Lanre Oluokun

Cloud Security Architect · GCP & Cloud Security · GRC · New York, NY

Architecture decisions, security engineering, and governance work - written down, not just talked about.

Certified CISSP·CCSP·CISM·ISSAP·GCP Professional Cloud Architect·CHCSS 310
Career Go Cloud CareersLOG(N) PacificATBODFirst Bank of Nigeria LtdBritish American Tobacco
Projects
Compliance as Code OPA/Rego policy enforcement mapped to PCI DSS v4.0, SOC 2, and NIST 800-53, with a gated CI pipeline and 50/50 passing policy tests.
SecureVault A GCP security detection and response pipeline. It consumes Security Command Center findings, classifies them by severity, auto-remediates critical misconfigurations, alerts on high-severity issues, and logs everything for audit.
Architecture Decision Records
ADR-001: Security Command Center over Third-Party CSPM Why Security Command Center was chosen over a third-party CSPM such as Prisma Cloud or Wiz.
ADR-002: Event-Driven Ingestion over Polling Why the pipeline uses SCC Pub/Sub event triggers instead of polling the findings API.
ADR-003: Cloud Functions Gen 2 over Cloud Run over GKE Why Cloud Functions Gen 2 was chosen over Cloud Run or GKE for the processor.
ADR-004: Severity Classification and Response Matrix Severity-driven response matrix and why OVER_PRIVILEGED_SA is alert-only.
ADR-005: BigQuery + Firestore over a Single Database Why operational state lives in Firestore while analytics live in BigQuery.
ADR-006: Brevo Free Tier over PagerDuty / SNS / Slack Why Brevo free tier was chosen for alerting, with graceful degradation.
ADR-007: Threat Model and Trust Boundaries Trust boundaries, least-privilege IAM, and the custom remediation role.
ADR-008: Cost Strategy for Continuous Operation Under $20/Month Cost ceiling of $20/month and the target of under $5/month.

Get in touch

Open to Senior Cloud Security Engineer and Security Engineer roles at banks and fintechs. Let us talk about cloud, risk, and governance.