Ahmed Abugharbia

Ahmed Abugharbia is a consultant and a manger in the Managed Security Services department at Sirius Computer Solutions in Chicago, IL. Prior to moving to the United States in 2017, Ahmed was a co-founder of Cystack consulting, which has been serving clients in the Middle East for over 10 years, providing assistance to clients with upgrading their information security defenses through deploying security solutions, performing vulnerability and infrastructure assessments, as well as hosting information security training sessions to technical staff. In total, he has over 13 years of experience in the field of information security, with a recent focus on Cloud Security and DevSecOps. Other areas of expertise for Ahmed include Firewalls, IPS, WAF, PKI, Vulnerability Management and Information Security Consulting. Ahmed is an instructor for SEC540: Cloud Security and DevOps Automation.

More About Ahmed


At Sirius Computer Solutions, Ahmed has been tasked with building and leading a technical cloud security team. While none worked in cloud security prior to joining the team, each person has now made huge strides in a relatively short period of time under Ahmed’s leadership. After only 3 years, several of those he has mentored have now become cloud leaders that are taking it upon themselves to mentor other engineers along their cloud journey.

Ahmed was introduced to computers at an early age. From there, he dug into the inner workings of computers, how they can connect with one another, control real life systems, and discovered they can also be hacked! In time, his childhood hobby led him to a degree in computer science and into a professional career in cybersecurity.

For over a decade Ahmed has been providing training in various capacities starting with providing clients support with various systems he was charged with installing and configuring, mentoring new team members at work, and coaching Jiu Jitsu kids classes. His first interaction with SANS was in 2013 when he took both SEC401: SANS Security Essentials and SEC560: Network Penetration Testing and Ethical Hacking, earning both the GSEC and GPEN certificates. By that point in his studies and career, he had taken many classes, exams, and attended many seminars but felt none of which came close to how practical and comprehensive the SANS courses were. A few years later, after realizing he wanted teaching to be an integral part of his career, SANS was his first choice because he felt it was the best platform with the most helpful tools for learning.

Ahmed often hears from students that the biggest challenge with DevOps and Cloud is the vastness and intensity of the topic. With so many concepts and tools in use, it’s unusual to have experience with it all. However, he has found that this can be a source of excitement for many students.

When it comes to learning, Ahmed relies on two key words; fundamentals and practice. As the instructor, he feels the responsibility to ensure students fully grasp the fundamentals of a topic first and then build on that by practicing real-world scenarios. This equips them with the knowledge needed to be able to find answers on their own back at work. Additionally, he constantly emphasizes the importance of continuous learning and digging deeper into the concepts. Finally, he makes sure students have access to communication channels with instructors and other students for future discussions.

In the classroom, Ahmed’s ultimate goal is to send students back to their jobs with take-aways that can be implemented immediately and have a measurable effect on overall security operations. Ahmed’s most important strength as a teacher is his immeasurable professional experience across a myriad of topics in security. He has studied DevOps and Cloud Security thoroughly and used his job to practice incorporating DevSecOps into operations. This combination of theory and practice equips him to teach students how to implement what they learn in their jobs.

A particular experience reflecting Ahmed’s expertise was as part of a large team that did incident handling. They were investigating a major incident in which a host owned by a non-technical user was accessing a server on SSH. While quickly determining that the user was phished, they could not determine how the attackers managed to SSH to the server. Initially focused on tracing down traditional techniques such as scanning, exploitation, and potential vulnerabilities, they were not making progress. Ahmed created a smaller more focused group of analysts- one highly skilled in SIEM, one highly skilled in engineering, and himself as one who is both knowledgeable in DevOps and security. After investigating huge amounts of logs, this team finally had a major breakthrough discovering that the attackers had managed to learn a lot about their DevOps environment and internal tools from internal documentation. The attackers then leveraged their Orchestrators and SCM tools to extract credentials and pivot into many of their systems. Had Ahmed’s incident handling team not had experience in DevOps tools, which many security professionals were not paying attention to at the time, they would not have had any chance of effectively analyzing and responding to such an incident. These are the types of experiences Ahmed shares in-depth with his students.

Ahmed holds a bachelor’s degree in Computer Science along with a myriad of professional certifications including: GIAC GSEC and GPEN, AWS Certified DevOps Engineer Professional, AWS Certified Solutions Architect Associate, OpenTrust Corporate ID PKI and CMS, CEH, JNCIS-FWV, JNCIA-IDP, and CCNA. He’s fluent in both English and Arabic and when not in front of a computer screen, loves scuba diving and practicing Brazilian Jiu Jitsu, which he describes as a form of martial arts that is all about technical problem solving. When not in the throes of a global pandemic, Ahmed can be found traveling and taking road trips as often as possible.