Abu Dhabi, UAE

Shahul
Hameed

Cyber Resilience & Digital Trust Executive

20+ years securing critical government and enterprise infrastructure — zero breaches, 15+ certifications, ISO 27001 champion.

CISSP CISM CISA CCSP CCSK CCZT ISO/IEC 42001 LA ISO/IEC 42001 LI TOGAF 9 CEH
View Experience Get in Touch
Shahul Hameed — Cyber Resilience & Digital Trust Executive

Profile

Results-driven information security leadership.

Results-driven Information Security Leader with 20+ years transforming cybersecurity postures for government and enterprise organisations. Proven track record implementing ISO 27001, NIST CSF, and Zero Trust architectures across hybrid cloud environments.

Led security operations protecting critical infrastructure serving 15M+ visitors annually with zero breaches. Expert in GRC, threat intelligence, SIEM/SOAR, and the Azure security stack (Sentinel, Defender, CAS).

Currently serving as Security Operations Unit Head at the Department of Culture & Tourism, Abu Dhabi — overseeing enterprise-grade protection for digital assets, cultural collections, and visitor-facing platforms across the Museums Shared Services portfolio.

20+
Years in information security
15+
Industry certifications held
14+
Consecutive years ISO 27001 certified

Experience

Professional journey.

Aug 2023 — Present

Security Operations Unit Head, Museums Shared Services

Department of Culture & Tourism, Abu Dhabi, UAE

Leading information security operations across DCT's Museums Shared Services portfolio. Deployed Microsoft Sentinel (SIEM), Defender XDR, and Cloud App Security (CASB) enterprise-wide. Established AI Governance Framework aligned with ISO/IEC 42001 and executed comprehensive VAPT programmes across network, application, and cloud layers.

Aug 2022 — Aug 2023

IT Security Unit Head — Zayed National Museum

Department of Culture & Tourism, Abu Dhabi, UAE

Directed technology and cybersecurity strategy for one of the UAE's flagship cultural landmarks. Established the museum's technology operating model from greenfield, architected an ISO 27001-aligned Information Security Strategy, and championed a security-aware culture ahead of the museum's opening.

Jun 2021 — Aug 2022

Head of Technical Engineering Section

Department of Culture & Tourism, Abu Dhabi, UAE · IT Department

Appointed to lead DCT's Technical Engineering Section, directing a multi-disciplinary organisation encompassing Security Operations, Hybrid Infrastructure, Application Development, and the Desktop Unit to support enterprise-wide digital operations.

  • Spearheaded IT strategic planning and financial governance, aligning the engineering roadmap with enterprise digital transformation objectives while optimising budgets across Security, Infrastructure, and Application Development portfolios.
  • Designed and delivered executive-level technical reporting, translating complex operational metrics, security postures, and project statuses into actionable business intelligence for C-suite decision-making.
  • Managed strategic vendor and partner relationships, negotiating complex service contracts and overseeing third-party delivery to ensure stringent SLA, infrastructure availability, and security compliance.
  • Mentored and developed a high-performing, cross-functional engineering team, cultivating a culture of technical excellence, continuous learning, and collaborative problem-solving across disparate IT disciplines.
  • Governed enterprise infrastructure lifecycle and BCDR strategies, ensuring the resilience of critical systems and executing formal Incident Response Plans to maintain continuous operations during crisis scenarios.
  • Directed a multi-layered enterprise security architecture and 24/7 SOC operations, safeguarding networks, applications, and endpoints against advanced threats through continuous monitoring and rapid incident response.
  • Orchestrated the administration of a complex hybrid cloud ecosystem (Azure IaaS/PaaS/SaaS) alongside on-premises data centres, ensuring seamless integration, high availability, and proactive cloud cost management.
  • Championed DevSecOps and secure SDLC within the Application Development Unit, embedding secure coding practices, rigorous QA testing, and continuous security assessments into all organisational software delivery.
  • Managed the Enterprise Desktop Unit and End-User Computing (EUC) strategy, overseeing the secure provisioning, lifecycle management, and tiered support of thousands of endpoints across distributed teams.
Jul 2019 — Jun 2021

IT Governance & Compliance Unit Head

Department of Culture & Tourism, Abu Dhabi, UAE · Corporate Security Section

Directed the enterprise Security Governance and Compliance (SGC) Unit, serving as the strategic advisor to executive leadership on cyber risk and regulatory alignment.

  • Architected and institutionalised a strategic Security Governance Framework, successfully aligning IT security operations and risk tolerance with DCT's enterprise business objectives.
  • Authored and modernised the enterprise IT security policy library, while managing the SGC Unit budget and engineering a fully compliant Incident Response Plan (IRP).
  • Established an enterprise cyber risk management lifecycle, conducting rigorous threat modelling to mitigate IT, third-party, and vendor-related security risks.
  • Achieved and sustained enterprise compliance with ISO/IEC 27001, GDPR, and UAE Information Assurance (ADSIC/NESA) through robust control matrices.
  • Orchestrated comprehensive internal and external compliance audits, driving corrective action plans (CAPs) and presenting formal compliance reports to senior management and regulatory bodies (NESA).
Feb 2019 — Jul 2019

Infrastructure Lead

Department of Culture & Tourism, Abu Dhabi, UAE · IT Department

Directed enterprise IT infrastructure operations and a cross-functional engineering team, ensuring the high availability, security, and scalability of foundational technologies supporting DCT's core business units.

  • Spearheaded enterprise infrastructure strategy, budget, and deployment, overseeing the seamless implementation of new network architectures and systems with zero critical disruption, while negotiating enterprise procurement contracts to maximise ROI.
  • Designed and maintained robust Business Continuity and Disaster Recovery (BCDR) architectures, ensuring critical systems and data met stringent RTO/RPO objectives in alignment with industry standards and regulatory compliance.
  • Engineered and enforced comprehensive infrastructure security controls, hardening network components against emerging cyber threats and aligning proactive monitoring tools to guarantee high availability and resolve operational bottlenecks.
Feb 2011 — Feb 2019

Security Administrator → IT Security Expert → Senior Security Administrator

Department of Culture & Tourism, Abu Dhabi, UAE · IT Department

Progressed through multiple technical roles over 8 years, serving as the primary subject matter expert and architect for enterprise security operations, infrastructure defence, and threat management.

  • Engineered and administered the enterprise network security stack and complex IAM controls, managing firewalls and IDS/IPS to successfully maintain a zero-breach environment across a highly targeted infrastructure over an 8-year period.
  • Deployed centralised SIEM solutions and orchestrated end-to-end Incident Response (IR) lifecycles, establishing robust threat-hunting capabilities and institutionalising forensic "lessons learned" to harden future security postures.
  • Governed enterprise vulnerability management (VAPT) programmes, continuously identifying and coordinating the patching of critical flaws while embedding "security-by-design" principles into all new enterprise IT initiatives.
  • Achieved and maintained continuous compliance with ISO/IEC 27001 and ADSIC standards by conducting rigorous IT risk assessments, authoring comprehensive security policies, and designing Security Awareness Training for thousands of employees.
Mar 2007 — Sep 2009

Network Administrator

Abu Dhabi Investment Authority (ADIA), Abu Dhabi, UAE · IT Department

  • Engineered high-availability network infrastructure and security firewalls supporting rigorous sovereign wealth fund operations, notably executing a zero-downtime corporate headquarters migration that ensured uninterrupted financial trading.
Sep 2005 — Nov 2011

Systems Engineer

Seven Seas Computers, Abu Dhabi, UAE

  • Designed and deployed complex enterprise IT architectures for diverse corporate clients, directing end-to-end IT project lifecycles encompassing requirements gathering, vendor negotiation, and rigorous security integration.

Core Competencies

Security expertise at scale.

Governance, Risk & Compliance

Strategic security leadership and regulatory alignment.

ISO/IEC 27001 NIST CSF Zero Trust GDPR UAE IA / ADSIC / NESA ISO/IEC 42001 COBIT Enterprise Risk Management Security Governance Audit Readiness & CAPA

Zero breaches

Maintained an unblemished zero-breach record protecting one of the UAE's top-five most targeted government organisations.

Security Operations & Threat Management

Detection, response, and continuous monitoring.

SIEM / SOAR Microsoft Sentinel Defender XDR Cloud App Security (CASB) SOC Leadership Incident Response Threat Intelligence Penetration Testing / VAPT

Cloud & Application Security

Securing hybrid cloud and modern software delivery.

Azure Security Microsoft 365 Security DevSecOps Secure SDLC Application Security (AppSec) Vulnerability Management TPRM / Supply Chain Security IaaS / PaaS / SaaS

Certifications

15+ industry certifications.

Elite Security & Cloud (ISC²)

  • CISSP® — Certified Information Systems Security Professional
  • CCSP® — Certified Cloud Security Professional

Governance, Risk & Audit (ISACA)

  • CISM® — Certified Information Security Manager
  • CISA® — Certified Information Systems Auditor
  • COBIT® Foundation — IT Governance Framework

Cloud & Zero Trust (CSA)

  • CCSK — Certificate of Cloud Security Knowledge
  • CCZT — Certificate of Zero Trust Knowledge

Architecture & Frameworks

  • TOGAF® 9 — Enterprise Architect (The Open Group)
  • CEH — Certified Ethical Hacker (EC-Council)
  • ITIL® Foundation v2 & v3
  • CompTIA Security+

Microsoft Azure Stack

  • Azure Security Engineer Associate
  • Azure Administrator
  • Azure Fundamentals
  • MCP | MCSE | MCSA

AI Governance (ISO/IEC 42001)

  • ISO/IEC 42001 Lead Auditor — AI Management Systems
  • ISO/IEC 42001 Lead Implementer — AI Management Systems

Education

Academic background.

Master of Business Administration — Information Technology

Sikkim Manipal University, India

Bachelor of Engineering — Electronics & Communication

Madurai Kamaraj University, India

Recognition

Awards & honours.

Zero-Breach Security Operations Excellence Award

Recognised for maintaining an unblemished zero-security-breach record while leading one of the UAE's top-five most targeted government organisations — a testament to a proactive, intelligence-led security posture.

ISO/IEC 27001 Certification Champion

Received organisational accolade for spearheading the achievement of ISO 27001 certification and sustaining continuous compliance for 14+ consecutive years (2010–Present) — an extraordinary benchmark in the GCC government sector.

Global Cyber Outstanding Security Performance Awards — Finalist (2021)

Recognised among the world's top cybersecurity practitioners for exceptional security leadership and operational performance excellence.

Cloud Transformation Excellence Award

Received accolades for delivering a zero-downtime enterprise migration from on-premises infrastructure to Microsoft Azure and Office 365, alongside full consolidation and centralisation of data centres and applications.

Projects

Built & shipped.

Security-focused tools and platforms designed with enterprise-grade rigour and built with AI-accelerated delivery — each one production-ready, self-hosted, and open to inspection.

VulnVault

Live

A self-hosted vulnerability management platform for AppSec and penetration testing teams. Covers the full finding lifecycle — from discovery through remediation to formal closure — with CVSS scoring, OWASP tagging, encrypted PDF/Word reporting, and TOTP-based multi-user access control. Zero cloud dependencies.

Node.jsReact 19SQLiteTOTP / JWTDocker

Domain Hunter

Live

A self-hosted OSINT and domain reconnaissance platform for security professionals. Orchestrates DNS, WHOIS, SSL/TLS, port scanning, subdomain enumeration, and threat intelligence (Shodan, VirusTotal, SecurityTrails) from a single interface — real-time results streamed via Socket.io, all data stored locally.

Node.jsSocket.ioPython OSINTDockerTOTP

Secure Portfolio CMS

Live

This site — a self-hosted portfolio and content management system built to OWASP Top 10:2025 standards. Features a full admin CMS with rich-text editing, image management, session-based CSRF protection, structured audit logging, and a strict Content Security Policy.

Node.jsExpressSQLiteOWASPClaude Code
View all projects →

Contact

Let's connect.

Open to cyber resilience advisory, board-level security consulting, and speaking opportunities. Based in Abu Dhabi, UAE.

shahul.net.in LinkedIn X / Twitter YouTube