Almachius Chrysanty

• Architected and implemented 100+ cybersecurity solutions across banking, fintech, and telecom environments, ensuring scalability, resilience, and compliance.
• Led end-to-end PAM deployments (CyberArk, BeyondTrust, Segura), including Vault, PVWA, CPM, PSM, and EPM installations and hardening.
• Designed and enforced PAM security controls, including session isolation, credential rotation, least privilege enforcement, and privileged session monitoring.
• Managed reverse proxy configurations and secure remote access architectures for privileged environments.
• Delivered SLA-driven support and lifecycle management for multiple enterprise PAM environments across Africa.
• Integrated PAM systems with enterprise identity platforms and SIEM solutions for centralized monitoring and compliance.
• Conducted performance tuning, upgrades, patching, and continuous security improvements for PAM infrastructure.

EDR/XDR & Threat Detection:

• Deployed enterprise EDR/XDR solutions including CrowdStrike Falcon, Cortex XDR, Cynet, and Microsoft Defender for Endpoint.
• Configured detection rules, behavioral analytics, and correlation rules to improve threat visibility and response.
• Developed automated response playbooks and incident response workflows using SIEM/SOAR tools.
• Implemented endpoint hardening policies, exclusions, and exception handling strategies.
• Built dashboards and visualization layers for real-time threat monitoring and reporting.

Vulnerability Management & Compliance:

• Deployed and managed Tenable and InsightVM platforms for continuous vulnerability assessment.
• Conducted vulnerability scans, risk prioritization, and remediation tracking across enterprise environments.
• Participated in ISO 27001 and PCI-DSS audits, ensuring compliance with regulatory standards.

SIEM & Security Integration:

• Integrated 40+ security tools (Darktrace, Microsoft Purview, GitLab, CyberArk, etc.) into Microsoft Sentinel.
• Developed automation playbooks, workbooks, and alerting mechanisms for proactive threat detection.
• Enhanced SOC visibility through centralized logging, correlation, and analytics.

Cybersecurity Exercises & Advisory:

• Designed and delivered cybersecurity tabletop exercises and cyber-drills for clients across Africa (SADC, Zimbabwe, Zambia, Cameroon, Lesotho).
• Simulated real-world attack scenarios including ransomware, SOC operations, and incident response strategies.

• Delivered penetration testing and security assessment services for enterprise clients.
• Trained military and law enforcement agencies on CEH, CEH Master, and CPENT programs.
• Developed practical cybersecurity training labs and real-world attack simulation environments.

• Play a role in developing a complete understanding of a company’s technology and information systems, this includes IODs,LLDs,Network Diagrams, UAM process,Change management procedures,incident management procedures like CRQs, generating comm matrix for different projects, implementing comm flows and firewall changes, VPN form comm matrix.
• Participated in designing, build, implement and support enterprise-class security systems like PAM solutions (CyberArk), DAM solutions like (Imperva DAM,Data sunrise DAM),priviledged access management solutions like SailPoint.
• Align organizational security strategy and infrastructure with overall business and technology strategy (Example was the LESOTHO Scalable archtecture design which costed $0 to onboard the entire country to a PAM solution).
• Identify and communicate current and emerging security threats.This includes tracting incidents on on-going projects,vulnerabilities, design flaws like intranet exposures, proxy misconfigurations etc.
• Design security architecture elements to mitigate threats as they emerge.This includes modifying the pre-existing solution designs and apply some mitigations to limit flaws in the pre-existing designs.
• Plan, research and design robust security architectures for any IT project like load balancing technologies, proxing technologies such as NGINX,SQUID,HA-proxy,F5 proxies etc. In this category, I designed couple of projects like M-PESA AFRICA CyberArk solution deployed in 5 countries across Africa, designed the Mandiant EDR deployment architecture in the 5 countries,designed the DAM deployment architecture for the 5 countries, designed the Scalable archtecture for LESOTHO, a part of the team that designed the architecture for deploying tenable scanners for South African MPA HUB and LESOTHO for vulnerability scanning.
• Perform or supervise vulnerability testing, risk analyses and security assessments using some tools like nessus scanners, OWAS ZAP, Burp-suite etc.
• Create solutions that balance business requirements with information and cybersecurity requirements like MDE,CyberArk for PAM, IAM role solutions like SailPoint.
• Identify security design gaps in existing and proposed architectures and recommend changes or enhancements
• Review and approve installation of firewall, VPN, routers, IDS scanning technologies and servers
• Test security systems to ensure they behave as expected some times this includes scripting to automate some testing activities using Bash.
• Use current programming language and technologies to writes code, complete programming and performs testing and debugging of applications
• Provide supervision and guidance to a security team
• Define, implement and maintain corporate security policies and procedures
• Train users in implementation or conversion of systems
• Respond immediately to security-related incidents and provide thorough remedial solutions and analysis
• Regularly communicate vital information, security needs and priorities to upper management

• assess the correctness of cyber security risk assessments and risk management plans, taking account of the organisation’s business goals, this can be achieved by understanding the risk matrix, risk scores for each risk, compensation controls to apply incase a risk is likely to mature.
• produce detailed plans for cyber security audits
• use specific auditing tools to conduct efficient audits such as CIS compliance scans using tenable, CIS benchmark Database compliance scans using tenable etc.
• audit the implementation, operation and maintenance of security controls
• review compliance with legal and regulatory requirements
• provide expert advice on audit, assurance and risk management
• implement the Cyber Security Policy, Standards and Cyber Security Assurance Framework
• write formal reports, and sometimes deliver oral briefings, on the findings of audits and compliance reviews
• present findings to colleagues and managers, in both cyber security and general roles
• convince stakeholders of the importance of audit, assurance and security

• Supervising daily operations of network and server infrastructure
• Aligning IT infrastructure with current and future business requirements and goals
• Managing IT budgets, forecast, handling cash flow and enforcing cost-effectiveness
• Evaluating risk, developing network recovery and backup processes
• Assessing and purchasing new and replacement hardware
• Assuring that IT activities are within the limits of applicable laws, codes and regulations
• Testing, troubleshooting and adjusting information systems to operate effectively
• Implementing security of the network, data and its storage and communication systems.

• Find interdisciplinary technology review protocols to smooth departmental upticks in spending by better aligning purchase efforts with company-wide goals
• Serve as primary decision-maker for internal technology spending, creating budget guidelines to reduce waste and decrease unnecessary upgrades
• Lead offshore development teams via Telepresence, managing diverse personnel across varying levels of technical expertise
• Create internal product development roadmaps for technological solutions in IT industry
• Analyze project-related information and make recommendations based on discoveries
• Guide, coach, and lead project teams, delegating tasks and evaluating performance and progression of project pace
• Oversea testing of equipment and components to check for defects
• Develop suggestions for technical process improvements to optimize resources
• Monitor production operations for quality and compliance with standards
• Support creation of client and business partner relationships through careful collaboration and networking efforts
• Assess expected technical challenges and develop proactive solutions.

• Led large-scale technology initiatives, delivering strategic IT solutions aligned with long-term business objectives while driving measurable value through efficient system implementation and optimization.
• Conducted cost-benefit and risk analysis to support informed decision-making, ensuring optimal investment in secure, scalable, and high-performance IT infrastructures.
• Built and managed agile, high-performing teams responsible for maintaining secure cloud-based and on-premise systems, ensuring reliability, scalability, and compliance.
• Performed advanced penetration testing and security assessments using structured methodologies, covering vulnerability assessment, exploitation, post-exploitation, and reporting across enterprise environments.
• Applied deep expertise in enumeration, vulnerability analysis, and system exploitation using tools such as Nessus, Nikto, Qualys VM, and OpenVAS to identify and remediate critical security weaknesses.
• Executed comprehensive network security testing, including packet sniffing, session hijacking, and protocol analysis, while implementing countermeasures to strengthen authentication, encryption, and traffic security.
• Conducted advanced malware analysis (static and dynamic), including reverse engineering and behavioral analysis of Trojans, worms, and viruses, and implemented effective detection and mitigation strategies.
• Assessed and mitigated risks related to social engineering, developing controls and awareness strategies to reduce human-factor vulnerabilities within organizations.
• Simulated and defended against DoS/DDoS attacks, implementing mitigation strategies to ensure service availability and resilience of critical systems.
• Performed web server and web application security assessments, including SQL injection, authentication flaws, and misconfigurations, applying secure coding and remediation best practices.
• Executed wireless and mobile security testing, identifying vulnerabilities in Wi-Fi networks and Android platforms, and implementing robust encryption and mobile security controls.
• Evaluated and bypassed firewall, IDS/IPS, and honeypot defenses to identify perimeter weaknesses, followed by implementing enhanced detection and prevention mechanisms.
• Secured cloud environments by addressing threats in containerized and serverless architectures, applying best practices for cloud security posture management.
• Assessed and mitigated security risks across IoT and OT environments, strengthening resilience of critical infrastructure against emerging cyber threats.

• Taught Networking Students Common Network Devices
• Taught Networking Students Common Information Security Threats
• Taught Networking Students Threat Defense and Information Security Development Trends
• Taught Networking Students Operation system and Host security
• Taught Networking Students Operating System Overview
• Taught Networking Students Common Server Types and Threats
• Taught Networking Students Host Firewalls and Antivirus Software
• Taught Networking Students Network security basis
• Taught Networking Students Firewall User Management
• Intrusion Prevention
• Application of Encryption and Decryption
• Various Encryption and Decryption Mechanisms
• PKI Certificate System
• Application of Cryptographic Technologies
• Security operation and analysis
• Data Monitoring and Analysis
• Digital Forensics
• Cyber Security Emergency Response
• Describe the basic principles of data communication and be competent for basic O&M of IP networks
• Plan and design IP addresses
• Performing Basic VRP Operations
• Describe the functions and working principles of the switching equipment
• Set up an efficient switching network by configuring switching devices and running the STP/RSTP protocol
• Describe the basic principles of routing and routing protocols
• Configure OSPF to build an efficient routing network
• Configure common services on enterprise networks, such as DHCP, FTP, and Telnet, so that engineer can efficiently use and manage the network
• Configure link aggregation, VLAN to enhance the performance of Layer two networks
• Configure HDLC, PPP, PPPoE to implement WAN interconnection
• Performing NAT Configuration
• Configure ACL, AAA, and IPsec/GRE to provide security solutions for IP networks
• Configure SNMP to manage networks in a unified manner
• Know about principle of MPLS and Segment Routing.

• Installed cabling, wireless routers and telephone systems for data communications networks
• Monitored operational and security procedures for numerous computers in network, related systems administration and maintenance protocols
• Performed necessary maintenance to support network availability
• Troubleshot hardware and software to determine and rectify network problems
• Supported users both local and by phone with problem resolution and education
• Installed network jacks in new construction and within existing facilities
• Analyzed and defined network requirements, optimization and support for projects
• Installed patches and performed backups, system builds and image updates.

• Performed duties in accordance with applicable standards, policies and regulatory guidelines to promote safe working environment
• Resolved problems, improved operations and provided exceptional service
• Participated in continuous improvement by generating suggestions, engaging in problem-solving activities to support teamwork.

• Determined layouts to install wiring in automated systems based on drawings and code specifications
• Reviewed drawings and code specifications to determine appropriate layouts for wiring installations in building automation systems
• Trained developers and quality assurance team members in automation programs and processes
• Generated process models illustrating automation engineering progress, specifications, and details.