Idris Adesanya

Practitioner in Cybersecurity and AI

12+ years in offensive security and security engineering

I write field notes from the work. Topics here: Offensive Security, Cloud Security, Security Tooling I have built or tested, AI Security and the new supply-chain attack surface, and the practitioner-discipline questions that come up between engagements.

What I Do

🎯

Offensive Security

Red team operations, penetration testing, adversary emulation, Active Directory attack paths, and web and app exploitation. Methodology, tools, and lessons that hold up across engagements.

☁️

Cloud Security

Offensive and defensive perspectives on AWS, Azure, and GCP. IAM, IaC scanning, cloud-native pen testing, and the controls that actually stop attackers.

🔧

Security Tooling

Small, privacy-respecting security utilities at Tech & Sec Tools . Tool reviews, build-your-own posts, and what works in a working pentester’s stack.

🤖

AI Security

Prompt injection, LLM security testing, AI agent exploitation, slopsquatting, and the emerging supply-chain attack surface that AI coding assistants introduce.

📓

Practitioner Notes

Field observations, cert journey notes, conference write-ups, industry analysis, and the meta-questions practitioners ask each other.

Certifications

AWS Certified Solutions Architect – Associate

Philosophy

After a decade-plus of breaking and building security programs, the patterns I keep returning to are: find attack paths the way real adversaries would, recommend controls that actually get implemented and maintained, and right-size the solution to the team and threat model in front of you. Security is not about eliminating risk. It is about reducing it to a level the organization can operate with.