I'm Mohamad Chehab — a mechanical engineering student at USJ ESIB in Beirut, focused on blue team cybersecurity, SCADA/ICS/OT security, and the practical automation glue between them. I write Python that cleans tag names, parse Windows event logs to reconstruct attack timelines, and wire up Ignition dashboards in between physics labs.
I study mechanical engineering at École Supérieure d'Ingénieurs de Beyrouth — thermodynamics, materials, mechanics, the usual. But the part of the lab I keep coming back to is where the physical world meets the digital one: PLCs, sensors, HMIs, the messy wiring between OT and IT.
On the security side I'm a blue-teamer. I like reconstructing timelines from Windows event logs, hunting through Sysmon, explaining what happened to people who weren't in the room. I've investigated brute-force attempts on AWS-hosted infrastructure, traced default EC2 reverse-DNS as an indicator of throwaway attacker nodes, and written incident reports clean enough for a non-technical audience.
On the SCADA side I run an Ignition lab on Ubuntu VMs with simulated PLCs and Modbus, and I do paid contract work helping a friend with industrial automation gigs. Long-term I want to sit at the seam — OT security for industrial operators in MENA, where most defenders still aren't fluent in both sides.
Retrieval-augmented assistant over an industrial tag namespace of roughly 85,000 tags from a solar plant. Python ingestion, Qdrant vector store, PostgreSQL for metadata, embeddings tuned for industrial naming conventions. Lets operators query the plant in natural language without scrolling through HMI trees.
Investigation lab built around Event Viewer, Sysmon, and Security logs. Reconstructs attacker timelines from Event ID 4688, Sysmon EID 1, RDP / Terminal Services events, and PSEXEC traces — converting between UTC and local time, then rendering a clean incident narrative for non-technical readers.
Strategic teardown of a startup wedge in OT/ICS security for mid-market utilities and industrial operators. Identified a five-way competitive gap (software-only deployment, inline protocol enforcement, AI-generated policies, mid-market pricing, compliance automation) and a co-managed MDR go-to-market in the $25K–$75K ARR band.
Full-stack analysis system: Python / FastAPI backend, React Bloomberg-Terminal-style frontend, 60+ technical indicators via yfinance & FRED, with the Anthropic API generating analyst-style commentary. Built as directional analysis, not a prediction oracle — and engineered around that distinction.
Python tooling that takes raw exported SCADA tag lists, cleans naming inconsistencies, splits physical asset from logical monitoring object, and emits a structured asset registry — turning spreadsheet chaos into something a historian can actually query.
NI LabVIEW 2022 Q3 virtual instrument that converts Celsius to Fahrenheit and Kelvin via a Boolean toggle and a Case Structure — a small teaching piece on dataflow programming and instrumentation UX.
Préparatoire Génie Mécanique · PM25
Mathematics, physics, thermodynamics, materials science, linear algebra, mechanics, optics, chemistry, and engineering laboratory work — taught in French.
Offensive techniques, tooling, and methodology — used as the lens for blue-team detection design.
Routing, switching, IP services, security fundamentals, and network automation basics.
Windows Server administration, identity, and core infrastructure — foundation for endpoint forensics.
Reach out in English, French, or Arabic. I respond fastest to email.