patch Management, AV Team and IT Helpdesk for Quality Response Time in managing incidents especially related to Ransomware/Malware Outbreak.
Training SOC Team and working closely with Head of Security Operations in detecting anomaly in network traffic - suspicious outbound traffic; login failures; malware infection; Phishing emails with various tools such as FireEye (HX, NX and EX); ArcSight; Symantec MSS, BrightMail etc.
Performed an in depth analysis of a data breach and was able to identify the systems which were compromised and also the methods used by the attacker by analyzing the relevant logs.
Managed to reduce the Wannacry Ransomware outbreak in organization by ensuring timely patching of systems with Microsoft Patch.
Provided Root Cause Analysis Report related to Data Breach attack on a highly reputed Telecom Organisation and provided recommendations to enable WAF and audit logging on critical servers.

SOC and Reporting
Responsible for proof-reading the Weekly Reports/Security Awareness/Critical Threat and Critical Patch Alerts to relevant departments to patch systems in order to safeguard from ongoing exploits
Provide suggestions to add/remove event sources under monitoring scope.
Mentor the SOC team with latest security trends, threat detection and analysis techniques and conduct internal trainings and team meetings
Ensure the network is monitored by SOC Team on 24/7 basis using ArcSight, Symantec MSS, BrightMail, FireEye, Arbor Peakflow (APS) security solutions and provide weekly/monthly Reports to the IT Director.

Senior Information Security Specialist at EY- Ernst & Young, Kerala (India)             - Dec'14 to Feb'17
Proof reading the Process Manual for SOC and IR
Integrating and Monitoring network traffic using SIEM tools like Splunk, ArcSight and EndPoint Security Solutions like Fidelis XPS, CrowdStrike, Bit9 - Carbon Black etc.
Responding to incident alerts/tickets for Malicious Traffic, Login Failures etc.

Incident Response & Digital Forensics
Malware Analysis and Memory Forensics: RegShot, SysInternals Suite, Volatility, IDA Pro, Mandiant MDD Redline; Belkasoft Live RAM Capture etc.
Forensic Acquisition and Analysis of electronic storage devices (Hard Disks, Memory, Memory Cards)
Overseeing the preparation of RCA (Root Cause Analysis) Reports and presenting report on incidents to the management and clients
Delivered Digital Forensic training for SOC Team in May 2015
Performed Forensic Investigation on Website Defacement, Data Leakage, Data Recovery using EnCase; FTK; Easeus Data Recovery, Helix; Kali Linux; BackTrack etc.

Network Attack & Penetration Testing
Indra was chosen to conduct Penetration Testing for a top banking client in Cairo in Egypt from July 3rd to July 17th, 2015
Demonstrated good understanding of OWASP and Penetration Testing tools like BurpSuite, Kali Linux, Nessus, NetSparker, Nmap etc.
Indra received appreciation emails for his work from client and on site manager.

Trainer and Internship Programme Leader
Conducted Internship Training Programme for 27 Interns having B-Tech, M-Tech and Engineering degree for SOC and Penetration Testing service line.
Received appreciation from top management for managing the Internship Programme.

Indra was selected to conduct FAIT engagements in MENA region from October, 2015 to February, 2016 Performed IT General Controls and Application Controls review for Channel I Clients (Over 50 Clients) in various sectors Banking, Manufacturing, Construction, Oil & Gas, Education, and Healthcare in Riyadh, Jubail and Tabuk.
Indra’s efforts were appreciated and received excellent feedback emails from clients, manager and colleagues
Indra received a 4 Star rating for his work in EY.

Cyber Security/Forensics Consultant at Cybercrime Cell Police, Lucknow (U.P)      - May'12 to Dec'14
Managing security incidents and preparing an incident response strategy manual for conducting search and seizure of evidence to track cybercriminals.
Conducted forensic investigations of devices- Hard Disks, Memory Cards, Mobile Phones, Memory (RAM), Routers and Switches etc.
Used Forensic Tools – FTKv4to acquire evidence image using FTK Imager, Hash Verification, and Analyzing Evidence by conducting Signature Analysis, Extracting Emails, Filtering Images, Deleted Files & Folders Recovery, Exporting Files and generating report etc.  
Trained officers in cyber cell using FTK for Acquiring and Analysing Digital Evidence.
Provided information security guide, forensic investigation guide, password protection tips and developed troubleshooting guides.
Performed Credit Card Fraud, Spam email investigations, Website Defacement etc.

Digital Forensic Consultant/ Business Development Manager at Becoming Green Ltd. - Cardiff (UK):                                                                                                                              - Oct'11 to Apr'12
Digital forensic examination in case of company policy violations, data theft, data leakage etc
Acquiring Image, Hash Verification, Analyzing Evidence, Timeline Evidence, Hex View, Signature Analysis, Extracting Emails, Filtering Images, Deleted Files & Folders Recovery, Exporting Files, used Automated EnScripts and generated report for the case.
Proven experience in documenting incidents and presenting for executive and peer audiences.
Successfully performed Data Leakage Investigation
Sales Manager for Solar Panels and Home Insulation
Developed and managed a crew of Sales Executives (25 Team Members) which increased the turnover of the company tremendously by delivering high number of quality sales, proving solid people management skills. 
Managed recruitment, interviews and training of new sales professionals
Proved solid presentation skills by delivering expert advice and guidance to customers on a wide range of energy efficiency products such as Home Insulation, Windows, Doors and Solar Panels.
Successfully organised and negotiated marketing contracts (business strategies) with leading companies to generate revenue for Becoming Green
Developed the database for the company using MS Access 2007 and VB.
Building company's website and supervising online marketing strategies (SEO etc.)

Cyber Security Officer at Finance Point, Newport (UK):                                Jul'09 – Jun'10
Responsibilities and skills developed:
Developed the database of the company using MS Access and VB. 
Conducted Data Recovery using Easeus Data Recovery and also used EnCase for imaging and analysing electronic evidence in the event of data loss, data theft.
Ensured company, system, and data preservation by performing comprehensive investigations into computer security incidents, and to contribute to the prevention of such incidents using Group Policies in Active Directory and by engaging in proactive threat assessment, mitigation planning and incident trend analysis.
Delivered high quality customer service and technical support to staff in using Windows and Mac OS; MS Office (Word, Excel, Access and PowerPoint).

Local Availability

Only available in these countries: India
Currently in India. Open to travel, extra charges applicable on travel and accommodation expenses to be borne by client


Indra has provided vision to the management and stakeholders to enhance the security posture of organisations by performing table top exercises and building strategy documents and playbooks for clients in Government, Energy - Oil & Gas, ICS/OT - Manufacturing, Telecom; Financial: Banking; Healthcare sector in the Middle East (UAE, Saudi Arabia, Egypt), UK and India.

Indra has technical experience on wide array of technologies from leading security vendors such as Threat Intelligence: Anomali - ThreatStream, Digital Shadows, Recorded Future; Incident Response: FireEye HX, CarbonBlack Defense & Response, Crowdstrike - Handling Malware, Ransomware like Wannacry; Digital Forensics: Encase, FTK, Volatility; IT Audit - ITGC, ITAC; Web Application Penetration Testing - Kali Linux, Nessus, NetSparker, BurpSuite; Security Operations Centre - SOC/SIEM:  ArcSight, Splunk, FireEye, Fidelis XPS & Business Development.                                                                                                                                                                                                                                                                                                              

Indra is an avid golfer and secured BSc Hons Forensic Computing degree from University of Wales, Newport (UK). He also has certifications from FireEye (HX), Anomali, Recorded Future etc and is preparing for CISM Certification. Prior to working with DarkMatter in the UAE, Indra has worked with Deloitte (India), Symantec (Saudi Arabia) and EY (India/Saudi Arabia), leading the SOC, Incident Response and Threat Intelligence Services.
Profileimage by Indra Dhaon Cyber Security Advisor - Threat Intelligence, Incident Response, SOC & Forensics from Cyber Security Advisor - Threat Intelligence, Incident Response, SOC & Forensics