Demmy Adeyemo, Developer in London, United Kingdom
Demmy is available for hire
Hire Demmy

Demmy Adeyemo

IT Security Architect and Developer

London, United Kingdom

Toptal member since November 21, 2022

Bio

Demmy is an information security architect with numerous years of experience in systems and security architecture. He has worked with different vendor products and platforms to achieve a cohesive and in-depth defense strategy. A committed and pragmatic professional with good team spirit, Demmy delivers projects with tight schedules and proven client care.

Portfolio

GidiSync Solutions
AWS Cloud Security, Azure Cloud Security, Zero Trust...
Foreign Office - Classified
Security Operations Centers (SOC), Threat Intelligence...
Lloyds Banking Group
DevSecOps, Cloud Security

Experience

  • SIEM - 13 years
  • Network Security - 10 years
  • Security Architecture - 10 years
  • Identity & Access Management (IAM) - 8 years
  • Amazon Web Services (AWS) - 7 years
  • PCI DSS - 7 years
  • DevSecOps - 7 years
  • Risk Management - 5 years

Preferred Environment

Windows, Linux, Amazon Web Services (AWS), Azure, Google Cloud Platform (GCP), Kubernetes Security, Microsoft 365, Google Workspace, Docker, VMware vCloud

The most amazing...

...project I've been involved in is the development of the England and Wales NHS COVID-19 app that helped slow the spread of the virus and saved lives.

Work Experience

Principal Security Architect

2020 - PRESENT
GidiSync Solutions
  • Established a security-first consultancy practice, delivering strategic and technical advisory to SMEs and large enterprises across sectors including finance, public services, and retail.
  • Designed secure remote access architectures for clients transitioning to hybrid and remote work models, ensuring confidentiality, availability, and scalability of collaboration platforms and VPN solutions.
  • Led cross-functional delivery teams including architects, analysts, and cloud engineers, overseeing the successful implementation of secure infrastructure and cloud-native services on AWS and Azure.
  • Conducted cyber resilience assessments and implemented layered defense strategies to protect client environments from ransomware, phishing, and insider threats.
  • Delivered security maturity uplift programs, aligning client controls with industry frameworks such as NIST CSF, ISO 27001, and Cyber Essentials Plus.
  • Advised enterprise clients on IAM, network security, and cloud governance, resulting in reduced attack surface, improved access control, and compliance with sector-specific regulations.
  • Built repeatable consulting methodologies and toolkits, improving delivery efficiency and ensuring consistent outcomes across engagements.
Technologies: AWS Cloud Security, Azure Cloud Security, Zero Trust, Identity & Access Management (IAM), NIST, Security Operations Centers (SOC)

Domain Security Architect

2024 - 2025
Foreign Office - Classified
  • Led the work on cyber improvement program for a critical national infrastructure that's essential to central government departments and international agencies.
  • Implemented new technical controls and refreshed existing ones to improve our ability to protect and detect cybersecurity threats.
  • Led collaboration efforts with international intelligence agencies and cross-functional teams to facilitate the sharing of threat intelligence and implement protective controls to proactively secure the platform.
Technologies: Security Operations Centers (SOC), Threat Intelligence, Security Information and Event Management (SIEM)

Enterprise Security Architect

2023 - 2024
Lloyds Banking Group
  • Reviewed solution design and provided security input throughout the project lifecycle using patterns, policies, and standards to guide project teams.
  • Collaborated with cross-functional teams to integrate CDN solutions seamlessly into web architectures.
  • Issued security requirements to project teams to govern solution architecture and design resilient systems according to the bank's security framework.
  • Ensured that systems supporting material non-public information are only migrated to the private cloud, and implement zero trust security using VMware dFW.
  • Used NSG and dFWs to secure VNets and NSX-T segments. Integrated logs from dFWs to vRLI were forwarded to Splunk, and they were heavily forwarded for proactive SIEM monitoring using Splunk.
  • Created a security workflow within the pipeline for SAST and code quality scanning using SonarQube and CodeQL, as well as SCA scans using Snyk.
  • Configured F5 ASM (Application Security Manager) to enhance security posture and protect against application layer attacks.
  • Embedded security into the DevOps process by mandating CI checks using a security workflow created to ensure all pull requests to the main branch are security-scanned before being approved.
  • Integrated cloud audit logs from GCP to the SIEM to effectively monitor microservices housed in GCP.
  • Ensured all storage devices, such as vSphere or EMC Isilon, implemented encryption at rest to provide data security controls natively within the infrastructure.
Technologies: DevSecOps, Cloud Security

Security Expert

2023 - 2023
Annabel Mangold DBA Mangold Design
  • Performed a security audit of a health application collecting and processing health data to ensure it's compliant with HIPAA.
  • Executed security configuration review of web and API components to ensure industry best practices were used in the authentication and authorization flows, secure development practices were used in the pipeline, as well as web encryption standards.
  • Proposed a redesign of the application to maintain security principles, optimized the application's performance, and enabled scalability to multiple geographic locations where the client business was expanding.
Technologies: Security Audits, Penetration Testing, Ethical Hacking, Compliance, Security, WordPress, Data Governance, HIPAA Compliance, IT Security, WP Engine

Enterprise Security Architect

2021 - 2023
6point6 - Cabinet Office
  • Revamped GovUK's cloud architecture to simplify and consistently apply security controls. Centralized management was implemented to prevent configuration drift, fostering unified administration across the government digital services' diverse directorates.
  • Established a GitHub workflow for security scans, ensuring mandatory execution in each CI project to detect code vulnerabilities and misconfigurations early in the pipeline, contributing to improved overall code quality and security.
  • Developed a comprehensive IT policy framework encompassing essential policies to support standards and guidelines. Orchestrated the proposal of this framework to GDS and the wider Cabinet Office for consideration and adoption.
  • Implemented the DefectDojo tool for efficient management of application security vulnerabilities, streamlining the tracking, prioritization, and remediation of identified issues.
Technologies: Security Automation, Cloud Security, Incident Response & Resilience, DevSecOps

Enterprise Security Architect

2021 - 2023
6point6 - Home Office
  • Designed secure data flows for biometric and visa systems, ensuring GDPR and Law Enforcement Directive (LED) compliance across all layers.
  • Partnered with operational teams to deliver privacy-respecting digital services at scale, improving public trust and regulatory alignment.
  • Delivered vendor and system risk assessments as part of major technology refresh programs, reducing third-party risk exposure during platform transitions.
Technologies: General Data Protection Regulation (GDPR), Cloud Security, Security Information and Event Management (SIEM), Identity & Access Management (IAM), NIST, Azure Cloud Security

Senior Security Architect

2020 - 2022
NHS Test & Trace
  • Reviewed microservices processing exposure notification data to make sure they were configured securely. Ensured any personally identifiable information was discarded or tokenized at the source and did not traverse back-end systems.
  • Built security into development practices, such as securing main branches by requiring pull requests, SCA analysis on images used for containerization, statistical analysis on development code, and reviewing IaC templates for security settings.
  • Defined CI/CD pipelines for security engineering teams to provide products like a gold build operating system and updates, packaged host applications, e.g., endpoint detection and response (EDR), and clean images.
  • Made submissions to the ICO on data sets involving PII that explained the need for them and how they were protected and/or removed from systems.
Technologies: Cloud Security, Cloud Architecture, IoT Security, Security, IT Security, Microsoft 365, Endpoint Detection and Response (EDR), AWS Certified Solution Architect, Data Loss Prevention (DLP)

Enterprise Security Architect

2021 - 2021
NewDay Cards
  • Developed the security operating model for Azure-hosted services, enabling controlled scaling of digital products with embedded risk controls.
  • Drove the adoption of role-based access and policy automation, leading to a significant reduction in access-related incidents and audit exceptions.
  • Provided executive guidance on third-party risk for fintech integrations, ensuring safe consumption of external services while maintaining PCI-DSS and GDPR compliance.
Technologies: Security Architecture, Identity & Access Management (IAM), Role-based Access Control (RBAC)

Domain Security Architect

2019 - 2020
Freshfields Bruckhaus Deringer
  • Integrated Active Directory (AD) with Azure AD using role-based access control (RBAC) and privileged identity management (PIM) to provide access to services and applications based on customer-managed roles and policies.
  • Used a network security group (NSG) and dFWs to secure VNets and NSX-T segments and monitor with proactive use cases using Azure monitor.
  • Used a security center to check for Azure resource compliance and implemented Sentinel as a security information and event management (SIEM) tool to monitor Azure and Microsoft 365 platforms.
  • Defined a software development lifecycle (SDLC) with a development test and pre-production and production environment, and a CI/CD pipeline. Also, I locked down code repositories linked to a respective environment controlled by RBAC policies.
Technologies: Cloud Security, Cloud Architecture, IoT Security, Security, IT Security, CISO, DDoS, Azure Cloud Security

Security Architect

2018 - 2019
Financial Conduct Authority
  • Reviewed solution designs for AWS and Azure cloud migration based on the architecture blueprint, ensuring the right level of integration with cloud security tools and providing security sign-off as part of the cloud migration program.
  • Created an architecture repository, particularly a standard information base, to support documentation of policies, standards, guidelines, and best practices for project teams using infrastructure to deploy new solutions or remediate old ones.
  • Designed and implemented a vulnerability management program using Qualys to scan on-premise infrastructure and IaaS resources, Prisma to review serverless components, and feed findings into skybox to categorize vulnerabilities based on risk.
  • Implemented mail protection techniques using SPF and DKIM to authorize legitimate senders and DMARC policies to inform receivers on actions to take on senders that fail authentication.
Technologies: Cloud Security, Cloud Architecture, IoT Security, Security, IT Security, SMTP, AWS Cloud Security, Data Governance

Lead Security Architect

2016 - 2018
Burberry
  • Set up a security advisory function and defined terms of engagement, triage, and assessment criteria to provide relevant security requirements to the project.
  • Built a pool of security requirements from ISO 27001, PCI DSS, GDPR, and COBIT 5.0 and mapped appropriate standards or policies within the organization.
  • Embedded security into the project management lifecycle by defining a security engagement process, signing off artifacts produced at each project gate, and determining security transition criteria to move the project into service.
  • Reviewed project technical documentation and proposed solution designs necessary to help meet information security requirements and regulations.
  • Designed a PCI DSS-compliant merchant network for over 300 stores globally to collect and process card payments.
  • Redesigned store networks to accommodate sales, corporate, and guest use, leveraging AWS for corporate resources.
Technologies: Cloud Security, Cloud Architecture, IoT Security, Security, IT Security

Security Consultant

2015 - 2016
Nationwide Building Society
  • Ensured enterprise compliance with PCI DSS on merchant, issuer, and acquirer systems and solutions, new or existing, as evidenced by a Report on Compliance (ROC).
  • Recommended solution designs, strategies, and processes that will improve service, lower costs, and prevent unforeseen operational issues.
  • Managed issues and risks within projects, escalating when necessary to prevent them from becoming business risks. Developed a risk treatment plan to track and treat risks appropriately, minimizing their impact on the business.
Technologies: Amazon Web Services (AWS), Cloud Security, Hybrid Cloud Infrastructure, Hyper-V, F5 Networks

Security Design Authority

2012 - 2015
BT – Financial Clients
  • Worked closely with a financial client’s security team to strengthen security controls on operational systems.
  • Embedded security controls in new solutions in order to protect assets and reputation, and comply with industry standards and regulations.
  • Defined and embedded security architecture patterns into client solutions, ensuring alignment with regulatory standards such as PCI-DSS and ISO 27001, while reducing time-to-approval during design assurance reviews.
Technologies: Data Encryption, Data Protection, ISO 27001

IT Security Analyst

2012 - 2012
BT - Financial & Government Clients
  • Deployed and tuned unified threat management (UTM) platforms, enhancing visibility and enabling proactive blocking of intrusion attempts and malware across critical infrastructure.
  • Implemented secure connectivity solutions, including IPsec tunnels and VPNs, to enable compliant and encrypted data exchange across client networks.
  • Collaborated with audit and compliance teams to address high-priority findings by implementing compensating controls and tracking remediation progress through to closure.
Technologies: ISO 27001, Security Information and Event Management (SIEM), Unified Threat Management (UTM), Network Security

Network Security Engineer

2011 - 2012
Societe Generale
  • Led the design and secure operation of development and test networks, supporting high-frequency, low-latency trading systems with stringent performance and isolation requirements.
  • Managed security upgrades and policy enforcement across firewalls and network devices, strengthening the security posture of critical trading environments.
  • Monitored security events and supported incident handling, ensuring rapid detection and resolution of anomalies in highly sensitive, time-critical infrastructure.
Technologies: Firewalls, Network Security, Security Information and Event Management (SIEM)

Application Security Engineer

2010 - 2011
Happy2 Host UK
  • Performed static and dynamic application security testing (SAST and DAST) on web applications, identifying and helping remediate OWASP Top 10 vulnerabilities before production release.
  • Used OWASP ZAP to automate black box testing, uncovering real-world attack vectors such as XSS, SQL injection, and authentication flaws across hosted web services.
  • Collaborated with developers to embed secure coding practices, integrating GitHub-based scanning workflows to shift security left in the SDLC.
Technologies: Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), GitHub, Security Automation

Cyber Security Engineer

2009 - 2010
Inmarsat Global
  • Investigated and resolved connectivity and security-related incidents across global satellite communication systems, supporting operational continuity in high-availability environments.
  • Produced detailed root cause analysis (RCA) reports, identifying recurring issues and recommending long-term remediation strategies to reduce incident recurrence.
  • Supported daily security operations, contributing to monitoring, troubleshooting, and improving incident response processes within mission-critical infrastructure.
Technologies: Network Security, Incident Response

Web Designer

2008 - 2009
Happy2 Host UK
  • Automated system administration tasks with Shell and Bash scripts, reducing manual effort and improving deployment efficiency across environments.
  • Developed and enhanced web applications using ASP.NET, C#, PHP, and VB, delivering functional improvements to learning and content management systems.
  • Automated system administration tasks with Shell and Bash scripts, reducing manual effort and improving deployment efficiency across environments.
Technologies: ASP.NET, Database Integration, Version Control, JavaScript, Bash, Shell, Linux, PHP

Experience

NHS COVID-19 App

https://github.com/nihp-public/covid-19-app-configuration-public
I was a member of a team that developed the British government's COVID-19 tracking app to slow the virus's spread by breaking the transmission chain. The app leveraged the GAEN framework, preserving citizen privacy while following a positive case exposure notification. It was built on a distributed architecture for ease of deployment, management, and portability. I oversaw the following:

• The security assurance of application architecture, implementation, and codebase.
• The security assurance of proposed features and assessment of each release.
• The adherence to data protection laws and upholding citizens' privacy rights.
• The security in the development pipeline.

Secure Cloud Modernization for Legacy Applications (Lloyds Banking Group)

I played a key role in the secure transformation of Lloyds Banking Group’s legacy platforms to cloud-native solutions hosted across private and public cloud environments. The project aimed to modernize infrastructure while upholding regulatory and internal risk controls.

CONTRIBUTIONS
• Issued secure design requirements and embedded security checkpoints throughout project lifecycles to align with Lloyds' cybersecurity framework.
• Enabled serverless and container-based migration strategies using CI/CD pipelines integrated with tools like SonarQube, CodeQL, and Snyk for automated code and dependency scanning.
• Implemented zero trust principles using VMware NSX-T distributed firewalls and network segmentation for systems hosting sensitive financial data.
• Designed and secured multi-cloud monitoring by forwarding logs from GCP and VMware platforms into a unified SIEM (Splunk), enabling proactive threat detection across hybrid environments.

Cyber Resilience Enhancement Across Government Platforms (Cabinet Office–GovUK Platform)

I led security architecture efforts for the UK Cabinet Office’s GovUK platform to uplift cyber resilience and embed NCSC CAF principles into digital government services. This program targeted centralized control, unified security governance, and increased developer accountability.

TASKS
• Redesigned the cloud architecture to standardize security control application and reduce configuration drift across directorates.
• Introduced GitHub workflows that enforced mandatory security scans on every CI/CD pipeline, ensuring early detection of misconfigurations and vulnerabilities.
• Developed and proposed an enterprise-wide policy and governance framework for the Cabinet Office and GDS, enabling cohesive cybersecurity practices.
• Deployed and integrated the DefectDojo platform to streamline vulnerability tracking, prioritization, and remediation across diverse development teams.

Education

2010 - 2011

Master's Degree in Computer Systems and Networks

University of Bradford - Bradford, West Yorkshire, United Kingdom

2006 - 2009

Bachelor's Degree in Electronics, Communications, Network Engineering with Industrial Studies

University of Bradford - Bradford, West Yorkshire, United Kingdom

Certifications

NOVEMBER 2023 - PRESENT

Certified Information Security Manager

ISACA

AUGUST 2021 - PRESENT

Azure Security Engineer

Microsoft

FEBRUARY 2020 - PRESENT

AWS Security Specialty

AWS

SEPTEMBER 2019 - PRESENT

Certified Ethical Hacker (CEH)

EC-Council

FEBRUARY 2019 - PRESENT

AWS Solutions Architect Associate

AWS

FEBRUARY 2018 - PRESENT

TOGAF 9.1

The Open Group

AUGUST 2016 - PRESENT

Splunk Consultant I

Splunk

JUNE 2015 - PRESENT

Certified Information System Security Professional (CISSP)

ISC2

JULY 2013 - PRESENT

Sourcefire Certified Professional (SFCP)

Sourcefire

OCTOBER 2012 - PRESENT

JNCIS-Security

Juniper Networks

JANUARY 2012 - PRESENT

Chartered Engineer

Engineering Council UK

APRIL 2011 - PRESENT

Cisco Certified Security Professional (CCSP)

Cisco

Skills

Tools

Prisma, Terraform, GitHub, Shell, Hyper-V, Google Workspace, AWS IAM

Paradigms

DevSecOps, DDoS, Management, Web Architecture, Penetration Testing, HIPAA Compliance, Role-based Access Control (RBAC)

Platforms

Windows, Amazon Web Services (AWS), MacOS, Linux, Azure, Google Cloud Platform (GCP), WordPress, Docker

Industry Expertise

Cybersecurity

Storage

Amazon S3 (AWS S3), Azure Active Directory, WP Engine, Database Integration

Languages

YAML, Bash, Python 3, Embedded C++, Embedded C, Python, JavaScript, PHP

Frameworks

Windows PowerShell, ASP.NET

Other

Security Architecture, Risk Management, Network Security, Vulnerability Management, PCI DSS, NIST Cybersecurity Framework, General Data Protection Regulation (GDPR), Networking, SIEM, Endpoint Detection and Response (EDR), Encryption, Cryptography, Cloud Security, Cloud Architecture, Networks, IT Security, Identity & Access Management (IAM), IoT Security, Internet of Things (IoT), Security, Microsoft 365, Compliance, Security Audits, GRC, Vulnerability Assessment, AWS Cloud Security, Architecture, Data Loss Prevention (DLP), Azure Cloud Security, Active Directory (AD), ISO 27001, CCNP Security, Solution Architecture, Sequence Read Archive (SRA) Data, Cisco, Palo Alto Networks, Web Security, Data Security, AWS DevOps, CI/CD Pipelines, Embedded Systems, SMTP, CISO, AWS Certified Solution Architect, Shell Scripting, AWS Cloud Architecture, Firewalls, Hybrid Cloud Infrastructure, F5 Networks, Ethical Hacking, Data Governance, Kubernetes Security, VMware vCloud, Digital Forensics, Security Information and Event Management (SIEM), NIST, Security Automation, Incident Response & Resilience, Security Governance, AI Security, Security Operations Centers (SOC), Threat Intelligence, Zero Trust, Data Encryption, Unified Threat Management (UTM), Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Incident Response, Version Control, Software Development Lifecycle (SDLC), Application Security, Cloud Governance, regulatory alignment, Information security governance, AWS Security Hub, VPC security, Network Monitoring, Malware Sandboxing, Threat Detection and Response (TDR), Juniper SRX firewalls, IPSec/SSL VPNs, AppSecure, Engineering Design Authority, Standards Compliance, Technical Leadership, Zone-based Firewall, VPN Configuration, Data Protection

Collaboration That Works

How to Work with Toptal

Toptal matches you directly with global industry experts from our network in hours—not weeks or months.

1

Share your needs

Discuss your requirements and refine your scope in a call with a Toptal domain expert.
2

Choose your talent

Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.
3

Start your risk-free talent trial

Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.

Top talent is in high demand.

Start hiring