Summary
Overview
Work History
Education
Skills
Certification
Timeline
Demographic Profile
Personal Information
Affiliations
Reading
Work Availability
Accomplishments
Dumisani Cornelius Nkosi

Dumisani Cornelius Nkosi

Senior Lead Cyber/Information Security Manager
Ekurhuleni,GP

Summary

Dynamic professional with over 12 years of business and information/cyber security experience, complemented by 15 years of technical expertise. Proven leadership in security testing initiatives within Agile SDLC, including API and container security testing, while serving as a Senior Lead Test Analyst in DevSecOps environments. Recognized for a strong ethical foundation and a commitment to accountability, fostering a collaborative team atmosphere that drives strategic alignment between information security and enterprise objectives. Skilled in balancing people, processes, technology, and service through continuous policy evaluations and the development of incident response teams, ensuring organizational resilience against evolving cyber threats.

Overview

24
24
years of professional experience
10
10
Certifications
7
7
Languages
1
1
year of post-secondary education

Work History

Senior Lead Cyber Security Consultant

Dugsonconsulting (Barloworld)
08.2024 - Current
  • Reason for Leaving: New challenges and experience the new business model
  • Skills and expertise gained: The ability to assess and mitigate the risks associated with the storage and retrieval of electronic information. The examination of the essential elements of risk such as; assets, threats, vulnerabilities, safeguards, consequences and the likelihood of the threats materializing. The ability to define and analyze risk identification information in a quantitative and/or qualitative way. The management of, and provision of expert advice on, the selection, design, justification, implementation and operation of information security controls and management strategies to maintain confidentiality, integrity, availability, accountability and relevant compliance of information systems. The independent, third-party assessment of the conformity of any activity, process, deliverable, product or service with the criteria of specified standards, such as BS EN ISO 9000/14000, local standards, best practice or other documented requirements. Knowledge of the process for evaluating, selecting and managing products, tools, services, infrastructure components and applications in line with the organizations business needs and architectural principles.
  • Developed customized endpoint protection solutions that significantly reduced malware infections within client environments.
  • Collaborated with cross-functional teams to develop comprehensive cybersecurity policies and procedures.
  • Spearheaded research projects aimed at identifying innovative techniques for combating emerging cyber threats.
  • Ensured regulatory compliance by conducting thorough audits of information systems and security controls.
  • Strengthened business continuity by creating disaster recovery plans in the event of a cyber attack or breach.
  • Achieved cost savings for clients by identifying areas for improvement in existing cybersecurity infrastructure.
  • Increased employee awareness of cybersecurity best practices by developing and delivering training programs.
  • Reduced cyber threats by implementing robust security frameworks and incident response plans.
  • Improved client cybersecurity posture through tailored risk assessments and mitigation strategies.
  • Conducted thorough internal investigations following suspected breaches or incidents, mitigating damage to company reputation and financial loss.
  • Managed third-party vendor relationships to ensure the timely delivery of high-quality cybersecurity products and services.
  • Assisted clients during mergers and acquisitions by evaluating potential target companies'' cybersecurity defenses for any potential vulnerabilities or weaknesses prior to finalizing deals.
  • Improved overall security posture by regularly updating antivirus software, firewalls, intrusion detection systems, and other protective measures as required.
  • Enhanced network security by conducting comprehensive vulnerability assessments and penetration tests.
  • Served as a key point of contact for clients and internal stakeholders, providing expert guidance on all aspects of cybersecurity risk management.
  • Mitigated potential risks by performing in-depth analysis of emerging threats and suggesting appropriate countermeasures.
  • Advised executive leadership on industry trends, helping them make informed decisions regarding cybersecurity investments.
  • Protected sensitive data by designing and implementing encryption solutions for secure communication channels.
  • Optimized system performance through regular monitoring, reporting, and remediation of security incidents.
  • Monitored confidential company data and mitigated hacking through network systems updates.
  • Built relationships and fostered effective communication with legal personnel to conduct practical investigations.
  • Streamlined incident response processes, shortening the time required to detect, analyze, and respond to cyber attacks effectively.
  • Managed anonymous online and phone-call tips, implementing uncovered information into investigation processes to solve cases.
  • Recommend improvements in security systems and procedures.
  • Conducted security audits to identify vulnerabilities.
  • Performed risk analyses to identify appropriate security countermeasures.
  • Encrypted data and erected firewalls to protect confidential information.
  • Developed plans to safeguard computer files against modification, destruction, or disclosure.

Senior Cyber Security Consultant

HosiTechnologies(MTN)
03.2023 - 07.2024

Senior QA Test Analyst Consultant(Security DevSecOps)

Hosi-Technologies(MTN)
11.2021 - 02.2023
  • Improved software quality by designing and executing comprehensive test plans.
  • Reduced defect leakage rate by implementing rigorous regression testing strategies during multiple project phases.
  • Maximized application compatibility across diverse platforms through extensive cross-browser and mobile device testing efforts.
  • Championed a customer-centric approach throughout all stages of the QA process, resulting in software solutions that consistently exceeded end-user expectations.

Cyber Security Operation Centre Senior Manager (CSOC)

African Bank
06.2019 - 10.2021
  • Reason for Leaving: Career Advancement
  • Skills and expertise gained: Risk Management and Incident Response. Understanding of Information Security Principles, Technology and Programs rollout. Understand the nature of threats and risks to the organisation’s information. Appreciation of information security legislation and its application within the organization. Understand organizational policy and its relationship to the organisation’s information assets. Understand the processing of information assets. Know and Understand that cyber threats grow in number and sophistication, there building a security team dedicated to incident response (IT) is a necessary reality. Perform scheduled annual Periodic Table top Exercises (Using different scenario's e.g. Theft of customer data, critical system compromised, network down etc.). Perform Real world simulated attacks using e.g. MITRE ATTACK T-based approach frameworks etc. Encourage the involvement of the Blue team, Red team exercises onto the Periodic enterprise DR exercises. Threat Intel and hunting, Investigation then feed to the Backend or Engineers to Block and Blacklist the IOC's(Indicators of compromise) and update Hashes where necessary. Event Analysis. Review and updating of Play books(Continuous exercise). Develop a Tailor made data cyber security incident classifications matrix(P1,P2 and P3,P4). Ensure that the enterprise has or develop an IR policy. Ensure that the enterprise has or develop an IR Plan. Ensure that the enterprise has or develop an CSIRT asap (determine who will be on the team, their role and responsibilities, functions and teams' locations). Align with the business strategy (Document critical assets and ensure that data sources are Onboarded to the Security Operation Centre). Perform Communication drill or exercises. Socialize the CSIRT and its Charter to the entire enterprise. Continuous research, attending relevant Cyber, Risk, Security, Compliance and Governance forums to keep relevant and up to date with ever evolving threat landscape.

IT Security Officer (ISO)

Standard Bank SA
10.2018 - 04.2019
  • Reason for Leaving: Needed more exposure within The Pen test / Cyber security space
  • Skills and expertise gained: The ability to assess and mitigate the risks associated with the storage and retrieval of electronic information. The examination of the essential elements of risk such as; assets, threats, vulnerabilities, safeguards, consequences and the likelihood of the threats materializing. The ability to define and analyze risk identification information in a quantitative and/or qualitative way. The management of, and provision of expert advice on, the selection, design, justification, implementation and operation of information security controls and management strategies to maintain the confidentiality, integrity, availability, accountability and relevant compliance of information systems. The independent, third-party assessment of the conformity of any activity, process, deliverable, product or service with the criteria of specified standards, such as BS EN ISO 9000/14000, local standards, best practice or other documented requirements. Knowledge of the process for evaluating, selecting and managing products, tools, services, infrastructure components and applications in line with the organizations business needs and architectural principles.

Cyber Security Specialist

Stortech
09.2017 - 09.2018
  • Reason for Leaving: Needed new challenges
  • Skills and expertise gained: Responsible for determining the security needs and assist to implement controls to close any security weaknesses in any environment. Assist Clients to develop Security strategy to best Protect their assets against any malicious intent. Identify Security Strategy Priorities: Assist customers to validate their strategic information security priorities. Assess Security Maturity Levels: Assist customers to validate their information security maturity levels based on NIST Cybersecurity Framework, NIST 800-53, ISO27001/2, Center for Internet Security Critical Controls, PCI, GDPR/POPI. Follow the Well-Known Security Methodologies in the Cybersecurity and Information security space. Threat and Vulnerability Posture: Assist customers to validate their threat and vulnerability posture. Depth knowledge of Baseline Security Controls: Assist customers to validate the effectiveness of their information security controls based on the NIST Cybersecurity Framework, NIST 800-53, ISO27001/2, Center for Internet Security Critical Controls, PCI, GDPR/POPI. Validate customers defense in depth security architecture models and automation, leveraging external relationships to enhance intelligence collection efforts, I also have a lot of Banking systems knowledge. Assist customers to select and oversee their implementation of their preferred Security Solutions which map to the typical defense in depth security layers such as: network security, perimeter security, host security, endpoint security, application security, data security. Perform and assist with the Implementation and testing of the security technologies. I also work with the Project Management and Implementation Team, in line with PMBOK and SDLC methodologies. Planning transition of customer security solutions for Managed Security Services, with defined service levels. Deliver SLA-based managed security services in customer environments, where applicable. Identify security opportunities in current customers or prospective customers by knowing and promoting the approved Cybersecurity Offerings.

Information Security Specialist (Lead)

Wesbank
04.2014 - 08.2017
  • Reason for Leaving: Needed more exposure within The Pen test / Cyber security space
  • Skills and expertise gained: Responsible for ensuring the FRG Information Security Hygiene Dashboard Compliance. Security testing (Agile SDLC). Perform Security-Focused requirements gathering. Perform Static and Dynamic Analysis (DAST). Threat modelling and design reviews. Code Reviews and secure Configurations. Security testing in the SDLC releases, deployments and projects to ensure that applications are launched void of security weaknesses. Risk Assessment (software, hardware, networks, Applications). Analysis and assess damage to the data/infrastructure as a result of security incidents, examines available recovery tools and processes, and recommends solutions. Tests for security compliance and enforce policies and procedures. Protecting computers, networks, software, data, and/or information systems against viruses, worms, spyware, malware, intrusion, unauthorized access, denial-of-service attacks, and an ever-increasing list of attacks by hackers acting as individuals or as part of organized crime. User Awareness Training(Knowbe4). OIAM implementation (Wesbank). Penetration testing (Working together with the external Companies'. Telspace, MWR etc). Threat and Vulnerability Management. Research about new security trends, tools and Intelligence.

Technical Test Analyst

First National Bank
07.2012 - 03.2014
  • Reason for Leaving: Needed new challenges
  • Skills and expertise gained: Responsible for extracting Test Requirements from all sources. Documenting Test Requirements according to prescribed standards in the prescribed Test tool. Identifying issues, raising them as defects, escalating if necessary and updating test cases. Identifying and documenting all Test Scenarios to be tested, after analysis using Flowcharts and Decision Tables. Designing Test cases by applying prototype tests, User Interface tests, Functional tests, Domain tests. Leading and or participating in reviews of test requirements with Business Analysts, peers and business representatives. Application of Test types i.e. Usability, Security testing, Integration testing, Performance testing, Automation, by producing updated plan Test Strategy. Identifying test data/design test data requirements. Managing test data. Risk management. Logging, managing and reviewing defects. Test Manager engagement. Supporting the Test Manager as and when required. Assisting in the preparation of test plans and test scripts. Ensuring high quality and accuracy is maintained through to software release. Preparing and maintaining test plans for use on automated testing tools. Preparing a test plan and test scripts to test each software component and demonstrate the business condition under test and the expected results. Providing feedback to the development team and ensuring the work is carried out in accordance with the schedule and the quality requirements. Providing estimates and feedback to the Software Development Manager for project scheduling purposes.

Software Test Analyst

RMB Corporate
06.2011 - 06.2012
  • Reason for Leaving: Career Advancement
  • Skills and expertise gained: Responsible for extracting Test Requirements from all sources. Documenting Test Requirements according to prescribed standards in the prescribed Test tool. Identifying issues, raising them as defects, escalating if necessary and updating test cases. Identifying and documenting all Test Scenarios to be tested, after analysis using Flowcharts and Decision Tables. Designing Test cases by applying prototype tests, User Interface tests, Functional tests, Domain tests. Leading and or participating in reviews of test requirements with Business Analysts, peers and business representatives. Application of Test types i.e. Usability, Security testing, Integration testing, Performance testing, Automation, by producing updated plan Test Strategy. Identifying test data/design test data requirements. Logging, managing and reviewing defects. Assisting in the preparation of test plans and test scripts. Ensuring high quality and accuracy is maintained through to software release. Preparing and maintaining test plans for use on automated testing tools. Preparing a test plan and test scripts to test each software component and demonstrate the business condition under test and the expected results. Providing feedback to the development team and ensuring the work is carried out in accordance with the schedule and the quality requirements. Providing estimates and feedback to the Software Development Manager for project scheduling purposes.

Voice and Network Technician

First National Bank
10.2009 - 07.2011
  • Reason for Leaving: Career Advancement
  • Skills and expertise gained: A good understanding of Ethernet. A thorough understanding of the TCP/IP protocol. Voice over IP skills, Frame relay, ATM and Jumpering of extensions (ISDX). Galactrix Billing System administrator. Avaya (Creating, Editing, removing extensions and creating call hunting).

Senior Support Engineer

First National Bank
01.2008 - 08.2009
  • Reason for Leaving: Growth
  • Skills and expertise gained: Responsible for advanced faultfinding and repair on all Desktops as per details: Working on both MS and Unix/Linux OS. Endpoint security management (McAfee). Ensure repairs/cabling Installation of new hardware/software Remote desktop support Windows 95/98/NT/2000/XP/Vista/2003/2007 support Hardware and software troubleshooting, Repair and restore of desktops Dial-up support and installation. Strong ITIL Knowledge and understanding. Software troubleshooting. Installations of software and hardware. e.g. outlook, VPN. G3 installations (Wireless Com). Citrix installation & configuration. Paradigm. Notebook upgrades, Data backups and Technology Refreshments. Win XP (Office). Win 2003(office) AS/400 MacAfee antivirus Installations and Updating. Printer mappings & Installations Vista & Office 2007. SLA Orientated. MS Exchange and Active Directory. Adding new user on the Domain and on the Network as well. 3G configuration and installations & Blackberries as well. Remote assistance (Desktop) SMS server (running Patching) e.g. SMS Client. Hogan FNB folders CTS AWD File Tracker Document Mng Right fax AFS SoftPro IA (Input Accel).

Desktop Support Engineer

Discovery Health
01.2003 - 12.2007
  • Skills and expertise gained: Responsible for advanced fault-finding and repair on all Desktops as per details: Administer operating system (MS) Administer existing application software. Ensure Virus Protection functionality and updates on Virus Software. Administer user interface and passwords, administer user logins to network as Required. Ensure that Standards and Protocols are adhered to Coordinate hardware repairs/cabling Installation of new hardware/software Remote desktop support Windows 95/98/NT/2000/XP/Vista/2003/2007 support Hardware and software troubleshooting, Repair and restore of desktops Dial-up support and installation.

Voice Technician

Discovery Health
01.2002 - 12.2002
  • Reason for Leaving: Growth
  • Skills and expertise gained: Responsible for maintaining of voice recorders (Recall and Word net). Monitoring of voice servers (Eware, Replay, Quality call and Unify). Monitoring of Data tapes on the recorder and ensure that are recording effectively (Avaya) PABX and right fax Extension Reports (Stella nova). Addition of new users on Galactrix (Billing System) Voice Retrievals. Allocation of Port number and new Ext number. Jumpering of Extension on a specified port Adding of Skills (Group) on the PaBx Adding of Extension numbers on Unify server to allow them to record Voice logging Avaya site administration (Extensions, Logins).

Education

N Diploma - Information Technology

University of Johannesburg
01.2013
  • Information Security
  • Programming VB .NET
  • Databases (SQL)
  • Software Engineering
  • Data Communication Networks
  • Operating System
  • IT Security
  • Project Design
  • Project Management
  • IT Project management etc.
  • Designing and Implementing TeleCommunication Network

Higher Certificate NQF Level 5 - Software Engineering

University of South Africa (Unisa), Pretoria
01.2005 - 12.2005
  • Fundamentals of Data and Signals
  • Conducted and Wireless Media
  • Making Connections
  • Making Connections Efficient: Multiplexing and Compression
  • Errors, Error Detection, and Error Control
  • Local Area Networks: Part 1
  • Local Area Networks: Part 2
  • Metropolitan Area Networks and Wide Area Networks
  • The Internet
  • Voice and Data Delivery Networks
  • Network Security
  • Network Design and Management

Matric Certificate - undefined

HARRISMITH HIGH SCHOOL
01.1996

Certificate in Linux - undefined

Torque IT
01.2011

Certificate in Testing Analysis (Automation) Scripts - undefined

Hogan Technology
01.2011

No Degree - Cloud Computing

AWS, International
04.2001 -
  • Completed Coursework: AWS Certified Security-Specialist, 2026

AWS Certified Solution Architect-Associate) - Cloud Computing (Architect

AWS, International
04.2001 -
  • Completed Coursework: AWS Certified Solution Architect-Associate), 2025

No Degree - Cyber/Information Security

PECB, International
04.2001 -
  • Completed Coursework: PECB Certified ISO/IEC 27032 Lead Cybersecurity Manage.

Skills

Threat Hunting and Vulnerability Management

SDLC Security Testing

SDLC QA

UAT

Penetration Testing

GRC

Information Security Strategy alignment and implementation

CSOC Management

AI/Machine learning

Cyber Security Incident Response Management

Web Security Testing

Risk Assessment

Certification

2020, Certified ISO/IEC 27032 Lead Cybersecurity Manager

Timeline

Senior Lead Cyber Security Consultant - Dugsonconsulting (Barloworld)
08.2024 - Current
Senior Cyber Security Consultant - HosiTechnologies(MTN)
03.2023 - 07.2024
Senior QA Test Analyst Consultant(Security DevSecOps) - Hosi-Technologies(MTN)
11.2021 - 02.2023
Cyber Security Operation Centre Senior Manager (CSOC) - African Bank
06.2019 - 10.2021
IT Security Officer (ISO) - Standard Bank SA
10.2018 - 04.2019
Cyber Security Specialist - Stortech
09.2017 - 09.2018
Information Security Specialist (Lead) - Wesbank
04.2014 - 08.2017
Technical Test Analyst - First National Bank
07.2012 - 03.2014
Software Test Analyst - RMB Corporate
06.2011 - 06.2012
Voice and Network Technician - First National Bank
10.2009 - 07.2011
Senior Support Engineer - First National Bank
01.2008 - 08.2009
University of South Africa (Unisa) - Higher Certificate NQF Level 5, Software Engineering
01.2005 - 12.2005
Desktop Support Engineer - Discovery Health
01.2003 - 12.2007
Voice Technician - Discovery Health
01.2002 - 12.2002
AWS - No Degree, Cloud Computing
04.2001 -
AWS - AWS Certified Solution Architect-Associate), Cloud Computing (Architect
04.2001 -
PECB - No Degree, Cyber/Information Security
04.2001 -
University of Johannesburg - N Diploma, Information Technology
HARRISMITH HIGH SCHOOL - Matric Certificate,
Torque IT - Certificate in Linux,
Hogan Technology - Certificate in Testing Analysis (Automation) Scripts,

Demographic Profile

African Male

Personal Information

  • Date of Birth: 22 March 1977
  • Gender: Male
  • Nationality: South African

Affiliations

  • AWS
  • PECB
  • PECB
  • ISC2

Reading

Reading about Cyber security, studying about emerging trends and innovations

Work Availability

monday
tuesday
wednesday
thursday
friday
saturday
sunday
morning
afternoon
evening
swipe to browse

Accomplishments

  • Achieved The implementation of CSOC environment and team.
  • Achieved The implementation of threat and Vulnerability management team by completing the solution with accuracy and efficiency.

Similar Profiles

CREATE PROFILE
Dumisani Cornelius NkosiSenior Lead Cyber/Information Security Manager