Verified Expert in Engineering
Cybersecurity Analyst and Developer
Blessed is a senior information security analyst and engineer with a decade of experience aligning enterprise security architecture, policies, and processes with security standards and frameworks to meet business goals. He specializes in designing and implementing security solutions for enterprise-grade cyber defense teams and conducting penetration testing. Blessed has also been in red/blue teams, implemented ISO 27001 ISMS, and operated as a security lead in a DevSecOps environment.
Amazon Web Services (AWS), Azure, Windows Server, Linux, Penetration Testing, DevSecOps, Vulnerability Assessment, Information Security Management Systems (ISMS), Application Security, Oracle Cloud
The most amazing...
...thing I've built was Wazuh SIEM in Amazon EKS on a master node, integrated with Elasticsearch and Kibana in high availability and fault/fail tolerant zones.
- Architected and designed a plan for FreeSurfer, brain imaging and processing application for Toptal client, in Oracle Cloud environment.
- Used Terraform IaC to design the infrastructure's template files, including FreeSurfer compartment and fault domains, two Ubuntu instances with 8O CPUs and 73GB of memory, object storage, and virtual cloud network, subnet, and security lists.
- Deployed FreeSurfer application. Set up environment variables necessary for the application to start on CLI, linked servers to the object storage, and created cron jobs to automate fetching processed files from back-end servers to the object storage bucket.
- Built FreeSurfer golden image on a virtual machine (VM) based on Ubuntu with connections to the cloud servers for the clients' analysts. The golden image is linked to the specific subjects directory on the cloud server via SFTP using SSH keys.
- Trained clients' team of three. Wrote automated scripts for clients to execute commands via triggers. Trained team members on using and modifying scripts based on specificity and instructed the client's IT staff on Oracle Cloud server management.
Product Security Expert
Bloomberg Industry Group - Main
- Led an investigation on malicious behaviors of a desktop client product for Bloomberg Industry Group by conducting a reverse engineering/malware analysis on all .exe and .msi files submitted.
- Led in-depth developer-focused testing and analysis of GitGuardian pre-receive hook implementation for Bloomberg Industry Group. Recorded and proposed possible outcomes for development teams.
- Worked on CICD template design and enhancement for all security tools within Bloomberg's software development environments. [Sonatype, Veracode, Gitguardian, Semgrep, Snyk].
- Worked with different development teams to integrate GitGuardian, Sonatype, and Veracode security templates into their CI/CD pipeline to ensure their products comply with Bloomberg's application security requirements.
- Conducted security assessments and testing on four open-source software for Bloomberg, using a third-party risk assessment methodology to identify threats in these applications.
- Led an in-depth developer-focused testing and analysis of Sonatype firewall integration for software components and package management for Bloomberg Industry Group. [Sonatype Firewall Implementation].
- Designed and implemented Runbooks for automated security and operational testing for Sonatype and GitGuardian Servers for pre and post-upgrade testing.
- Reported vulnerabilities in Bloomberg's products to development teams and worked with them to triage security findings.
Cyberdefense Specialist | DevSecOps Engineer
- Managed Wazuh deployment on AWS EKS in high availability, fault-tolerant, and failure-proof environment. The environment has a master node for the Wazuh manager and worker nodes for Elasticsearch, Kibana, and the Wazuh indexes.
- Recognized the potential threat or attempted breach by closing off the security vulnerabilities on infrastructure and applications both on-prem and in the AWS cloud.
- Provided security during the development stages of software systems, networks, and data centers on AWS. Designed various strategies and defensive systems against intruders and monitored systems for any unusual activities using Wazuh.
- Ran a diagnostic on any information changes to verify undetected breaches. Developed and implemented information security standards, guidelines, and procedures and prepared an action plan for remediation.
- Took care of the cyber security projects and ensured they met cyber security objectives. Closely coordinated with the stakeholders and other groups related to cybersecurity-related matters.
- Offered cyber security operations such as process re-engineering, automation, and documentation. Recognized cyber security issues and devised and drove effective mitigation.
- Built Python integrations to integrate SecurityScorecard, GuardDuty, CloudTrail, and CloudWatch log groups to Wazuh SIEM. Built lambda functions to filter specific use cases from 68 AWS accounts and send alerts to OpenSearch to investigate incidence.
- Tracked vulnerabilities and collaborated with internal network teams to ensure closure and remediation of vulnerabilities. Detected compromisable patterns, insecure features, and malicious activities in the infrastructure. (OWASP testing methodology).
- Monitored and evaluated Kubernetes environment in AWS cloud against best security practices and standards. Also, I worked on monitoring and enforcing security on AWS cloud infrastructure.
- Configured logging, monitoring, and security for Redis ElastiCache in AWS. Used ACLs, Syslog facility, and priority to enable logging of users' authentication, authorization, and command execution on Redis Cluster.
Linux Systems Administrator for Oracle Cloud Instance
Ugorji Radiology Consultants LLC
- Built a secure and stable version of Windows Server 2016 with secure RDP configured to allow connections on an obfuscated port, 2FA, and whitelisted IPs.
- Configured account lockout via local policies to prevent brute force and malicious account takeover.
- Installed nordicBrainEx application, brain slice, and imagery application for brain MRI analysis and data processing. Tested the application to fine-tune its processed data for the client.
Senior Security Engineer
- Reviewed security policies and proposed requirements for security alignment for a government agency in Mozambique.
- Evaluated and made recommendations on security requirements for an insurance company in Mozambique.
- Drafted a proposal for infrastructure penetration testing for a major insurance company in Mozambique.
- Conducted penetration testing on two web applications for a Government agency in Mozambique.
- Performed scanning and enumeration, initial access, privilege escalation, lateral movement (pivoting), and persistence using Cron, Anacron, schedule tasks, host files, and more.
- Worked as a DevOps security engineer for a DevOps pipeline. Coordinated all security testing and procedures for the entire pipeline.
- Collaborated on threat modeling, IDE security, pre-commit hooks, SAST and DAST, security unit tests, and container and server security.
Senior Cybersecurity Analyst | Researcher
- Worked as a security consultant in a DevOps environment charged with security in migrating a core banking application from C to Java programming.
- Analyzed the architecture and policies in the ISO 27001 requirements for Mozambique's major cloud service providers.
- Evaluated and proposed a security monitoring tool for Mozambique's major cloud service provider.
- Migrated three front-end (Static Applications) applications to AWS S3 buckets, configured IAM roles to manage access, configured route 53 for a domain, configured ACL to manage ports and access, and configured CloudFront for CDN.
- Configured 500 EC2 workloads (Windows and Linux) for test environments for pipelines.
- Calibrated SAST and DAST for three pre-build and post-build applications using a combination of OWASP ZAP, Burp suite, Snyk, Puma Scan, and other tools.
- Configured penetration test on a Windows Active Directory domain with 500 Windows hosts and five servers.
- Conducted vulnerability scanning and patch management on all digital assets for a client of Ambisig.
- Investigated three cybersecurity incidents that led to the compromise of confidentiality and integrity of data and assets.
Senior Cybersecurity Analyst | Senior Penetration Tester
CyberPro Tec Lda
- Conducted security audits and testing on Netplus web and mobile applications for Standard Bank Mozambique.
- Performed penetration testing on three email servers in ICVL Mozambique. Deployed the .NET application to the AWS environment using RDS for the database server and Elastic BeanStalk to rapidly redeploy to production.
- Performed a security review on the T24 core banking application for a Mozambique bank. Securely configured JBoss Middleware Agent on RHEL server to integrate services, linking IT resources, data, services, and applications for a Senegal-based Bank.
- Conducted Active Directory (AD) penetration testing on more than 2,000 Windows hosts in an AD infrastructure with three domain controllers.
- Led a team of forensics investigators to investigate a cyberattack on a major insurance company in Senegal.
- Worked as a security consultant in a DevOps environment, charged with security in migrating 500 application workloads to AWS.
- Conducted penetration testing on a major insurance company's assets in Mozambique, including the client's Linux and Windows servers, DNS, DHCP, Windows hosts, Firewalls, IPS/IDS, and web application.
- Calibrated VPCs and ACLs to manage ports and external access to buckets and resources. Configured CloudFront to manage CDN and encryption (HTTPS). Configured CloudWatch, Cloud Inspect, and Security Hub to orchestrate security on all assets.
- Configured fine-grained access control with ACLs on three Linux servers using a combination of commands, including chown, chmod, usermod, useradd, getfacl, and setfacl -d -m.
Teacher | Senior IT Security Researcher
Willow International School Matola
- Scanned for vulnerabilities on all digital assets, patched 300 CVEs, implemented ten security controls on firewalls to manage intrusions, and audited the Active Directory domain with 500 users and 30 groups.
- Managed 900 students' databases and login credentials, a web and mobile application, 300 PCs, ten routers, and four fingerprint scanners. Performed Vulnerability assessment, CVE identification, vulnerability, remediation, and SAST and DAST.
- Conducted three security awareness training for all employees in the facility.
- Adjusted three Cisco routers and five Cisco Switches in a two-tiered architecture.
- Configured VPN for 100 hosts to connect to a high availability zone.
A Portfolio Applicationhttp://blesseduyo.com/
• Testing the application for best security practices, from IDE to the production environment.
• Migrated the application to AWS, using a combination of AWS S3 buckets and Route 53 to host it.
• Configured network security groups, ACLs, and CloudFront for CDN and security management.
Bug Bounty Automation Toolhttps://github.com/bleszily/Bug-Recon-Automation
Audit Active DIrectory - Build Active Directory (Automation Script)https://github.com/bleszily/Build-Active-Directory
Web Aplication for City of David Mozambique
OWASP Zed Attack Proxy (ZAP), ConfigServer Security & Firewall (CSF), AWS CloudFormation, VPN, Terraform, Bro Network Security Monitor, Amazon EKS, Confluence, Amazon OpenSearch, ELK (Elastic Stack), AWS IAM
Penetration Testing, Server Message Block (SMB), DevSecOps, Automation, Serverless Architecture
Windows Server, Amazon Web Services (AWS), Linux, Burp Suite, JBoss EAP, Heroku, Azure, Kubernetes, Wazuh, Windows Server 2016
Cybersecurity, Network Security
IP Networks, Incident Response, Risk Assessment, Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Application Security, Information Security, Vulnerability Management, IT Security, System Administration, Security, Certified Ethical Hacker (CEH), Architecture, Cloud, Vulnerability Identification, Digital Forensics, Social Engineering, Agile Software Testing, Smoke Testing, Security Audits, Cloud Migration, Firewalls, Firewall Evasion, Privilege Escalation, Cloud Security, Identity & Access Management (IAM), AWS CodePipeline, Linux Administration, Linux Server Administration, Linux Server Processes, Linux Privileged Access Management (PAM), User Management, ISO 27001, Information Security Management Systems (ISMS), Risk Management, Risk Analysis, Cisco Routers, Cisco Switches, Proxies, Web Security, Web App Security, Networks, CCNA Security, Server Security, CI/CD Pipelines, Security Testing, Active Directory Programming, Linux Network Stack, Configuration Management, Linux Server Configuration, Web Application Firewall (WAF), Detection Engineering, Lateral Movement, Azure Administrator, Red Teaming, Web & Mobile Applications, Vulnerability Assessment, Server Architecture, Okta, Cloudflare, AWS DevOps, Development, Serverless, Redis Clusters, Remote Desktop Protocol (RDP), Jira Administrator, Pivoting, Security Automation, Supply Chain Management, Azure Cloud Security
Linux File Systems, Oracle Cloud, Azure Active Directory, Elasticsearch, Redis, Data Integration
Bootstrap, Windows PowerShell, Express.js
Master's Degree in Security Analyst (Cybersecurity)
EC-Council University - New Mexico, USA
Bachelor's Degree in Physics
Unversity of Port Harcourt - Rivers State, Nigeria
AWS Solutions Architect Associate
AWS Certified Developer Associate
Microsoft Certified: Azure Administrator Associate
Microsoft Certified: Azure Security Engineer Associate
AWS Certified Security – Specialty
ISO 27001 Lead Implementer Course
Advisera Expert Solutions Ltd
52 Weeks of Python
TestOut Linux Pro Certification
Certified Ethical Hacker (CEH Master)
Certified Ethical Hacker (CEH)
Certified Network Defender (CND)
How to Work with Toptal
Toptal matches you directly with global industry experts from our network in hours—not weeks or months.
Share your needs
Choose your talent
Start your risk-free talent trial
Top talent is in high demand.Start hiring