About
Junior Penetration Tester and VAPT practitioner with hands-on experience across web application security, Active Directory exploitation, and cloud security assessments, aligned to OWASP, NIST CSF, and ISO/IEC 27001:2022.
I have completed structured engagements covering full-cycle vulnerability assessment and penetration testing — from reconnaissance and exploitation through to CVSS-scored reporting and remediation validation. My findings have been mapped to ISO 27001 Annex A controls and OWASP Top 10, producing governance-ready deliverables for technical and executive audiences.
Tooling: Burp Suite · Metasploit · Nmap · Nessus · BloodHound · CrackMapExec · SQLMap · Wireshark · MobSF · Frida · Microsoft Sentinel · KQL · AWS/Azure/GCP security tooling.
I also build security tools independently — including PhishDetectAI (NLP-based phishing detection) and ThreatIntelAggregator (multi-source threat intel CLI) — both available on GitHub.
Currently pursuing OSCP-track skills. Open to junior/graduate penetration testing roles in the UK, EU, and US (remote or visa-sponsored). Let's connect.
Education
Work
Lagos, Lagos, Nigeria
→
Full Time
Summary
Designed and implemented an ISO/IEC 27001:2022-aligned ISMS from scratch, mapping 30+ Annex A controls to organisational risk, resulting in a fully audit-ready governance framework delivered within the first engagement cycle. Conducted end-to-end VAPT across web applications and internal infrastructure, identifying critical vulnerabilities with CVSS scoring and prioritised remediation guidance, directly reducing the client's exploitable attack surface. Produced executive and technical pentest reports including control-mapping matrices and retesting evidence, enabling the client to action findings without requiring external interpretation. Performed Vulnerability Assessment and Penetration Testing (VAPT) to uncover, exploit, and report security weaknesses with actionable remediation guidance.
Remote, Lagos, Nigeria
→
Summary
Completed 25 hands-on labs across ethical hacking, vulnerability scanning, and SIEM analysis in a structured government fellowship, achieving a minimum 70% pass rate across all 84 course modules. Performed simulated Active Directory exploitation using Metasploit and custom scripts, identifying privilege escalation paths that informed remediation recommendations in structured exercises. Conducted SIEM log analysis using Splunk and Zeek alongside packet inspection in Wireshark, building detection and triage skills aligned with SOC and pentest workflows.
Highlights
Completed 25 hands-on labs and 84 course modules, achieving a minimum score of 70% on all tasks and submissions.
Applied practical ethical hacking and threat detection skills using Metasploit, Burp Suite, and Active Directory exploitation scripts through structured exercises.
Demonstrated hands-on cybersecurity proficiency via labs and real-world simulations, including vulnerability scanning (Nessus, OpenVAS, Nikto, Zaproxy).
Performed SIEM log analysis (Splunk, Zeek) and packet inspection (Wireshark) during hands-on cybersecurity simulations.
Remote, Lagos, Nigeria
→
Summary
Completed an intensive 7-day virtual training program focused on SC-900/SC-200 Microsoft certifications, gaining hands-on experience in cloud-native security tools.
Highlights
Gained hands-on proficiency with Microsoft 365 Defender, Azure Defender, and Microsoft Sentinel, aligning with SC-200 learning objectives.
Practiced incident detection, response, and mitigation techniques using real-world SOC scenarios and Microsoft cloud-native security tools.
Developed expertise in Kusto Query Language (KQL) for threat hunting, log analysis, and custom analytics rule creation in Microsoft Sentinel.
Applied MITRE ATT&CK framework mappings to Microsoft security incidents for improved threat context and escalation decisions.
Remote, Lagos, Nigeria
→
Summary
Conducted vulnerability assessments and implemented security measures to reduce attack surfaces and enhance incident response capabilities.
Highlights
Conducted comprehensive vulnerability assessments and applied remediation strategies to effectively reduce organizational attack surfaces.
Implemented centralized logging and SIEM integration to significantly enhance incident detection and response capabilities.
Developed and enforced robust access control policies, ensuring the principle of least privilege across diverse systems.
Remote, Lagos, Nigeria
→
Summary
Designed and deployed secure system architectures across on-premises environments, applying hardening baselines and endpoint protections that measurably reduced the threat exposure window. Implemented firewall rule sets and real-time anomaly monitoring in collaboration with IT teams, improving detection coverage across the network perimeter. Documented security configurations and control decisions, producing audit-ready artefacts aligned to internal governance requirements.
Highlights
Designed and applied secure system architectures to effectively mitigate risk across on-premises environments.
Strengthened system resilience by implementing advanced hardening techniques and endpoint protections.
Collaborated cross-functionally with IT teams to deploy critical firewall rules and monitor for real-time anomalies.
Remote, Lagos, Nigeria
→
Summary
Taught core cybersecurity principles to a diverse group of learners, focusing on secure design, compliance, and incident rDesigned and delivered a structured cybersecurity curriculum to 25+ learners covering secure design, incident response, and compliance, achieving a 98% learner success rate. Built and facilitated hands-on labs on phishing detection, cyber hygiene, and audit readiness, improving learner practical skill scores across all assessed modules. Mentored students individually through performance tracking, reducing dropout risk and increasing lab completion rates across the cohort.esponse.
Highlights
Taught core cybersecurity principles to over 25 learners, focusing on secure design, compliance, and incident response.
Maintained a 98% learner success rate through structured labs, personalized mentoring, and performance tracking.
Facilitated interactive simulations on cyber hygiene, phishing detection, and audit readiness to enhance practical skills.
Remote, Lagos, Nigeria
→
Summary
Engaged in practical red and blue team activities and vulnerability reporting in simulated threat environments.
Highlights
Conducted practical red and blue team activities within simulated threat labs, enhancing offensive and defensive cybersecurity skills.
Completed the Hacktify CTF challenge series, successfully reporting vulnerabilities and developing effective mitigation plans.
Gained valuable exposure to advanced network traffic analysis and breach containment strategies.
Remote, Lagos, Nigeria
→
Summary
Progressed from intern to ICT Security Officer within four months by demonstrating hands-on capability in threat hunting, log monitoring, and vulnerability risk ranking during routine network scans. Implemented centralised logging and SIEM integration that significantly enhanced incident detection speed and response capability across the organisation. Developed and enforced access control policies applying the principle of least privilege, reducing the risk of credential abuse and lateral movement.
Highlights
Participated actively in threat hunting, log monitoring, and comprehensive compliance assessments of security systems.
Assisted in audit reporting and accurately ranked vulnerability risks during routine network scans.
Supported efficient ticket triage and thorough investigation on basic incident escalations.
Lagos, Lagos State, Nigeria
→
Summary
Completed a 6-month hands-on cybersecurity bootcamp, focusing on technical specialization, project delivery, and workplace readiness through real-world simulations.
Highlights
Completed weekly deliverables and participated in 10 hands-on lab sessions over a 6-month bootcamp, mastering cybersecurity tools and concepts.
Reduced threat exposure by 35% through proactive log analysis and control configurations.
Trained and mentored 25+ students in security foundations, achieving a 98% certification success rate.
Implemented foundational controls aligned with ISO 27001 and ISO 27032 guidelines, enhancing organizational security posture.
Designed and deployed a customized cybersecurity framework and best practices for Mountain of Fire and Miracles Ministries Headquarters, strengthening digital resilience.
Skills
Penetration Testing & Ethical Hacking
Burp Suite, Metasploit, Nmap, SQLMap, BloodHound, CrackMapExec, Mimikatz, Kali Linux, OWASP Top 10, Privilege Escalation, Active Directory Exploitation, Manual Testing, Web Application Security, Mobile Security (MobSF/Frida).
Security Tool Development
Python, NLP (scikit-learn), Streamlit, CLI Tool Development, Threat Intelligence Automation.
SOC Operations & Analysis
EDR, XDR, NDR, MDR, UEBA, SOAR, TIP, Incident Detection, Incident Response, Log Analysis, Nessus, OpenVAS, Nikto, CVSS Scoring.
Vulnerability Management
OpenVAS, Nessus, Risk Prioritization, Vulnerability Scanning, Remediation, Nikto, CVSS Scoring, CVE Analysis, Risk Prioritization, Remediation Planning, Retesting.
Web & Network Security
Network Auditing, Web App Scanning, Secure Configurations, Firewall Rules, Packet Inspection.
Ethical Hacking
Metasploit, Burp Suite, Active Directory Exploitation, Red Team Activities, Blue Team Activities.
Cloud Security
Microsoft 365 Defender, Azure Defender, Microsoft Sentinel, AWS Security, Cloud VAPT.
Risk, Compliance & Governance
ISO 27001:2022, ISO 27032:2023, NIST, GRC, Access Control Policies, Audit Reporting, Control Mapping, Report Writing.
Soft Skills
Training, Communication, Documentation, Team Collaboration, Mentoring.
Certificates
ICS Cybersecurity Evaluation (401)
Issued By
US Department of Homeland Security/Cybersecurity and Infrastructure Security (CISA) Agency
ICS Cybersecurity Training (300)
Issued By
US Department of Homeland Security/Cybersecurity and Infrastructure Security (CISA) Agency