Skip to content
Idris Adesanya

Idris Adesanya

Security Engineer & Architect | Offensive Security & Cloud

12+ years breaking and building secure systems

I break systems to understand how attackers think, then engineer defenses that hold up under real-world pressure. My focus: offensive security assessments, cloud security architecture, and building security programs that scale.

What I Do

🎯

Red Team & Penetration Testing

Adversary emulation, MITRE ATT&CK-based assessments, Active Directory attack paths, and web application security testing. Breaking systems the way real attackers would.

☁️

Cloud Security

AWS, Azure, and GCP security assessments and architecture. IAM hardening, infrastructure-as-code security scanning, and cloud-native application testing. Securing cloud from the attacker’s perspective.

🔧

Security Engineering

DevSecOps pipeline integration, SAST/DAST automation, detection engineering, and custom security tooling. Building security into the development lifecycle, not bolting it on after.

🏗️

Security Architecture

Threat modeling, Zero Trust design, and security program development. Architecture informed by real attack patterns, not just compliance checklists.

Certifications

GCIH GPEN GCFA GDAT GWAPT GCDA GCSA GNFA AWS Certified Solutions Architect – Associate

Technical Skills

Offensive Security

  • Burp Suite Pro
  • Metasploit Framework
  • Cobalt Strike
  • BloodHound
  • Nmap
  • SQLMap
  • ffuf
  • Hashcat

Cloud Platforms

  • AWS
  • Azure
  • GCP
  • Terraform
  • ScoutSuite
  • Pacu
  • Kubernetes
  • Container Security

Detection & Response

  • Splunk SIEM
  • Wazuh
  • ELK Stack
  • CrowdStrike EDR
  • Volatility
  • MISP
  • Suricata
  • Velociraptor

Development

  • Python
  • Bash
  • PowerShell
  • JavaScript
  • Docker
  • Ansible
  • GitLab CI/CD
  • GitHub Actions

Frameworks & Architecture

  • MITRE ATT&CK
  • MITRE D3FEND
  • Zero Trust Architecture
  • NIST CSF
  • CIS Controls
  • Threat Modeling (STRIDE)

Philosophy

After 12+ years of breaking into systems, I’ve learned that finding vulnerabilities is only half the job. The other half is building defenses that actually stop attackers, not just satisfy auditors.

I’ve watched organizations pour millions into security tools while leaving basic misconfigurations that would take minutes to exploit. I’ve also seen lean teams build resilient programs by focusing on what matters.

The difference comes down to approach:

  • Break first, then build: I find attack paths the way real adversaries would, then engineer controls that address actual risks
  • Ship security that ships: The best control is one that gets implemented and maintained, not one that looks good in a report
  • Right-size the solution: A startup and a Fortune 500 have different threat models. Recommendations should reflect reality, not templates

Security isn’t about eliminating all risk. It’s about reducing risk to acceptable levels so your organization can operate with confidence.

Personal Interests & Hobbies

✈️

Travel & Cultural Exploration

Exploring new destinations, local cuisines, and different cultures. Every place has its own story to discover.

📚

Personal Development

Deep-diving into new topics, whether it’s a new attack technique, a business book, or something completely unrelated to security. Curiosity doesn’t have boundaries.

🔬

Creative & Technical Projects

Tinkering with home lab setups, building automation tools, and testing new security techniques. I also maintain Tech & Sec Tools , a collection of free, privacy-focused security utilities for the community. The best way to learn something is to break it apart and rebuild it.

💪

Health & Fitness

Regular exercise and time outdoors. Stepping away from screens is the best way to solve problems that seem impossible at 2am.

Let's Work Together

Whether you’re looking for a security assessment, need help building out your security program, or want to discuss a potential opportunity, I’d like to hear from you.

Get in Touch