Skip to content
View Bigbadlonewolf's full-sized avatar

Block or report Bigbadlonewolf

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
BIGBADLONEWOLF/README.md

Lanre Oluokun

Senior Cloud Security Engineer | CISSP, CCSP, CISM, ISSAP, GCP-PCA

Most security portfolios show you the final diagram. That's the least interesting part. The diagram tells you what someone built; it tells you nothing about what they rejected, what they got wrong, or what the design still cannot do.

So every project here ships with its architecture decision records. The rejected options are in there. So are the trade-offs I accepted and the assumptions I have not verified. In BankVault you can watch me reverse my own ADR-001 a week after writing it, because the condition I said would trigger a rethink actually triggered.

I work in GCP: identity, access, policy-as-code, and the compliance mapping that makes a control defensible to an auditor instead of merely green on a dashboard.


What I do

  • Cloud security engineering on GCP: IAM, Zero Trust access design, policy enforcement
  • Architecture decision records, documenting the why rather than only the what
  • GRC: PCI DSS, SOC 2, and NIST 800-53 mapped to technical controls
  • Policy-as-Code with OPA/Rego, enforced in CI
  • Compliance automation in GitHub Actions pipelines

Certifications

  • CISSP, Certified Information Systems Security Professional
  • CCSP, Certified Cloud Security Professional
  • CISM, Certified Information Security Manager
  • ISSAP, Information Systems Security Architecture Professional
  • GCP-PCA, Google Cloud Professional Cloud Architect

Projects

Project What it is Status
BankVault Zero Trust just-in-time access broker for a loan origination workflow. GCP Privileged Access Manager issues a 30-minute IAM grant scoped by CEL to a single credit-report object. OIDC max_age=0 forces a fresh MFA event on every request, and the broker denies outright when the identity provider is down. GLBA-scoped. In progress. Architecture locked, ADR-001 through ADR-005 published
Compliance as Code OPA/Rego policy checks against Terraform plans, mapped to PCI DSS v4.0, SOC 2 (CC6/CC7), and NIST 800-53. Runs in GitHub Actions with no cloud credentials required. Shipped. 50/50 tests passing, five-job gated CI
GCP Hardened Landing Zone Terraform security baseline: CMEK, audit logging, VPC isolation, and OPA policy enforcement mapped to PCI DSS v4.0, NIST 800-53, and SOC 2. Reference architecture. Not deployed to production
SecureVault GCP-native CSPM pipeline. Security Command Center findings route through Pub/Sub to a Cloud Function, which auto-remediates public buckets and open firewall rules and alerts on everything it does not recognize. In progress
Vulnerability Management Program End-to-end vulnerability management on Azure: policy drafting, stakeholder buy-in, credentialed Tenable scanning, CAB process, full remediation cycle. 80% reduction in open findings. Documented case study
Personal Site ADRs, project write-ups, and design reasoning. Hugo, deployed on GitHub Pages. Live

Anything marked "in progress" still has a real ADR trail behind it. The reasoning is the deliverable as much as the code is.


Background

I did not start in security.

Ten years in retail banking operations at First Bank of Nigeria taught me what a regulated environment demands of a control long before anyone writes Terraform for it. Before that, IT support at British American Tobacco in Ibadan, covering 150+ workstations on ServiceNow. In between, I founded and ran Bloominglo Limited, a logistics business that reached roughly $650K in annual turnover, which is where I learned what it costs when a process fails quietly.

Then I rebuilt in the US. I earned the CISSP, CCSP, CISM, and ISSAP while working, completed a GCP Cloud Security Architect engagement at ATBOD (2022 to 2023), and worked as a Cloud Vulnerability Engineer at LOG(N) Pacific (2023 to 2024). I am currently deepening hands-on GCP architecture practice through the Go Cloud Careers program while building the portfolio above.

That banking background is the reason I write ADRs the way I do. A control that cannot be explained to an examiner is a control that does not exist yet.

I am targeting Senior Cloud Security Engineer and Security Engineer roles at banks and fintechs. The architecture-level thinking on this page is the evidence.


Contact

Pinned Loading

  1. COMPLIANCE_AS_CODE COMPLIANCE_AS_CODE Public

    OPA/Rego policy enforcement mapped to PCI DSS v4.0, SOC 2, and NIST 800-53 — 50/50 passing tests, five-job gated CI pipeline

    Open Policy Agent

  2. Lanreoluokun.com Lanreoluokun.com Public

    Personal portfolio — Architecture Decision Records, project write-ups, and security design reasoning. Built with Hugo, deployed on GitHub Pages.

    CSS

  3. Vulnerability-Management Vulnerability-Management Public

    End-to-end vulnerability management program on Azure — credentialed Tenable scanning, CAB remediation cycle, 80% vulnerability reduction

    PowerShell