Cybersecurity Expert Needed to Prepare Practical Security Reference for a GCC Institution

Posted 3 weeks ago

Worldwide

Summary

I am looking for an experienced cybersecurity expert to prepare a practical, original, and well researched cybersecurity reference document for an institution in the GCC region. The document must be written by the expert personally. I do not want AI generated text, generic cybersecurity filler, or copied material. The work should reflect real cybersecurity expertise, current standards, GCC market awareness, and practical recommendations that can actually be implemented. The goal of this project is to create a clear reference and advisory document that tells the institution what it should secure, what standards it should follow, what technologies and processes it should adopt, what employees should be trained on, what common attacks it should be prepared for, and how its security readiness should be assessed and tested. The document should be divided into 4 main chapters. Chapter 1: Technical and Technology Security This chapter should cover the main technical security areas that an institution should review and improve, including authentication and identity management, network security, database security, endpoint and device security, email security, web application security, cloud security, access control, privileged access management, monitoring and logging, vulnerability management, patch management, backup and recovery, encryption, data protection, incident response, business continuity, third party security, asset inventory, and secure configuration baselines. For each area, the expert should provide the current risks, the current standard or framework that should be followed, official links or reliable references, recommended controls, suitable technology stack or tools, and practical implementation steps. The expected format should be specific and reference based. For example, a password policy recommendation should not only say “use strong passwords.” It should identify the relevant standard, such as NIST Special Publication 800 63B, explain that it provides digital identity and authentication lifecycle guidance, provide the official link, and translate the guidance into practical institutional steps such as password length requirements, MFA adoption, password manager support, compromised password screening, account recovery controls, and monitoring for credential theft. The same approach should be used for every technical area. For example, network security may reference CIS Controls, NIST Cybersecurity Framework 2.0, ISO 27001 controls, Zero Trust guidance, secure configuration benchmarks, and GCC or regional examples where available. The document should also recommend practical technology stacks where appropriate, such as identity providers, MFA, SSO, PAM, SIEM, EDR, vulnerability scanning, backup solutions, email security controls, DNS protection, DDoS protection, database auditing, and secure configuration tools. The recommendations should be realistic for an institutional environment, not vague or theoretical. Chapter 2: Human Factors This chapter should focus on people, behavior, training, and security awareness. It should cover phishing awareness, social engineering, password behavior, secure handling of sensitive data, reporting suspicious activity, insider risk, remote work behavior, management awareness, IT staff awareness, and general employee security behavior. This chapter should explain what different groups of employees should know, how they should be trained, how often training should happen, what awareness materials should be used, what exams, certifications, or common assessments may be useful, and how improvement should be measured. The recommendations should include useful links to reliable training resources, standards, awareness material, assessment methods, research papers, professional certifications, and public sector guidance where available. For example, the expert may reference ENISA awareness and cyber hygiene material, phishing guidance, NIST awareness and training guidance, SANS security awareness resources, CIS Controls awareness safeguards, or peer reviewed research on phishing training and security behavior. This section should not simply say “train employees.” It should explain the actual training topics, target audiences, delivery methods, frequency, assessment methods, and measurable outcomes. Chapter 3: Common Attacks This chapter should identify the top 15 common and relevant cybersecurity attacks that a GCC institution should be prepared for. These may include phishing, credential theft, ransomware, business email compromise, DDoS, DNS attacks, SQL injection, web application attacks, exposed remote access, malware, insider misuse, cloud misconfiguration, privilege escalation, data leakage, and supply chain attacks. For each attack, the document should explain how the attack works, why it matters, how it can be detected, how it can be defended against, what technologies or policies should be adopted, what training is needed if relevant, and what standards, research papers, or official references apply. Chapter 4: Assessment and Testing This chapter should explain how the institution can assess its current security posture and test whether its controls, processes, and training actually work. The assessment part should include both technical assessment and human assessment. For the technical side, the expert should prepare practical assessment checkpoints for each major security area, such as authentication, network security, database security, endpoint security, email security, cloud security, logging, backups, access control, and incident response. These checkpoints should help the institution evaluate what it currently uses, what is missing, what is misconfigured, what needs improvement, and what standards each area should be compared against. For the human side, the expert should prepare assessment methods for employees, managers, IT staff, and leadership. This may include awareness quizzes, phishing simulation results, role based security knowledge checks, reporting behavior assessment, secure data handling assessment, password and MFA behavior assessment, and training completion evaluation. The testing part should cover vulnerability assessments, penetration testing, phishing campaigns, tabletop incident response exercises, backup recovery testing, access review testing, security awareness testing, and red team exercises if applicable. This chapter should explain how each assessment or test should be performed, how often it should happen, what evidence should be collected, how results should be documented, and how the institution should convert findings into an improvement plan. The final deliverable should include a clear structure, practical recommendations, current standards, official or reliable links, GCC or regional examples where available, technology stack recommendations, assessment checkpoints, testing guidance, and implementable recommendations. Links may include official standards, government guidance, cybersecurity frameworks, vendor neutral best practices, research papers, training resources, and regional examples such as Dubai, UAE, Saudi Arabia, Qatar, Bahrain, Oman, or similar GCC references. The ideal freelancer should have strong cybersecurity consulting experience, preferably with public sector, institutional, GCC, or Middle East environments. In your proposal, please include your cybersecurity background, similar work you have completed, any GCC or public sector experience, and a short explanation of how you would structure and prepare the document. Please also confirm that the work will be written personally by you and will not be generated using AI.

  • $650.00

    Fixed-price
  • Expert
    Experience Level
  • Remote Job
  • Ongoing project
    Project Type
Skills and Expertise
Mandatory skills
Information Security Consultation
Activity on this job
  • Proposals:10 to 15
  • Last viewed by client:3 weeks ago
  • Interviewing:
    9
  • Invites sent:
    34
  • Unanswered invites:
    11
About the client
Member since Sep 30, 2017
  • United States
    At1:20 PM
  • $105K total spent
    78 hires, 21 active
  • 2,560 hours
  • Individual client

Explore similar jobs on Upwork

UK Cybersecurity Sales ProfessionalHourly‐ Posted 2 weeks ago
Sales
Phone Communication
Telemarketing
Cold Calling
Help with cyber security photoshopHourly‐ Posted 9 months ago
Penetration Testing
System Security
Cybersecurity Management
Vulnerability Assessment
Security Assessment & Testing
Network Penetration Testing
Testing
Software Testing
Ethical Hacking
Threat Detection

How it works

  • Post a job icon
    Create your free profile
    Highlight your skills and experience, show your portfolio, and set your ideal pay rate.
  • Talent comes to you icon
    Work the way you want
    Apply for jobs, create easy-to-by projects, or access exclusive opportunities that come to you.
  • Payment simplified icon
    Get paid securely
    From contract to payment, we help you work safely and get paid securely.
Want to get started? Create a profile

About Upwork

  • Rating is 4.9 out of 5.
    4.9/5
    (Average rating of clients by professionals)
  • G2 2021
    #1 freelance platform
  • 49,000+
    Signed contract every week
  • $2.3B
    Freelancers earned on Upwork in 2020

Find the best freelance jobs

Growing your career is as easy as creating a free profile and finding work like this that fits your skills.

Trusted by

  • Microsoft Logo
  • Airbnb Logo
  • Bissell Logo
  • GoDaddy Logo