Projects
Live enterprise systems
Real platforms built and deployed for real organisations β handling legal workflows, IT operations, and compliance tracking.
Serverless Security Platform
A cloud-native security platform built on Azure Functions (Python) that automates vulnerability detection across the SDLC. Integrates Snyk for continuous Software Composition Analysis, automated CVE triage, and dependency auto-remediation via PR generation β all triggered serverlessly through HTTP, queue, and webhook events.
β DevSecOps
This platform is the DevSecOps pipeline. Snyk SCA runs continuously on every dependency β CVEs are triaged automatically and auto-remediation PRs are raised without human intervention. Azure Functions enforce least-privilege serverless execution with zero persistent compute surface. Secrets managed via Azure Key Vault β never hardcoded. Webhook signatures validated on ingress to prevent supply-chain injection attacks.
AI Threat Modelling β Desicon Engineering & Oracle EBS
Led an AI Threat Modelling Workshop for Desicon Engineering (oil servicing), targeting their AWS-hosted Oracle EBS and AI prediction systems. Ran all scenarios against the cyber attack kill chain using STRIDE, MITRE ATT&CK, and DREAD for control gap assessment. Identified 4 high risks and 3 medium risks β including data poisoning, model extraction, adversarial attacks, and insider threats.
β DevSecOps
Pure threat-intelligence engagement. Applied STRIDE to enumerate spoofing, tampering, and repudiation vectors across the Oracle EBS API layer. Mapped every finding to MITRE ATT&CK TTPs and scored residual risk with DREAD. Modelled the full Cyber Kill Chain β from initial AI data-poisoning reconnaissance through insider-threat lateral movement to impact. Output: a prioritised, sprint-ready remediation backlog Desicon's engineering team could act on immediately.
Legal Service Desk
Full legal operations platform with service request management, SLA tracking, document drafting workflows, agreement lifecycle management, case tracking, compliance scoring, digital signatures, procurement & ITT β built end-to-end for a legal firm.
β DevSecOps
RBAC enforced at every route β solicitors, paralegals, and admins each have scoped data access with no privilege-escalation paths. Document lifecycle security: drafts, signed agreements, and ITT submissions are version-locked and audit-logged against every actor. The SLA engine doubles as a compliance guardrail β deadline breaches are flagged before they become regulatory exposure. Azure-hosted with TLS in transit and encryption at rest across all legal data.
ICT Helpdesk β Desicon Engineering
Enterprise IT helpdesk system for Desicon Engineering with real-time ticket tracking, priority management (Critical/High/Low), multi-engineer assignment, status workflows (Open/In Progress/Closed), SLA monitoring, admin controls, and live notifications β deployed in production.
β DevSecOps
Every ticket mutation is audit-logged with timestamp and actor β creating a tamper-evident trail suitable for ISO 27001 evidence gathering. Priority triage (Critical β High β Low) mirrors security incident-response playbook SLAs. RBAC separates admin controls from engineer views; PostgreSQL row-level security prevents cross-engineer data leakage. Live notifications run over secure WebSocket channels with session-bound authentication tokens.
Desicon Engineering β Logistics & Fleet Management Platform
End-to-end fleet operations platform for Desicon Engineering (oil & gas servicing, South Africa). Modules: real-time Driver Status dashboard, Vehicle fleet registry with status badges, Trip Request workflow, DriverβVehicle Assignments, Maintenance scheduling & overdue alerts, Fuel Log with Rand cost tracking, and one-click Excel report exports (Vehicle, Driver, Fuel, Maintenance). Microsoft Entra ID SSO β no local passwords, MFA-enforced.
β DevSecOps
Identity secured via Microsoft Entra ID (Azure AD SSO) β no local credentials stored; MFA enforced at tenant level. RBAC separates Admin, Manager and Driver views; JWT bearer tokens validated against Azure AD on every API call. Sensitive fleet & driver data encrypted at rest on Azure. CI/CD pipeline on GitHub Actions with CodeQL SAST + Trivy SCA scans gating every deployment. Full audit log on all mutations (assignments, fuel entries, maintenance records) for operational compliance traceability.
FlyNow Business Management System
Bespoke digital operations platform built for Now Travel & Tours (IATA & NANTA certified, Port Harcourt). Replaces spreadsheets & WhatsApp threads with a unified system: Customer CRM, Bookings, Visa Application Pipeline, Invoices & Paystack payments, SharePoint Document Vault, and Staff RBAC β giving the MD real-time visibility from any device. Deployed on Microsoft Azure Static Apps.
β DevSecOps
Microsoft 365 SSO β staff authenticate with existing corporate credentials; no separate passwords; MFA enforced at tenant level. SharePoint Document Vault stores passports and visa scans with Azure AD-gated access and encryption at rest β sensitive customer identity data never sits in a local database. RBAC scopes junior staff to their assigned work only; financial data is MD-restricted. Paystack webhooks are HMAC signature-validated on every callback β no card data ever touches the application server. All booking and payment mutations carry a full audit trail.
DevSecOps Pipeline β SAST, SCA & IaC Security
A comprehensive DevSecOps implementation integrating SAST (CodeQL), Software Composition Analysis (Trivy), and IaC scanning (Terraform Compliance + Trivy) β automated through GitHub Actions. Enforces PR blocking on Critical/High vulnerabilities, implements a full Secure SDLC, and deploys to AWS with encrypted Terraform remote state on S3.
View on GitHub β
General Service & Logistics Management Platform
An enterprise-grade platform built for a leading engineering & oil services company β automating service requests, vehicle & fleet coordination, staff activity tracking, maintenance scheduling, fuel consumption analytics, and operational reporting. Features a token-based ISO-22000 compliant workflow engine, multi-level approval routing, and real-time SLA monitoring. Secured end-to-end with Entra ID SSO, Azure Front Door + WAF, Private VNet, Key Vault, and a full DevSecOps pipeline (SAST Β· DAST Β· GitHub Actions CI/CD Β· Azure Bicep IaC). Power BI embedded dashboards deliver live operational intelligence across all modules.
DevSecOps Built-in
Entra ID SSO Β· Azure Front Door + WAF
SAST (SonarCloud) Β· DAST (OWASP ZAP)
GitHub Actions CI/CD Β· Azure Bicep IaC Β· App Insights