IT Supervisor & Cybersecurity Consultant — Morocco 🇲🇦

I supervise the IT department at ECDH, a nonprofit empowering youth in northern Morocco, where I oversee infrastructure, internal tools, and digital security. I also serve as Head of HR, applying OSINT-driven approaches to recruitment and vetting.

I previously served as Head of IT, leading the development of multiple systems still actively used in production, before transitioning into a supervisory role.

I specialize in social engineering and OSINT, with 3+ years of hands-on experience designing awareness campaigns, running simulated attacks, and handling incident response scenarios.

I also do web development — building and deploying websites using WordPress, Elementor, and custom HTML/CSS/JS — and conduct website security assessments with structured written reports.

Social Engineering OSINT Incident Response
Nmap Nikto Wappalyzer Wireshark WPScan Kali Linux
Linux & Bash Python C
HTML CSS JavaScript Node.js
WordPress Elementor Pro Hostinger Cloudflare SPF/DKIM/DMARC
Google Sheets (Advanced) Google Apps Script HR Automation

A full-scale Capture The Flag competition designed and executed end-to-end for ~60 participants, covering multiple cybersecurity domains:

• Reverse engineering
• Web exploitation
• Reconnaissance
• Cryptography
• System and network challenges

Built as a hands-on training environment simulating real-world attack scenarios across 20 progressive levels.

A logging, threat detection, and security dashboard for constrained hosting environments — specifically Hostinger web hosting where raw access logs and terminal access are unavailable.

• PHP-based request logger injected via auto_prepend_file with Cloudflare & proxy-aware IP detection
• Secure log storage outside public_html, zero external dependencies
• Python-based local analyzer with 13 threat detections across HIGH / MEDIUM / LOW severity
• Browser-based PHP dashboard — live analysis, IP blocking, whitelist management, and log control
• Detection of DoS patterns, brute force attempts, shell probes, distributed scans, XML-RPC abuse, and more

Built to provide visibility, monitoring, and incident response capabilities with no terminal required.

A full audit and hardening project conducted on a test router to document methodology and findings.

• Network scanning and enumeration
• Vulnerability identification
• Configuration hardening
• Structured security reporting

Serves as a reference methodology applicable to real-world environments.

A custom HR automation and verification system built using Google Sheets, Google Apps Script, and Hostinger, managing the full member lifecycle and enabling real-time identity verification.

• Centralized member management with automated status synchronization via event-driven triggers
• QR code generation for membership identification; public verification portal at verify.ecdh.ma
• Cached data layer for fast lookup and reduced API calls; automated birthday and notification workflows
• Session booking module: members book slots with listeners, automated confirmation emails fire instantly, and Google Calendar syncs in real time — all on Apps Script with zero extra infrastructure
• Multi-file architecture: Config.gs, Code.gs, WebApp.gs, Triggers.gs, QRGenerator.gs

Actively used in operations and maintained across multiple versions.

Designed and delivered multiple websites across different contexts and tech stacks:

• ECDH Association websites — WordPress, Elementor Pro, Hostinger; handles secure ticketing and event operations
• Festival International du Cinéma — Chefchaouen — full website design and deployment
• Custom static sites in HTML, CSS, and JavaScript
• Additional projects with Node.js back-ends

Designed and executed phishing simulation campaigns and awareness programs to assess and improve organizational resilience against human-layer attacks.

• Crafted realistic phishing scenarios: credential harvesting, link-based attacks, impersonation
• Simulated attacker techniques including domain spoofing, link obfuscation, and trust manipulation
• Tracked user behavior (clicks, interactions, reporting rates, multi-device access)
• Collected technical metadata (IP, device, browser) to simulate reconnaissance phases
• Produced detailed reports with risk assessment and corrective action plans

Security testing of live websites:

• Reconnaissance and fingerprinting with Wappalyzer and browser dev tools
• Vulnerability scanning with Nmap and Nikto
• Identification of misconfigurations, exposed endpoints, and plugin vulnerabilities
• Each assessment delivers a detailed written report covering findings by severity with recommended remediation steps

• Human-layer security: social engineering, OSINT, and behavioral risk analysis
• Designing custom, low-cost solutions as alternatives to expensive tools — tailored to real constraints
• Web development and website security, from deployment to assessment
• Leveraging AI to accelerate development, automation, and deployment
• Mentoring and guiding new tech learners through hands-on practice

Discord: .w.issam
LinkedIn: linkedin.com/in/wissamboubkir
Email: kikijo.wb@gmail.com
Portfolio: hypertrophic.github.io/portfolio

Open to consulting opportunities, collaborations, or discussions around security, OSINT, and automation.