I'm a security engineer with 20+ years of experience — starting from designing and hardening enterprise networks (firewalls, IDS/IPS, VPNs) through to application security, penetration testing, vulnerability research, and building open-source security tooling. I write code that defends, detects, and explains.

My open-source work focuses on tools that work silently inside developer workflows: a phishing detection engine that runs offline with zero dependencies, a UEBA behavioural anomaly detector for insider threat, a CI secret scanner, MITRE ATT&CK-mapped log analysis, and real-time CVE intelligence. I also contribute targeted security fixes to major projects in the Python and cloud security ecosystems — Prowler, Bandit, pip-audit, and OWASP tooling.

I hold a BS in Information Technology (Arizona State University) and carry the CISA and CompTIA Security+ certifications.

I build security tools with a consistent design principle: output that security teams can act on, not just verdicts. Every tool runs offline, ships zero runtime dependencies, and integrates into existing developer workflows without friction.

PhishGuard AI is an offline phishing detection engine I created and maintain — pure Python standard library, zero external dependencies. It analyses URLs and email files and explains why each URL was flagged, giving analysts the evidence chain rather than just a label.

What it detects:

• Typosquatting — pure-Python Levenshtein distance against 50 brand domains, catching paypa1.com, g00gle.com, githab.com without any external API
• Redirect chain abuse — follows shortened and redirect URLs N hops deep using only the stdlib socket layer, exposing the real destination
• Email-embedded phishing — parses RFC 5322 .eml files, extracts URLs from both plain-text and HTML parts (including href attributes), and scans the full set
• SARIF 2.1.0 output — findings upload natively to GitHub Code Scanning; CI pipelines get annotated security alerts on pull requests

It ships as both a CLI tool and a reusable GitHub Action — any pipeline can adopt it with a single uses: omobolajiadeyan/phishguard-ai@v0.5.1 line.

BehaviorSense is a User and Entity Behaviour Analytics (UEBA) engine for detecting anomalous behaviour patterns that signal insider threats, compromised accounts, or privilege abuse — without requiring a commercial SIEM.

It scores users and IPs against statistical baselines and flags deviations: impossible travel, off-hours access spikes, lateral movement precursors, and privilege escalation sequences. Every alert ships an attached evidence chain — the raw events that drove the score — so analysts can triage in seconds rather than hours.

Log Analyzer parses log sources and maps detected activity to MITRE ATT&CK tactics and techniques — giving security operations teams structured, triage-ready findings rather than raw log lines. Each detection result references the ATT&CK technique ID, the matched pattern, and the source event, so analysts skip the correlation step and go straight to response.

Secrets Scanner catches exposed credentials and API keys before they reach production. It runs as a pre-commit hook or CI step, scanning staged changes against 40+ provider signature patterns (AWS, GCP, GitHub, Stripe, Twilio, and more) alongside high-entropy string detection.

The design goal: zero false-negative tolerance on high-confidence patterns, with tunable entropy thresholds so teams can calibrate precision without drowning in noise.

CVE Dashboard pulls live vulnerability data from the NVD API and surfaces it as an actionable intelligence dashboard — filterable by CVSS severity, vendor, and affected product — so security teams can track emerging threats relevant to their stack in real time rather than sifting raw NVD feeds.

VulnGPT pairs each CVE with AI-assisted remediation guidance: contextual next steps, patch availability signals, and workaround options — converting a CVE description into something an engineer can act on today.

I contribute focused, tested security fixes to established open-source tools. The pattern is consistent: identify a real defect that weakens the tool's security posture, fix it precisely, cover it with tests, and pass existing linting and CI.

PR #11515 — Implemented a new Microsoft Entra ID security check detecting cloud-object takeover risk via hybrid directory synchronisation. When on-premises Active Directory syncs to Azure AD, certain account configurations create privilege escalation paths that Prowler previously had no coverage for. The check identifies these accounts, maps the exposure, and ships with 22 unit tests. Passes Black, Flake8, and Bandit linting throughout.

PR #1433 — Fixed false negatives and false positives in the B508/B509 SNMP security detector. The existing checks missed insecure SNMP v1/v2c configurations in certain call patterns while flagging benign SNMPv3 usage — meaning real vulnerabilities went unreported and clean code was flagged. Fixed the detection logic with targeted tests to prevent regression.

PR #1060 — Added PIP_AUDIT_IGNORE_VULN environment variable support to complement the existing --ignore-vuln CLI flag. CI pipelines commonly need to suppress known false-positive vulnerability IDs without modifying baked-in workflow commands. The env var enables this cleanly, merges with any CLI flags passed simultaneously, and is covered by three new test cases.

PR #602 — Added risk summary and next-action text to the HTML vulnerability report's expanded finding detail. The functions summarizeRisk() and summarizeNextAction() already existed for terminal output but were not wired into the HTML report path — leaving HTML report users without the triage guidance that terminal users received. Fix reuses the existing functions, escapes output through the reporter's HTML path, and adds direct, transitive, and malicious-package test coverage. 440 tests pass.

PR #55 — Replaced shell-mediated command execution with direct argument-vector execution in the command dispatcher, eliminating a shell injection attack surface. Added security regression test coverage to prevent reintroduction.

Security engineering grounded in 20+ years of building and shipping real software — from network infrastructure to full-stack web applications with security baked in at every layer.

A full-stack social matching application built from the ground up with a production-grade architecture: React + Vite frontend, Express + Prisma API backend, a dedicated background worker service, PostgreSQL + Redis, and Docker Compose for the full local stack. Features mutual match persistence, real-time conversations, message safety enforcement (blocks, archived threads, unavailable accounts), member moderation audit logging, and auth built on httpOnly refresh token cookies with rate limiting and trusted-origin enforcement. End-to-end tested with Playwright across web and mobile viewports.

Full-stack booking and gallery management platform for a photography studio: Node.js backend with SQLite persistence, online booking, client account and session management, private client galleries, and an admin dashboard. Public portfolio images are served as permanently watermarked WebP derivatives with server-side protection for originals. Ships with a Dockerfile for any Docker host and a Render Blueprint for one-click cloud deployment.

Production-deployed mental health practice website covering psychiatric evaluation, medication management, therapy, and intake scheduling. Built with a PHP API backend serving a multi-page HTML/CSS/JS frontend, client login portal, admin dashboard, and appointment management. Deployed with SSH, structured deployment runbooks, SHA256 site integrity manifests, and a full client handover package.

Health and fitness platform with Node.js / Express backend, Prisma ORM, Stripe payment processing, and a Python AI layer for personalised recommendations — covering user onboarding, subscription billing, and AI-driven content delivery.

Security posture dashboard for government entities: Vite + React + TypeScript frontend, FastAPI Python backend — surfacing public compliance and security data in a structured, queryable format for security teams.

Full church management system: PHP backend, Twilio SMS integration, PayPal payment processing, custom admin dashboard — built and deployed end-to-end with secure credential handling and role-based access control.

Cross-platform checkers platform with minimax AI, real-time WebSocket multiplayer, SQLite ratings persistence, and PWA support. Automated security testing, strict CSP headers, and input validation throughout the full stack.

Open to senior security engineering roles, open-source collaboration, and advisory conversations — particularly in application security, threat detection tooling, and developer-focused security automation.