Cybersecurity Engineer | Python Developer | Security Automation
I am an Information Technology graduate and cybersecurity professional who develops open-source security tools that turn complex data into clear, actionable findings. My work focuses on explainable detection, practical automation, and software designed for real security operations workflows.
- Detection tools that explain why an event, URL, or identity is suspicious
- Vulnerability intelligence workflows that turn CVE data into remediation steps
- Developer security automation designed for CI/CD and structured reporting
- Lightweight Python applications with auditable, dependency-conscious designs
PhishGuard AI is my community-led, open-source phishing detection project. I created and maintain its detection model, contributor roadmap, governance, security policy, release process, and technical direction. It welcomes contributions through scoped issues, including first-time contributor tasks, with a public community roadmap and contribution guide. New contributors can follow the project's first-contribution guide and reproduce its one-minute safe demo. The current v0.4.0 release ships validated SARIF 2.1.0 output, conservative IDN detection, a reproducible public-safe benchmark, cross-version tests, checksums, and signed build provenance. Its public detection model standard documents feature semantics, limitations, and the evidence required for scoring changes. Its merged URL regression benchmark reports deterministic confusion-matrix metrics over a documented public-safe fixture while explicitly separating regression results from real-world accuracy claims. The detector also includes conservatively weighted IDN and punycode hostname signals with false-positive regressions for legitimate internationalized domains. Its merged email-authentication analysis parses trusted SPF, DKIM, and DMARC results as supporting signals while documenting forwarding, mailing-list, DNS-validation, and trust-boundary limitations. The project is also receiving external contributions: PR #7, submitted by BeauDevCode, added an ASCII-only CLI mode and was merged after maintainer review, cross-version tests, packaging checks, and CodeQL all passed.
| Project | What it demonstrates |
|---|---|
| PhishGuard AI | Community-led offline phishing detection with explainable heuristic scoring, validated SARIF 2.1.0 output, Windows compatibility, CI, governance, releases, and a public roadmap |
| Location Authentication | Security redesign of an earlier location-authentication demo: validated radius checks, fail-closed multi-factor decisions, privacy-conscious output, zero runtime dependencies, Python 3.10-3.13 tests, CodeQL, and pinned CI |
| FreNiMi Checkers | Secure full-stack game platform with minimax AI, realtime WebSocket matchmaking, SQLite ratings, PWA support, hashed sessions, strict origin controls, dependency auditing, and CodeQL |
Python | Security Automation | Threat Detection | Log Analysis |
Behavioral Analytics | CVE/NVD | MITRE ATT&CK | REST APIs |
JSON | CI/CD | Git
- Contributing to established open-source cybersecurity projects
- Improving test coverage and documentation across my security tools
- Building public evidence of secure software engineering and collaboration
| Contribution | Evidence |
|---|---|
| PhishGuard community maintenance | Merged external PR #7 documents contributor coordination, requested revisions, local verification, protected CI approval, CodeQL review, and an upstream merge |
| Prowler Microsoft Entra hybrid identity security | Pull request #11515 adds a Microsoft 365 check that detects cloud-object takeover exposure through soft and hard directory matching; 22 focused and service tests, Black, Flake8, metadata validation, and Bandit pass |
| OWASP CVE Lite actionable reporting | Pull request #602 adds escaped risk summaries and next-action guidance to single-project and multi-folder HTML vulnerability reports while preserving the JSON contract; 440 tests, build, self-scan, and CodeQL pass |
| OWASP agent-security regression tooling | Pull request #147 adds recursive directory and glob validation for agent-security scenarios, per-file results, summary counts, CLI tests, and CI documentation |
| Bandit SNMP detector argument handling | Pull request #1433 fixes B508/B509 false negatives and false positives by resolving pysnmp defaults, positional and keyword arguments, explicit None, and dynamic values, with exact functional finding assertions |
| Checkov GitHub vulnerability-alert support | Pull request #7573 migrates CKV_GIT_3 to a graph-aware policy for the Terraform provider's dedicated alerts resource, with parser-backed legacy and provider 6.12+ regression coverage |
| TruShell OS fallback security fix | Merged pull request #55 replaces shell-mediated execution with argument-vector execution, adds security regression coverage, moves appropriate database tests to in-memory SQLite, and restores the CLI help entry point |
| SecOps-NG Cyber Resilience Act mapping | Merged pull request #281 adds the CRA Article 13(8) support-period mapping and corrects a conflicting security-update citation after primary-source review; the custodian reported 1,801 passing tests and the project publicly recognized it as its first external code-level contribution |
| detect-secrets GitHub token-format review | Security review on PR #961 reproduces truncated secret capture and identifies overbroad token matching against GitHub's new App installation-token guidance |
| detect-secrets Helm false-positive triage | Issue investigation verifies the reported behavior against current main and documents passing coverage |
| Sigma CLI design contribution | Issue proposal outlines a backward-compatible approach for configuration and pipeline behavior |
My contribution process and current roadmap are documented in OPEN_SOURCE.md.
- Build security tools whose findings can be explained and investigated.
- Prefer focused, auditable implementations with minimal dependencies.
- Design outputs for automation, reporting, and operational use.
- Document projects so others can evaluate, run, and extend the work.
I am open to cybersecurity engineering, software development, research, and open-source collaboration opportunities.
- Email: omobolaji.adeyan@gmail.com
- LinkedIn: linkedin.com/in/oeadeyan
- GitHub: github.com/omobolajiadeyan