Hello, I'm Tolu.
Security Engineer. building better defenses. Automating security into pipelines, break things before production does, and share what I learn for others facing the same challenges.
Recent Post
Learning by breaking, teaching by sharing. Security insights for builders.
Building an AWS Data Perimeter, Part 2: SCPs, RCPs, and Proving the Perimeter Holds
Attaching SCPs and RCPs to an AWS Organization, enforcing the new aws:VpceOrgID condition, and running denial tests against an external account with CloudTrail evidence.
Read more
Building an AWS Data Perimeter, Part 1: Design, Org Bootstrap, and Infrastructure
How to design a three-layer AWS data perimeter using SCPs, RCPs, and VPC endpoint policies, and build the substrate to validate it against an external account.
Read more
EKS Workload Identity: IRSA, OIDC Token Exchange, and When to Use Pod Identity
OIDC and IRSA for Amazon EKS: how to scope AWS access per workload without embedding credentials, and when Pod Identity is the better choice.
Read more
Side Projects & Tooling
Some of my recent builds and contributions ~ worth sharing
AWS Automated Vulnerability Remediation System
Event-driven vulnerability patching solution that automatically detects, validates, and applies security updates across AWS infrastructure with minimal manual intervention.
PolicyGuard
IaC security scanner with 15+ AWS services coverage, OPA policies, and CI/CD integration
CredScan
Security scanner that identifies credentials, API keys, and sensitive information across codebases, archives, and web applications. Features intelligent pattern recognition with 400+ signatures, binary file analysis, technology-aware detection for cloud/container environments, and context-aware scanning that minimizes false positive
My code lives on GitHub
I build. I experiment. I sometimes even document it. Check out my GitHub to see what I'm up to.