Lead Cybersecurity Engineer · 100+ enterprise engagements across financial and public sector · SOC team leadership
Most organisations in regulated sectors do not have a cybersecurity problem. They have an architecture problem. Perimeter controls sit in isolation, endpoint defence is disconnected from the network layer, identity governance is an afterthought, and detection stays reactive while the attack surface keeps growing. The reason is almost always the same: nobody designed the defences as one system.
That design work is what I do. My work sits where security architecture, engineering, and governance meet. I build layered enterprise security frameworks from the ground up, including network segmentation, Zero Trust access enforcement, privileged identity controls, endpoint behavioural defence, database activity monitoring, and managed detection. I integrate these into a coherent posture rather than a stack of products, then I pressure-test that posture through red-team exercises and structured adversarial assessment to see what it actually holds against. Most importantly, I present these into executive grade comprehensive reporting that both the decision making boards and the server room Engineers understand.
For almost 4 years now, I have delivered 100+ security engagements across Kenya's financial and public sector. I have led SOC teams of up to eight analysts in continuous detection environments, driven enterprise vulnerability remediation to a documented 93.5% closure rate, and produced investor-grade security assessments reviewed by institutional investors across East Africa and partly in Europe. I have embedded DevSecOps controls into CI/CD pipelines at financial institutions and cut the introduction of OWASP Top 10 vulnerabilities in production by 60%. On the governance side I have strengthened organizational postures against the ISO 27001 frameworks, CBK cybersecurity guidlines, SASRA compliance, PCI-DSS, and other GRC structures that boards and auditors actually use.
The thing that separates practitioners who only understand the terminal from practitioners who actually drive change in risk posture is translation. Technical security skill only reduces risk when the institution understands what it is carrying. A SACCO tolerating a broken authentication bypass in its member API is not facing a compliance flag; it is exposed to member data theft, regulatory sanction, reputational collapse, and potential insolvency. Stating that clearly enough for a board to fund the fix, and precisely enough for an engineer to implement it correctly, is a rare talent among most Engineers, yet a capability I have built deliberately.
This GitHub profile is where that practice is made open. Alongside live client work, I build complete reference systems end to end and document them to the standard I hold my own teams to. Part of that is method capture; part of it is deliberate. Young Engineers in the Cybersecurity field rarely get to see how a real enterprise build is reasoned through from first principles, so I publish it. Distilling production-grade work into something a an IT manager at a bank can deploy, yet elaborate enough to the level a junior can actually follow and learn on a SOHO network.
|
🛡️ Security operations & detection Production-style SOC builds, SIEM/XDR deployments, custom detection engineering, and threat-hunting workflows, documented end to end. |
⚔️ Offensive security & VAPT Structured penetration tests and adversarial assessments against deliberately vulnerable targets, written up to professional report standard. |
|
☁️ Cloud & DevSecOps Secure cloud architecture, infrastructure as code, and security controls embedded directly into CI/CD pipelines. |
📋 Governance, risk & compliance Framework mapping, control design, and the kind of board-ready documentation that converts architectural intent into operational discipline. |
🧭 SOC Homelab & Enterprise Monitoring with Wazuh SIEM/XDR The way I stand up monitoring in production, documented in full: a Wazuh manager on hardened Ubuntu, multi-OS endpoints (Windows, Linux, and a real physical device acting as a BYOD endpoint), Sysmon-enriched telemetry, network segmentation across an isolated fabric, and live alerting triaged by severity. Written as a reference for practitioners building toward the same standard, and as a capability organisations can commission directly.
📂 Explore the build → (pinned below)
More repositories cover detection rule engineering, attack simulation, malware analysis, incident response, Application and API Pentesting, Database Security and Cloud Security. Browse the pinned projects for the current set.
I publish these builds so practitioners and people moving up in the field can study how the work is actually reasoned through, If you are unsure about which cybersec path to take, this can also give you a glimpse of the various subdomains in this field. Everything here is meant to be used: clone it, adapt it, challenge it.
If you are an organisation that wants this done properly on your own infrastructure (SOC deployment, detection engineering, a security assessment, or a governance programme that survives an audit) that is the work I do. The labs show the method; the engagement applies it to your environment.