About
Vulnerability Assessment & Penetration Testing Consultant, providing practical, risk-driven security assessments aligned with ISO/IEC 27001:2022, NIST Cybersecurity Framework (CSF), and OWASP standards.
I deliver hands-on testing across web applications, Active Directory environments, Cloud Infrastructures, and Mobile Applications; including dynamic and static analysis.
My engagements support organizational compliance and resilience by identifying exploitable weaknesses, attack paths, and control gaps that directly impact confidentiality, integrity, and availability.
Findings are mapped to ISO 27001 Annex A controls, NIST CSF functions (Identify, Protect, Detect, Respond, Recover), and OWASP Top 10 / MASVS, ensuring technical issues translate into governance-ready, audit-relevant outcomes.
I prioritize vulnerabilities based on likelihood, impact, and exploitability, providing clear remediation guidance, compensating controls, and validation testing to support continuous improvement and risk treatment plans.
Tooling & Techniques: Burp Suite, Metasploit, Nmap, Nessus, BloodHound, CrackMapExec, Mimikatz, SQLMap, Wireshark, MobSF, Frida, OWASP ZAP, cloud security tooling (AWS, Azure, GCP), and custom automation.
Deliverables: Executive and technical reports, CVSS-based risk scoring, control-mapping matrices, remediation roadmaps, retesting evidence, and documentation suitable for ISO audits, risk assessments, and security governance reporting.
Education
Work
Lagos, Lagos, Nigeria
→
Full Time
Summary
Designed, documented, and implemented an ISO/IEC 27001:2022 Information Security Management System (ISMS) in alignment with organizational risk and compliance requirements. Performed Vulnerability Assessment and Penetration Testing (VAPT) to uncover, exploit, and report security weaknesses with actionable remediation guidance.
Remote, Lagos, Nigeria
→
Summary
Participated in a 3-month hands-on Cybersecurity Fellowship Program, specializing in technical skills, project execution, and workplace readiness.
Highlights
Completed 25 hands-on labs and 84 course modules, achieving a minimum score of 70% on all tasks and submissions.
Applied practical ethical hacking and threat detection skills using Metasploit, Burp Suite, and Active Directory exploitation scripts through structured exercises.
Demonstrated hands-on cybersecurity proficiency via labs and real-world simulations, including vulnerability scanning (Nessus, OpenVAS, Nikto, Zaproxy).
Performed SIEM log analysis (Splunk, Zeek) and packet inspection (Wireshark) during hands-on cybersecurity simulations.
Remote, Lagos, Nigeria
→
Summary
Completed an intensive 7-day virtual training program focused on SC-900/SC-200 Microsoft certifications, gaining hands-on experience in cloud-native security tools.
Highlights
Gained hands-on proficiency with Microsoft 365 Defender, Azure Defender, and Microsoft Sentinel, aligning with SC-200 learning objectives.
Practiced incident detection, response, and mitigation techniques using real-world SOC scenarios and Microsoft cloud-native security tools.
Developed expertise in Kusto Query Language (KQL) for threat hunting, log analysis, and custom analytics rule creation in Microsoft Sentinel.
Applied MITRE ATT&CK framework mappings to Microsoft security incidents for improved threat context and escalation decisions.
Remote, Lagos, Nigeria
→
Summary
Conducted vulnerability assessments and implemented security measures to reduce attack surfaces and enhance incident response capabilities.
Highlights
Conducted comprehensive vulnerability assessments and applied remediation strategies to effectively reduce organizational attack surfaces.
Implemented centralized logging and SIEM integration to significantly enhance incident detection and response capabilities.
Developed and enforced robust access control policies, ensuring the principle of least privilege across diverse systems.
Remote, Lagos, Nigeria
→
Summary
Designed and implemented secure system architectures and strengthened resilience across on-premises environments.
Highlights
Designed and applied secure system architectures to effectively mitigate risk across on-premises environments.
Strengthened system resilience by implementing advanced hardening techniques and endpoint protections.
Collaborated cross-functionally with IT teams to deploy critical firewall rules and monitor for real-time anomalies.
Remote, Lagos, Nigeria
→
Summary
Taught core cybersecurity principles to a diverse group of learners, focusing on secure design, compliance, and incident response.
Highlights
Taught core cybersecurity principles to over 25 learners, focusing on secure design, compliance, and incident response.
Maintained a 98% learner success rate through structured labs, personalized mentoring, and performance tracking.
Facilitated interactive simulations on cyber hygiene, phishing detection, and audit readiness to enhance practical skills.
Remote, Lagos, Nigeria
→
Summary
Engaged in practical red and blue team activities and vulnerability reporting in simulated threat environments.
Highlights
Conducted practical red and blue team activities within simulated threat labs, enhancing offensive and defensive cybersecurity skills.
Completed the Hacktify CTF challenge series, successfully reporting vulnerabilities and developing effective mitigation plans.
Gained valuable exposure to advanced network traffic analysis and breach containment strategies.
Remote, Lagos, Nigeria
→
Summary
Participated in threat hunting, log monitoring, and compliance assessments to bolster security systems.
Highlights
Participated actively in threat hunting, log monitoring, and comprehensive compliance assessments of security systems.
Assisted in audit reporting and accurately ranked vulnerability risks during routine network scans.
Supported efficient ticket triage and thorough investigation on basic incident escalations.
Lagos, Lagos State, Nigeria
→
Summary
Completed a 6-month hands-on cybersecurity bootcamp, focusing on technical specialization, project delivery, and workplace readiness through real-world simulations.
Highlights
Completed weekly deliverables and participated in 10 hands-on lab sessions over a 6-month bootcamp, mastering cybersecurity tools and concepts.
Reduced threat exposure by 35% through proactive log analysis and control configurations.
Trained and mentored 25+ students in security foundations, achieving a 98% certification success rate.
Implemented foundational controls aligned with ISO 27001 and ISO 27032 guidelines, enhancing organizational security posture.
Designed and deployed a customized cybersecurity framework and best practices for Mountain of Fire and Miracles Ministries Headquarters, strengthening digital resilience.
Certificates
ICS Cybersecurity Evaluation (401)
Issued By
US Department of Homeland Security/Cybersecurity and Infrastructure Security (CISA) Agency
ICS Cybersecurity Training (300)
Issued By
US Department of Homeland Security/Cybersecurity and Infrastructure Security (CISA) Agency
Skills
Threat Detection & Monitoring
SIEM, Snort, Wireshark, TryHackMe, Kusto Query Language (KQL).
SOC Operations & Analysis
EDR, XDR, NDR, MDR, UEBA, SOAR, TIP, Incident Detection, Incident Response, Log Analysis.
Vulnerability Management
OpenVAS, Nessus, Risk Prioritization, Vulnerability Scanning, Remediation.
Risk, Compliance & Governance
ISO 27001:2022, ISO 27032:2023, NIST, GRC, Access Control Policies, Audit Reporting.
Web & Network Security
Network Auditing, Web App Scanning, Secure Configurations, Firewall Rules, Packet Inspection.
Cloud Security
Microsoft 365 Defender, Azure Defender, Microsoft Sentinel.
Ethical Hacking
Metasploit, Burp Suite, Active Directory Exploitation, Red Team Activities, Blue Team Activities.
Programming & Tools
Python, scikit-learn, Streamlit, Natural Language Processing (NLP).
Soft Skills
Training, Communication, Documentation, Team Collaboration, Mentoring.