Post a job
Post a job
Derrick Kyalo

Derrick Kyalo

Penetration Tester
San Diego
0 (0 Reviews)

About me

A cybersecurity professional skilled in identifying, exploiting, and reporting security weaknesses across networks, systems, and applications. Uses industry-standard tools and methodologies to simulate real-world cyberattacks, uncover vulnerabilities, and provide actionable remediation steps to strengthen an organization’s overall security posture.

Photos

Derrick Kyalo

Skills

Ethical hacking / Penetration testing Offensive Security & Penetration Testing (Red Team) SOC monitoring Web, mobile, and network testing

Work Experience

IT support
Kenya National Trading Corporation 2023-05-08 - 2023-10-07 Supported the organization’s security posture by leading data security initiatives and driving cybersecurity awareness across departments. Conducted training sessions and seminars to educate staff on threat prevention and safe computing practices. Assisted with IT inventory management, documentation, and provided technical support to employees, ensuring smooth and secure IT operations throughout the organization.

Education

Bachelors Degree in Information Technology
Bachelors Degree 2020-11-09 - 2024-04-12 Completed a comprehensive IT program covering core areas such as networking, programming, databases, systems administration, and cybersecurity concepts. Developed strong technical and analytical skills, with hands-on experience in building, managing, and securing IT systems. This foundation supports advanced work in cybersecurity, ethical hacking, and technical problem-solving.
Cyber security Training from Africa Hackon Academy
Advanced Level 2025-04-15 - 2025-10-18 Completed a comprehensive, hands-on cybersecurity program designed to build both foundational and advanced capabilities across modern security domains. The training emphasized practical skills, real-world attack simulations, defensive operations, and industry-standard methodologies. Key modules covered include: Cybersecurity Primer: Core security concepts, threat landscapes, security architecture, and enterprise security principles. Linux Fundamentals: System navigation, permissions, processes, networking tools, shell usage, and administration basics. Network Fundamentals: Protocols, packet analysis, routing/switching concepts, and secure network design. Recon & OSINT Footprinting: Passive and active information gathering, profiling targets, and online intelligence collection techniques. Windows Exploitation: Attack surface enumeration, privilege escalation, malware execution, and Active Directory fundamentals. Network & Wireless Security: Securing wireless networks, network hardening, sniffing/spoofing detection, and mitigation strategies. Scripting (Bash & Python): Automation of security tasks, custom script development, and tool-building for offensive and defensive operations. Web & API Security: Testing for common vulnerabilities (OWASP Top 10), API enumeration, parameter tampering, and secure coding practices. Mobile Application Security: Android/iOS testing workflow, traffic interception, reversing basics, and mobile-specific vulnerabilities. Cloud Security: IAM, cloud architecture security, misconfiguration detection, and securing cloud environments. Effective Report Writing: Professional documentation, proof-of-concepts, executive summaries, and evidence presentation. Penetration Testing: Full kill-chain methodology—planning, enumeration, exploitation, post-exploitation, and reporting. Governance, Risk & Compliance (GRC): Policy frameworks, risk assessment, compliance standards, and security governance processes. Threat Hunting & Incident Response: Threat intel application, log analysis, attacker behavior identification, and IR process execution. Blue Team Essentials: Defensive monitoring, SIEM usage, alert triage, and security hardening strategies.
Cyber security Prep course from Moringa School
Entry Level 2024-08-26 - 2025-04-08 Completed a structured foundational cybersecurity program focused on essential security concepts, technical skills, and industry-ready knowledge. The course introduced key areas across both offensive and defensive security, equipping me with the fundamentals required for real-world cybersecurity roles. Core topics covered included: Introduction to Cybersecurity: Security principles, threat actors, attack vectors, and enterprise security concepts. Governance, Risk & Compliance (GRC): Security frameworks, policies, risk management processes, and compliance requirements. Cyber Threat Intelligence (CTI): Threat profiling, intelligence lifecycle, and identifying adversary behaviors. Network Security Basics: Network components, protocols, vulnerabilities, and defensive mechanisms. Operating System Fundamentals: Linux and Windows basics, command-line usage, system permissions, and file structures. Vulnerability Assessment: Understanding vulnerabilities, scanning techniques, and basic remediation approaches. Secure Practices: Best practices for system hardening, password security, access control, and safe computing. Hands-On Exercises: Introductory labs involving security tools, basic scripting, and practical problem-solving. Successfully completing the prep course strengthened my foundational understanding of cybersecurity, preparing me for more advanced training and hands-on specialization through Africa HackOn Academy and subsequent professional development.

Projects

Derrick Kyalo

Mobile Banking Application – Security Assessment

Performed a comprehensive security assessment of an Android-based mobile banking application, evaluating authentication mechanisms, data handling, API communication, and overall security architecture. Assessed the application against OWASP Mobile Top 10 and Web/API Top 10 standards, identifying vulnerabilities related to insecure communication, improper platform usage, and insufficient input validation. Analyzed potential risks, validated exploitation paths, and provided clear, actionable remediation recommendations to strengthen the application’s security posture and protect sensitive user data.

View Project
Derrick Kyalo

Ransomware Incident Response Project

Led a full incident response simulation for a large healthcare network hit by a sophisticated ransomware attack affecting three facilities. Identified system encryption, potential exfiltration of 450,000+ patient records, and major operational disruption. Executed containment actions by isolating infected systems, preventing lateral movement, and maintaining critical healthcare operations. Performed eradication by removing ransomware payloads, eliminating persistence mechanisms, and addressing exploited vulnerabilities. Guided recovery efforts through system restoration, validation of EMR integrity, and secure service reactivation. Concluded with actionable lessons learned, recommending improved segmentation, monitoring, access controls, and backup strategies to strengthen organizational resilience.

View Project

Honors & awards

Cyber Security Course
2025-10-17 Comprehensive, hands-on cybersecurity course focused on building both fundamental and advanced technical skills. Training covered Linux and Windows fundamentals, networking concepts, reconnaissance techniques, network security, Bash and Python scripting, web and API security testing, mobile application security, and cloud security. Also included practical penetration testing exercises, effective report writing, and core defensive domains such as Governance, Risk & Compliance (GRC), Incident Response, and Threat Hunting. This program strengthened my ability to assess, exploit, and secure modern systems through real-world, lab-based experience.

Review

0 Base on 0 reviews
Working attitude
Progressive working attitude
0
Team work
Good teamwork spirit
0
Skill & Experience
Skills and experience meet well
0
Offered Salary
Suitable salary
0

Reply

Cancel reply
Send message
Cancel
Invite to apply job

Select job to invite this user

No item found
Sign Up