Skip to content
View Bigbadlonewolf's full-sized avatar

Block or report Bigbadlonewolf

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
BIGBADLONEWOLF/README.md

Lanre Oluokun

Senior Cloud Security Engineer | CISSP, CCSP, CISM, ISSAP, GCP-PCA

Ten years in infrastructure and security before moving into cloud-native security engineering — retail banking operations, IT infrastructure support, and a GCP Cloud Security Architect engagement at ATBOD (2022–2023). I design like an architect and ship like an engineer: every project below includes the ADR trail showing the actual tradeoffs, not just the final diagram.


What I do

  • Cloud security engineering on GCP: IAM, Zero Trust access design, policy enforcement
  • Architecture decision records (ADRs) — documenting why, not just what
  • GRC: PCI DSS, SOC 2, NIST 800-53 mapped to technical controls
  • Policy-as-Code with OPA/Rego, enforced in CI
  • Compliance automation in GitHub Actions / CI pipelines

Certifications

  • CISSP
  • CCSP
  • CISM
  • ISSAP
  • Google Cloud Professional Cloud Architect

Projects

Project What it is Status
BankVault GCP Zero Trust JIT access broker for a loan origination workflow. PAM-based time-bound IAM grants, OIDC auth_time/max_age=0 for MFA freshness validation, scoped to GLBA/NPI compliance. ADR-001 documents the architecture decisions and alternatives considered. In progress — architecture locked, ADR-001 published
COMPLIANCE_AS_CODE OPA/Rego policy checks against Terraform plans, mapped to PCI DSS v4.0, SOC 2, NIST 800-53. Runs in GitHub Actions with no cloud credentials required. Deployed — 50/50 passing tests, 5-job gated CI
ZTNA Reference Architecture 4-layer Zero Trust design for GCP: IAP, Istio mTLS, OPA default-deny, Terraform. Designed — scaffolded, pending live org provisioning
Vulnerability Management Program End-to-end vulnerability management on Azure: Tenable credentialed scanning, CAB remediation cycle, 80% reduction in open findings. Documented case study
SecureVault GCP-native CSPM concept: SCC findings routed through Pub/Sub to a Cloud Function for alerting on public buckets, open firewalls, and over-privileged service accounts. In progress
Personal Site ADRs, project write-ups, and security design reasoning. Hugo + GitHub Pages. Live

Every "in progress" or "designed" project has a real ADR behind it — the reasoning is the deliverable as much as the code.


Background

Ten years in infrastructure, banking, and security operations. Started in IT support at British American Tobacco in Ibadan, Nigeria (150+ workstations, ServiceNow). Ten-plus years in retail banking operations at First Bank of Nigeria. Founded and ran Bloominglo Limited, a logistics business (~$650K annual turnover). Rebuilt in the US, earning CISSP, CCSP, CISM, and ISSAP while working, then completed a GCP Cloud Security Architect engagement at ATBOD (2022–2023) and a Cloud Vulnerability Engineer role at LOG(N) Pacific (2023–2024). Currently deepening hands-on GCP architecture practice through an intensive cloud security program (Go Cloud Careers) while building the portfolio above.

Targeting Senior Cloud Security Engineer / Security Engineer roles at banks and fintechs — with the architecture-level thinking on this page as the evidence for where I'm headed next.


Contact

Popular repositories Loading

  1. BIGBADLONEWOLF BIGBADLONEWOLF Public

    Security Architect · CISSP · CCSP · CISM · ISSAP · GCP-PCA — architecture decisions, cloud security, and compliance automation

  2. Vulnerability-Management Vulnerability-Management Public

    End-to-end vulnerability management program on Azure — credentialed Tenable scanning, CAB remediation cycle, 80% vulnerability reduction

    PowerShell

  3. COMPLIANCE_AS_CODE COMPLIANCE_AS_CODE Public

    OPA/Rego policy enforcement mapped to PCI DSS v4.0, SOC 2, and NIST 800-53 — 50/50 passing tests, five-job gated CI pipeline

    Open Policy Agent

  4. GCP-HARDENED-LANDING-ZONE GCP-HARDENED-LANDING-ZONE Public archive

    ZTNA reference architecture on GCP — 4-layer Zero Trust build (IAP, Istio mTLS, OPA default-deny, Terraform). Scaffolded; pending live org provisioning.

    HCL

  5. Lanreoluokun.com Lanreoluokun.com Public

    Personal portfolio — Architecture Decision Records, project write-ups, and security design reasoning. Built with Hugo, deployed on GitHub Pages.

    CSS

  6. SecureVault SecureVault Public

    Event-driven GCP security findings pipeline: SCC SHA → Pub/Sub → Cloud Function → email alerts for PUBLIC_BUCKET_ACL, OPEN_FIREWALL, OVER_PRIVILEGED_SERVICE_ACCOUNT

    Python