Ghareeb Thiab

Ghareeb Thiab

Information Security Auditor & Cybersecurity Instructor

IT audit, governance & risk, and Blue Team security — plus hands-on cybersecurity instruction.

I audit IT infrastructure, security appliances, and controls for compliance, and I teach hands-on defensive security — from SIEM and incident response to threat hunting, digital forensics, and Active Directory attack paths.

  • 5+ years in cybersecurity & IT audit
  • Banking & government sectors
  • CISSP · CISA · 3× GIAC
Kuwait City, Kuwait ghareebthiab@gmail.com LinkedIn
Download CV Contact
  • CISSP
  • CISA
  • GIAC GSEC
  • GIAC GCIH
  • GIAC GFACT
  • CompTIA CASP+
  • Cisco CCNA
Ghareeb Thiab — information security auditor and cybersecurity instructor
  • 5+ Years in cybersecurity & IT audit
  • 12 Industry certifications
  • 7 Courses & workshops delivered
  • 2 Sectors: banking & government
About

Professional summary

Ghareeb Thiab is an information security auditor and cybersecurity instructor based in Kuwait with over five years across IT audit, governance, risk and compliance (GRC), and Blue Team operations. He spent more than three years in IT audit at Gulf Bank — progressing from Senior Auditor to Supervisor Auditor — auditing IT infrastructure, security appliances, and controls against mandated frameworks, after earlier Security Operations Center (SOC) and ISO 27001 work at the Public Institution for Social Security. As a Cybersecurity Instructor at CODED, he builds and delivers hands-on Blue Team and Red Team courses covering SIEM, incident response, threat hunting, and digital forensics. He holds the CISSP, CISA, and three GIAC certifications (GSEC, GCIH, GFACT), plus CompTIA and Cisco credentials.

Experience

Work experience

IT audit, information security, and Blue Team roles across the banking and public sectors in Kuwait.

IT Auditor · Gulf Bank of Kuwait

Dec 2022 – Apr 2026

Sharq, Kuwait

Supervisor Auditor — IT Auditor Promotion Dec 2024 – Apr 2026
Senior Auditor — IT Auditor Dec 2022 – Dec 2024
  • Audited IT infrastructure, security appliances, and IT general controls (ITGC) across the bank's environment.
  • Assessed compliance against mandated regulatory and information-security frameworks, reporting findings and remediation to management.
  • Led the annual Information and Cyber Security audit end to end — scoping engagements and building custom scripts and regex queries to streamline evidence review.

Junior Information Security Analyst · Public Institution for Social Security

Oct 2020 – Dec 2022

Mirqab, Kuwait

  • Operated as a Security Operations Center (SOC) analyst and Blue Team member — monitoring, triaging, and responding to security events.
  • Served as Lead Implementer for ISO 27001 — gathered requirements, managed the certification audit, and secured renewal.
  • Implemented and fine-tuned a Network Detection and Response (NDR) platform, developing custom detection use cases.
  • Authored information security policies and procedures aligned to ISO 27001 with the governance team.
  • Delivered organization-wide security awareness sessions.

Student Lab Assistant · American University of Kuwait

Sep 2018 – Jan 2019

Salmiya, Kuwait

  • Taught VHDL to laboratory students.
  • Supervised exam sessions and student projects.
  • Organized laboratory equipment.
Teaching & Training

Cybersecurity instruction

Defensive security teaching, lab development, and professional training delivered at CODED.

Cybersecurity Instructor · CODED Current

Jul 2025 – Present

Free Trade Zone, Kuwait

Full-time May 2026 – Present
Part-time Jul 2025 – Apr 2026
  • Teach Blue Team topics including Security Information and Event Management (SIEM), Digital Forensics and Incident Response (DFIR), threat intelligence, threat hunting, and malware analysis.
  • Instruct on foundational Linux, Windows, and networking administration.
  • Develop practical labs and exercises for defensive cybersecurity skills.
  • Train professionals in incident response and threat detection techniques.

Courses & workshops delivered

Blue Team Fundamentals

Instructor · 5 weeks

  • Covers SIEM, DFIR, threat intelligence, threat hunting, and malware analysis.
  • Focus on defensive security operations and incident response workflows.
  • Hands-on labs using industry-standard tools and real-world scenarios.

Red Team Fundamentals

Instructor · 5 weeks

  • Introduces offensive security and Red Team techniques.
  • Covers Linux and Windows Active Directory (AD) attack paths.
  • Hands-on exploitation practice in a controlled lab environment.

Cybersecurity Bootcamp

Instructor · 2 weeks

  • Intensive introduction to Linux, Windows, and networking basics.
  • Practical exercises in system hardening, log analysis, and threat detection.
  • Designed to help beginners build a cybersecurity foundation quickly.

Information Security Awareness

Instructor

  • Key security concepts: the CIA triad, risk management, and incident response.
  • Awareness of current security threats and vulnerabilities.

OSINT & Social Engineering

Instructor

  • Open-Source Intelligence (OSINT) tools and techniques.
  • Social engineering tactics and how they work.
  • Protection and prevention strategies against social engineering.

Cybersecurity Awareness Workshop

Workshop · Ministry of Interior

  • Delivered cybersecurity awareness training to ministry staff.

Cybersecurity Awareness Workshop

Workshop · Ministry of Defence

  • Delivered cybersecurity awareness training to ministry staff.
Certifications

Certifications & professional programs

Dates shown are when each credential was earned.

ISC2 & ISACA

CISSP

Certified Information Systems Security Professional · ISC2

Earned Dec 2024

CISA

Certified Information Systems Auditor · ISACA

Earned Jan 2023

GIAC / SANS

GSEC — GIAC Security Essentials

Global Information Assurance Certification (GIAC)

Earned Aug 2023

GCIH — GIAC Certified Incident Handler

Global Information Assurance Certification (GIAC)

Earned Sep 2023

GFACT — GIAC Foundational Cybersecurity Technologies

Global Information Assurance Certification (GIAC)

Earned Jul 2023

CompTIA

CompTIA CASP+

CompTIA Advanced Security Practitioner

Earned Mar 2021

CompTIA PenTest+

CompTIA

Earned Mar 2021

CompTIA CySA+

CompTIA Cybersecurity Analyst

Earned Feb 2021

CompTIA Security+

CompTIA

Earned Dec 2020

CompTIA Network+

CompTIA

Earned Dec 2020

CompTIA A+

CompTIA

Earned Nov 2020

Cisco

Cisco CCNA

Cisco Certified Network Associate

Earned Apr 2021

Professional programs & recognition

GIAC Advisory Board

Invitation based on GIAC examination performance

2023

CBK Cyber Security Leaders Program

Central Bank of Kuwait · 4-month program (three SANS courses and a BIS course)

2023

BIS Cyber Range Exercise

Cyber resilience exercise for the financial sector

2023
Education

Education

B.E. in Computer Engineering

American University of Kuwait (AUK) · Salmiya, Kuwait

GPA 3.32 · Dean's Honor List (Fall 2015, Spring 2019)

2015 – 2019
Skills

Skills & expertise

IT audit, GRC & compliance

  • IT audit
  • IT general controls (ITGC)
  • Governance, risk & compliance (GRC)
  • ISO 27001
  • Regulatory compliance
  • Audit reporting
  • Policies & procedures

Information security

  • Risk management
  • Vulnerability assessment
  • Incident response
  • Threat analysis
  • Enterprise architecture
  • Technical integration
  • Mobile device security
  • Data security

Security operations & detection

  • SIEM — Splunk
  • SIEM — Elastic
  • SIEM — Microsoft Defender
  • NDR — Corelight
  • NDR — Security Onion
  • Vulnerability management — InsightVM

Networking & infrastructure

  • Cisco IOS
  • Fortinet firewalls
  • Palo Alto firewalls
  • Active Directory
  • Microsoft Azure

Programming & hardware

  • Python 3
  • Java
  • Arduino
  • PIC
  • Raspberry Pi

Teaching & training

  • Cybersecurity instruction
  • Lab development
  • Curriculum delivery
  • Security awareness

Languages

  • Arabic
  • English
Highlights

Selected professional highlights

Audit career progression

Advanced from Senior Auditor to Supervisor Auditor in IT Audit at Gulf Bank of Kuwait.

ISO 27001 Lead Implementer

Led ISO 27001 implementation and renewal at the Public Institution for Social Security, including audit and supporting policies.

Network Detection & Response

Implemented and fine-tuned an NDR platform with custom detection use cases.

Built Blue & Red Team curricula

Designed and delivered five-week Blue Team and Red Team courses with hands-on labs at CODED.

Trained government & enterprise teams

Delivered cybersecurity awareness workshops for the Ministry of Interior and Ministry of Defence, plus bootcamp cohorts.

Recognized expertise

Holds CISSP, CISA, and three GIAC certifications, and serves on the GIAC Advisory Board.

Contact

Get in touch

Open to opportunities and collaboration in information security, IT audit, and cybersecurity instruction. The best way to reach me is by email.

Email me Download CV