Zaid Abdullah

Cybersecurity leader with 7+ years of experience in banking and enterprise environments, specializing in SOC operations, vulnerability management and regulatory compliance (RMiT, PCIDSS). Proven track record in leading security operations, optimizing security architecture and reducing operational costs through strategic vendor management, CISSP-certified with strong expertise in threat detection, incident response and security governance.

Senior Cyber Security Defense at BANK KERJASAMA RAKYAT MALAYSIA BERHAD (2024-11 – Present)

Leading cybersecurity operations and digital transformation initiatives

• Act as Relief Head of Department, leading a team of 11 staff and overseeing daily cybersecurity operations and ensuring uninterrupted service delivery.
• Lead a cybersecurity optimization initiative to achieve RMiT compliance while reducing operational costs by 15-25% through vendor consolidation and contract negotiation.
• Champion security governance across all bank-wide projects, ensuring RMiT compliance and strengthening confidentiality, integrity and availability standards.
• Strengthen vulnerability management and SOC monitoring processes by mentoring team members and enhancing threat detection and response workflows.
• Conduct technical security assessment to identify gaps and recommend actionable remediation strategies to reduce organizational risk exposure.
• Collaborate with IT, risk, business unit and external vendors to improve security posture, accelerate mitigation efforts, and drive cross-functional security initiatives.

Acting Head of IT Security Operations at EXIM BANK (2022-02 – 2024-11)

Strategic cybersecurity planning and enterprise security stack management

• Strategically planned and implemented cybersecurity solutions aligned with business objectives and regulatory requirements.
• Managed and optimized enterprise security stack (Firewall, EDR, PAM, proxy), improving threat detection coverage and reducing incident response time by automation.
• Performed vulnerability assessment and supported the identification, prioritization, remediation of system and application vulnerabilities.
• Assisted in evaluating, selecting, and deploying tools and technologies to enhance the Bank's security posture.
• Created and maintained security policy, SOP, and hardening baseline according to RMiT and current best practices.
• Analysed and reviewed security configurations and rule settings for system and provided recommendations for improvements.
• Collaborated with the SOC on monitoring security events and incidents, investigating potential security breaches, and coordinate response activities.
• Managed and reviewed user access matrices and audit logs for all critical applications and systems.

Specialist – SOC Analyst at SCICOM (MSC) BHD (2021-04 – 2022-02)

SOC operations and identity access management implementation

• Implemented VPN and 2FA systems and established their SOP during COVID-19 transition period.
• Managed identity and access management (IAM) for internal shared services and external client projects.
• Monitored, analysed, and responded to security threats from firewalls, IPS, and SIEM correlation.
• Managed vulnerability scanning and misconfiguration based on the PCIDSS standard utilizing vulnerability management software.

Security Analyst at PERNEC SDN BHD (2020-11 – 2021-04)

SIEM implementation and security device management

• Managed and fine-tuned Splunk and ELK implementation in collaboration with network and application teams.
• Successfully implemented and troubleshot infrastructure and security devices including IPS, WAF, AV, SEG, virtual server, and load balancer.
• Enhanced security detection capabilities and mentored new staff on detection strategies, improving team skills and response times.
• Prepared comprehensive monthly and quarterly security reports for stakeholders.

Security Analyst at SYSARMY SDN BHD (2019-11 – 2020-08)

SOC shift operations and SIEM alert investigation

• Supervised SOC shift operations mentored junior analysts and managed client security requests.
• Investigated SIEM alerts (NetIQ Sentinel, McAfee, Trend Micro) and performed event correlation.
• Analysed network traffic to detect anomalies and conducted static analysis techniques for IP-based threat investigation.
• Liaised with a security consultant on critical security events and successfully implemented a new query line and report structure based on client requests.
• Identified security risk level based on security alert pattern correlating with other events and client infrastructure setup.
• Prepared daily and monthly security reports for management.

Bachelor of Computer Science in Computer Security – Technical University Malaysia Melaka (UTeM)