Vulnerability Management Tool
Automated tracking and reporting for 40,000+ vulnerabilities, streamlining remediation visibility for teams and leadership.
GRC, (IT/OT) Cybersecurity Analysis & Data Science
- My goal is to empower cybersecurity with AI and machine learning and gain the knowledge on how to align them with future GRC controls.
- Analyze risks, data, build practical tools, and ship results fast.
- 40,000+vulnerabilities analyzed
- < 3 minfirewall recovery
- ~900controls implemented
About
I’m Rayan Al-Zhrani, a cybersecurity and data-driven problem solver focused on operational technology environments and GRC. I’ve analyzed 40,000+ vulnerabilities, implemented ~900 security controls, and helped drive recovery plans that reduced firewall restoration to under three minutes. At SEC, I led a compliance audit on a critical server and automated an NCA corrective action plan workflow to improve tracking, reporting, and audit readiness. My work has been recognized by Kemya’s President, along with two certificates of appreciation. I enjoy turning messy data into clear decisions and building practical tools that deliver measurable outcomes through structured planning, disciplined execution, and continuous improvement.
Achievements
- Analyzed 40,000+ vulnerabilities end‑to‑end
- Reduced firewall recovery time to < 3 minutes
- Implemented ~900 controls across environments
- Recognition by Kemya’s President for contributions
- Two certificates of appreciation for impact
Projects
KSUChatbot
A campus assistant that answers common questions with concise responses and structured handoffs when needed.
Fake News Detector
Classifies articles by credibility signals and highlights the features driving each decision.
PassCheck
Password strength analyzer with clear visual feedback and actionable guidance.
View ProjectAutoOracle
A recommendation tool that turns user preferences into practical, ranked options with simple explanations.
View ProjectOT anomaly detector
An OT anomaly detection model that monitors industrial network or process data to identify deviations from normal operational behavior and flag potential cybersecurity threats in real time.
View ProjectSportConnect
Sport-Connect is a software that uses matchmaking to connect people for sport activities. It focuses on finding a suitable person by tracking one's behavior. It utilizes technologies to further increase the accuracy of matchmaking.
Work Timeline
-
KSU — Information Systems (Data Science track)
Foundation in data analysis, big data analysis, networks, programming, information security, and ML fundamentals.
-
Kemya (SABIC‑ExxonMobil JV) — OT Cybersecurity Internship (2025:Jan-Jul)
Vulnerability management, firewall recovery planning, Recreating the GRC document for OT Cybersecurity(SHEM Electroinc Systems security), dashboards, and compliance evidence collection.
-
Saudi Electricity Company (via Emircom) — Cybersecurity Analyst (GRC) (2025/12-Current)
Led a compliance audit on a critical server (hardening, access control, logging, and backup/restore readiness), delivered a prioritized findings report, and automated an NCA corrective action plan tracker to improve ownership, due dates, status reporting, and audit readiness.
Skills
Programming
Technical
Soft Skills
Contact
Open to collaboration and new opportunities, I welcome challenges, ideas, and conversations.