Meet ISC2 Instructor Naim Elmekki

Naim Elmekki

Naim Elmekki, CSSLP       

Naim Elmekki is a software security architect currently based in Dubai. I pursued engineering studies and graduated in 2005 from the National Computer Science School in Tunisia. The same year I started my career as a .Net developer with WEVIOO (ex:OXIA) then joined Thales DIS (ex Gemalto) in 2013 as a senior software engineer. With WEVIOO I worked on multiple national and international projects from end to end. Some of the main topics I worked on included HR applications, financial web and windows-based apps, and product lifecycle and business process management applications. With Thales DIS I transitioned into more leading positions and I had the chance to proudly work on and lead national electronic identity programs in the Middle East (KSA, UAE, Oman). Over the years, found interest in software security and started educating my self and my teammates about it. On multiple projects in KSA, UAE and Oman I was leading the implementation of security activities (threat modeling, risk assessment, security testing and reviews, security trainings to development and validation communities…) in our development projects, participated in the elaboration of the security plans and developed an expertise in secure development practices and application security. I studied and certified for CEH and CSSLP, and became committed to establishing and nurturing a security culture in the company as a whole and the development and operational teams in particular. Along with my passion for writing code and a strong knowledge in electronic identity and biometrics management, my expertise include the implementation of secure development processes, secure software design and coding, and web applications security. Today, on my workdays I communicate a lot with all projects stakeholders: developers, quality officers, project managers, pre-sales teams and managers about security and how to plan and implement security activities along the software lifecycle. I continuously run risk assessments, architecture and design reviews, provide expertise to development teams and support on security incidents management.