I'm Edwin Muema — a Cloud Security Engineer with 6+ years across Offensive and Defensive security. I embed security into the SDLC so engineering teams ship secure code by default.
My career started in the offensive trenches — Vulnerability Assessment and Penetration Testing, then transitioned to Digital Forensics and Incident Response. Everything I build on the defensive side is powered by the threat-actor mindset.
I currently lead Application Security at OysterHR for a Globally Distributed Engineering Team. I've implemented WAF protections blocking thousands of attacks weekly, driven vulnerability remediation to near-zero across the codebase, and built DevSecOps pipelines that make security invisible yet highly impactful to developers.
Before that, I secured banking infrastructure at SBM Bank, led incident response on multi-million dollar cases at PwC, and conducted penetration tests across Financial services, Telecoms, and Energy sectors.
I hold the Google Cloud Professional Security Engineer certification and am passionate about mentoring the next generation of security professionals through KamiLimu, where I've directed technical curricula for 34+ mentees.
VAPT, Red teaming, Social Engineering
Digital Forensics with EnCase, FTK, Cellebrite; SOC operations, SIEM engineering, Endpoint protection (1,500+ endpoints), Network security
SAST/DAST/SCA in CI/CD, Terraform infrastructure-as-code security, secrets management, shift-left in SDLC
AWS, GCP, Harness — IAM, RBAC, WAF configuration
I believe security work that can't be quantified can't be improved. Here's what the numbers say.
Through KamiLimu, a multi-award winning structured mentorship program, I've contributed to upskilling the next generation of tech talent.
Coordinated technical curricula covering Data Science, Cloud Engineering, Software Development, and Cybersecurity for 34 mentees over 8 months.
Mentored 5 cybersecurity students. Their project — Sentinel Master (Managed WAF for Financial Institutions on AWS) — won First Place in the Innovation Competition.
One of 36 selected from a 20% acceptance rate. Won the Global EC Council Cyber Mega Challenge ($6,000 scholarship), plus public speaking and cybersecurity track competitions.
Tutorials, case studies, opinions, and technical deep-dives on Offensive and Defensive security.
The gap between checkbox compliance and actual security resilience — and what CISOs should prioritize beyond the audit.
4 min read · Apr 2026Read →A practitioner's guide to DFIR — evidence extraction with KAPE, registry analysis with RegRipper, MFT timelines, and execution artifacts.
Deep Dive · HackMDRead →Breaking down the anatomy of malware — concealers, replicators, and bombs — with a methodology for static and dynamic analysis.
Deep Dive · HackMDRead →Walking a web app from recon to exploitation — content discovery, IDOR, SSRF, XSS, command injection, and authentication bypasses.
Deep Dive · HackMDRead →Passive and active reconnaissance — DNS enumeration, Nmap scanning, ARP discovery, and the tools behind network-level assessments.
Deep Dive · HackMDRead →Port scanning fundamentals — why proper enumeration is the backbone of effective exploitation, with practical scan types and techniques.
Deep Dive · HackMDRead →Walkthrough of the Kenobi CTF — enumerating Samba shares, exploiting ProFTPD, and leveraging SUID binaries for privilege escalation.
Walkthrough · HackMDRead →Techniques and references for escalating privileges on Windows systems — from service misconfigurations to token impersonation.
Reference · HackMDRead →The playbook for driving a production codebase from hundreds of known vulnerabilities to zero Critical/High/Medium issues.
8 min read · Coming SoonRead →Most teams are shifting the wrong things left. Here's what real shift-left security looks like.
4 min read · Coming SoonRead →How to audit, tighten, and automate IAM policies without breaking production.
10 min read · Coming SoonRead →How quantifying security costs in dollars unlocked engineering buy-in and a 95% MTTR reduction.
5 min read · Coming SoonRead →BSc Electrical & Telecommunications Engineering · Multimedia University of Kenya · 2015 – 2020
"What stands out most is Edwin's communication and leadership style — clear, firm, and assertive, while consistently respectful and collaborative. He has rapidly established a modern security foundation at Oyster, leading the rollout and tuning of our WAF to protect our platform without downtime."
"Edwin drove DRATA compliance and played a key role in our successful SOC 2 audit. He significantly strengthened our cloud and infrastructure security by reshaping our AWS organization and IAM guardrails, and enforcing stronger access controls across the board."
"He helped operate a high-leverage responsible disclosure and bug bounty program that surfaces real risks early, quantifies avoided risk versus cost, and pushes us toward more systematic fixes for recurring issues."
"Edwin had an exemplary year and has performed at a level that would be expected of someone more senior and experienced. I therefore recommend him for the highest Impact Tier attainable."
"Edwin was very instrumental during engagement delivery and applied his experience in Vulnerability Management to identify system fraud risks. He demonstrated very good leadership and contributed during client meetings."
"Working with Edwin is a joy because of his work ethic in driving value realization for clients. He has continuously demonstrated integrity in his communication — an essential quality for a cybersecurity consultant."
Open to cloud security roles, AppSec leadership positions, and security consulting engagements.