Summary
Overview
Work History
Education
Skills
Career Highlights
Early Career
Timeline
Generic
Salman Gilani

Salman Gilani

Manager Cyber Security Operations
As Salimiyah

Summary

Highly technical and results-driven Cybersecurity and Infrastructure Leader with over 20 years of experience in designing, implementing, and optimizing complex IT and cybersecurity environments. Quick to learn and adapt to new technologies, with a proven ability to research operational challenges, analyze organizational complexities, and deliver effective solutions. Strong communicator and collaborator, skilled at bridging technical and business perspectives, driving security strategy, and enhancing operational efficiency. Adept at leading cross-functional teams, implementing modern security frameworks, and solving critical technical and organizational problems in fast-paced, high-stakes environments.

Overview

18
18
years of professional experience

Work History

Manager Cybersecurity Operations

STC Kuwait
01.2020 - Current
  • Drove a security enhancement program covering Microsoft Entra, Extra hop NDR, Deliea PAM, IAM/SSO, EDR, and XDR technologies.
  • Implemented quick-win identity integrations (Entra ID, Oracle SSOgen) to rapidly reduce access risk and improve operational efficiency.
  • Introduced SSO at scale, integrating multiple legacy and obsolete applications with Microsoft Entra ID, including Oracle and in-house applications, delivering rapid security and usability gains.
  • Led PAM transformation, migrating from Centrify to Delinea, expanding use cases to cover the full server and application infrastructure.
  • Designed and led a cybersecurity visibility program using Axonius, integrating security tools to improve asset visibility and control.
  • Led SOC teams to onboard all critical and high-risk applications, significantly improving detection coverage.
  • Integrated Palo Alto Cortex XDR with SOC operations to enhance detection, correlation, and automation from alerts to incidents.
  • Replaced obsolete security tools and introduced modern platforms under a visibility and actionability initiative.
  • Designed & implemented Email Security on premise & Cloud along with STC and all its subsidiary companies using Microsoft Defender for office & Proofpoint Protection.
  • Advanced endpoint and extended detection capabilities through EDR optimization and Cortex XDR adoption.
  • Led and enhanced the SOC team, improving operational maturity, incident handling, and threat response effectiveness.
  • Reduced cybersecurity incidents by strengthening security detections, improving alert quality, and refining SOC workflows.
  • Improved onboarding of critically exposed and high-risk applications into SOC monitoring, increasing visibility and reducing attack surface risk.
  • Led the initiative to design and implement security dashboards for management, providing clear risk and threat visibility.
  • Simplified executive security reporting by reducing human complexity and translating technical metrics into actionable insights.
  • Strengthened vendor controls and procurement processes, ensuring contractual safeguards and compliance with security standards, Authored Go Live procedure to cover cybersecurity controls/ Risk Assessment compliance from early stage of the project from procurement till Go live for Assets & applications as per NIST Framework.
  • Conducted a detailed cybersecurity capability assessment, presenting a RAG status for critical functions and providing actionable recommendations for process improvement.
  • Drove cybersecurity maturity improvement for stc Group through enterprise-wide KPI assessment and security score implementation.
  • Established a measurable security scoring framework to monitor posture, highlight risks, and demonstrate continuous improvement.
  • Facilitated the rollout of updated policies and standards, enhancing organisational resilience and compliance readiness.
  • Strengthened organisational security posture through strategic recommendations and effective stakeholder engagement across technical and business domains.
  • Delivered targeted improvements to cyber security controls, achieving alignment with regulatory requirements and strengthening the organisation’s overall security posture.
  • Reduced cybersecurity incidents by strengthening security indicators, tuning detections, and improving onboarding of critically exposed and high-risk applications into SOC monitoring.
  • Handled and coordinated security incidents across Microsoft Entra ID, Active Directory, PAM, EDR, and NDR platforms.
  • Investigated and mitigated high-risk vulnerabilities, including those actively exploited in the wild, in close coordination with technical and business stakeholders.
  • Awarded GEM of Cybersecurity – 2025 for strategic impact and leadership.
  • Managed and trained the team to on technologies to enhance their overall productivity.

Lead – Microsoft & Cloud Team

STC
07.2008 - 12.2019
  • Handled security responsibilities as part of the Microsoft and Cloud Infrastructure team, strengthening platform security and operational resilience.
  • Enhanced patch management capabilities across servers and endpoints to reduce exposure to known vulnerabilities.
  • Improved and enforced security baselines for operating systems and applications, aligning with best practices and compliance requirements.
  • Developed and executed automation scripts to remediate vulnerable applications and insecure operating system configurations.
  • Reduced security risk by proactively closing configuration gaps and hardening infrastructure environments.
  • Led the Microsoft & Cloud Infrastructure team for VIVA Kuwait.
  • Migrated all physical servers to Virtual environment with high availability.
  • Designed and implemented HP Cloud, virtualizing the entire infrastructure from physical servers to VMware-based virtual environments.
  • Led major data center and infrastructure modernization initiatives, improving scalability and resilience.
  • In 2019, led the complete rebranding of VIVA to stc, designing a complex transformation plan and executing a successful single-night cutover with zero major impact.
  • Joined at the inception of stc Kuwait, leading the entire Microsoft infrastructure implementation from the ground up.
  • Designed and implemented Active Directory on Windows Server 2008 across the enterprise.
  • Designed secure Microsoft Exchange environments, including email security and access controls.
  • Implemented Threat Management Gateway (TMG) to provide secure proxy access for branch locations.
  • Designed and deployed enterprise antivirus services using Trend Micro.
  • Integrated core billing applications with Microsoft Active Directory for secure authentication and access control.
  • Designed and secured file services access, enforcing role-based access and data protection.
  • Fully supported and operated this environment through 2012.

Education

Associated Degree - Computer systems Technology

MTI College of Business & Technology
Houston
01.2001

Skills

Strategic Leadership: Target Operating Model Development, Change Management Strategies, Cost Optimisation, Security-Centric Organisational Culture

Governance & Compliance: Cyber Governance, Policy Development, Incident Response & Business Continuity Planning, ISO 27001 Frameworks

Team leadership

Operations management

Strategic planning

Decision-making

Performance management

Policy implementation

Complex Problem-solving

Key performance indicators

Career Highlights

  • Cybersecurity Strategy/GRC: Lead Many initiatives along with GRC teams to enhance cybersecurity policies, including replacing legacy Cybersecurity tools to improve effectiveness of tools and compliance.
  • Hybrid Cloud Migration: Designed & Lead the Implementation of Email to Office 365, Along with Complete E5 Security suite.
  • Identity Security: Designed & Implemented modernization of Identity across entire IT application & Telecom to enhance security posture integrating key Security controls on some legacy apps such as SSO, MFA & privilege Access Management/Privilege Account Management. Enhanced overall Identity & access management by Automating reviews of access for critical applications.
  • Cybersecurity Visibility: Researched & Implemented Cyber-attack surface managed for Complete Cyber visibility using Axonius in IT & Telecom Infrastructure.
  • Lead Architect of Rebranding of Quality net to Solutions: Planned & Designed Security process of Migration of systems including Rebranding of Quality net to Solution till successful execution.
  • Lead Architect of Rebranding of VIVA to STC: Planned & Designed Digital process of Rebranding of VIVA to STC till successful execution in one Change Activity.
  • Infrastructure Security Expert While Leading Microsoft & Cloud worked on many initiatives on Automating Security baselines on infrastructure and applications, Designed and implemented AD Security Tier Model.
  • Implementation of Infrastructure & Microsoft & Cloud: Designed, Planned & implemented Infrastructure applications during inception of viva Telecom.
  • Incident Response Expertise: Enhanced Defensive capabilities of stc by integrating defensive tools and always stayed on top to reduce risk of highly critical vulnerabilities by mitigating controls.

Early Career

  • Manager Cybersecurity Operations STC
  • 2013 to 2019 Team Lead Microsoft /Cloud Team Huawei/VIVA
  • Senior Systems Engineer ITS /KFH
  • 2008 to 2012 Senior Systems Engineer ITS/VIVA
  • 2003 to 2008 Microsoft Professional Trainer Infocenter Institute
  • Earlier career history available upon request

Timeline

Manager Cybersecurity Operations

STC Kuwait
01.2020 - Current

Lead – Microsoft & Cloud Team

STC
07.2008 - 12.2019

Associated Degree - Computer systems Technology

MTI College of Business & Technology
Salman GilaniManager Cyber Security Operations