Cybersecurity · Governance, Risk & Compliance

Sanad
Al-Khatib Securing systems by design, governed by standards.

Mitacs Globalink research intern at the University of Lethbridge, top-ranked cybersecurity student at Al-Hussein Technical University, with information-security experience at INVESTBANK — building a career where technical depth meets governance discipline: ISO 27001, NIST CSF, risk quantification, and security operations.

0/4.0
GPA — Excellence
#0
Class rank · 3 yrs
0/316
NCSC Cyber Warriors
0+
Certifications
Portrait of Sanad Al-Khatib, cybersecurity and GRC professional
Amman, JordanISC2 Certified in Cybersecurity

Affiliations & credentials

HTUAl-Hussein Technical UniversityIBINVESTBANKUofLUniversity of LethbridgeMXMitacsHPHikma PharmaceuticalsISC2ISC2PBPearson BTEC
A.01

About me

Identity & objective

I'm a cybersecurity professional from Amman, Jordan, completing my Bachelor's in Cybersecurity at Al-Hussein Technical University — where I've held the #1 rank in my class for three consecutive years. I'm currently in Canada as a Mitacs Globalink research intern at the University of Lethbridge, researching the collision of quantum computing and data-privacy regulation, after eight months as an Information Security Trainee Officer at INVESTBANK.

My path runs through both sides of security. I've worked hands-on in security operations — monitoring EDR, PAM, DAM, FIM, WAF and DLP platforms, investigating indicators of compromise, and validating controls through breach & attack simulation. And I've worked in the discipline that gives that work direction: governance, risk and compliance — risk assessment under ISO 27005 and NIST SP 800-30, Central Bank of Jordan regulatory compliance, PCI DSS, and system hardening against CIS Benchmarks.

I'm specializing in GRC because I believe strong security is designed, measured and governed — not improvised. I've designed complete governance systems that integrate COBIT 2019, NIST CSF 2.0 and ISO/IEC 27001, and quantified cyber risk in financial terms using FAIR. My goal is to help organizations build security programs that regulators trust, auditors verify, and attackers respect.

A.02

Education

Academic record
Mar 2026 — Present

B.Sc. in Cybersecurity

Al-Hussein Technical University · Amman, Jordan

  • GPA 3.76 / 4.00 — Academic Excellence
  • Coursework assessed against professional certification models: ISACA COBIT 2019 Foundation, PECB ISO/IEC 27001 Foundation, and NIST CSF 2.0 — plus the Jordan National Cybersecurity Framework workshop
Mar 2023 — Mar 2026

Technical Degree in Cybersecurity

Al-Hussein Technical University · Amman, Jordan

  • GPA 3.77 / 4.00 — Academic Excellence
  • Ranked 1st in the Cybersecurity Class of 2022, years 1 through 3
Jul 2023 — Nov 2025

Pearson BTEC Level 5 Higher National Diploma in Computing

Pearson · Grade: Distinction

Mitacs Globalink Research AwardCompetitive Canadian national research award — University of Lethbridge (2026)
NCSC Cyber Warriors — 4th EditionRanked 19th of 316 teams nationally (2025)
HTU Capture the FlagHeld 1st rank on the university platform for over a year (2024–2025)
Embassy of Ireland AwardCertificate of Appreciation — JoYS initiative contribution
Academic ExcellenceConsistently ranked 1st in the Cybersecurity Technical Degree Program
A.03

Experience

Professional record
Summer 2026 — Present

Research Intern — Quantum Computing & Data Privacy

University of Lethbridge · Lethbridge, Canada · Mitacs Globalink Research Internship (GRI)

Selected for Canada's competitive Mitacs GRI program, supervised by Dr. Sidney Shapiro, Dhillon School of Business.

  • Regulatory impact analysis — assessing how quantum computing reshapes data-privacy and security obligations under GDPR, including encryption-dependent compliance controls and the "harvest-now, decrypt-later" risk model.
  • Comparative compliance research — analyzing how organizations are adapting privacy and security compliance strategies for the post-quantum era.
  • Readiness gap mapping — structured industry and database research mapping the regulatory and technical gap between current data-protection requirements and quantum-era threats.
GDPRPost-Quantum ReadinessRegulatory Gap AnalysisThreat ModelingTechnical Writing
Oct 2025 — May 2026

Information Security Trainee Officer

INVESTBANK · Amman, Jordan

  • Security operations — monitored and analyzed alerts across EDR, PAM, DAM, FIM, WAF and DLP platforms; investigated indicators of compromise.
  • Risk management & GRC — risk assessment practice under ISO 27005 and NIST SP 800-30; risk register maintenance and compliance validation against Central Bank of Jordan regulations and PCI DSS.
  • Vulnerability management — reviewed assessments via automated tooling and manual validation, classified risk by CVSS, and coordinated remediation with technical teams.
  • Access control & auditing — reviewed Data Center and DR site access requests; audited entry/exit logs to verify authorized physical access.
  • Hardening & architecture — OS hardening with CIS Benchmarks, least-privilege enforcement, patch compliance, and design reviews against Zero Trust principles.
  • Breach & attack simulation — participated in a BAS project validating control effectiveness against real-world threat vectors.
EDRPAMWAFDLPISO 27005PCI DSSCBJ ComplianceCIS BenchmarksZero Trust
Jul 2025 — Oct 2025

IT Data Center & Cloud Infrastructure Intern

Hikma Pharmaceuticals · Amman, Jordan

  • Infrastructure — Active Directory, DNS and SCCM for endpoint provisioning and patch management.
  • Cloud security — practical exposure to Azure security, compliance and identity management, including SASE concepts.
  • Data protection — monitored backup infrastructure and adherence to GxP quality and compliance standards.
Active DirectoryAzureSCCMSASEGxP
A.04

Featured projects

Applied GRC & security work
Multi-framework GRC engagement · Information Security Management, HTU · Graded Distinction · 2026

Enterprise ISM Design — COBIT 2019 × NIST CSF 2.0 × ISO/IEC 27001

End-to-end information security management system design for a simulated pharmaceutical enterprise operating hybrid-cloud IT alongside manufacturing OT, integrating three frameworks into one unified governance design.

COBIT 2019NIST CSF 2.0ISO/IEC 27001Goals CascadeGap AnalysisIT/OT Security

+ Expand for full breakdown, project timeline

  1. ProfileCompany profile & COBIT design factors
  2. CascadeBusiness goals → security objectives
  3. Design31 objectives prioritized & justified
  4. AssessNIST CSF 2.0 gap analysis, tiers & profiles
  5. Roadmap3-year phased implementation plan
  6. ControlsISO 27001 controls → technical specs
  7. ReportExecutive report & oral defense
  • Designed a tailored COBIT 2019 governance system — design-factor analysis, goals cascade, and prioritization of 31 governance & management objectives with capability-level assessment.
  • Executed a NIST CSF 2.0 gap analysis (current vs. target profiles and tiers) and built a three-year phased roadmap for capacity building, maturation, and optimization.
  • Translated selected ISO/IEC 27001 controls into technical specifications — Zero Trust remote access (AC-17), configuration change control (CM-3), audit-log integrity (AU-3 / PR.PS-04), and automated data-classification enforcement.
  • Delivered an executive report balancing board-facing strategy with technical appendices; defended in oral examination.
Quantitative risk analysis · Risk Analysis & Systems Testing, HTU · Graded Distinction · 2026

Cyber Risk Quantification — FAIR Assessment of a Payment-Services Provider

Full quantitative cyber risk assessment of a simulated fintech (PayLink Solutions), expressing cyber risk in financial terms for executive decision-making.

FAIRSTRIDEMonte CarloRisk QuantificationNIST CSFExecutive Reporting

+ Expand for full breakdown, project timeline

  1. ModelData-flow diagram of the payment platform
  2. ThreatsSTRIDE analysis & scenario ranking
  3. QuantifyFAIR Monte Carlo: TEF → LEF → LM → ALE
  4. MitigateControls applied, model re-run
  5. MapNIST CSF baseline & improvements
  6. PresentExecutive presentation & defense
  • Modeled the system with data-flow diagramming and conducted structured STRIDE threat analysis to identify and rank threat scenarios.
  • Quantified risk with the FAIR methodology using FAIR-U Monte Carlo simulation — deriving the full chain from threat-event frequency and susceptibility to loss-event frequency, loss magnitude, and annualized loss exposure (ALE).
  • Applied mitigation controls, re-ran the quantitative model to demonstrate measurable risk reduction, and mapped findings to NIST CSF functions with baseline and improvement targets.
  • Delivered a technical report and executive presentation, defended in oral examination.
Digital Forensic InvestigationDisk-image analysis on a simulated criminal case — chain-of-custody documentation and evidence extraction with forensic tooling (2025)
Public Safety Infrastructure PentestPenetration test of a virtualized infrastructure — memory-corruption exploitation and privilege escalation (2025)
Enterprise Network SimulationMulti-site network design — VLAN segmentation, ASA firewalls, and IPsec VPN tunnels in Cisco Packet Tracer (2024)
Forecasting Soil Moisture PatternsTime-series research (LSTM/GRU) for environmental monitoring (2025)
A.05

Certifications

Verified credentials
CC
Certified in CybersecurityISC2 · Feb 2026
WSE
Certified Web Security ExpertHackviser · Nov 2025
APT
Certified Associate Penetration TesterHackviser · Nov 2025
OT
OT/ICS Cyber Security BootcampInJo4.0 Competence Center · Jul 2025
PY
Introduction to Python & Bash ScriptingDataCamp · Mar 2025
AWS
Cloud FoundationsAWS Academy · Feb 2025
SOC
SOC FundamentalsUmniah · Dec 2024
A.06

Skills matrix

Capability register

GRC & Standards

ISO 27001ISO 22301ISO 31001NIST SP 800-30NIST CSF 2.0COBIT 2019PCI DSSGDPRFAIR

Defensive Operations

EDRDLPWAFPAMDAMFIMFirewall ConfigurationOS HardeningPatch Management

Security Tools

NessusQualysSplunk / SIEMBurp SuiteMetasploitNmapWiresharkFTK Imager

Networking & Cloud

TCP/IPDNS SecurityActive DirectoryAzure FundamentalsSASECisco Packet Tracer

Programming

PythonBashC / C++JavaSQLPHP

Professional

LeadershipTechnical WritingPresentationCritical ThinkingCross-functional CollaborationTime Management
A.07

Contact

Open channel

Let's build something secure.

Open to GRC, risk and information-security opportunities, collaboration, and conversations about governance done right.

Email copied to clipboard ✓

Dr. Riyad JazmawiHead of Information Security, IT Governance & Business Continuity · INVESTBANK Jordan
Dr. Qutaiba AlbluwiDean, School of Computing and Informatics · Al-Hussein Technical University · Advisory Committee Member, National Board of Cybersecurity Jordan
Dr. Sidney ShapiroAssistant Professor of Business Analytics, Dhillon School of Business · University of Lethbridge · Mitacs GRI research supervisor
Dr. Sami Al-MashaqbehProfessor of Practice · Cybersecurity and Networks Engineer · Al-Hussein Technical University

Reference contact details available upon request.