LUGAGA MAURICE NGULU
Phone: +254 -
LinkedIn: https://www.linkedin.com/in/lugaga
Nairobi, Kenya-
Personal Statement
A Cyber Security Engineer with 5+ years of well-rounded experience in Cyber Security, Cloud
Security, Computer Networks, User-Centered Technical Support, and a background in Software
Development. I consistently exceed performance standards. Level-headed and calm in stressful
situations with well-developed people skills. See Credentials
Technical Skills
ToolBox: Bash, Python, Ubuntu, Virtual Box, Vim, VirusTotal, Talos, AbuseIPDB, Shodan,
DNS Lookup, MXToolbox, GitHub, Azure Cloud Security, AWS Cloud Practitioner, AWS Cloud
Security, Amazon CloudFront, Elastic BeanStalk, Active Directory, CVEs, SIEM, SOAR,
CyberChef, tcpdump, 0d1n, hydra, John_The_Reaper, Gobuster, LLMs-ChatGPT,
FortiGate-FortiOS, NextGen Firewall, Jira, Lock-Picking, OWASP, OSINT, Wireshark,
WordPress, Packet Tracer, Snort, Nmap, Metasploit, Burp Suite, Zero Days, Splunk, IBM
QRadar, SentinelOne, Elastic, Xiao, CrowdStrike, MITRE ATT&CK, D3FEND, TTPs, &
Darknet Diaries.
Experienced Skills: Linux Administration, User Training, Ethical Hacking, Penetration Testing,
Intrusion Detection, Report Writing, Steganography, Password Snooping, Web Application
Testing, Firewall/Anti-Virus, Incidence Response, IOCs reviews, Endpoint Security,
Cryptography, Vulnerability Management, Troubleshooting, Public Key Infrastructure, Risk
Analysis and Management, SharePoint Administration, PCI-DSS, HIPAA, GDPR, NIST, Cisco
Network Analysis, Security, and Monitoring.
Personal Skills
● Self-motivated - able and willing to work without being told what to do.
● Confident - I exhibit confidence in my abilities and quality of work.
● Versatile - able to adapt to many different environments.
Cyber Security Engineer - CYDEO - Mentorship Programme - Virginia - USA
March 2021 - October 2023
Responsibilities:
Coach L1 SOC Analysts in Identifying and Escalating Security Incidents:
●
Guide Level 1 SOC Analysts in recognizing potential information security incidents and
effectively escalating them to Level 2 SOC Analysts.
Demonstrate Expanding Visibility and Control Using FortiGate - FortiOS NextGen
Firewall:
●
Illustrate to Tier 1 SOC Analysts how to enhance network visibility and control, ensure
the consistent deployment and enforcement of security policies, and facilitate centralized
management across a distributed network utilizing FortiGate - FortiOS NextGen
Firewall.
Resolve JIRA Tickets from Various SIEM Platforms:
●
Address JIRA tickets forwarded by Tier 1 SOC Analysts from a range of SIEM
platforms, including Splunk Enterprise, IBM QRadar, SentinelOne, CrowdStrike, and
AlienVault OSSIM, effectively managing SIEM event logs.
Efficiently Manage Tickets with JIRA Kanban:
●
Proficiently assign and escalate tickets using the JIRA kanban system, ensuring smooth
and organized incident handling.
Instruct L1 SOC Analysts in Event Log Monitoring with Elastic (ELK Stack) and
CVEs:
●
Walk Level 1 SOC Analysts through the process of monitoring event logs using Elastic
(ELK Stack) and understanding Common Vulnerabilities and Exposures (CVEs) for
proactive threat management.
Guide L1 SOC Analysts Through MITRE ATT&CK® Matrix:
●
Provide guidance to L1 SOC Analysts on understanding and utilizing the tactics,
techniques, and procedures within the MITRE ATT&CK® Matrix for improved threat
detection and response.
Coach L1 SOC Analysts on MITRE D3FEND® Matrix Countermeasures:
●
Guide L1 SOC Analysts in implementing hardening, detection, isolation, and deception
countermeasures outlined in the MITRE D3FEND ® Matrix to fortify network security.
Develop and Monitor IDS/IPS Rules for Threat Detection:
●
Create and oversee IDS/IPS rules to identify and prevent malicious activities, enhancing
proactive security measures.
Evaluate Threat and Vulnerability Data for Mitigation:
●
Assess threat and vulnerability information from various sources, both internal and
external, and promptly apply appropriate mitigation techniques, initiating timely
indications and warnings.
Conduct Training Sessions on Threat and Vulnerability Assessment:
●
Lead educational sessions on performing comprehensive threat and vulnerability
assessments, providing subject matter expertise in effective threat mitigation strategies.
Analyze Log, Network, Malware, and Device Data for Remediation
Recommendations:
●
Evaluate log, network, malware, and device data and deliver recommendations for
addressing security vulnerabilities, contributing to enhanced security posture.
Perform Internet-Facing Asset Vulnerability Assessment:
●
Conduct vulnerability assessments and confirm the security of internet-facing assets
using a variety of commercial, open-source, and custom tools.
Stay Informed on Security Trends and Technologies:
●
Monitor and stay up-to-date with the latest advancements and trends in information
security technologies, threats, and vulnerability awareness, and apply them where
necessary to maintain robust security measures.
Integration Engineer - Bring Global - Internship Programme - Nairobi - Kenya
October 2020 - March 2021
Achievements and Responsibilities
●
●
●
●
Conduct data solution integrations using IBM Integration Bus & IBM Websphere MQ.
Develop APIs based on SOAP, REST, RESTFul, JSON & XML.
Test APIs on SoapUI, Postman or Swagger.
Develop and manage existing Enterprise Service Bus(ESB) APIs integrations depending
on the need and requirements using SOA architecture.
● Bank System Orchestration and service integration in Enterprise Service Bus.
● Covered IBM LinuxONE Technical Sales Level 2 (virtualization, cloud, security, and
storage capabilities).
● Covered CompTIA Linux+.
Cyber Security Consultant - Muoti Concepts Limited - Nairobi - Kenya
January 2019 - January 2021
Achievements and Responsibilities
● Conduct information security management reviews and information security management
system (ISMS) assessments based on the ISO 27001:2013 Standard.
● IT security audits (e.g., network, applications, and data center), including evaluating if
security vulnerabilities are properly identified and mitigated.
● Coordinate the scope and performance of these reviews with business units and external
security experts.
● Conduct Cyber Security Awareness training.
● Ensure technical implementation and business processes are aligned.
● Lead the design, implementation, operation, and maintenance of security management
systems.
● Participate in the creation, review, and update of information security policies.
● Provide complex technical advice, recommendations, and consultancy on networks,
infrastructure, products, and services..
● Provide or assist with implementation documentation.
● Ongoing project management.
ICT Officer - AMC Group Africa Limited - Nairobi - Kenya
January 2018 - November 2018
Achievements and Responsibilities
● Provide Tech support, Inventory management, department budgeting and
procurement, hardware and software testing, deployment, maintenance,
troubleshooting, and upgrades.
● Develop new and modify existing software to correct errors, to adapt them to new
hardware, or upgrade interfaces and improve performance.
● Develop and implement all ICT security policies and procedures based on ISO
27001, ISO 22301, and ISO 45001 standards.
● Develop websites using WordPress themes customizations and plugins.
● Manage the company’s ERP and CRM system.
● Manage company email accounts.
● Design and print all company documents on request.
ICT Officer - Elimu Holdings Limited - Nairobi - Kenya
June 2015 - December 2017
Achievements and Responsibilities
● Monitor and test application performance to identify potential bottlenecks,
develop solutions, and collaborate with developers on solution implementation.
● Manage company email accounts. (Zoho Email Service).
● Design, analyze, test, deploy, and manage, customize ERP and CRM using
ODOO OpenSource Service.
● Manage company computer network, trunking, and cabling.
● Lias with ISP to ensure seamless internet connectivity.
● Did regular data back-ups and software updates on computers.
● Train clients on new software installations and management.
Academic Qualification
Jomo Kenyatta University of Agriculture and Technology
September 2013 - November 2016
Bachelor of Science in Information Technology
2nd Class Upper Degree See Cert Credential
Professional Qualification
AWS Cloud Quest: Cloud Practitioner
February 2023
● I can build basic solutions using AWS services and have a fundamental understanding of
AWS Cloud concepts.
● I have hands-on experience with compute, networking, database and security services.
See Credential
Ransomware Hunter - RangeForce Academy
November 2022
● I am well equipped to identify and respond to some of the most prevalent attack
techniques used in human-operated ransomware campaigns.
● I am able to learn to utilize various detection capabilities to identify network, signature,
and behavior anomalies to stop ransomware earlier in the kill chain.
● Furthermore, I am able to understand how to prevent initial access and mitigate the
overall threat of ransomware. See Credential
Ransomware Ready - RangeForce Academy
November 2022
● This makes me well equipped to recognize and understand the most prevalent
ransomware variants.
● The variants in this course make up over 75% of all recorded ransomware attacks of the
year.
● This course has helped me identify common ransomware attack techniques ranging from
initial access to impact. See Credential
● The variants covered in this path include:1). Ryuk Ransomware, RansomEXX
Ransomware, 3). REvil Ransomware, 4). BlackMatter Ransomware.
5). Hades Ransomware, 6). Egregor Ransomware, 7). DoppelPaymer Ransomware, 8).
Conti Ransomware.
Security Operation Center - 2 - RangeForce Academy
June 2022
● In this path, I worked through hands-on modules to develop robust skills, including more
sophisticated search capabilities, utilizing APIs and SIEMs to automate repetitive tasks,
and incorporating the right tools into incident response. During the course challenges, I
was able to demonstrate the resilience I bring to teams by applying my skills to incident
response. See Credential
Security Operation Center - 1 Elite - RangeForce Academy
May 2022
In this path, I was able to gain live-environment experience with the foundational
concepts and practices of a security operations center (SOC). Whether it’s understanding
event logs, visualizing data, or conducting malware analysis, this curriculum has made
me SOC-ready. I worked through a series of hands-on modules and related challenges to
complete this path. See Credential
CompTIA Security+ SYO-601
August 2021
● Knowledge and skills necessary to perform core security functions required of any
cybersecurity role. Ability to identify and address potential threats, attacks, and
vulnerabilities and they have established techniques in risk management, risk mitigation,
threat management, and intrusion detection. See Cert Credential
Cisco Certified CyberOps Associate
June 2021
● This certification validates the skills required of associate-level cyber security analysts
within security operations centers. See Cert Credential
Moringa School (Core)
September 2019
FullStack Software Engineering - Python & Javascript. See Cert Credential
IBM Digital Nation Africa
January 2019 - Present
● Learning the skills of the future with Coding, CyberSecurity, Artificial Intelligence, the
Internet of things, Blockchain, Data Science, and the Cloud. See Credential
Interests
● Zero Days, HackTheBox, TryHackMe and Ransomware.
● Chess, Scrabble, Run, Jungle Trails., and Cycling.
