| name |
Fola Falusi |
| github |
kraneduper |
| specializations |
Audit & Assurance |
Cloud Security |
Compliance Automation |
Offensive Security |
Risk Management |
Security Architecture |
Security Governance |
Security Operations |
Vulnerability Management |
|
| title |
Security Consultant |
| location |
London, United Kingdom |
| linkedin |
https://www.linkedin.com/in/folajimi-falusi/ |
| blog |
https://medium.com/@kranduper |
| frameworks |
ISO 27001 |
NIST 800-53 |
NIST CSF |
NIST RMF |
PCI-DSS |
|
| languages |
|
| certifications |
|
| available_for |
|
| projects |
| name |
url |
description |
AWS S3 Compliance Checker |
|
An AWS Config custom rule Lambda function that evaluates S3 buckets for compliance with organizational policies. This rule checks that all S3 buckets have proper tagging (Owner tag) and public access blocking configured. |
|
|
I am an Information Security Professional driving cybersecurity governance, risk management and compliance programs across global financial institutions.
- Developed a custom AWS Config rule using a Lambda function to assess S3 bucket compliance with organisational policies, providing continuous compliance monitoring and reducing audit preparation time by 90%.
- Developed an automated IAM privilege access review tool in Python that analyzes AWS users and roles for least privilege compliance, implementing a risk-scoring algorithm to classify entities (CRITICAL/HIGH/MEDIUM/LOW) and generating executive summaries with compliance metrics for SOC 2 and NIST 800-53 audits.
- Delivered quantitative gap analysis on client environments, reviewing policies and procedures against specific criteria set by regulations and standards such as DORA (Digital Operational Resilience Act), ISO27001, UK IOREP. Successfully identified and documented compliance gaps and associated risk, providing a clear roadmap for regulatory alignment and operational resilience.
- Monitored regulatory changes (e.g. DORA updates) and collaborated with Legal and Compliance to update controls and procedures, achieving full compliance ahead of inspection deadlines.
- Led quarterly control assessments, testing controls, identifying control gaps, and coordinated remediation with IT, Operations, and Legal teams, reducing overall risk exposure.
- Managed and delivered Threat Led Penetration Testing engagements in alignment with CBEST, MITRE, and TIBRE frameworks, emphasizing Tailored Threat Intelligence (TTI) and Threat Actors Attack Scenarios (TAAS) for various European financial institutions, resulting in an overall reduction in cyber-attacks.
- Led comprehensive assessments of application security capabilities for global organisations, identified critical gaps across the software development lifecycle, and developed a refined future-state roadmap with actionable recommendations, improving the organisations ability to securely deliver software.
- Led cybersecurity maturity assessments aligned with industry standards and frameworks, including NIST CSF, CRI2.0 CIS, for both on-premise and cloud environments. Assisted organisations in creating cyber security strategy to enhance their cyber defense operations, resulting in an improvement in overall cybersecurity posture.
- Led the transformation of a controls catalogue for multiple organisations by benchmarking against industry-leading standards and identifying control gaps.
Feel free to reach out if you want to discuss GRC engineering, vulnerability management, Threat-Led Penetration Testing.
LinkedIn: https://www.linkedin.com/in/folajimi-falusi/