Skip to content
View seyifalode-cmd's full-sized avatar

Block or report seyifalode-cmd

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
seyifalode-cmd/README.md

Oluwaseyi Michael Falode · Cloud & Cybersecurity Engineer

Building secure, scalable cloud infrastructure — and hunting the threats that target it.

View Full Project Portfolio →

I work across the full cloud security stack: detection engineering and threat modelling, identity security and Zero Trust architecture, cloud-native security pipelines, and security automation. My projects are hands-on — built from scratch, validated with measurable results, documented to a standard that demonstrates the actual work.


What I Work With

Cloud & Infrastructure AWS · Azure · Terraform · Ansible · EC2 · S3 · Lambda · Key Vault · Auto Scaling · Load Balancers

Containers & Orchestration Kubernetes · Docker · Docker Compose · Docker Swarm · Spring Boot on K8s

CI/CD & Automation Jenkins (multi-node, pipelines, Groovy libraries) · Python CD · Infrastructure as Code

Security & Threat Detection Detection Engineering · MITRE ATT&CK · Sigma Rules · GuardDuty · EventBridge · Lambda · CloudTrail · Microsoft Entra ID · Conditional Access · Zero Trust · CrowdStrike Falcon · Splunk · Microsoft Sentinel · Elastic SIEM · SOC Monitoring · Threat Hunting · EDR


Featured Projects

Project What It Is
Operation FORAGER — Detection Engineering Lab End-to-end detection lab around a malware-free intrusion: 51,225 labelled synthetic log events, 4 behavioural detections in 3 structural shapes, scored 4/4 with zero false positives — plus a human-in-the-loop AI triage validation exercise
AWS GuardDuty Automated Threat Detection Pipeline 8-service AWS-native pipeline built from scratch: GuardDuty → EventBridge → SNS + Lambda → CloudTrail + S3 → CloudWatch. Automated EC2 isolation on HIGH severity findings. 391 sample findings processed, 8 alert emails delivered in seconds
Entra ID Conditional Access Lab Enterprise identity security framework on Microsoft Entra ID Premium P2: 5 Conditional Access policies (MFA, geo-blocking, compliant device, privileged access, vendor restriction) with Graph API JSON, PowerShell deployment scripts, and What If validation
Sigma Detection Rules — 15-Rule ATT&CK Library Production-grade detection-as-code library: 15 MITRE ATT&CK-mapped Sigma rules spanning credential access, lateral movement, exfiltration, persistence, defense evasion, and impact — each with Splunk SPL, Sentinel KQL, and Elastic translations
SOAR Playbooks — SOC Automation Library 4 vendor-neutral SOAR playbooks (phishing response, suspicious login, malware/endpoint isolation, cloud misconfiguration) with Python enrichment scripts, VirusTotal/MISP/IP geo integration, and mandatory human-in-the-loop approval gates
Kubernetes Container Security Pipeline Three-layer DevSecOps pipeline: Trivy image scanning + OPA Gatekeeper admission control + Falco runtime threat detection on a live Minikube cluster
CrowdStrike Threat Hunt — SCATTERED SPIDER Hypothesis-driven threat hunt against a real-world eCrime group using CrowdStrike Falcon CQL, mapped to MITRE ATT&CK v14
Wiz + Palo Alto Cloud IR Playbook End-to-end cloud incident response — Wiz Toxic Combination detection (Log4Shell + public S3 + IAM escalation) with Palo Alto Cortex XDR automated containment
Splunk SOC Monitoring Lab End-to-end SOC monitoring environment built in Splunk with SPL queries, detection rules, scheduled alerts, and dashboards

Project Categories

Detection Engineering & Threat Detection

  • operation-forager-detection-lab — Malware-free intrusion simulation · 51,225 synthetic log events · 4 behavioural detections · 3 structural shapes · 4/4 validated · zero false positives · Python standard library only
  • aws-guardduty-threat-detection-pipeline — GuardDuty · EventBridge · SNS · Lambda · CloudTrail · S3 · CloudWatch · automated EC2 isolation · severity triage · forensic audit chain
  • sigma-detection-rules — 15 MITRE ATT&CK-mapped Sigma rules · Splunk SPL · Sentinel KQL · Elastic · detection-as-code
  • soar-playbooks — 4 SOAR playbooks · phishing · suspicious login · malware · cloud misconfiguration · Python enrichment · MITRE ATT&CK · human-in-the-loop
  • crowdstrike-threat-hunt-portfolio — CrowdStrike Falcon threat hunt · SCATTERED SPIDER · MITRE ATT&CK
  • splunk-soc-monitoring-lab — Splunk SOC monitoring and detection

Identity Security & Zero Trust

  • entra-conditional-access-lab — Microsoft Entra ID Premium P2 · 5 Conditional Access policies · MFA · geo-blocking · Intune device compliance · vendor restriction · Graph API JSON · PowerShell deployment
  • azure-cloud-security-lab — Entra ID · RBAC · Defender for Cloud · Microsoft Sentinel · KQL

Cloud Security & Incident Response

Cloud Infrastructure (AWS & Azure)

Kubernetes & Containers

CI/CD & Jenkins

Ansible & Configuration Management

Terraform & IaC Testing


Currently Working On

  • Detection engineering: building and validating behavioural detection rules mapped to MITRE ATT&CK across cloud identity, AWS, and endpoint log sources
  • Cloud security automation: AWS-native threat response pipelines using GuardDuty, EventBridge, Lambda, and CloudTrail
  • Identity security: Zero Trust frameworks using Microsoft Entra ID Conditional Access and least-privilege architecture

View All Repositories

Pinned Loading

  1. sigma-detection-rules sigma-detection-rules Public

    ITRE ATT&CK-mapped Sigma detection rules with Splunk, Sentinel & Elastic conversions

    1

  2. soar-playbooks soar-playbooks Public

    SOAR playbooks for a modern SOC — phishing, suspicious login, malware, and cloud misconfiguration response with enrichment scripts and Mermaid flowcharts

    Python

  3. azure-cloud-security-lab azure-cloud-security-lab Public

    Hands-on Azure security lab — Entra ID, RBAC, Key Vault, Defender for Cloud, Microsoft Sentinel, VNet/NSG, and Azure Monitor with KQL

  4. crowdstrike-threat-hunt-portfolio crowdstrike-threat-hunt-portfolio Public

    CrowdStrike threat hunting portfolio

    2

  5. k8s-container-security-pipeline k8s-container-security-pipeline Public

    Three-layer Kubernetes container security pipeline: Trivy (image scanning) + OPA Gatekeeper (admission control) + Falco (runtime threat detection)

  6. wiz-paloalto-cloud-ir-playbook wiz-paloalto-cloud-ir-playbook Public

    Cloud incident response playbook using Wiz CNAPP and Palo Alto Cortex XDR — Toxic Combination detection on AWS