                                                         Ashar S. Ahmed
                                Software/Security Developer | Canadian Citizen | ashar@aahmed.ca | GitHub


SUMMARY
Software and security developer with 4+ years building secure cloud infrastructure, automating detection and response, and leading vulnerability
management. Experienced in DevSecOps, incident response, and compliance-aligned security work across NIST CSF, PHIPA, and ISO
27001-aligned controls. Holds SSCP, CISSP, and AWS certifications.

TECHNICAL SKILLS
Security Operations / Detection: SIEM alert triage, EDR (Endpoint Detection and Response) investigation, log correlation, alert tuning,
detection logic (SQL, regex), incident response playbooks, threat modeling
Vulnerability Management: CVE triage, vulnerability validation/prioritization, remediation coordination, evidence collection, compliance
closure tracking
Identity and Access Management (IAM) / Endpoint Security: MFA (Multi-Factor Authentication), macOS/Windows hardening, FileVault,
patch compliance, MDM policy enforcement, endpoint baselines, DNS filtering
Cloud / Infrastructure as Code (IaC): AWS (IAM, S3, DynamoDB, CloudWatch, CloudWatch Logs, CloudTrail), Azure (Defender for
Cloud), Terraform, Terragrunt, Checkov, Docker, Kubernetes
Scripting / Automation: Python, PowerShell, Bash, JavaScript/TypeScript
Compliance: NIST CSF, ISO 27001-aligned controls, PHIPA-oriented controls, audit documentation, control evidence workflows

PROFESSIONAL EXPERIENCE
Cyber Security Advisor, Dr. Shariq Mumtaz Medicine Professional Corporation | Jan. 2023 - Present
  - Built and owns the full security program from scratch for a medical practice: risk register, remediation SLAs, KPI reporting, and
    prioritized roadmap
   - Instrumented identity, endpoint, and network telemetry with correlation-driven triage; cut Mean Time to Detect (MTTD) from days to
     under 1 hour
   - Deployed fleet-wide MDM, MFA, FileVault, DNS filtering, and patch cadences; standardized baselines reduced spam and unsolicited
     traffic by 80%
   - Authored incident response playbooks and PHIPA-oriented audit evidence; supported external IT vendors through vulnerability closure
     and compliance reviews
Software Developer, Department of Industry, Canadian Digital Service | Feb. 2021 - Jan. 2022
   - Engineered secure AWS infrastructure (IAM, S3, DynamoDB, CloudWatch) via Terraform/Terragrunt; enforced policy-as-code scanning
     with Checkov
   - Eliminated bot-driven abuse by designing and deploying passive request validation, removing user friction while increasing detection
     coverage across all form endpoints
   - Implemented CI/CD quality gates and automated testing, increasing code coverage from ~20% to 85%; reduced client-reported data
     incidents from 4-5 to 1-2 per cycle
   - Produced security runbooks and incident-support documentation adopted org-wide; awarded the Directors General Award of Merit for
     delivery impact on national spectrum operations
Software Developer Intern, National Research Council of Canada (NRC) | Sept. 2020 - Dec. 2020
   - Developed full-stack Oracle Database applications powering research data pipelines across multiple NRC divisions
   - Engineered PL/SQL stored procedures and SQL-based automation to replace manual workflows, eliminating ~10 hrs/week of manual
     processing

PROJECTS & PUBLICATIONS
QR-CLI | Project page
  - Built and published a cross-platform Node.js CLI that generates QR codes as ASCII art with PNG export, works fully offline, and is
    released under the MIT license on npm and GitHub
Homelab Infrastructure Platform | Public project page
  - Built and operate a self-hosted infrastructure platform featuring reverse proxying, identity management, observability, secrets management,
    SIEM workflows, and infrastructure-as-code patterns
The Cyber Centre and Technologies: A Meta-Analysis | Accepted, Canadian Military Journal (forthcoming)
  - Authored an accepted meta-analysis on the Canadian Centre for Cyber Security (Cyber Centre), synthesizing open-source sources on
    threat intelligence operations, detection capabilities, and critical infrastructure protection

EDUCATION
Master of Science (M.S.) Cybersecurity & Information Assurance | Western Governors University | Awarded 2024
Bachelor of Computer Science (BCompSci) | Dalhousie University | Awarded 2024

CERTIFICATIONS
Certified Information Systems Security Professional (CISSP) | Awarded 2026
Systems Security Certified Professional (SSCP) | Awarded 2023
AWS Certified Solutions Architect & Developer - Associate | Awarded 2022