Cybersecurity Consulting · Dubai, UAE

Senior Cybersecurity Consultant for the UAE & GCC

I'm Basim Ibrahim — an OSCP-certified presales and technical consultant. I help enterprises evaluate, prove, and adopt security solutions: privileged access management, endpoint detection, SIEM, email security, and penetration testing.

Currently: Senior Presales Consultant, iConnect IT · 5+ years across banking, government, healthcare and energy

Basim Ibrahim — Senior Cybersecurity Presales Consultant, Dubai UAE
Basim Ibrahim
Senior Cybersecurity Presales Consultant
Dubai, United Arab Emirates
OSCP CEH CySA+ PenTest+
5+Years in enterprise security
50+Proof-of-concepts delivered
4Active certifications
12+Security domains covered

What I do

Three ways I help enterprises and security vendors get from evaluation to adoption.

All services →

Presales & POC delivery

Discovery workshops, tailored demonstrations, and proof-of-concept engagements with success criteria agreed up front — for PAM, EDR/XDR, SIEM, email security and DLP platforms.

How POCs work →

VAPT & offensive security

OSCP-certified penetration testing with manual exploitation beyond automated scanners. Executive summaries for leadership, prioritised remediation for engineering teams.

Assessment methodology →

Advisory & compliance

Security architecture reviews, RFP/RFI responses, and roadmaps aligned to NESA, DESC, CBUAE, UAE PDPL and ISO 27001 — written for both boardrooms and engineers.

Advisory scope →

Industries: Banking & Financial Services · Government & Public Sector · Healthcare · Telecommunications · Oil, Gas & Energy · Retail & E-Commerce

Selected impact

Anonymised outcomes from enterprise engagements in the UAE and GCC.

3,000 seatsFinancial institution, UAE

PAM proof-of-concept closed the deal at the technical stage

Designed and delivered a two-week Privileged Access Management POC for a 3,000-seat financial institution. The evaluation ended after the technical stage — no further vendor comparison was required.

Privileged Access Management · Banking
34% → 5%Phishing click rate

Layered email security programme cut phishing clicks by 85%

Architected DMARC enforcement, a Mimecast secure email gateway, and KnowBe4 awareness training for a GCC enterprise — reducing simulated phishing click rates from 34% to under 5% in six months.

Email Security · Security Awareness
30% savedLicensing cost

Legacy EDR displacement and SIEM rationalisation for government

Led a competitive endpoint evaluation across a UAE government entity, then delivered a six-month consolidation roadmap that displaced the legacy platform and reduced licensing spend by 30%.

EDR/XDR · SIEM · Government

Credentials

Offensive and defensive certifications, independently verified.

OSCP Offensive Security Certified ProfessionalOffensive Security
CEH Certified Ethical HackerEC-Council
CySA+ Cybersecurity AnalystCompTIA
PenTest+ Penetration TestingCompTIA

Platforms I work with

Hands-on across 50+ enterprise security products — evaluation, POC and deployment advisory.

PAM & IAM BeyondTrust, Arcon PAM, Wallix
EDR & Endpoint CrowdStrike, SentinelOne, Microsoft Defender, Trellix, Trend Micro
SIEM & SOC Microsoft Sentinel, Splunk, Elastic SIEM, IBM QRadar
Email Security Mimecast, Proofpoint, TDMARC, DMARC Analyzer
VAPT Burp Suite, Nessus, Kali Linux, Pentera, Acunetix, Rapid7, Qualys
DLP & Data Forcepoint, Safetica, Klassify, Microsoft Purview, GetVisibility
GRC Securiti.ai, MetricStream, Microsoft Purview
Threat Intel Recorded Future, CloudSEK, Cyble, SpiderSilk
Awareness KnowBe4, Kaspersky ASAP, Human Firewall
EPM & Patch BeyondTrust EPM, ManageEngine, Ivanti, NinjaOne

"Basim led our PAM proof-of-concept from scoping through to board sign-off in under three weeks. His ability to translate technical capability into business risk language made the procurement decision straightforward for our leadership team."

CISO — Regional Bank, UAE

"The penetration test report was thorough, clearly prioritised by business impact, and the remediation guidance was actionable. Zero findings were disputed by our internal team — that's rare."

IT Director — Healthcare Group, Dubai

"Basim's RFP response for our EDR and email security tender was the most technically precise submission we received. He understood the NESA requirements without us having to explain them."

Procurement Lead — Government Entity, Abu Dhabi
Basim Ibrahim — OSCP Certified Cybersecurity Consultant Dubai

About Basim

Basim Ibrahim is a Senior Cybersecurity Presales Consultant at iConnect IT, Dubai, with more than five years of enterprise security experience across the UAE and GCC. He holds the OSCP, CEH, CySA+ and PenTest+ certifications, along with a Post Graduate Diploma in Artificial Intelligence and Machine Learning from NIELIT India.

His work spans VAPT assessments, PAM, EDR and SIEM proof-of-concepts, and security advisory for CISOs and security teams in banking, government, healthcare and energy.

Frequently asked questions

Common questions from CISOs, IT managers and vendors about cybersecurity consulting in the UAE.

A cybersecurity presales consultant bridges the gap between a vendor's technical product and an enterprise client's business needs. This includes conducting discovery workshops, designing and running proof-of-concept (POC) engagements, delivering technical demonstrations, writing RFP/RFI responses, and advising on security architecture — all before a commercial deal is signed. The goal is to technically validate a solution and give the client confidence to purchase.

Basim Ibrahim holds four industry-recognised certifications: OSCP (Offensive Security Certified Professional) — one of the most respected hands-on penetration testing credentials globally; CEH (Certified Ethical Hacker) by EC-Council; CompTIA CySA+ (Cybersecurity Analyst); and CompTIA Pentest+. He also holds a Post Graduate Diploma in Artificial Intelligence and Machine Learning from NIELIT India.

Privileged Access Management (PAM) is a cybersecurity discipline focused on controlling, monitoring, and auditing access to critical systems by privileged accounts — such as administrators, service accounts, and third-party vendors. In the UAE and GCC, PAM is increasingly mandated by frameworks like NESA and Dubai Electronic Security Center (DESC) guidelines. Without PAM, a single compromised admin credential can give an attacker unrestricted access to an organisation's entire infrastructure.

EDR (Endpoint Detection and Response) focuses on monitoring and responding to threats on individual endpoints — laptops, servers, and workstations. XDR (Extended Detection and Response) expands this visibility across multiple security layers: endpoints, network, email, cloud, and identity. XDR correlates signals from all these sources to provide a unified threat detection and response platform. For most UAE enterprises, XDR is the recommended evolution, particularly those already investing in Microsoft, CrowdStrike, or SentinelOne ecosystems.

A penetration test (VAPT) for a UAE business typically follows a structured methodology: scoping (defining what systems are in scope), reconnaissance, vulnerability scanning, exploitation, and reporting. The final deliverable includes an executive summary for leadership and a technical remediation report for IT teams. OSCP-certified testers like Basim Ibrahim use manual techniques beyond automated scanners to find logic flaws and business-critical vulnerabilities that tools miss.

Yes. Basim Ibrahim is available for select freelance engagements including cybersecurity presales support, POC delivery, security advisory, VAPT assessments, and technical RFP responses. Engagements are primarily based in Dubai and across the GCC region. Contact via the form on this site or connect directly on LinkedIn.

UAE organisations are typically required to comply with NESA (National Electronic Security Authority) standards, the Dubai Electronic Security Center (DESC) framework, and sector-specific mandates such as CBUAE guidelines for financial institutions. Internationally, ISO 27001, NIST CSF, and PCI-DSS are widely adopted. Basim Ibrahim has experience aligning security solutions to all major UAE and GCC compliance requirements.

Zero Trust is a security model built on the principle of "never trust, always verify" — no user, device, or system is trusted by default, even inside the corporate network. Implementation typically involves: strong identity verification (MFA, PAM), micro-segmentation of networks, least-privilege access controls, continuous monitoring via SIEM/UEBA, and endpoint verification before granting access. In the UAE, Microsoft, Zscaler, and Palo Alto Networks are the most commonly deployed Zero Trust platforms.

Let's talk about your security posture

Presales support, a technical POC, or a penetration test — tell me what you're evaluating and I'll come back within one business day.

Weekly Cyber Insights

One email per week. UAE/GCC focused. No spam, unsubscribe any time.