Lanre Oluokun
Cloud Security Architect · GCP & Cloud Security · GRC · New York, NY
Architecture decisions, security engineering, and governance work - written down, not just talked about.
Certified
CISSP·CCSP·CISM·ISSAP·GCP Professional Cloud Architect·CHCSS 310
Career
Go Cloud Careers→LOG(N) Pacific→ATBOD→First Bank of Nigeria Ltd→British American Tobacco
Compliance as Code
OPA/Rego policy enforcement mapped to PCI DSS v4.0, SOC 2, and NIST 800-53, with a gated CI pipeline and 50/50 passing policy tests.
SecureVault
A GCP security detection and response pipeline. It consumes Security Command Center findings, classifies them by severity, auto-remediates critical misconfigurations, alerts on high-severity issues, and logs everything for audit.
ADR-001: Security Command Center over Third-Party CSPM
Why Security Command Center was chosen over a third-party CSPM such as Prisma Cloud or Wiz.
ADR-002: Event-Driven Ingestion over Polling
Why the pipeline uses SCC Pub/Sub event triggers instead of polling the findings API.
ADR-003: Cloud Functions Gen 2 over Cloud Run over GKE
Why Cloud Functions Gen 2 was chosen over Cloud Run or GKE for the processor.
ADR-004: Severity Classification and Response Matrix
Severity-driven response matrix and why OVER_PRIVILEGED_SA is alert-only.
ADR-005: BigQuery + Firestore over a Single Database
Why operational state lives in Firestore while analytics live in BigQuery.
ADR-006: Brevo Free Tier over PagerDuty / SNS / Slack
Why Brevo free tier was chosen for alerting, with graceful degradation.
ADR-007: Threat Model and Trust Boundaries
Trust boundaries, least-privilege IAM, and the custom remediation role.
ADR-008: Cost Strategy for Continuous Operation Under $20/Month
Cost ceiling of $20/month and the target of under $5/month.
Get in touch
Open to Senior Cloud Security Engineer and Security Engineer roles at banks and fintechs. Let us talk about cloud, risk, and governance.