Close

Kennedy Torkura

Information Security Engineer|Cyber Security Researcher

About Me

I am passionate about cloud security risk analysis, threat detection & incident response. The interplay between security automation and chaos engineering fascinates me. At the core of my drive is the desire to design and maintain tools that ensure security and resiliency in cloud native environments. Thus, my research and experience has spanned across these areas.

Experience

data4life

Information Security Engineer

As an Information Security Engineer at data4life (a HealthTech company), I am responsible for several cloud security tasks such as vulnerability management, security monitoring and incident response.

Hasso Plattner Institute

Research Assistant & PhD Student

Research and development of techniques and tools for providing security for public cloud infrastructure in collaboration with our industrial partners: Bundesdruckerei and neXenio. Have a look at my academic papers on my ResearchGate profile and on Google Scholar

  • Security concepts for an enterprise cloud storage system (CloudRAID/Bdrive).
  • Developed novel techniques for real-time, monitoring and threat detection in multi-cloud storage (AWS and GCP).
  • Security risk assessments for OpenStack leveraging OpenVAS, Arachni and OWASP ZAP.
  • Integrating security into CI/CD pipelines using our system CAVAS. Tools used include Docker, Java (Spring Boot), OWASP Zap, Anchore image security scanner and Jenkins.
  • Vulnerability analysis of microservices (risk assessment, attack surface analysis).
  • Resilient Architectures - concept for moving target defences in microservices and resiliency in cloud storage systems using security-biased chaos engineering techniques.

Peculiar Technologies

Information Security Analyst

Projects

CAVAS (Cloud Aware Vulnerability Assessment System)

This project is implemented as a Proof-of-Concept for several related aspects of my doctoral research. The projects cover topics revolving around risk assessment in cloud infrastructures.

Github repo:Microservices Discovery using Client Side Discovery concept

DevSecOps

This project extends the previous one, by developing a jenkins plugin to enable direct integration with aka Test Driven Security. Thus, security testing is automated for both applications and docker container images.

Github repo: Security Integration in Cloud Application Development
Check our paper presented at Securecomm 2018, for more insights: CAVAS: Neutralizing Application and Container Security Vulnerabilities in the Cloud Native Era

SlingShot

Prototype system for automated threat detection and incident response in multi cloud storage systems. The system is based on our academic paper: SlingShot - Automated Threat Detection and Incident Response in Multi Cloud Storage Systems

CloudStrike

A cloud security system that based on the principles of Chaos Engineering, however the focus is on Security. More details are contained in our research paper: Security Chaos Engineering for Cloud Services

Skills

Get in Touch