Johnbosco Mulei

Experience

• 

  Kalimani Primary, Kambu Primary & St Lucy Secondary

  Jan 2006 - Aug 2007

  BOG / PTA Teacher
• 

  Kenya National Library Service (KNLS)

  Jul 2008 - Aug 2008

  Library Assistant
• 

  United States International University - Africa

  May 2009 - Jul 2009

  IT Intern
• 

  Oserian Development Company Limited

  May 2011 - Aug 2011

  IT Support Intern
• 

  Moi University

  Sept 2011 - Aug 2012

  Research Assistant Lecturer
• 

  Safaricom PLC

  Mar 2012 - Dec 2023

  Lead & Manager: Leading & Managing Cyber Prevent squad responsible for cyber prevent programs & controls which include DLP, Anti-malware(Antivirus & EDR), Patch & Vulnerability management (PVMG), PKI & Certificate management, Encryption, SIEM & SOAR Integration, MFA, FIM, MDM/MAM, PIM, IAM, IPSs, WAFs, Anti-DDOS protection, Web & Email content filtering, DAM, Cloud Security, ISE, CASB & Remote access controls etcProviding technical leadership & guidance on cybersecurity & helping in setting technical direction & strategy for the organization's cybersecurity initiatives.Architectural Design: Designing & developing secure & scalable cybersecurity solutions & systems. This involves creating architectural frameworks, reviewing system designs & ensuring the implementation of best practices & security standards.Cyber Risk Assessment & Management: Conducting cyber risk assessments & developing risk mitigation strategies. Identifying potential security threats & vulnerabilities & working on implementing appropriate security controls & countermeasures.Cyber Security Policy & Compliance: Developing & enforcing cyber security policies, standards & procedures to ensure compliance with regulatory requirements & industry best practices. Incident Response & Management: Participating in cyber incident response efforts, investigating & resolving cybersecurity incidents or breaches & conducting post-mortem reviews & extracting lessons learned to improve incident response processes & enhance the organization's overall security posture. Collaborating with cross-functional teams e.g Software Development, Network engineering, IT Operations, Audit etc to ensure security is integrated throughout the organization (DevSecOps). Communicating effectively with stakeholders including executives, technical teams & external partners or clients to provide updates and make recommendations on matters cybersecurity.Talent Management: Recruitment, Training & Mentoring of Cyber squad. Show less I was one of the 60 trainees for Safaricom pioneer class for an in house developed program covering 7 essential domains of our digital future. The program is based on an hybrid model of learning, delivered in part through external partners (Strathmore, Moringa, Huawei, Edureka) as well as from Safaricom internal faculty of experts to help the company in its digital transformation strategy / future fit. This covered below areas:- Cyber Security Cloud computing Mobile & Web Application development DevOps / DevSecOps & Automation. Data Science, Machine Learning & Analytics Future Network Technologies (5G, SDN, IoT, NFV,) Agile way of working - Scrum & Design Thinking.Project: Automating cyber security tests (DevSecOps).Embedding security in DevSecOps by shifting security left. This involved automating security checks using SCA, SAST and DAST tools eg Veracode in DevSecOps pipelines. Show less Making sure all incident root causes are known and permanent / Workaround solution provided. Tracking and driving initiatives to prevent recurring Incidents. Implementing problem management process as per ITIL best practices.Building Safaricom Technology Service Management Process.Defining Service KQIs and ensure E2E monitoring.Maintaining stability and availability of key services within scopeDemand reduction through timely escalations, awareness and empowerment of Service Management with interfacing Processes (Incident Management, Change Management, Event Management and Operational Excellence function) Show less Providing 1st & 2nd line IT Support & Coordinating quarterly preventive maintenance of ICT equipment as per the contracts with our service providers.Management and administration of end points on the Safaricom network, imaging and definition of the end point device structure on the AD. Test package and manage application installations for the business through tools such as SCCM, TPM and GPO. Generate learning materials and carry out knowledge transfer to team members and end users on the emerging trends or deployed applications. Provide feedback, suggestions and recommendations on the trends or progress of project assignments including channeling back of user feedback collection.Manage outsourced services such as hardware, printing and meeting room services.Achievements;Successful execution of Windows 7 and office 2010 upgrade on all company Laptops and desktops targeting over 3000 end points in various geographical areas. Show less

  • Principal Lead Engineer: Cyber Security (Prevent & Defense)

    Dec 2021 - Dec 2023

  • Lead Internal Auditor: ISO27001 ISMS , ISO20000 - IT (SMS)

    Aug 2017 - Dec 2023

  • Senior Engineer: Cyber Security (Prevent & Defense)

    Nov 2019 - Nov 2021

  • Trainee: Safaricom Digital Transformation Academy - 1st Cohort | Cyber Assurance | DevSecOps

    Jan 2019 - Oct 2019

  • Senior Engineer: Problem & Service Management

    May 2018 - Dec 2018

  • System & Cloud Administrator (Job Rotation)

    Nov 2017 - May 2018

  • Senior Analyst: Major Incident Management

    Apr 2015 - Nov 2017

  • Engineer: IT Service Centre

    Apr 2013 - Apr 2015

  • Engineer: IT Support & End User Device Administration

    Mar 2012 - Apr 2013
• 

  KCB Bank Group

  Jan 2024 - now

  Senior Manager, Group Cybersecurity - Technical Security

  leading the Technical Security (Protect & Defend) function within the KCB Group Cybersecurity department tasked with implementation & optimization of cybersecurity solutions, technical architecture, controls, policies, and standards. Contributing to the overall Cyber Security strategy of the bank, the budgeting cycle, and the selection of security technology within the remit of the cybersecurity department.Developing and enforcing Information Security policies and minimum configuration baseline standards in line with industry best practices and technologies commensurate with risks, regulatory requirements and implementing the same cost effectively.Ensuring effective selection, security administration, optimization and support of the Bank’s endpoint security, ATM security, email security, cloud security, network security, and data security tools in compliance with the Bank’s policies and standards as well as ensuring that compliance reports and relevant metrics are defined, created, and delivered in the various technical security domains.Participating in the identification and reporting of information security risks, as well as non-conformance to the Bank’s Information Security policies and standards.Contributing to the development and implementation of appropriate technical security action plans to address material risks and open internal or external audit items or regulatory issues. Show less