Kamau Ochieng
kamau.ochieng@email.com | +254 712 445 893 | Kilimani, Nairobi, Kenya | linkedin.com/in/kamau-ochieng-security

PROFESSIONAL SUMMARY

Strategic cybersecurity leader with 15+ years of progressive experience in information security management, risk mitigation, and enterprise security architecture. Proven track record of building and leading high-performing security teams, implementing comprehensive security frameworks aligned with NIST standards, and driving organizational security posture improvements across complex, multi-cloud environments. Expert in vulnerability management, identity and access management, and security operations with demonstrated success in banking, healthcare, and defense sectors.

PROFESSIONAL EXPERIENCE

Senior Cyber Security Manager
TechGuard Solutions East Africa, Nairobi, Kenya
March 2021 – Present

Lead enterprise-wide cybersecurity strategy and operations for a Fortune 500 organization with 8,000+ employees across multiple geographic locations. Manage a team of 12 security professionals including architects, engineers, and analysts responsible for protecting critical infrastructure and sensitive data assets.

- Designed and implemented comprehensive cybersecurity program aligned with NIST Cybersecurity Framework, reducing security incidents by 47% and achieving 98% compliance across all security controls
- Spearheaded cloud security initiatives across AWS, Azure, and Google Cloud platforms, establishing DevSecOps practices and automated security controls that improved deployment security by 65%
- Established Security Information and Event Management (SIEM) program processing 2M+ events daily, reducing mean time to detect threats from 8 hours to 45 minutes
- Led Identity and Access Management transformation initiative implementing zero-trust architecture, biometric authentication, and role-based access controls for 15,000+ user accounts
- Managed $4.2M annual security budget and vendor relationships with 18+ security technology providers
- Directed vulnerability management program utilizing automated scanning and remediation workflows, maintaining 95% patch compliance and reducing critical vulnerabilities by 82%
- Championed security awareness training program reaching 100% of workforce, reducing phishing susceptibility from 23% to 4%
- Collaborated with enterprise architecture team to integrate security requirements into SOA and microservices architectures

Cyber Security Architect
Nexus Financial Group, Westlands, Nairobi
June 2018 – February 2021

Architected enterprise security solutions and frameworks for a global financial services organization handling $120B in annual transactions. Provided technical leadership for security engineering teams and served as subject matter expert for security architecture reviews.

- Designed multi-layered defense architecture incorporating network segmentation, encryption protocols, and intrusion detection systems protecting 200+ applications
- Led security architecture for cloud migration initiative moving 75+ applications to AWS and Azure while maintaining HIPAA, PCI-DSS, and SOC 2 compliance
- Implemented containerized security solutions using Docker and Kubernetes with integrated vulnerability scanning and runtime protection
- Established security standards and patterns for API security, data encryption, and secure software development lifecycle
- Conducted security assessments and penetration testing exercises identifying and remediating 300+ vulnerabilities
- Developed security reference architectures and technical standards adopted across 12 business units
- Mentored team of 6 security engineers on security architecture principles and emerging threat landscapes

IT Security Manager
MediCore Technologies, Upper Hill, Nairobi
January 2015 – May 2018

Managed day-to-day security operations and incident response for a healthcare technology company serving 200+ hospital systems. Oversaw security monitoring, threat intelligence, and compliance activities ensuring protection of PHI and medical device infrastructure.

- Built and led 24/7 Security Operations Center (SOC) handling 15,000+ security events monthly
- Implemented comprehensive vulnerability management program reducing average remediation time from 45 days to 12 days
- Established incident response procedures and playbooks, successfully managing 50+ security incidents with zero data breaches
- Led HIPAA and FDA compliance initiatives for medical device software achieving 100% audit compliance
- Deployed Active Directory security hardening and privileged access management solutions
- Managed security aspects of GxP-validated systems ensuring compliance with Good Clinical Practice requirements
- Coordinated with legal, compliance, and privacy teams on KYC and data protection requirements

Senior Information Security Engineer
SafeNet Insurance Solutions, Parklands, Nairobi
August 2011 – December 2014

Implemented and maintained security infrastructure and tools for a mid-sized insurance company. Performed security assessments, penetration testing, and security monitoring activities.

- Deployed and managed enterprise SIEM solution (Splunk) aggregating logs from 500+ sources
- Conducted regular vulnerability assessments and penetration tests across network, application, and cloud infrastructure
- Implemented encryption solutions for data at rest and in transit across multiple platforms
- Managed firewall, IDS/IPS, and web application firewall infrastructure
- Developed security automation scripts using Python and Perl reducing manual security tasks by 40%
- Participated in incident response activities and forensic investigations
- Administered security tools including vulnerability scanners, endpoint protection, and DLP solutions

Information Security Analyst
Digital Security Corp, Karen, Nairobi
May 2009 – July 2011

Performed security monitoring, log analysis, and threat detection activities. Supported security infrastructure and assisted with security projects and compliance initiatives.

- Monitored security alerts and performed initial triage and investigation of security events
- Conducted security configuration reviews for Windows, Linux, and Unix systems
- Assisted with security audits and compliance assessments
- Maintained security documentation including SOPs and security policies
- Supported identity and access management processes including user provisioning and access reviews
- Participated in security awareness training development and delivery

EDUCATION

Master of Science in Cybersecurity
Strathmore University, Nairobi, Kenya
Graduated: 2011

Bachelor of Science in Computer Science
University of Nairobi, Nairobi, Kenya
Graduated: 2009

CERTIFICATIONS

- Certified Information Systems Security Professional (CISSP)
- Certified Information Security Manager (CISM)
- Certified Cloud Security Professional (CCSP)
- AWS Certified Security - Specialty
- Certified Ethical Hacker (CEH)
- GIAC Security Essentials (GSEC)

TECHNICAL SKILLS

Security Management: NIST Framework, Risk Management, Vulnerability Management, Incident Response, Security Operations, Threat Intelligence, Security Architecture, DevSecOps

Identity & Access Management: Active Directory, Biometrics, Zero Trust, Privileged Access Management, SSO, MFA

Cloud Security: AWS, Azure, Google Cloud, Cloud Security Posture Management, Container Security, Docker, Kubernetes

Security Tools: SIEM, IDS/IPS, Vulnerability Scanners, Endpoint Protection, DLP, SOAR, Encryption Technologies

Compliance & Governance: NIST, HIPAA, PCI-DSS, SOC 2, ISO 27001, GDPR, GxP, FDA Regulations

Technologies: Linux, Unix, Windows, Networking, Firewalls, VPN, Load Balancers, Logging & Monitoring

Development & Scripting: Python, Java, C++, C#, PHP, Perl, XML, SQL

Project Management: Agile, Scrum, Kanban, Waterfall, JIRA, Microsoft Project, Smartsheet

PROFESSIONAL AFFILIATIONS

- Member, Information Systems Security Association (ISSA)
- Member, Cloud Security Alliance (CSA)
- Member, (ISC)² Professional Organization

ADDITIONAL SKILLS

Leadership & Management: Team Building, Mentoring, Coaching, Vendor Management, Budget Management, Strategic Planning, Change Management, Organizational Leadership, Conflict Resolution

Business Acumen: Business Analysis, Technical Analysis, Project Management, Agile Project Management, PMO, Customer Relationship Management, Stakeholder Engagement