Sanad Al-Khatib
Securing systems by design, governed by standards.
Mitacs Globalink research intern at the University of Lethbridge, top-ranked cybersecurity student at Al-Hussein Technical University, with information-security experience at INVESTBANK — building a career where technical depth meets governance discipline: ISO 27001, NIST CSF, risk quantification, and security operations.
HTUAl-Hussein Technical UniversityIBINVESTBANKUofLUniversity of LethbridgeMXMitacsHPHikma PharmaceuticalsISC2ISC2PBPearson BTECHTUAl-Hussein Technical UniversityIBINVESTBANKUofLUniversity of LethbridgeMXMitacsHPHikma PharmaceuticalsISC2ISC2PBPearson BTEC
A.01
About me
Identity & objective
I'm a cybersecurity professional from Amman, Jordan, completing my Bachelor's in Cybersecurity at Al-Hussein Technical University — where I've held the #1 rank in my class for three consecutive years. I'm currently in Canada as a Mitacs Globalink research intern at the University of Lethbridge, researching the collision of quantum computing and data-privacy regulation, after eight months as an Information Security Trainee Officer at INVESTBANK.
My path runs through both sides of security. I've worked hands-on in security operations — monitoring EDR, PAM, DAM, FIM, WAF and DLP platforms, investigating indicators of compromise, and validating controls through breach & attack simulation. And I've worked in the discipline that gives that work direction: governance, risk and compliance — risk assessment under ISO 27005 and NIST SP 800-30, Central Bank of Jordan regulatory compliance, PCI DSS, and system hardening against CIS Benchmarks.
I'm specializing in GRC because I believe strong security is designed, measured and governed — not improvised. I've designed complete governance systems that integrate COBIT 2019, NIST CSF 2.0 and ISO/IEC 27001, and quantified cyber risk in financial terms using FAIR. My goal is to help organizations build security programs that regulators trust, auditors verify, and attackers respect.
A.02
Education
Academic record
Mar 2026 — Present
B.Sc. in Cybersecurity
Al-Hussein Technical University · Amman, Jordan
GPA 3.76 / 4.00 — Academic Excellence
Coursework assessed against professional certification models: ISACA COBIT 2019 Foundation, PECB ISO/IEC 27001 Foundation, and NIST CSF 2.0 — plus the Jordan National Cybersecurity Framework workshop
Mar 2023 — Mar 2026
Technical Degree in Cybersecurity
Al-Hussein Technical University · Amman, Jordan
GPA 3.77 / 4.00 — Academic Excellence
Ranked 1st in the Cybersecurity Class of 2022, years 1 through 3
Jul 2023 — Nov 2025
Pearson BTEC Level 5 Higher National Diploma in Computing
Pearson · Grade: Distinction
◆
Mitacs Globalink Research AwardCompetitive Canadian national research award — University of Lethbridge (2026)
◆
NCSC Cyber Warriors — 4th EditionRanked 19th of 316 teams nationally (2025)
◆
HTU Capture the FlagHeld 1st rank on the university platform for over a year (2024–2025)
◆
Embassy of Ireland AwardCertificate of Appreciation — JoYS initiative contribution
◆
Academic ExcellenceConsistently ranked 1st in the Cybersecurity Technical Degree Program
A.03
Experience
Professional record
Summer 2026 — Present
Research Intern — Quantum Computing & Data Privacy
University of Lethbridge · Lethbridge, Canada · Mitacs Globalink Research Internship (GRI)
Selected for Canada's competitive Mitacs GRI program, supervised by Dr. Sidney Shapiro, Dhillon School of Business.
Regulatory impact analysis — assessing how quantum computing reshapes data-privacy and security obligations under GDPR, including encryption-dependent compliance controls and the "harvest-now, decrypt-later" risk model.
Comparative compliance research — analyzing how organizations are adapting privacy and security compliance strategies for the post-quantum era.
Readiness gap mapping — structured industry and database research mapping the regulatory and technical gap between current data-protection requirements and quantum-era threats.
GDPRPost-Quantum ReadinessRegulatory Gap AnalysisThreat ModelingTechnical Writing
Oct 2025 — May 2026
Information Security Trainee Officer
INVESTBANK · Amman, Jordan
Security operations — monitored and analyzed alerts across EDR, PAM, DAM, FIM, WAF and DLP platforms; investigated indicators of compromise.
Risk management & GRC — risk assessment practice under ISO 27005 and NIST SP 800-30; risk register maintenance and compliance validation against Central Bank of Jordan regulations and PCI DSS.
Vulnerability management — reviewed assessments via automated tooling and manual validation, classified risk by CVSS, and coordinated remediation with technical teams.
Access control & auditing — reviewed Data Center and DR site access requests; audited entry/exit logs to verify authorized physical access.
Hardening & architecture — OS hardening with CIS Benchmarks, least-privilege enforcement, patch compliance, and design reviews against Zero Trust principles.
Breach & attack simulation — participated in a BAS project validating control effectiveness against real-world threat vectors.
End-to-end information security management system design for a simulated pharmaceutical enterprise operating hybrid-cloud IT alongside manufacturing OT, integrating three frameworks into one unified governance design.
Designed a tailored COBIT 2019 governance system — design-factor analysis, goals cascade, and prioritization of 31 governance & management objectives with capability-level assessment.
Executed a NIST CSF 2.0 gap analysis (current vs. target profiles and tiers) and built a three-year phased roadmap for capacity building, maturation, and optimization.
Translated selected ISO/IEC 27001 controls into technical specifications — Zero Trust remote access (AC-17), configuration change control (CM-3), audit-log integrity (AU-3 / PR.PS-04), and automated data-classification enforcement.
Delivered an executive report balancing board-facing strategy with technical appendices; defended in oral examination.
Cyber Risk Quantification — FAIR Assessment of a Payment-Services Provider
Full quantitative cyber risk assessment of a simulated fintech (PayLink Solutions), expressing cyber risk in financial terms for executive decision-making.
Modeled the system with data-flow diagramming and conducted structured STRIDE threat analysis to identify and rank threat scenarios.
Quantified risk with the FAIR methodology using FAIR-U Monte Carlo simulation — deriving the full chain from threat-event frequency and susceptibility to loss-event frequency, loss magnitude, and annualized loss exposure (ALE).
Applied mitigation controls, re-ran the quantitative model to demonstrate measurable risk reduction, and mapped findings to NIST CSF functions with baseline and improvement targets.
Delivered a technical report and executive presentation, defended in oral examination.
▸
Digital Forensic InvestigationDisk-image analysis on a simulated criminal case — chain-of-custody documentation and evidence extraction with forensic tooling (2025)
▸
Public Safety Infrastructure PentestPenetration test of a virtualized infrastructure — memory-corruption exploitation and privilege escalation (2025)
▸
Enterprise Network SimulationMulti-site network design — VLAN segmentation, ASA firewalls, and IPsec VPN tunnels in Cisco Packet Tracer (2024)
▸
Forecasting Soil Moisture PatternsTime-series research (LSTM/GRU) for environmental monitoring (2025)
A.05
Certifications
Verified credentials
CC
Certified in CybersecurityISC2 · Feb 2026
WSE
Certified Web Security ExpertHackviser · Nov 2025
APT
Certified Associate Penetration TesterHackviser · Nov 2025
OT
OT/ICS Cyber Security BootcampInJo4.0 Competence Center · Jul 2025
PY
Introduction to Python & Bash ScriptingDataCamp · Mar 2025
AWS
Cloud FoundationsAWS Academy · Feb 2025
SOC
SOC FundamentalsUmniah · Dec 2024
A.06
Skills matrix
Capability register
GRC & Standards
ISO 27001ISO 22301ISO 31001NIST SP 800-30NIST CSF 2.0COBIT 2019PCI DSSGDPRFAIR
Dr. Riyad JazmawiHead of Information Security, IT Governance & Business Continuity · INVESTBANK Jordan
Dr. Qutaiba AlbluwiDean, School of Computing and Informatics · Al-Hussein Technical University · Advisory Committee Member, National Board of Cybersecurity Jordan
Dr. Sidney ShapiroAssistant Professor of Business Analytics, Dhillon School of Business · University of Lethbridge · Mitacs GRI research supervisor
Dr. Sami Al-MashaqbehProfessor of Practice · Cybersecurity and Networks Engineer · Al-Hussein Technical University