Demmy Adeyemo, Developer in London, United Kingdom
Demmy is available for hire
Hire Demmy

Demmy Adeyemo

Verified Expert  in Engineering

IT Security Architect and Developer

London, United Kingdom

Toptal member since November 21, 2022

Expertise
System SecurityCrytographerCloud ArchitectureWindows DevelopmentCybersecurityAWSCiscoAWS DevOpsEmbedded Systems EngineeringAWS SolutionsMacOS
Bio

Demmy is an information security architect with numerous years of experience in systems and security architecture. He has worked with different vendor products and platforms to achieve a cohesive and in-depth defense strategy. A committed and pragmatic professional with good team spirit, Demmy delivers projects with tight schedules and proven client care.

Portfolio

GidiSync Solutions
AWS Cloud Security, Azure Cloud Security, Identity & Access Management (IAM)...
Foreign Office - Classified
Security Operations Centers (SOC), Threat Intelligence...
Lloyds Banking Group
DevSecOps, Cloud Security

Experience

  • Security Architecture - 10 years
  • Network Security - 10 years
  • PCI DSS - 7 years
  • Amazon Web Services (AWS) - 7 years
  • Azure - 5 years
  • Risk Management - 5 years
  • DevSecOps - 4 years

Availability

Full-time

Preferred Environment

Windows, Linux, Amazon Web Services (AWS), Azure, Google Cloud Platform (GCP), Kubernetes Security, Microsoft 365, Google Workspace, Docker, VMware vCloud

The most amazing...

...project I've been involved in is the development of the England and Wales NHS COVID-19 app that helped slow the spread of the virus and saved lives.

Work Experience

Principal Security Architect

2020 - PRESENT
GidiSync Solutions
  • Established a security-first consultancy practice, delivering strategic and technical advisory to SMEs and large enterprises across sectors including finance, public services, and retail.
  • Designed secure remote access architectures for clients transitioning to hybrid and remote work models, ensuring confidentiality, availability, and scalability of collaboration platforms and VPN solutions.
  • Led cross-functional delivery teams including architects, analysts, and cloud engineers, overseeing the successful implementation of secure infrastructure and cloud-native services on AWS and Azure.
  • Conducted cyber resilience assessments and implemented layered defence strategies to protect client environments from ransomware, phishing, and insider threats.
  • Delivered security maturity uplift programmes, aligning client controls with industry frameworks such as NIST CSF, ISO 27001, and Cyber Essentials Plus.
  • Delivered security maturity uplift programmes, aligning client controls with industry frameworks such as NIST CSF, ISO 27001, and Cyber Essentials Plus.
  • Advised enterprise clients on IAM, network security, and cloud governance, resulting in reduced attack surface, improved access control, and compliance with sector-specific regulations.
  • Built repeatable consulting methodologies and toolkits, improving delivery efficiency and ensuring consistent outcomes across engagements.
Technologies: AWS Cloud Security, Azure Cloud Security, Identity & Access Management (IAM), NIST, Security Operations Centers (SOC)

Domain Security Architect

2024 - 2025
Foreign Office - Classified
  • Led the work on cyber improvement programme for a critical national infrastructure that is essential to central government departments and international agencies.
  • Implemented new technical controls and refreshed existing ones to improve our ability to protect and detect cyber security threats.
  • Led collaboration efforts with international intelligence agencies and cross-functional teams to facilitate sharing of threat intelligence and implement protective controls to proactively secure the platform.
Technologies: Security Operations Centers (SOC), Threat Intelligence, Security Information and Event Management (SIEM)

Enterprise Security Architect

2023 - 2024
Lloyds Banking Group
  • Reviewed solution design and provide security input throughout project lifecycle using patterns, policies and standards to guide project teams.
  • Collaborated with cross-functional teams to integrate CDN solutions seamlessly into web architectures.
  • Issued security requirements to project teams to govern solution architecture and design resilient systems according to bank security framework.
  • Ensure systems supporting material non-public information are only migrated to private cloud and implement zero trust security using VMware dFW.
  • Used NSG and dFWs to secure VNets and NSX-T segments. Integrated logs from dFWs into vRLI and forwarded to Splunk heavy forwarded for proactive SIEM monitoring using Splunk.
  • Created a security workflow within pipeline for SAST and code quality scanning using SonarQube and CodeQL and SCA scans using Snyk.
  • Configured F5 ASM (Application Security Manager) to enhance security posture and protect against application layer attacks.
  • Embedded security into the DevOps process by mandating CI checks using Security workflow created to ensure all pull request to main branch are security scanning before being approved.
  • Integrated cloud audit logs from GCP into the SIEM to effectively monitor micro services housed in GCP cloud.
  • Ensured all storage devices such as vSphere or EMC Isilon implemented encryption at rest to provide data security controls natively within the infrastructure.
Technologies: DevSecOps, Cloud Security

Security Expert

2023 - 2023
Annabel Mangold DBA Mangold Design
  • Performed a security audit of a health application collecting and processing health data to ensure it's compliant with HIPAA.
  • Executed security configuration review of web and API components to ensure industry best practices were used in the authentication and authorization flows, secure development practices were used in the pipeline, as well as web encryption standards.
  • Proposed a redesign of the application to maintain security principles, optimized the application's performance, and enabled scalability to multiple geographic locations where the client business was expanding.
Technologies: Security Audits, Penetration Testing, Ethical Hacking, Compliance, Security, WordPress, Data Governance, HIPAA Compliance, IT Security, WP Engine

Enterprise Security Architect

2021 - 2023
6point6 - Cabinet Office
  • Revamped GovUK's cloud architecture to simplify and consistently apply security controls. Centralized management was implemented to prevent configuration drift, fostering unified administration across government digital services' diverse directorates.
  • Established a GitHub workflow for security scans, ensuring mandatory execution in each CI project to detect code vulnerabilities and misconfigurations early in the pipeline, contributing to improved overall code quality and security.
  • Developed a comprehensive IT policy framework encompassing essential policies to support standards and guidelines. Orchestrated the proposal of this framework to GDS and the wider Cabinet Office for consideration and adoption.
  • Implemented DefectDojo tool for efficient management of application security vulnerabilities, streamlining the tracking, prioritization, and remediation of identified issues.
Technologies: Security Automation, Cloud Security, Incident Response & Resilience, DevSecOps

Enterprise Security Architect

2021 - 2023
6point6 - Home Office
  • Designed secure data flows for biometric and visa systems, ensuring GDPR and Law Enforcement Directive (LED) compliance across all layers.
  • Partnered with operational teams to deliver privacy-respecting digital services at scale, improving public trust and regulatory alignment.
  • Delivered vendor and system risk assessments as part of major technology refresh programmes, reducing third-party risk exposure during platform transitions.
Technologies: General Data Protection Regulation (GDPR), Security Information and Event Management (SIEM), NIST, Azure Cloud Security

Senior Security Architect

2020 - 2022
NHS Test & Trace
  • Reviewed microservices processing exposure notification data to make sure they were configured securely. Ensured any personally identifiable information was discarded or tokenized at the source and did not traverse back-end systems.
  • Built security into development practices, such as securing main branches by requiring pull requests, SCA analysis on images used for containerization, statistical analysis on development code, and reviewing IaC templates for security settings.
  • Defined CI/CD pipelines for security engineering teams to provide products like a gold build operating system and updates, packaged host applications, e.g., endpoint detection and response (EDR), and clean images.
  • Made submissions to the ICO on data sets involving PII that explained the need for them and how they were protected and/or removed from systems.
Technologies: Cloud Architecture, Cloud Security, IoT Security, Security, IT Security, Microsoft 365, Endpoint Detection and Response (EDR), AWS Certified Solution Architect, Data Loss Prevention (DLP)

Enterprise Security Architect

2021 - 2021
NewDay Cards
  • Developed the security operating model for Azure-hosted services, enabling controlled scaling of digital products with embedded risk controls.
  • Drove the adoption of role-based access and policy automation, leading to a significant reduction in access-related incidents and audit exceptions.
  • Provided executive guidance on third-party risk for fintech integrations, ensuring safe consumption of external services while maintaining PCI-DSS and GDPR compliance.
Technologies: Identity & Access Management (IAM), Role-based Access Control (RBAC)

Domain Security Architect

2019 - 2020
Freshfields Bruckhaus Deringer
  • Integrated Active Directory (AD) with Azure AD using role-based access control (RBAC) and privileged identity management (PIM) to provide access to services and applications based on customer-managed roles and policies.
  • Used a network security group (NSG) and dFWs to secure VNets and NSX-T segments and monitor with proactive use cases using Azure monitor.
  • Used a security center to check for Azure resource compliance and implemented Sentinel as a security information and event management (SIEM) tool to monitor Azure and Microsoft 365 platforms.
  • Defined a software development lifecycle (SDLC) with a development test and pre-production and production environment, and a CI/CD pipeline. Also, I locked down code repositories linked to a respective environment controlled by RBAC policies.
Technologies: Cloud Architecture, Cloud Security, IoT Security, Security, IT Security, CISO, DDoS, Azure Cloud Security

Security Architect

2018 - 2019
Financial Conduct Authority
  • Reviewed solution designs for AWS and Azure cloud migration based on the architecture blueprint, ensuring the right level of integration with cloud security tools and providing security sign-off as part of the cloud migration program.
  • Created an architecture repository, particularly a standard information base, to support documentation of policies, standards, guidelines, and best practices for project teams using infrastructure to deploy new solutions or remediate old ones.
  • Designed and implemented a vulnerability management program using Qualys to scan on-premise infrastructure and IaaS resources, Prisma to review serverless components, and feed findings into skybox to categorize vulnerabilities based on risk.
  • Implemented mail protection techniques using SPF and DKIM to authorize legitimate senders and DMARC policies to inform receivers on actions to take on senders that fail authentication.
Technologies: Cloud Security, Cloud Architecture, IoT Security, Security, IT Security, SMTP, AWS Cloud Security, Data Governance

Lead Security Architect

2016 - 2018
Burberry
  • Set up a security advisory function and defined terms of engagement, triage, and assessment criteria to provide relevant security requirements to the project.
  • Built a pool of security requirements from ISO 27001, PCI DSS, GDPR, and COBIT 5.0 and mapped appropriate standards or policies within the organization.
  • Embedded security into the project management lifecycle by defining a security engagement process, signing off artifacts produced at each project gate, and determining security transition criteria to move the project into service.
  • Reviewed project technical documentation and proposed solution designs necessary to help meet information security requirements and regulations.
  • Designed a PCI DSS-compliant merchant network for over 300 stores globally to collect and process card payments.
  • Redesigned store networks to accommodate sales, corporate, and guest use, leveraging AWS for corporate resources.
Technologies: Cloud Security, Cloud Architecture, IoT Security, Security, IT Security

Security Consultant

2015 - 2016
Nationwide Building Society
  • Ensured enterprise compliance with PCI DSS on merchant, issuer, and acquirer systems and solutions, new or existing, as evidenced by a Report on Compliance (ROC).
  • Recommended solution designs, strategies, and processes that will improve service, lower costs, and prevent unforeseen operational issues.
  • Managed issues and risks within projects, escalating when necessary to prevent them from becoming business risks. Developed a risk treatment plan to track and treat risks appropriately, minimizing their impact on the business.
Technologies: Amazon Web Services (AWS), Cloud Security, Hybrid Cloud Infrastructure, Hyper-V, F5 Networks

Experience

NHS COVID-19 App

https://github.com/nihp-public/covid-19-app-configuration-public
I was a member of a team that developed the British government's COVID-19 tracking app to slow the virus's spread by breaking the transmission chain. The app leveraged the GAEN framework, preserving citizen privacy while following a positive case exposure notification. It was built on a distributed architecture for ease of deployment, management, and portability. I oversaw the following:

• The security assurance of application architecture, implementation, and codebase.
• The security assurance of proposed features and assessment of each release.
• The adherence to data protection laws and upholding citizens' privacy rights.
• The security in the development pipeline.

Education

2010 - 2011

Master's Degree in Computer Systems and Networks

University of Bradford - Bradford, West Yorkshire, United Kingdom

2006 - 2009

Bachelor's Degree in Electronics, Communications, Network Engineering with Industrial Studies

University of Bradford - Bradford, West Yorkshire, United Kingdom

Certifications

AUGUST 2021 - PRESENT

Azure Security Engineer

Microsoft

FEBRUARY 2020 - PRESENT

AWS Security Specialty

AWS

SEPTEMBER 2019 - PRESENT

Certified Ethical Hacker (CEH)

EC-Council

FEBRUARY 2019 - PRESENT

AWS Solutions Architect Associate

AWS

FEBRUARY 2018 - PRESENT

TOGAF 9.1

The Open Group

AUGUST 2016 - PRESENT

Splunk Consultant I

Splunk

JUNE 2015 - PRESENT

Certified Information System Security Professional (CISSP)

ISC2

Skills

Tools

Prisma, Terraform, GitHub, Shell, Hyper-V, Google Workspace

Paradigms

DevSecOps, DDoS, Management, Web Architecture, Penetration Testing, HIPAA Compliance, Role-based Access Control (RBAC)

Platforms

Windows, Amazon Web Services (AWS), MacOS, Linux, Azure, Google Cloud Platform (GCP), WordPress, Docker

Industry Expertise

Cybersecurity

Storage

Amazon S3 (AWS S3), WP Engine

Languages

YAML, Bash, Python 3, Embedded C++, Embedded C, Python

Frameworks

Windows PowerShell

Other

Security Architecture, Risk Management, Network Security, Vulnerability Management, PCI DSS, NIST Cybersecurity Framework, General Data Protection Regulation (GDPR), Networking, SIEM, Endpoint Detection and Response (EDR), Encryption, Cryptography, Cloud Security, Cloud Architecture, Networks, IT Security, IoT Security, Internet of Things (IoT), Security, Microsoft 365, Compliance, Security Audits, GRC, Vulnerability Assessment, Architecture, Data Loss Prevention (DLP), Azure Cloud Security, ISO 27001, CCNP Security, Solution Architecture, Sequence Read Archive (SRA) Data, Cisco, Palo Alto Networks, Web Security, Data Security, AWS DevOps, CI/CD Pipelines, Identity & Access Management (IAM), Embedded Systems, SMTP, CISO, AWS Certified Solution Architect, Shell Scripting, AWS Cloud Architecture, Firewalls, Hybrid Cloud Infrastructure, F5 Networks, Ethical Hacking, Data Governance, AWS Cloud Security, Kubernetes Security, VMware vCloud, Digital Forensics, Security Information and Event Management (SIEM), NIST, Security Automation, Incident Response & Resilience, Security Governance, AI Security & Governance, Security Operations Centers (SOC), Threat Intelligence

Collaboration That Works

How to Work with Toptal

Toptal matches you directly with global industry experts from our network in hours—not weeks or months.

1

Share your needs

Discuss your requirements and refine your scope in a call with a Toptal domain expert.
2

Choose your talent

Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.
3

Start your risk-free talent trial

Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.

Top talent is in high demand.

Start hiring