Cloud Security Engineer | AWS Security | Detection Engineering | Security Automation

Opeyemi
Toriola.

|

Offensive foundation. Defensive execution. Built my expertise through offensive security labs, cloud attack simulations, and hands-on security research — learning exactly how attackers move through cloud infrastructure, escalate privileges, and evade detection. Now I build the CSPMs, SOAR platforms, and detection pipelines that catch those same techniques in production. Every tool I ship has been tested against live AWS infrastructure, not a sandbox.

View Projects Download CV ↓ GitHub ↗ LinkedIn ↗
6→0
Live findings auto-remediated
142
CI tests passing
34
Exploitable IAM paths found
5
MITRE ATT&CK tactics chained
01 Offensive Foundation. Defensive Execution.

Most cloud security engineers learn how to defend. I built my foundation through offensive security labs, cloud attack simulations, and security research — studying exactly how attackers move through cloud infrastructure, escalate privileges, and evade detection. I understand what a motivated attacker looks for because I've spent time thinking and operating like one in authorized environments.

That perspective changes everything about how I build security tooling. When I designed CloudSentinel's remediation engine, I didn't just ask "what's misconfigured?" I asked "what can an attacker do with this misconfiguration, and how quickly?" The result is a CSPM that reconstructed a 5-tactic MITRE ATT&CK kill chain — Initial Access → Defense Evasion → Credential Access → Lateral Movement → Collection — from real findings on a live AWS account.

I'm fully available for remote and global opportunities, specialising in security automation, detection engineering, and cloud security posture management on AWS. Former cybersecurity instructor at NIIT, Outstanding Mentor Award 2025.

offensive toolkit
// attack techniques studied & simulated
IAM privilege escalation (19+ techniques)
Misconfigured S3, EC2, RDS, VPC resources
Cross-account role assumption chains
CloudTrail log tampering and evasion
Credential exposure and lateral movement
defensive output
// what i build to stop it
CSPM with auto-remediation and kill chain reconstruction
SOAR platform ingesting 5 security telemetry sources
Event-driven GuardDuty threat detection pipeline
Attack path analyzer mapping real IAM escalation chains
Immutable audit logging with tampering detection
02 Production-Grade Security Tools
CSPM GitHub ↗
CloudSentinel
Full-stack cloud security posture management platform. 15 AWS security rules across IAM, S3, EC2, CloudTrail, VPC, EBS, and RDS — each mapped to MITRE ATT&CK with attacker relevance context. Dual-tier auto-remediation (CRITICAL auto-executes, HIGH requires SNS approval). Real-time Slack alerting with severity routing. CIS/NIST/SOC 2/PCI DSS compliance PDF reports. 13 FastAPI endpoints, 142 passing tests, GitHub Actions CI/CD with SAST.
✓ Live: account 358487322954 (eu-north-1) — 6 findings, 5-tactic kill chain, all 6 remediated, 0 remaining.
// architecture
CloudSentinel CSPM architecture Flow from AWS account scanning through rule engine, MITRE mapping, remediation, alerting, and compliance reporting AWS Account IAM · S3 · EC2 · RDS Rule Engine 15 security rules MITRE Engine Kill chain reconstruction DynamoDB Findings store Auto-remediation CRITICAL auto · HIGH SNS Slack Alerts Severity-routed Compliance PDF CIS · NIST · SOC2 · PCI FastAPI 13 endpoints · 142 tests Terraform IaC · GitHub Actions CI/CD · KMS encryption · Cross-account scanner role ✓ Live: 6 findings detected · 5-tactic kill chain · all 6 auto-remediated · 0 remaining
PythonFastAPIReact DynamoDBTerraformMITRE ATT&CK GitHub Actions
SOAR GitHub ↗
Cloud-Native SOAR Platform
8-microservice SOAR normalising alerts from AWS Security Hub, GuardDuty, CrowdStrike Falcon, Splunk ES, and Wiz Cloud into a canonical Pydantic model with SHA-256 fingerprinting. Sliding-window IoC correlation engine. MITRE ATT&CK auto-mapping and Step Functions response playbooks: EC2 forensic isolation, IAM lockdown, S3 remediation. EKS deployment with Terraform IRSA, Helm, Kinesis/SQS/EventBridge streaming.
✓ 38 passing tests, green CI/CD. HMAC-verified webhooks. Multi-source correlation live.
// architecture
Cloud-Native SOAR Platform architecture Multiple security telemetry sources feeding a normalisation layer, correlation engine, MITRE mapping, and Step Functions response playbooks Sources Security Hub GuardDuty CrowdStrike Splunk ES Wiz Cloud Normalisation Pydantic · SHA-256 IoC Correlation Sliding-window engine Step Functions EC2 isolation IAM lockdown S3 remediation Kinesis · SQS · EventBridge · EKS + Terraform IRSA · 38 tests ✓ 8 microservices · HMAC-verified webhooks · multi-source correlation live
PythonFastAPIPostgreSQL RedisEKSStep Functions Kinesis
Attack Path GitHub ↗
AWS Attack Path Analyzer
Python CLI and FastAPI tool automatically discovering privilege escalation paths, lateral movement opportunities, cross-account attack chains, and exposed sensitive resources across AWS environments. SCP-awareness engine traverses the full AWS Organizations OU chain to eliminate false positives. Condition key evaluator inspects IAM policy conditions (MFA, SourceIP, SourceVpc) classifying paths as EXPOSED, CONDITIONAL, or BLOCKED. Risk scoring engine (0–100) weighing severity, exploitability, asset value, and control effectiveness. Boardroom-ready executive summary + interactive D3.js force graph + 10-endpoint FastAPI REST API.
✓ Live: 34 exploitable paths · 16 CRITICAL · risk score 95/100 · cross-account path to Log Archive account detected.
// architecture
AWS Attack Path Analyzer architecture IAM policy scanning feeding a NetworkX graph engine with SCP-awareness and condition key evaluation, risk-scored and output as D3.js force graph reports IAM Scanner Policies · roles · users SCP Awareness OU chain traversal Condition Evaluator MFA · SourceIP · VPC NetworkX Graph 34 paths · 16 CRITICAL Cross-account chains Risk Scorer 0–100 · 95/100 live D3.js force graph API FastAPI · Docker · GitHub Actions · Bandit SAST · Swagger UI ✓ 34 exploitable paths · 16 CRITICAL · 95/100 risk · cross-account lateral movement detected
PythonFastAPINetworkX D3.jsIAMSCP-aware DockerGitHub Actions
Detection GitHub ↗
GuardDuty Threat Detection Pipeline
Event-driven detection pipeline using GuardDuty, EventBridge, Lambda, CloudTrail, DynamoDB, and SNS with MITRE ATT&CK mapping and dynamic blast radius scoring. Severity-tiered auto-remediation: IAM lockdown, EC2 forensic isolation, S3 response. Deployed via Terraform in eu-north-1. Captured a real Severity 8 UnauthorizedAccess finding as a documented live case study during development.
✓ Real Severity 8 finding captured and documented end-to-end in production.
// architecture
GuardDuty threat detection pipeline architecture GuardDuty findings flowing through EventBridge to Lambda enrichment, DynamoDB logging, MITRE mapping, risk scoring, and severity-tiered auto-remediation GuardDuty Finding generated EventBridge Rule matching Lambda Enrich + MITRE map Risk score + route DynamoDB log SNS alert Auto-remediation IAM lockdown (CRITICAL) EC2 forensic isolation S3 remediation Terraform IaC · eu-north-1 · MITRE ATT&CK mapping · dynamic blast radius scoring ✓ Real Severity 8 UnauthorizedAccess finding captured and documented end-to-end
Node.jsLambdaGuardDuty EventBridgeDynamoDBTerraform
03 Technical Stack
AWS Security
GuardDuty / Security Hub
IAM / SCPs
CloudTrail / Config
KMS / EventBridge
Lambda / Step Functions
EKS / S3 / VPC
Offensive Security
Penetration Testing
IAM Privesc (19+ techniques)
MITRE ATT&CK
Burp Suite / Metasploit
Kali Linux / Nmap
Kill Chain / Blast Radius
Languages & Frameworks
Python / FastAPI
Pydantic / asyncio
Node.js / JavaScript
React / TypeScript
IaC & DevSecOps
Terraform
CloudFormation
Docker / GitHub Actions
Bandit SAST / pip-audit
Prometheus / Logging
Compliance
CIS AWS Foundations v1.5
NIST CSF
SOC 2 Type II
PCI DSS v4.0
Data & Streaming
DynamoDB
PostgreSQL / Redis
Kinesis / SQS
Neo4j
04 Experience
Nov 2024
– Apr 2025
Cybersecurity Instructor & Mentor
NIIT
  • Designed and delivered cybersecurity training covering ethical hacking, penetration testing, network security, and AWS security fundamentals.
  • Mentored 50+ students through hands-on labs using Kali Linux, Burp Suite, Metasploit, and Wireshark.
🏆 Outstanding Mentor Award 2025
2024
– Present
Cybersecurity Mentor
Independent
  • Mentored 100+ aspiring security professionals through structured learning paths, portfolio reviews, and career development guidance.
  • Designed roadmaps covering networking, Linux, cloud security, ethical hacking, and AWS security fundamentals.
2021 – 2025
B.Sc. Biology
Olabisi Onabanjo University
  • Self-directed transition into cloud security engineering throughout undergraduate study — building production-grade AWS platforms alongside formal education, proving that what you build matters more than what you studied.
certifications
AWS Certified Security – Specialty
Amazon Web Services
in progress
AWS Solutions Architect – Associate
Amazon Web Services
in progress
AZ-500 Security Engineer Associate
Microsoft Azure
in progress
Outstanding Mentor Award
NIIT · 2025
05 Writeups & Insights
2025
Building CloudSentinel: a CSPM that detected and killed real AWS misconfigurations aws
2025
19 IAM privilege escalation paths every cloud security engineer should know iam
2025
Responding to a real GuardDuty Severity-8 finding: detection, enrichment, remediation incident response
2025
Why your AWS landing zone needs immutable logs from day one architecture

Blog posts coming — link these to your LinkedIn articles, Hashnode, or Medium

06 What People Say
🏆
Outstanding Mentor Award 2025
Recognised by NIIT for exceptional contributions to student development, hands-on lab design, and technical mentorship in cybersecurity and AWS security fundamentals.
NI
NIIT Institute
Verified · April 2025
Verified
100+
Security professionals mentored
50+
Students in hands-on labs
Guided aspiring security engineers through structured learning paths covering networking, Linux, cloud security, ethical hacking, and AWS fundamentals — from complete beginners to job-ready professionals.
OT
Independent Mentorship
2024 – Present
Track record
Worked with me?
If we've collaborated, built something together, or I've helped you grow in security — a LinkedIn recommendation means a lot and helps others find me.
Leave a recommendation ↗
07 Get in Touch
Open to cloud security engineering, detection engineering & collaborations

Looking for cloud security engineering and detection engineering roles where I can build security automation, detection pipelines, and CSPM infrastructure at scale. Fully available for remote and global opportunities.