Portfolio

Pentest

Enterprise Red Team Assessment

Full-scope red team engagement against a 500-user financial institution. Achieved domain admin via spear-phishing + lateral movement within 48h. Delivered hardening roadmap.

Active Directory Phishing Metasploit Mimikatz

Cloud

AWS Cloud Security Posture Review

Security assessment of a multi-account AWS environment for a West African telecom operator. Identified 47 misconfigurations across IAM, S3, and VPC. Implemented CSPM tooling.

AWS IAM S3 CloudTrail Prowler

Governance

ISO 27001 ISMS Implementation

Led end-to-end ISO 27001 certification project for a telecom company (850 employees). Designed ISMS scope, drafted 42 security policies, and coordinated the certification audit.

ISO 27001 ISMS Risk Register Audit

Forensics

Ransomware Incident Response

Led post-breach investigation following a ransomware attack on a manufacturing company. Identified patient zero, traced lateral movement, recovered 98% of data from backups.

DFIR Volatility FTK Log Analysis

Network

VSAT & IP Network Security Hardening

Redesigned security architecture of a hybrid VSAT/IP network for a regional ISP in Central Africa. Deployed pfsense cluster, IDS/IPS, and ALLOT traffic management.

VSAT pfsense Snort ALLOT

Pentest · Cloud

Web App & API Penetration Test

OWASP Top 10 assessment of a SaaS platform including REST API, OAuth2 flows, and infrastructure. Found SSRF and privilege escalation vulnerabilities pre-launch.

OWASP Burp Suite SSRF OAuth2

Governance

COBIT Security Governance Framework

Built a COBIT®-aligned security governance framework for a financial institution, including KPI/KRI dashboards, monthly security board reports, and security committee charter.

COBIT® KPI/KRI Reporting

Forensics · Network

Telecom Fraud Investigation

Investigated SIM-swap fraud and insider threat case at a mobile operator. Correlated CDRs, network logs, and access logs. Delivered evidence package for legal proceedings.

CDR Analysis GSM OSINT Legal