Ibrahim Y. Alzahrani
Cyber Threat Specialist (CTI)
download
CTI Resume • Updated Dec 2025
search

Ibrahim Y. Alzahrani

Cyber Threat Intelligence (CTI) Lead
OSINT/Dark Web • Ransomware Intelligence • AI-Enabled Threat Analysis

Cyber Threat Intelligence specialist with broad computer experience since 2000 and 7+ years across IT engineering and security-focused roles. Currently leading CTI initiatives at Naif Arab University for Security Sciences (NAUSS). Focused on ransomware and cybercrime intelligence, advanced OSINT/dark web investigations, malware behavior analysis, and vulnerability-informed threat profiling. Leverages AI (ML/DL) to automate evidence collection, indicator enrichment, and analyst-assist workflows that strengthen threat hunting and operational reporting for security agencies.

phone +966 53 105 0040 mail ib@ii.sa in linkedin.com/in/iocs download Download PDF

hub Core Competencies

Tip: use Search above
check_circle

CTI lifecycle

PIRs/IRs, collection planning, structured analytic reporting

check_circle

Ransomware & cybercrime intelligence

Actor profiling, ecosystem monitoring

check_circle

OSINT / SOCMINT / Dark web intelligence

Collection, verification, source mapping

check_circle

TTP & campaign analysis

MITRE ATT&CK mapping, intrusion narratives, linkage

check_circle

IOC engineering

Extraction, enrichment, scoring, quality control, sharing

check_circle

Vulnerability-informed CTI

CVE context, exploitation signals, prioritization support

check_circle

AI for CTI

Automation, pattern detection, entity extraction, investigation tooling

terminal Tools & Methods

data_object

Platforms / Workflows

  • • MISP / IoC workflows (curation, enrichment, governance)
  • • OSINT & investigative workflows (verification and reporting)
bug_report

Analysis

  • • Behavioral malware triage and indicator extraction
  • • Threat briefing & stakeholder enablement

work_history Professional Experience

Cyber Threat Specialist (Full-time)
Naif Arab University for Security Sciences (NAUSS) • Saudi Arabia
Aug 2023 — Present
expand_more
  • • Lead CTI project activities and intelligence products supporting cybercrime and security investigations.
  • • Conduct OSINT/SOCMINT/dark web investigations to identify actors, infrastructure, and emerging tactics.
  • • Analyze ransomware ecosystems (leak sites, extortion patterns, crypto-enabled behavior) to produce actionable intelligence.
  • • Perform malware behavior and TTP analysis; extract high-confidence IOCs and map techniques to MITRE ATT&CK.
  • • Prototype AI-enabled analyst workflows for evidence collection automation and indicator enrichment.
  • • Deliver specialized training for security agencies: OSINT, SOCMINT, Dark Web, Cryptocurrency Investigations.
Computer Engineer (Full-time)
Saudi Intelligent Solutions • Riyadh, Saudi Arabia
Aug 2021 — Aug 2023
expand_more
  • • Supported enterprise engineering operations across infrastructure and services; contributed to integration and reliability.
IT Specialist
Ashcroft Inc. • Saudi Arabia
Nov 2014 — Dec 2017
expand_more
  • • Provided IT operations support, troubleshooting, and service continuity in an enterprise environment.

rocket_launch Projects

shield

CTI Project Team Lead (NAUSS)

Led CTI workflows, reporting, and stakeholder enablement for security-focused initiatives.

drone

AI-Enabled Drone Security Project (NAUSS)

Infrastructure lead (servers + edge computing) supporting AI-based threat detection.

travel_explore

CTI POC Platform

map.ii.sa — proof-of-concept platform supporting CTI analysis and reporting workflows.

article Publications & Book

description
Cryptocurrency-driven ransomware syndicates operating on the darknet: A focused examination of the Arab world.
Egyptian Informatics Journal (2025)
DOI: 10.1016/j.eij.2025.100665
description
Enhancing Cyber-Threat Intelligence in the Arab World: Leveraging IoC and MISP Integration.
Electronics 13(13) (2024)
DOI: 10.3390/electronics13132526
menu_book
NAUSS Publishing (2024): English–Arabic glossary of key terms in cybercrimes & digital forensics.
Book / Academic contribution

verified_user Certifications

Cyber Crime Intelligence Analyst (NW3C)
Issued Nov 2025 • Credential ID 9788
Certified Cyber Crime Examiner — 3CE (NW3C)
Issued Aug 2025 • Credential ID 9654
Instructor Development Course (INTERPOL)
Issued Aug 2024
CHFI — Computer Hacking Forensic Investigator (EC-Council)
Expired
Issued Jun 2022 • Expired Jun 2025 • Credential ID ECC9572810346
Oracle Cloud Data Management 2023 Foundations
Expired
Issued Jun 2023 • Expired Jun 2025 • Credential ID 303003317OCDMF2023
Oracle Cloud Infrastructure 2022 Foundations
Expired
Issued Jun 2023 • Expired Jun 2025 • Credential ID 303003317OCIF2022CA
Professional Engineering Accreditation (Computer Engineering) — Saudi Council of Engineers
Credential ID 231600

info Metadata

update
Last updated
Dec 2025
badge
Primary domain
Cyber Threat Intelligence • OSINT/Dark Web • Ransomware
Tip: You can host this HTML anywhere (GitHub Pages / internal portal) and keep the PDF next to it using the same filename: Ibrahim_Alzahrani_CTI_CV.pdf
© 2025 Ibrahim Y. Alzahrani • All rights reserved
Copied ✅