Open to Senior DevSecOps / Cybersecurity Roles

Stephen
Odunze

Cybersecurity Professional & DevSecOps Engineer

14 years securing infrastructure — from 5G networks to cloud-native CI/CD pipelines. I understand how systems are attacked because I spent a decade defending them, and I understand how they are built because I now build them.

CISA Security+ ISO 27001 LA DevNet Associate CCNA CC — ISC2 MSc Cybersecurity
Explore Projects Contact Me
14+
Years Enterprise
IT & Security
CISA
Certified Information
Systems Auditor 2025
10+
Cloud & DevOps
Projects Delivered
10
Published Medium
Articles

Approach

How I Work

01
Assess & Secure

Map risks before writing a line of config. Threat modelling, ITGC testing, and compliance alignment first — implementation second. Clarity prevents expensive rework.

02
Build & Automate

Infrastructure as code, CI/CD pipelines, and security embedded from the first commit — not bolted on later. Least-privilege IAM, secrets management, and reproducible environments by default.

03
Document & Deliver

Production-grade, version-controlled, and handed over clean — with architecture diagrams, runbooks, and audit trails that outlast the engagement.

Selected Work

Featured Projects

Production-grade work across DevSecOps, cloud security, and automation — built, broken, fixed, and documented.

SOAR Threat Detection Terraform Agentic AI AWS

Wazuh + VirusTotal Malware Detection PoC — Agentic AI on AWS

Deployed Wazuh SIEM on AWS using Terraform — automated malware detection integrated with VirusTotal threat intelligence API. Agentic AI workflow used to orchestrate the build, security review, and remediation pipeline. End-to-end automated threat detection from file event to enriched alert.

Security Impact Demonstrates enterprise SIEM deployment with threat intelligence enrichment — the same pattern used in production SOC environments. Agentic AI removes human bottlenecks from infrastructure provisioning and security gate review.
WazuhVirusTotalTerraformAWS EC2Agentic AISIEM
GitHub → wazuh-poc ↗
SOAR Python AbuseIPDB

Automated Threat Detection Pipeline

Python pipeline monitoring auth logs in real time — extracts attacker IPs, queries AbuseIPDB for threat intelligence, calculates CRITICAL/HIGH/MEDIUM threat levels, and fires Slack alerts in under 10 seconds.

Security Impact Reduces mean time to detect from 28 min to under 10 sec. Demonstrates core SOAR pattern used by Splunk SOAR and Sentinel Playbooks.
PythonAbuseIPDBSlackVMware
GitHub ↗
Azure DevOps Terraform Ansible

EpicBook Dual Pipeline — DevSecOps Architecture

Two-pipeline deployment separating infrastructure (Terraform) from application (Ansible). SPN auth, Azure Secure Files, variable groups for secrets, NSG network isolation. Zero secrets in code.

Security Impact Database never publicly exposed. Infra credentials isolated from app team. Enterprise DevSecOps separation of concerns pattern.
Azure DevOpsTerraformAnsibleSPN
GitHub ↗
AWS Network Security High Availability

Security Group Chaining — Project Phoenix

High-availability 3-tier AWS architecture using security group chaining. Each tier only reachable from the tier directly above it. Database unreachable from internet and from the frontend layer.

Security Impact Defence-in-depth at network layer. Prevents lateral movement — a compromised frontend cannot reach the database directly.
AWSVPCSecurity GroupsALB
Read Write-up ↗
Docker Network Isolation AWS EC2

Production Docker Deployment — EpicBook

Docker Compose stack with two isolated networks — app_network and db_network. MySQL port 3306 never mapped to host. Three real security bugs discovered and fixed during build.

Security Impact DMZ architecture at container level. Database unreachable even from the proxy container. Secrets via .env — never in code.
Docker ComposeMySQLNginxNode.js
GitHub ↗
Azure DevOps CI/CD Security Nginx

React App CI/CD Pipeline — Secure Deployment

4-stage pipeline with private IP SSH (hairpin NAT fix), passwordless sudoers scoped to specific commands only, and CI=true enforcement preventing silent test failures.

Security Impact SSH restricted to private IP. Sudo scoped — not blanket. Pipeline fails loudly on test failures — broken code never deploys.
Azure DevOpsSSHNginxNode.js
GitHub ↗

Technical Stack

Skills & Technologies

Hands-on experience across security, cloud, DevOps, and enterprise IT — applied in real projects and professional environments across 14 years.

🛡
Security & Compliance
Microsoft SentinelSplunkWazuhNessusQualysOpenVASMITRE ATT&CKCVSSSOARAbuseIPDBISO 27001NIST CSFPCI DSSNCSC CAFCIS ControlsITGC TestingIncident ResponsePen Testing
Cloud & Infrastructure
AzureAWSTerraformAnsibleAKSVNet / VPCNSGSecurity GroupsAzure DevOpsEC2RDSS3IAMEntra IDPrivate SubnetsSPN AuthSecrets Management
DevOps & Engineering
DockerDocker ComposeKubernetesCI/CD PipelinesGitHub ActionsPythonBashGitNginxLinuxMulti-stage BuildsNode.jsAgentic AIClaude CodeNetwork Engineering
🏛
Enterprise & Governance
Risk ManagementBIAAudit & AssuranceZero TrustPAMMFAServiceNow GRCPower BITabletop ExercisesBoard ReportingCisco FirepowerJuniper SRXFortinetSnortSuricata

Certifications

Certified Information Systems Auditor
CISA · Jun 2025
ITGC testing at University of Aberdeen — real audit evidence, not just theory
ISO/IEC 27001:2022 Lead Auditor
Mastermind · Dec 2025
Supported ISO recertification at CyBlack — zero major findings
CompTIA Security+
Jul 2023
Threat analysis and incident response — CyBlack and MTN
DevNet Associate — Cisco
Apr 2024
Network automation — bridges infrastructure to code
CCNA: Enterprise Networking
Jan 2024
Enterprise network security from 10 years at Huawei
CC — Certified in Cybersecurity
ISC2 · Aug 2023
Cybersecurity foundation — governance and operations
MSc Cybersecurity
Robert Gordon University · 2024
Research-level security knowledge applied in every project
AZ-500 · API Security ASCP
In Progress · 2026
Azure Security Engineer + API Security Certified Professional

Writing & Research

Published Articles

Real projects. Real failures. Real lessons. Written for engineers — readable by anyone.

May 2026
Docker Didn't Break My App — It Exposed the Assumptions I Never Knew I Had
DockerContainer SecurityMySQLDevOps
8 min
Apr 2026
Why I Used Two Pipelines Instead of One — and Why You Should Too
DevSecOpsCI/CDTerraformAnsible
6 min
Apr 2026
Why Your Ansible Playbook Deployed Successfully But Your Website Was Empty — The MySQL Seeding Trap
AnsibleMySQLSilent FailuresDevOps
7 min
Apr 2026
I Gave an AI My AWS Account and Said "Build It." Here's What Happened.
Agentic AIAWSClaude CodeCloud Security
10 min
Mar 2026
The AI Team That Never Sleeps: How Claude Code's SubAgents Are Rewriting DevOps Automation
Agentic AIDevOpsClaude CodeAutomation
9 min
Mar 2026
From Quota Limits to Working App: Deploying a Three-Tier Architecture on Azure
Azure3-TierVNetNSG
10 min
Feb 2026
Security Group Chaining: Orchestrating Traffic in a High-Availability 3-Tier Site (Project Phoenix)
AWSSecurity GroupsNetwork SecurityDefence in Depth
4 min
Jan 2026
Networking Fundamentals Every Software Engineer Must Know: System Design
NetworkingSystem DesignDockerKubernetes
6 min
Jan 2026
A Beginner's Guide to GitHub Collaboration: How to Contribute to Open Source
GitHubOpen SourceGitDevOps
5 min
Dec 2024
The Rise of the Machines: Transforming the Workplace Today
AIFuture of WorkAutomationGovernance
3 min
View All on Medium ↗

Background

About Me

Fourteen years in network infrastructure at Huawei and MTN gave me something most cybersecurity professionals don't have — I have actually built the systems I now secure. I have configured the VLANs, deployed the 5G cells, and written the firewall rules. I understand how things break because I watched them break at scale, in production, at 2am.

I moved into cybersecurity analysis at CyBlack and the University of Aberdeen — conducting vulnerability assessments, building risk control matrices, leading tabletop exercises, and supporting ISO 27001 recertification with zero major findings. My CISA certification and MSc in Cybersecurity formalised what years of operational experience had already taught me.

I am now a DevSecOps Engineer — building CI/CD pipelines, containerised deployments, Kubernetes clusters, and automated threat detection systems. I write about what I build, break, and fix. The goal is the same it has always been: make systems harder to attack by understanding them from the inside.

Career Timeline

Oct 2025 – Now
DevSecOps Engineer (Internship)
The CloudAdvisory Oy
Apr – Oct 2025
Cybersecurity Analyst
University of Aberdeen
May 2024 – Mar 2025
Cybersecurity Analyst
CyBlack
Jan 2022 – Feb 2023
Network Security Analyst
MTN Communications PLC
Nov 2011 – Dec 2021
Network Engineer (10 years)
Huawei Technologies — 2G to 5G
Location
Edinburgh, Scotland, UK
Open to UK / Remote / Global roles
Education
MSc Cybersecurity
Robert Gordon University, 2024

BEng Electronics & Computer Engineering
Nnamdi Azikiwe University, 2009
Memberships
🔐 ISACA — Member since Jan 2025
🛡 ISC2 — Member since Jul 2023
💻 BCS — The Chartered Institute for IT
Community
🌍 iConnect Global Partners — Member
🎓 Cybersecurity Bootcamp — Programme
📚 Research Papers — In Development

Get in Touch

Let's Build Something Secure

Senior DevSecOps Engineer · Security Architect · Cybersecurity Consultant
UK / Remote / Global — if you need someone who bridges 14 years of security expertise with hands-on engineering, let's talk.

LinkedInlinkedin.com/in/stephen-odunze411
GitHubgithub.com/Herculis411
Mediummedium.com/@odunzestephen1

Curriculum Vitae

View My CV

Stephen Odunze — CV
⬇ Download PDF View on LinkedIn
📄
Upload your CV PDF here
Replace this section with an embedded PDF viewer
or link directly to your hosted CV file
CISA
Jun 2025
ISO 27001 LA
Dec 2025
Security+
Jul 2023
DevNet Associate
Apr 2024
CCNA
Jan 2024
CC — ISC2
Aug 2023
MSc Cybersecurity
RGU 2024
AZ-500
In Progress