Demmy Adeyemo
Verified Expert in Engineering
IT Security Architect and Developer
London, United Kingdom
Toptal member since November 21, 2022
Demmy is an information security architect with numerous years of experience in systems and security architecture. He has worked with different vendor products and platforms to achieve a cohesive and in-depth defense strategy. A committed and pragmatic professional with good team spirit, Demmy delivers projects with tight schedules and proven client care.
Portfolio
Experience
Availability
Preferred Environment
Windows, Linux, Amazon Web Services (AWS), Azure, Google Cloud Platform (GCP), Kubernetes Security, Microsoft 365, Google Workspace, Docker, VMware vCloud
The most amazing...
...project I've been involved in is the development of the England and Wales NHS COVID-19 app that helped slow the spread of the virus and saved lives.
Work Experience
Security Expert
Annabel Mangold DBA Mangold Design
- Performed a security audit of a health application collecting and processing health data to ensure it's compliant with HIPAA.
- Executed security configuration review of web and API components to ensure industry best practices were used in the authentication and authorization flows, secure development practices were used in the pipeline, as well as web encryption standards.
- Proposed a redesign of the application to maintain security principles, optimized the application's performance, and enabled scalability to multiple geographic locations where the client business was expanding.
Senior Security Architect
NHS Test & Trace
- Reviewed microservices processing exposure notification data to make sure they were configured securely. Ensured any personally identifiable information was discarded or tokenized at the source and did not traverse back-end systems.
- Built security into development practices, such as securing main branches by requiring pull requests, SCA analysis on images used for containerization, statistical analysis on development code, and reviewing IaC templates for security settings.
- Defined CI/CD pipelines for security engineering teams to provide products like a gold build operating system and updates, packaged host applications, e.g., endpoint detection and response (EDR), and clean images.
- Made submissions to the ICO on data sets involving PII that explained the need for them and how they were protected and/or removed from systems.
Domain Security Architect
Freshfields Bruckhaus Deringer
- Integrated Active Directory (AD) with Azure AD using role-based access control (RBAC) and privileged identity management (PIM) to provide access to services and applications based on customer-managed roles and policies.
- Used a network security group (NSG) and dFWs to secure VNets and NSX-T segments and monitor with proactive use cases using Azure monitor.
- Used a security center to check for Azure resource compliance and implemented Sentinel as a security information and event management (SIEM) tool to monitor Azure and Microsoft 365 platforms.
- Defined a software development lifecycle (SDLC) with a development test and pre-production and production environment, and a CI/CD pipeline. Also, I locked down code repositories linked to a respective environment controlled by RBAC policies.
Security Architect
Financial Conduct Authority
- Reviewed solution designs for AWS and Azure cloud migration based on the architecture blueprint, ensuring the right level of integration with cloud security tools and providing security sign-off as part of the cloud migration program.
- Created an architecture repository, particularly a standard information base, to support documentation of policies, standards, guidelines, and best practices for project teams using infrastructure to deploy new solutions or remediate old ones.
- Designed and implemented a vulnerability management program using Qualys to scan on-premise infrastructure and IaaS resources, Prisma to review serverless components, and feed findings into skybox to categorize vulnerabilities based on risk.
- Implemented mail protection techniques using SPF and DKIM to authorize legitimate senders and DMARC policies to inform receivers on actions to take on senders that fail authentication.
Lead Security Architect
Burberry
- Set up a security advisory function and defined terms of engagement, triage, and assessment criteria to provide relevant security requirements to the project.
- Built a pool of security requirements from ISO 27001, PCI DSS, GDPR, and COBIT 5.0 and mapped appropriate standards or policies within the organization.
- Embedded security into the project management lifecycle by defining a security engagement process, signing off artifacts produced at each project gate, and determining security transition criteria to move the project into service.
- Reviewed project technical documentation and proposed solution designs necessary to help meet information security requirements and regulations.
- Designed a PCI DSS-compliant merchant network for over 300 stores globally to collect and process card payments.
- Redesigned store networks to accommodate sales, corporate, and guest use, leveraging AWS for corporate resources.
Security Consultant
Nationwide Building Society
- Ensured enterprise compliance with PCI DSS on merchant, issuer, and acquirer systems and solutions, new or existing, as evidenced by a Report on Compliance (ROC).
- Recommended solution designs, strategies, and processes that will improve service, lower costs, and prevent unforeseen operational issues.
- Managed issues and risks within projects, escalating when necessary to prevent them from becoming business risks. Developed a risk treatment plan to track and treat risks appropriately, minimizing their impact on the business.
Experience
NHS COVID-19 App
https://github.com/nihp-public/covid-19-app-configuration-public• The security assurance of application architecture, implementation, and codebase.
• The security assurance of proposed features and assessment of each release.
• The adherence to data protection laws and upholding citizens' privacy rights.
• The security in the development pipeline.
Education
Master's Degree in Computer Systems and Networks
University of Bradford - Bradford, West Yorkshire, United Kingdom
Bachelor's Degree in Computer Systems and Networks
University of Bradford - Bradford, West Yorkshire, United Kingdom
Certifications
Azure Security Engineer
Microsoft
AWS Security Specialty
AWS
Certified Ethical Hacker (CEH)
EC-Council
AWS Solutions Architect Associate
AWS
TOGAF 9.1
The Open Group
Splunk Consultant I
Splunk
Certified Information System Security Professional (CISSP)
ISC2
Skills
Tools
Prisma, Terraform, GitHub, Shell, Hyper-V, Google Workspace
Paradigms
DevSecOps, DDoS, Management, Web Architecture, Penetration Testing, HIPAA Compliance
Platforms
Windows, Amazon Web Services (AWS), MacOS, Linux, Azure, Google Cloud Platform (GCP), WordPress, Docker
Industry Expertise
Network Security, Cybersecurity
Storage
Amazon S3 (AWS S3), WP Engine
Languages
YAML, Bash, Python 3, Embedded C++, Embedded C, Python
Frameworks
Windows PowerShell
Other
Security Architecture, Risk Management, Vulnerability Management, PCI DSS, NIST Cybersecurity Framework, GDPR, Networking, SIEM, Endpoint Detection and Response (EDR), Encryption, Cryptography, Cloud Security, Cloud Architecture, Networks, IT Security, IoT Security, Internet of Things (IoT), Security, Microsoft 365, Compliance, Security Audits, GRC, Vulnerability Assessment, Architecture, Data Loss Prevention (DLP), ISO 27001, CCNP Security, Solution Architecture, Sequence Read Archive (SRA) Data, Cisco, Palo Alto Networks, Web Security, Data Security, AWS DevOps, CI/CD Pipelines, Identity & Access Management (IAM), Embedded Systems, SMTP, CISO, AWS Certified Solution Architect, Shell Scripting, AWS Cloud Architecture, Firewalls, Hybrid Cloud Infrastructure, F5 Networks, Ethical Hacking, Data Governance, AWS Cloud Security, Kubernetes Security, VMware vCloud
How to Work with Toptal
Toptal matches you directly with global industry experts from our network in hours—not weeks or months.
Share your needs
Choose your talent
Start your risk-free talent trial
Top talent is in high demand.
Start hiring