In his role as Senior Penetration Tester, Michael led penetration testing and red team assessments, focusing on enhancing the bank’s security posture against emerging threats. - Designed and executed simulated attack scenarios to identify vulnerabilities in the bank’s IT infrastructure and applications. - Conducted penetration tests on cloud services, assessing configurations and access controls to identify critical security gaps. - Led security testing for APIs, web and mobile applications, detecting and exploiting vulnerabilities. - Conducted Red Team assessments, simulating real-world cyberattacks to test Moniepoint’s security defenses. - Exploited misconfigurations in cloud environments (GCP, AWS, and Azure) to assess privilege escalation and lateral movement risks. - Conducted phishing simulations and social engineering assessments to test employee awareness. - Led exercises to validate detection and response capabilities. - Assessed security monitoring solutions and provided recommendations for log collection and threat detection improvements. - Conducted PCI Specific Pentest, including segmentation testing from non-cde to cde environment. - Performed threat modelling for various applications and system - Evaluated third-party security controls to ensure compliance with security best practices. - Generated detailed reports with risk assessments and actionable remediation strategies, collaborating with internal teams to implement security measures.

Michael worked as an Experienced Consultant in the Cyber and Privacy Unit at KPMG Advisory Services Nigeria. He provided cyber security consulting services across multiple IT Security disciplines, including vulnerability assessment and penetration testing, IT infrastructure security assessment and remediation, data privacy audits, and cyber strategy development. He has also performed reviews of information systems security and alternate delivery channels to several clients. In addition, he has worked with clients in assessing threats and vulnerabilities through penetration testing, web application security assessments, social engineering, network and application architecture reviews, and security & technology gap assessments using leading standards such as NIST, OWASP, and MITRE ATT&CK